Bank of America 2007 Annual Report Download - page 67

Download and view the complete annual report

Please find page 67 of the 2007 Bank of America annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 179

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179

Managing Risk
Overview
Our management governance structure enables us to manage all major
aspects of our business through an integrated planning and review proc-
ess that includes strategic, financial, associate, customer and risk plan-
ning. We derive much of our revenue from managing risk from customer
transactions for profit. In addition to qualitative factors, we utilize quantita-
tive measures to optimize risk and reward trade offs in order to achieve
growth targets and financial objectives while reducing the variability of
earnings and minimizing unexpected losses. Risk metrics that allow us to
measure performance include economic capital targets and corporate risk
limits. By allocating economic capital to a line of business, we effectively
manage that business’s ability to take on risk. Review and approval of
business plans incorporate approval of economic capital allocation, and
economic capital usage is monitored through financial and risk reporting.
Industry, country, trading, asset allocation and other limits supplement the
allocation of economic capital. These limits are based on an analysis of
risk and reward in each line of business and management is responsible
for tracking and reporting performance measurements as well as any
exceptions to guidelines or limits. Our risk management process con-
tinually evaluates risk and appropriate metrics needed to measure it.
Our business exposes us to the following major risks: strategic, liquid-
ity, credit, market and operational risk. Strategic risk is the risk that
adverse business decisions, ineffective or inappropriate business plans or
failure to respond to changes in the competitive environment, business
cycles, customer preferences, product obsolescence, execution and/or
other intrinsic risks of business will impact our ability to meet our
objectives. Liquidity risk is the inability to accommodate liability maturities
and deposit withdrawals, fund asset growth and meet contractual obliga-
tions through unconstrained access to funding at reasonable market rates.
Credit risk is the risk of loss arising from a borrower’s or counterparty’s
inability to meet its obligations. Market risk is the risk that values of
assets and liabilities or revenues will be adversely affected by changes in
market conditions, such as interest rate movements. Operational risk is
the risk of loss resulting from inadequate or failed internal processes,
people and systems or external events. The following sections, Strategic
Risk Management on page 66, Liquidity Risk and Capital Management
beginning on page 66, Credit Risk Management beginning on page 69,
Market Risk Management beginning on page 86 and Operational Risk
Management beginning on page 93, address in more detail the specific
procedures, measures and analyses of the major categories of risk that
we manage.
Risk Management Processes and Methods
We have established and continually enhance control processes and use
various methods to align risk-taking and risk management throughout our
organization. These control processes and methods are designed around
“three lines of defense”: lines of business, enterprise functions and
Corporate Audit.
The lines of business are the first line of defense and are respon-
sible for identifying, quantifying, mitigating and monitoring all risks within
their lines of business, while certain enterprise-wide risks are managed
centrally. For example, except for trading-related business activities, inter-
est rate risk associated with our business activities is managed centrally
as part of our ALM activities. Line of business management makes and
executes the business plan and is closest to the changing nature of risks
and, therefore, we believe is best able to take actions to manage and
mitigate those risks. Our lines of business prepare periodic self-
assessment reports to identify the status of risk issues, including miti-
gation plans, if appropriate. These reports roll up to executive
management to ensure appropriate risk management and oversight, and
to identify enterprise-wide issues. Our management processes, structures
and policies aid us in complying with laws and regulations and provide
clear lines for decision-making and accountability. Wherever practical, we
attempt to house decision-making authority as close to the transaction as
possible while retaining supervisory control functions from both in and
outside of the lines of business.
The key elements of the second line of defense are Risk Manage-
ment, Compliance, Finance, Global Technology and Operations, Human
Resources, and Legal functions. These groups are independent of the
lines of businesses and are organized on both a line of business and
enterprise-wide basis. For example, for Risk Management, a senior risk
executive is assigned to each of the lines of business and is responsible
for the oversight of all the risks associated with that line of business.
Enterprise-level risk executives have responsibility to develop and imple-
ment polices and practices to assess and manage enterprise-wide credit,
market and operational risks.
Corporate Audit, the third line of defense, provides an independent
assessment of our management and internal control systems. Corporate
Audit activities are designed to provide reasonable assurance that
resources are adequately protected; significant financial, managerial and
operating information is materially complete, accurate and reliable; and
employees’ actions are in compliance with corporate policies, standards,
procedures, and applicable laws and regulations.
We use various methods to manage risks at the line of business
levels and corporate-wide. Examples of these methods include planning
and forecasting, risk committees and forums, limits, models, and hedging
strategies. Planning and forecasting facilitates analysis of actual versus
planned results and provides an indication of unanticipated risk levels.
Generally, risk committees and forums are composed of lines of business,
risk management, treasury, compliance, legal and finance personnel,
among others, who actively monitor performance against plan, limits,
potential issues, and introduction of new products. Limits, the amount of
exposure that may be taken in a product, relationship, region or industry,
seek to align corporate-wide risk goals with those of each line of business
and are part of our overall risk management process to help reduce the
volatility of market, credit and operational losses. Models are used to
estimate market value and net interest income sensitivity, and to estimate
expected and unexpected losses for each product and line of business,
where appropriate. Hedging strategies are used to manage the risk of
borrower or counterparty concentration risk and to manage market risk in
the portfolio.
The formal processes used to manage risk represent only one portion
of our overall risk management process. Corporate culture and the actions
of our associates are also critical to effective risk management. Through
our Code of Ethics, we set a high standard for our associates. The Code of
Ethics provides a framework for all of our associates to conduct them-
selves with the highest integrity in the delivery of our products or services
to our customers. We instill a risk-conscious culture through communica-
tions, training, policies, procedures, and organizational roles and
responsibilities. Additionally, we continue to strengthen the linkage
between the associate performance management process and individual
compensation to encourage associates to work toward corporate-wide risk
goals.
Bank of America 2007
65