Bank of America 2010 Annual Report Download - page 66

Download and view the complete annual report

Please find page 66 of the 2010 Bank of America annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 252

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252

publicity regarding an organization’s conduct or business practices will ad-
versely affect its profitability, operations or customer base, or require costly
litigation or other measures. Reputational risk is evaluated within all of the risk
categories and throughout the risk management process, and as such is not
discussed separately herein. The following sections, Strategic Risk Manage-
ment beginning on page 66, Capital Management beginning on page 67,
Liquidity Risk beginning on page 71, Credit Risk Management beginning on
page 75, Market Risk Management beginning on page 104, Compliance Risk
Management on page 110 and Operational Risk Management beginning on
page 110, address in more detail the specific procedures, measures and
analyses of the major categories of risk that we manage.
In choosing when and how to take risks, we evaluate our capacity for risk
and seek to protect our brand and reputation, our financial flexibility, the value
of our assets and the strategic potential of our Corporation. We intend to
maintain a strong and flexible financial position that will allow us to success-
fully weather challenging economic times and take advantage of opportunities
to grow. We also intend to focus on maintaining our relevance and value to
customers, associates and shareholders. To achieve these objectives, we
have built a comprehensive risk management culture and have implemented
governance and control measures to maintain that culture.
Our risk management infrastructure is continually evolving to meet the
heightened challenges posed by the increased complexity of the financial
services industry and markets, by our increased size and global footprint, and
by the financial crisis. We have a defined risk framework and clearly articu-
lated risk appetite which is approved annually by the Corporation’s Board of
Directors (the Board).
We take a comprehensive approach to risk management. Risk manage-
ment planning is fully integrated with strategic, financial and customer/client
planning so that goals and responsibilities are aligned across the organiza-
tion. Risk is managed in a systematic manner by focusing on the Corporation
as a whole as well as managing risk across the enterprise and within individual
business units, products, services and transactions, and across all geo-
graphic locations. We maintain a governance structure that delineates the
responsibilities for risk management activities, as well as governance and
oversight of those activities, by executive management and the Board.
Executive management assesses, and the Board oversees, the risk-ad-
justed returns of each business segment through review and approval of
strategic and financial operating plans. By allocating economic capital to and
establishing a risk appetite for a business segment, we seek to effectively
manage the ability to take on risk. Economic capital is assigned to each
business segment using a risk-adjusted methodology incorporating each seg-
ment’s stand-alone credit, market, interest rate and operational risk compo-
nents, and is used to measure risk-adjusted returns. Businesses operate within
their credit, market, compliance and operational risk standards and limits in
order to adhere to the risk appetite. These limits are based on analyses of risk
and reward in each line of business, and executive management is responsible
for tracking and reporting performance measurements as well as any excep-
tions to guidelines or limits. The Board monitors financial performance, exe-
cution of the strategic and financial operating plans, compliance with the risk
appetite and the adequacy of internal controls through its committees.
On December 14, 2010, the Board completed its annual review and
approval of the Risk Framework and the Risk Appetite Statement for the
Corporation. The Risk Framework defines the accountability of the Corporation
and its associates and the Risk Appetite Statement defines the parameters
under which we will take risk. Both documents are intended to enable us to
maximize our long-term results and ensure the integrity of our assets and the
quality of our earnings. The Risk Framework is designed to be used by our
associates to understand risk management activities, including their individ-
ual roles and accountabilities. It also defines how risk management is inte-
grated into our core business processes, and it defines the risk management
governance structure, including management’s involvement. The risk
management responsibilities of the lines of business, governance and control
functions, and Corporate Audit are also clearly defined, and reflects how the
Board-approved risk appetite influences business and risk strategy. The risk
management process contains four elements: identify and measure risk,
mitigate and control risk, monitor and test risk, and report and review risk, and
is applied across all business activities to enable an integrated and compre-
hensive review of risk consistent with the Board’s Risk Appetite Statement.
Risk Management Processes and Methods
To support our corporate goals and objectives, risk appetite, and business and
risk strategies, we maintain a governance structure that delineates the respon-
sibilities for risk management activities, as well as governance and oversight of
those activities, by management and the Board. All associates have account-
ability for risk management. Each associate’s risk management responsibilities
falls into one of three major categories: lines of business, governance and control
(Global Risk Management and enterprise control functions) and Corporate Audit.
Line of business managers and associates are accountable for identifying,
managing and escalating attention, as appropriate, to all risks in their busi-
ness units, including existing and emerging risks. Line of business managers
must ensure that their business activities are conducted within the risk
appetite defined by management and approved by the Board. The limits
and controls for each business must be consistent with the Risk Appetite
Statement. Line of business associates in client and customer facing busi-
nesses are responsible for day-to-day business activities, including develop-
ing and delivering profitable products and services, fulfilling customer re-
quests and maintaining desirable customer relationships. These associates
are accountable for conducting their daily work in accordance with policies and
procedures. It is the responsibility of each associate to protect the Corpora-
tion and defend the interests of the shareholders.
Governance and control functions are comprised of Global Risk Manage-
ment and the enterprise control functions. Global Risk Management is led by
the Chief Risk Officer (CRO). The CRO leads senior management in managing
risk, is independent from the Corporation’s lines of business and enterprise
control functions, and maintains sufficient autonomy to develop and imple-
ment meaningful risk management measures. This position serves to protect
the Corporation and its shareholders. The CRO reports to the Chief Executive
Officer (CEO) and is the management team lead or a participant in Board-level
risk governance committees. The CRO has the mandate to ensure that
appropriate risk management practices are in place, effective and consistent
with our overall business strategy and risk appetite. Global Risk Management
is comprised of two types of risk teams, Enterprise Risk Teams and inde-
pendent line of business risk teams, which report to the CRO and are
independent from the lines of business and enterprise control functions.
Enterprise Risk Teams are responsible for setting and establishing enter-
prise policies, programs and standards, assessing program adherence, pro-
viding enterprise-level risk oversight, and reporting and monitoring for sys-
temic and emerging risk issues. In addition, the Enterprise Risk Teams are
responsible for monitoring and ensuring that risk limits are reasonable and
consistent with the risk appetite. These risk teams also carry out risk-based
oversight of the enterprise control functions.
Independent line of business risk teams are responsible for establishing
policies, limits, standards, controls, metrics and thresholds within the defined
corporate standards for the lines of business to which they are aligned. The
independent line of business risk teams are responsible for ensuring that risk
limits and standards are reasonable and consistent with the risk appetite.
Enterprise control functions are independent of the lines of business and
have risk governance and control responsibilities for enterprise programs. In
this role, they are responsible for setting policies, standards and limits;
providing risk reporting; monitoring for systemic risk issues including existing,
emerging and reputational; and implementing procedures and controls at the
64 Bank of America 2010