Bank of America 2011 Annual Report Download - page 65

Download and view the complete annual report

Please find page 65 of the 2011 Bank of America annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 276

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276

Bank of America 2011 63
risk components, and is used to measure risk-adjusted returns.
In addition to reputational considerations, businesses operate
within their credit, market, compliance and operational risk
standards and limits in order to adhere to the risk appetite. These
limits are based on analyses of risk and reward in each business,
and executive management is responsible for tracking and
reporting performance measurements as well as any exceptions
to guidelines or limits. The Board monitors financial performance,
execution of the strategic and financial operating plans,
compliance with the risk appetite and the adequacy of internal
controls through its committees.
The Board has completed its review of the Risk Framework and
the Risk Appetite Statement for the Corporation, and both the Risk
Framework and Risk Appetite Statement were approved in January
2012. The Risk Framework defines the accountability of the
Corporation and its employees and the Risk Appetite Statement
defines the parameters under which we will take risk. Both
documents are intended to enable us to maximize our long-term
results and ensure the integrity of our assets and the quality of
our earnings. The Risk Framework is designed to be used by our
employees to understand risk management activities, including
their individual roles and accountabilities. It also defines how risk
management is integrated into our core business processes, and
it defines the risk management governance structure, including
management’s involvement. The risk management responsibilities
of the businesses, governance and control functions, and
Corporate Audit are also clearly defined. The risk management
process includes four critical elements: identify and measure risk,
mitigate and control risk, monitor and test risk, and report and
review risk, and is applied across all business activities to enable
an integrated and comprehensive review of risk consistent with
the Board’s Risk Appetite Statement.
Risk Management Processes and Methods
To support our corporate goals and objectives, risk appetite, and
business and risk strategies, we maintain a governance structure
that delineates the responsibilities for risk management activities,
as well as governance and oversight of those activities, by
management and the Board. All employees have accountability for
risk management. Each employee’s risk management
responsibilities falls into one of three major categories:
businesses, governance and control, and Corporate Audit.
Business managers and employees are accountable for
identifying, managing and escalating attention to all risks in their
business units, including existing and emerging risks. Business
managers must ensure that their business activities are conducted
within the risk appetite defined by management and approved by
the Board. The limits and controls for each business must be
consistent with the Risk Appetite Statement. Employees in client
and customer facing businesses are responsible for day-to-day
business activities, including developing and delivering profitable
products and services, fulfilling customer requests and
maintaining desirable customer relationships. These employees
are accountable for conducting their daily work in accordance with
policies and procedures. It is the responsibility of each employee
to protect the Corporation and defend the interests of the
shareholders.
Governance and control functions are comprised of Global Risk
Management, Global Compliance, Legal and the enterprise control
functions and are tasked with independently overseeing and
managing risk activities. Global Compliance (which included
Regulatory Relations) and Legal report to the Chief Legal,
Compliance and Regulatory Relations Executive. Enterprise control
functions consist of the Chief Financial Officer Group, Global
Technology and Operations, Global Human Resources, Global
Marketing and Corporate Affairs.
Global Risk Management is led by the Chief Risk Officer (CRO).
The CRO leads senior management in managing risk, is
independent from the Corporation’s business and enterprise
control functions, and maintains sufficient autonomy to develop
and implement meaningful risk management measures. This
position serves to protect the Corporation and its shareholders.
The CRO reports to the Chief Executive Officer (CEO) and is the
management team lead or a participant in Board-level risk
governance committees. The CRO has the mandate to ensure that
appropriate risk management practices are in place, and are
effective and consistent with our overall business strategy and
risk appetite. Global Risk Management is comprised of two types
of risk teams, Enterprise risk teams and independent business
risk teams, which report to the CRO and are independent from the
business and enterprise control functions.
Enterprise risk teams are responsible for setting and
establishing enterprise policies, programs and standards,
assessing program adherence, providing enterprise-level risk
oversight, and reporting and monitoring for systemic and emerging
risk issues. In addition, the Enterprise Risk Teams are responsible
for monitoring and ensuring that risk limits are reasonable and
consistent with the risk appetite. These risk teams also carry out
risk-based oversight of the enterprise control functions.
Independent business risk teams are responsible for
establishing policies, limits, standards, controls, metrics and
thresholds within the defined corporate standards for the
businesses to which they are aligned. The independent business
risk teams are also responsible for ensuring that risk limits and
standards are reasonable and consistent with the risk appetite.
Enterprise control functions are independent of the businesses
and have risk governance and control responsibilities for
enterprise programs. In this role, they are responsible for setting
policies, standards and limits; providing risk reporting; monitoring
for systemic risk issues including existing and emerging; and
implementing procedures and controls at the enterprise and
business levels for their respective control functions.
The Corporate Audit function and the Corporate General Auditor
maintain independence from the businesses and governance and
control functions by reporting directly to the Audit Committee of
the Board. Corporate Audit provides independent assessment and
validation through testing of key processes and controls across
the Corporation. Corporate Audit also provides an independent
assessment of the Corporation’s management and internal control
systems. Corporate Audit activities are designed to provide
reasonable assurance that resources are adequately protected;
significant financial, managerial and operating information is
materially complete, accurate and reliable; and employees’
actions are in compliance with the Corporation’s policies,
standards, procedures, and applicable laws and regulations.
To assist the Corporation in achieving its goals and objectives,
risk appetite, and business and risk strategies, we utilize a risk
management process that is applied across the execution of all
business activities. This risk management process, which is an
integral part of our Risk Framework, enables the Corporation to
review risk in an integrated and comprehensive manner across all
risk categories and make strategic and business decisions based
on that comprehensive view. Corporate goals and objectives are