American Express 2015 Annual Report Download - page 95

Download and view the complete annual report

Please find page 95 of the 2015 American Express annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 196

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196

RISK MANAGEMENT
GOVERNANCE
We use our comprehensive Enterprise-wide Risk Management (ERM) program to identify, aggregate, monitor, and
manage risks. The program also defines our risk appetite, governance, culture and capabilities. The implementation
and execution of the ERM program is headed by our Chief Risk Officer.
Risk management is overseen by our Board of Directors through three Board committees: the Risk Committee,
the Audit and Compliance Committee, and the Compensation and Benefits Committee. Each committee consists
entirely of independent directors and provides regular reports to the full Board regarding matters reviewed at their
committee. The committees meet regularly in private sessions with our Chief Risk Officer, the Chief Compliance &
Ethics Officer, the General Auditor and other senior management with regard to our risk management processes,
controls, talent and capabilities. The Board monitors the “tone at the top,” our risk culture, and oversees emerging and
strategic risks.
The Risk Committee of our Board of Directors provides oversight on risk policies, risk appetite and our
performance against goals. The Risk Committee approves our ERM policy along with its sub-policies governing
individual credit risk, institutional credit risk, market risk, liquidity risk, operational risk, reputational risk and asset/
liability risk, as well as policies governing the launch of new products and services, third-party management, and
resolution planning. The ERM policy defines our risk appetite as well as governance over risk taking and oversight
processes. Risk appetite defines the authorized risk limits to control exposures well within our risk capacity even under
stressed forward-looking scenarios. In addition, it establishes principles for risk taking in the aggregate and for each
risk type, and is supported by a comprehensive system for monitoring limits, escalation triggers and assessing control
programs.
The Risk Committee reviews and concurs in the appointment, replacement, performance and compensation of our
Chief Risk Officer and receives regular updates from the Chief Risk Officer on key risks, transactions and exposures.
The Risk Committee reviews our credit risk profile as well as credit risk performance, trends and risk management
capabilities.
The Risk Committee also reviews enterprise-wide operational risk trends, events and capabilities, with an
emphasis on compliance, fraud, legal, process or control failures, information security, and privacy, as well as trends in
market, funding, liquidity and reputational risks. The Risk Committee also provides oversight of our compliance with
Basel capital and liquidity standards and its Internal Capital Adequacy Assessment Process, including its CCAR
submissions; and resolution planning.
The Audit and Compliance Committee of our Board of Directors approves our compliance policies and risk
tolerance, and reinforces the importance of our compliance risk management. In addition, the Audit and Compliance
Committee reviews the effectiveness of our Corporate-wide Compliance Risk Management Program. More broadly,
this committee is responsible for assisting the Board in its oversight responsibilities relating to the integrity of our
financial statements and financial reporting process, internal and external auditing, including the qualifications and
independence of the independent registered public accounting firm and the performance of our internal audit services
function, and the integrity of our systems of internal accounting and financial controls.
The Audit and Compliance Committee provides oversight of our Internal Audit Group. The Audit and Compliance
Committee reviews and concurs in the appointment, replacement, performance and compensation of our General
Auditor and approves Internal Audit’s annual Audit Plan, charter, policies and budget. The Audit and Compliance
Committee also receives regular updates on the Audit Plan’s status and results including significant reports issued by
Internal Audit and the status of our corrective actions.
The Compensation and Benefits Committee of our Board of Directors works with the Chief Risk Officer to ensure
our overall compensation programs, as well as those covering our business units and risk-taking employees,
appropriately balance risk with business incentives and how business performance is achieved without taking
imprudent or excessive risk. Our Chief Risk Officer is actively involved in setting goals, including for our business units.
Our Chief Risk Officer also reviews the current and forward-looking risk profiles of each business unit, and provides
input into performance evaluation. The Chief Risk Officer meets with the Compensation and Benefits Committee and
attests whether performance goals and results have been achieved without taking imprudent risks. The Compensation
and Benefits Committee uses a risk-balanced incentive compensation framework to decide on our bonus pools and
the compensation of senior executives.
84