Bank of America 2012 Annual Report Download - page 119

Download and view the complete annual report

Please find page 119 of the 2012 Bank of America annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 284

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284

Bank of America 2012 117
We approach operational risk management from two
perspectives to manage operational risk within the structure of
the Corporation: (1) at the enterprise level to provide independent,
integrated management of operational risk across the
organization, and (2) at the business and enterprise control
function levels to address operational risk in revenue producing
and non-revenue producing units. The Operational Risk
Management Program incorporates the overarching processes for
identifying, measuring, mitigating, controlling, monitoring, testing,
reviewing operational risk, and reporting operational risk
information to management and the Board. A sound internal
governance structure enhances the effectiveness of the
Corporation’s Operational Risk Management Program and is
accomplished at the enterprise level through formal oversight by
the Board, the CRO and a variety of management committees and
risk oversight groups aligned to the Corporation’s overall risk
governance framework and practices. Of these, the Compliance
and Operational Risk Committee (CORC) oversees the
Corporation’s policies and processes for sound operational risk
management. The CORC also serves as an escalation point for
critical operational risk matters within the Corporation. The CORC
reports operational risk activities to the Enterprise Risk Committee
of the Board.
Within the Global Risk Management organization, the
Corporate Operational Risk team develops and guides the
strategies, policies, practices, controls and monitoring tools for
assessing and managing operational risks across the organization
and reports results to businesses, enterprise control functions,
senior management, governance committees and the Board.
Corporate Audit provides independent assessment and
validation through testing of key processes and controls across
the Corporation. An annual Audit Plan ensures that coverage
activities address the significant aspects of the Corporation’s risk
profile. Risk assessments incorporating operational risk are
completed within the audit planning process.
The business and enterprise control functions are responsible
for managing all the risks within their units, including operational
risks. In addition to enterprise risk management tools such as
loss reporting, scenario analysis and RCSAs, operational risk
executives, working in conjunction with senior business
executives, have developed key tools to help identify, measure,
mitigate and monitor risk in each business and enterprise control
function. Examples of these include personnel management
practices; data reconciliation processes; fraud management units;
transaction processing, monitoring and analysis; business
recovery planning; and new product introduction processes. The
business and enterprise control functions are also responsible for
consistently implementing, and monitoring adherence to,
corporate practices.
Business and enterprise control function management uses
the enterprise RCSA process to identify and evaluate the status
of risk and control issues, including mitigation plans, as
appropriate. The goals of this process are to assess changing
market and business conditions, evaluate key risks impacting each
business and enterprise control function and assess the controls
in place to mitigate the risks. The RCSA process is documented
at periodic intervals. Key operational risk indicators for these risks
have been developed and are used to help identify trends and
issues on an enterprise, business and enterprise control function
level. Independent review and challenge to the Corporation’s
overall operational risk management framework is performed by
the Corporate Operational Risk Validation Team.
Enterprise control functions have risk governance and control
responsibilities for their enterprise programs (e.g., Global
Technology and Operations Group, Chief Financial Officer Group,
Global Marketing and Corporate Affairs, Global Human Resources).
They provide insights on day-to-day risk activities throughout the
Company by overseeing and managing the performance of their
functions against Company-wide expectations. The enterprise
control functions participate in the operational risk management
process in two ways. First, these organizations manage risk in their
functional department. Second, they provide specialized risk
management services (e.g., information management, vendor
management) within their area of expertise to the enterprise,
businesses and other enterprise control functions they support.
These groups also work with business and risk executives to
develop and guide appropriate strategies, policies, practices,
controls and monitoring tools for each business and enterprise
control function relative to these programs.
Additionally, where appropriate, insurance policies are
purchased to mitigate the impact of operational losses. These
insurance policies are explicitly incorporated in the structural
features of operational risk evaluation. As insurance recoveries,
especially given recent market events, are subject to legal and
financial uncertainty, the inclusion of these insurance policies is
subject to reductions in their expected mitigating benefits.
Complex Accounting Estimates
Our significant accounting principles, as described in Note 1 –
Summary of Significant Accounting Principles to the Consolidated
Financial Statements are essential in understanding the MD&A.
Many of our significant accounting principles require complex
judgments to estimate the values of assets and liabilities. We
have procedures and processes in place to facilitate making these
judgments.
The more judgmental estimates are summarized in the following
discussion. We have identified and described the development of
the variables most important in the estimation processes that
involve mathematical models to derive the estimates. In many
cases, there are numerous alternative judgments that could be
used in the process of determining the inputs to the models. Where
alternatives exist, we have used the factors that we believe
represent the most reasonable value in developing the inputs.
Actual performance that differs from our estimates of the key
variables could impact our results of operations. Separate from
the possible future impact to our results of operations from input
and model variables, the value of our lending portfolio and market-
sensitive assets and liabilities may change subsequent to the
balance sheet date, often significantly, due to the nature and
magnitude of future credit and market conditions. Such credit and
market conditions may change quickly and in unforeseen ways and
the resulting volatility could have a significant, negative effect on
future operating results. These fluctuations would not be indicative
of deficiencies in our models or inputs.
Allowance for Credit Losses
The allowance for credit losses, which includes the allowance for
loan and lease losses and the reserve for unfunded lending
commitments, represents management’s estimate of probable
losses inherent in the Corporation’s loan portfolio excluding those
loans accounted for under the fair value option. Changes to the
allowance for credit losses are reported in the Corporation’s
Consolidated Statement of Income in the provision for credit