American Express 2015 Annual Report Download - page 96

Download and view the complete annual report

Please find page 96 of the 2015 American Express annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 196

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196

There are several internal management committees, including the Enterprise-wide Risk Management Committee
(ERMC), chaired by our Chief Risk Officer. The ERMC is the highest-level management committee to oversee all firm-wide
risks. It maintains the enterprise-wide risk appetite framework and monitors compliance with limits and escalations defined in
it. The ERMC oversees implementation of risk policies companywide with approval by the appropriate board committee. The
ERMC reviews key risk exposures, trends and concentrations, significant compliance matters, economic capital and Basel
capital trends, and provides guidance on the steps to monitor, control and report major risks. The ERMC is responsible for risk
governance, risk oversight and risk appetite for all risks, which include individual credit risk, institutional credit risk, operational
risk, compliance risk, reputational risk, market risk, asset liability management (ALM) risk, liquidity risk, model risk, and
strategic and business risk.
As defined in the ERM policy, we follow the “three lines of defense” approach to risk management. The first line of defense
comprises functions and management committees directly initiating risk taking. Business unit presidents, our Chief Credit
Officer, Chief Operational Risk Officer, Chief Market Risk Officer and Functional Risk Officer are part of the first line of defense.
The second line comprises independent functions overseeing risk taking activities of the first line. The Global Risk
Oversight Officer and Market Risk Oversight Officer, the Chief Compliance & Ethics Officer, the Corporate Comptroller and
certain control groups, both at the enterprise level and within regulated entities, are part of the second line of defense. The
global risk oversight team oversees the policies, strategies, frameworks, models, processes and capabilities deployed by the
first line teams and provides challenges and independent assessments on how the first line of defense is managing risks.
Our Internal Audit Group constitutes the third line of defense, and provides independent assessments and effective
challenge of the first and second lines of defense.
In addition, the Asset Liability Committee, chaired by our Chief Financial Officer, is responsible for managing market,
liquidity, asset/liability risk and capital.
CREDIT RISK MANAGEMENT PROCESS
Credit risk is defined as loss due to obligor or counterparty default or changes in the credit quality of a security. Our credit
risks are divided into two broad categories: individual and institutional. Each has distinct risk management capabilities,
strategies, and tools. Business units that create individual or institutional credit risk exposures of significant importance are
supported by dedicated risk management teams, each led by a Chief Credit Officer. To preserve independence, Chief Credit
Officers for all business units report to our Chief Credit Officer.
INDIVIDUAL CREDIT RISK
Individual credit risk arises principally from consumer and small business charge cards, credit cards, lines of credit, and
loans. These portfolios consist of millions of customers across multiple geographies, industries and levels of net worth. We
benefit from the high-quality profile of our customers, which is driven by our brand, premium customer servicing, product
features and risk management capabilities, which span underwriting, customer management and collections. Externally, the
risk in these portfolios is correlated to broad economic trends, such as unemployment rates and gross domestic product
(GDP) growth, which can affect customer liquidity.
The business unit leaders and their Chief Credit Officers take the lead in managing the individual credit risk process. These
Chief Credit Officers are guided by the Individual Credit Risk Committee, which is responsible for implementation and
enforcement of the Individual Credit Risk Management Policy. This policy is further supported by subordinate policies and
operating manuals covering decision logic and processes of credit extension, including prospecting, new account approvals,
point-of-sale authorizations, credit line management and collections. The subordinate risk policies and operating manuals are
designed to ensure consistent application of risk management principles and standardized reporting of asset quality and loss
recognition.
Individual credit risk management is supported by sophisticated proprietary scoring and decision-making models that
use the most up-to-date information on prospects and customers, such as spending and payment history and data feeds from
credit bureaus. Additional data, such as commercial variables, are integrated to further mitigate small business risk. We have
developed data-driven economic decision logic for customer interactions to better serve our customers.
INSTITUTIONAL CREDIT RISK
Institutional credit risk arises principally within our Global Corporate Payments, Global Merchant Services, GNS, Prepaid
Services, and Foreign Exchange Services businesses, as well as investment and liquidity management activities. Unlike
individual credit risk, institutional credit risk is characterized by a lower loss frequency but higher severity. It is affected both by
general economic conditions and by client-specific events. The absence of large losses in any given year or over several years
is not necessarily representative of the level of risk of institutional portfolios, given the infrequency of loss events in such
portfolios.
85