Bank of America 2006 Annual Report Download - page 61

Download and view the complete annual report

Please find page 61 of the 2006 Bank of America annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 155

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155

Risk Management Processes and Methods
We have established control processes and use various methods to align
risk-taking and risk management throughout our organization. These con-
trol processes and methods are designed around “three lines of defense”:
lines of business; enterprise functions (including Risk Management,
Compliance, Finance, Human Resources and Legal); and Corporate Audit.
The lines of business are the first line of defense and are respon-
sible for identifying, quantifying, mitigating and managing all risks within
their lines of business, while certain enterprise-wide risks are managed
centrally. For example, except for trading-related business activities, inter-
est rate risk associated with our business activities is managed in the
Corporate Treasury and Corporate Investment functions. Line of business
management makes and executes the business plan and is closest to the
changing nature of risks and, therefore, we believe is best able to take
actions to manage and mitigate those risks. Our lines of business prepare
periodic self-assessment reports to identify the status of risk issues,
including mitigation plans, if appropriate. These reports roll up to executive
management to ensure appropriate risk management and oversight, and
to identify enterprise-wide issues. Our management processes, structures
and policies aid us in complying with laws and regulations and provide
clear lines for decision-making and accountability. Wherever practical, we
attempt to house decision-making authority as close to the transaction as
possible while retaining supervisory control functions from both in and
outside of the lines of business.
The key elements of the second line of defense are Risk Manage-
ment, Compliance, Finance, Global Technology and Operations, Human
Resources, and Legal functions. These groups are independent of the
lines of businesses and are organized on both a line of business and
enterprise-wide basis. For example, for Risk Management, a senior risk
executive is assigned to each of the lines of business and is responsible
for the oversight of all the risks associated with that line of business.
Enterprise-level risk executives have responsibility to develop and imple-
ment polices and practices to assess and manage enterprise-wide credit,
market and operational risks.
Corporate Audit, the third line of defense, provides an independent
assessment of our management and internal control systems. Corporate
Audit activities are designed to provide reasonable assurance that
resources are adequately protected; significant financial, managerial and
operating information is materially complete, accurate and reliable; and
employees’ actions are in compliance with corporate policies, standards,
procedures, and applicable laws and regulations.
We use various methods to manage risks at the line of business
levels and corporate-wide. Examples of these methods include planning
and forecasting, risk committees and forums, limits, models, and hedging
strategies. Planning and forecasting facilitates analysis of actual versus
planned results and provides an indication of unanticipated risk levels.
Generally, risk committees and forums are composed of lines of business,
risk management, treasury, compliance, legal and finance personnel,
among others, who actively monitor performance against plan, limits,
potential issues, and introduction of new products. Limits, the amount of
exposure that may be taken in a product, relationship, region or industry,
seek to align corporate-wide risk goals with those of each line of business
and are part of our overall risk management process to help reduce the
volatility of market, credit and operational losses. Models are used to
estimate market value and Net Interest Income sensitivity, and to estimate
expected and unexpected losses for each product and line of business,
where appropriate. Hedging strategies are used to manage the risk of
borrower or counterparty concentration risk and to manage market risk in
the portfolio.
The formal processes used to manage risk represent only one portion
of our overall risk management process. Corporate culture and the actions
of our associates are also critical to effective risk management. Through
our Code of Ethics, we set a high standard for our associates. The Code of
Ethics provides a framework for all of our associates to conduct them-
selves with the highest integrity in the delivery of our products or services
to our customers. We instill a risk-conscious culture through communica-
tions, training, policies, procedures, and organizational roles and
responsibilities. Additionally, we continue to strengthen the linkage
between the associate performance management process and individual
compensation to encourage associates to work toward corporate-wide risk
goals.
Oversight
The Board oversees the risk management of the Corporation through its
committees, management committees and the Chief Executive Officer. The
Board’s Audit Committee monitors (1) the effectiveness of our internal
controls, (2) the integrity of our Consolidated Financial Statements and (3)
compliance with legal and regulatory requirements. In addition, the Audit
Committee oversees the internal audit function and the independent regis-
tered public accountant. The Board’s Asset Quality Committee oversees
credit risks and related topics that may impact our assets and earnings.
The Finance Committee, a management committee, oversees the
development and performance of the policies and strategies for managing
the strategic, credit, market, and operational risks to our earnings and
capital. The Asset Liability Committee (ALCO), a subcommittee of the
Finance Committee, oversees our policies and processes designed to
assure sound market risk and balance sheet management. The Com-
pliance and Operational Risk Committee, a subcommittee of the Finance
Committee, oversees our policies and processes designed to assure
sound operational and compliance risk management. The Credit Risk
Committee (CRC), a subcommittee of the Finance Committee, oversees
and approves our adherence to sound credit risk management policies and
practices. Certain CRC approvals are subject to the oversight of the
Board’s Asset Quality Committee. The Risk and Capital Committee, a
management committee, reviews our corporate strategies and objectives,
evaluates business performance, and reviews business plans including
economic capital allocations to the Corporation and business lines. Man-
agement continues to direct corporate-wide efforts to address the Basel
Committee on Banking Supervision’s new risk-based capital standards
(Basel II). The Audit Committee and Finance Committee oversee manage-
ment’s plans to comply with Basel II. For additional information, see Basel
II on page 62 and Note 15 of the Consolidated Financial Statements.
Strategic Risk Management
We use an integrated planning process to help manage strategic risk. A
key component of the planning process aligns strategies, goals, tactics
and resources throughout the enterprise. The process begins with the
creation of a corporate-wide business plan which incorporates an assess-
ment of the strategic risks. This business plan establishes the corporate
strategic direction. The planning process then cascades through the busi-
ness units, creating business unit plans that are aligned with the Corpo-
ration’s strategic direction. At each level, tactics and metrics are identified
to measure success in achieving goals and assure adherence to the
plans. As part of this process, the business units continuously evaluate
the impact of changing market and business conditions, and the overall
risk in meeting objectives. See the Operational Risk Management section
on page 81 for a further description of this process. Corporate Audit in
Bank of America 2006
59