American Express 2015 Annual Report Download - page 98
Download and view the complete annual report
Please find page 98 of the 2015 American Express annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.-
1 -
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88 -
89 -
90 -
91 -
92 -
93 -
94 -
95 -
96 -
97 -
98 -
99 -
100 -
101 -
102 -
103 -
104 -
105 -
106 -
107 -
108 -
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
 |
 |
We assess our cyber risk across four categories of “threat actors” that we currently believe pose the greatest risk,
namely cyber criminals, nation state sponsored groups, determined insiders and “hacktivists” or social objectors. Our
Information Security Framework and Operating Model uses an approach that looks at different phases of security to
prepare, prevent, detect, respond and recover from cyber-security attacks.
Our Privacy Framework and Operating Model follow a similar structure. Co-chaired by the U.S. Chief Privacy
Officer and the International Chief Privacy Officer, our Privacy Risk Management Committee, a sub-committee of the
ORMC, provides oversight and governance for our privacy program. The committee is responsible for the governance
over the collection, notice, use, sharing, transfer, confidentiality and retention of personal data.
Our Enterprise Data Governance Framework and Policy defines governance and data standards for data used in
regulatory reporting, risk management as well as other critical systems including big data capabilities.
COMPLIANCE RISK MANAGEMENT PROCESS
We define compliance risk as the risk of legal or reputational harm, fines, monetary penalties and payment of
damages or other forms of sanction as a result of non-compliance with applicable laws, regulations, rules or standards
of conduct.
We view our ability to effectively mitigate compliance risk as an important aspect of our business model. Our
Global Compliance and Ethics organization is responsible for establishing and maintaining our corporate-wide
Compliance Risk Management Program. Pursuant to this program, we seek to manage and mitigate compliance risk
by assessing, controlling, monitoring, measuring and reporting the regulatory risks to which we are exposed.
We have a comprehensive Anti-Money Laundering program that monitors and reports suspicious activity to the
appropriate government authorities. As part of that program, the Global Risk Oversight team provides independent
risk assessment of the models and rules used by the Anti-Money Laundering team. In addition, the Internal Audit
Group reviews the processes for practices consistent with regulatory guidance.
REPUTATIONAL RISK MANAGEMENT PROCESS
We define reputational risk as the risk that negative publicity regarding our products, services, business practices,
management, clients and partners, whether perceived or real, could cause a decline in the customer base, costly
litigation, or revenue reductions.
We view protecting our reputation as core to our vision of becoming the world’s most respected service brand and
fundamental to our long-term success.
Our business leaders are responsible for ensuring that reputational risk implications of transactions, business
activities and management practices are appropriately considered and relevant subject matter experts are engaged as
needed. The ERMC and its sub-committees are responsible for reviewing decisions where reputational risk may exist
and ensuring that reputational risk considerations are properly reflected.
MARKET RISK MANAGEMENT PROCESS
Market risk is the risk to earnings or asset and liability values resulting from movements in market prices. Our
market risk exposures include:
• Interest rate risk due to changes in the relationship between interest rates on our assets (such as loans,
receivables and investment securities) and our interest rates on our liabilities (such as debt and deposits); and
• Foreign exchange risk related to earnings, funding, transactions and investments in currencies other than the
U.S. dollar.
Our Asset-Liability Management (ALM) and Market Risk policies establish the framework that guides and governs
market risk management, including quantitative limits and escalation triggers. These policies are approved by the Risk
Committee of the Board of Directors.
Market risk is managed by the Market Risk Committee. The Market Risk Oversight Officer provides an independent
risk assessment and oversight over the policies and exposures for market risk and ALM activities, as well as ensuring
compliance with the Volcker Rule and other regulatory requirements. Market risk management is also guided and
governed by policies covering the use of derivative financial instruments, funding, liquidity and investments.
87