Bank of America 2012 Annual Report Download - page 66

Download and view the complete annual report

Please find page 66 of the 2012 Bank of America annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 284

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284

64 Bank of America 2012
Enterprise risk teams are responsible for setting and
establishing enterprise policies, programs and standards,
assessing program adherence, providing enterprise-level risk
oversight, and reporting and monitoring systemic and emerging
risk issues. In addition, the enterprise risk teams are responsible
for monitoring and ensuring that risk limits are reasonable and
consistent with the risk appetite. These risk teams also carry out
risk-based oversight of the enterprise control functions.
Independent business risk teams are responsible for
establishing policies, limits, standards, controls, metrics and
thresholds within the defined corporate standards for the
businesses to which they are aligned. The independent business
risk teams are also responsible for ensuring that risk limits and
standards are reasonable and consistent with the risk appetite.
Enterprise control functions are independent of the businesses
and have risk governance and control responsibilities for
enterprise programs. In this role, they are responsible for setting
policies, standards and limits; providing risk reporting; monitoring
systemic risk issues including existing and emerging; and
implementing procedures and controls at the enterprise and
business levels for their respective control functions.
The Corporate Audit function maintains independence from the
businesses and governance and control functions by reporting
directly to the Audit Committee of the Board. Corporate Audit
provides independent assessment and validation through testing
of key processes and controls across the Corporation. Corporate
Audit also provides an independent assessment of the
Corporation’s management and internal control systems.
Corporate Audit activities are designed to provide reasonable
assurance that resources are adequately protected; significant
financial, managerial and operating information is materially
complete, accurate and reliable; and employees’ actions are in
compliance with the Corporation’s policies, standards, procedures,
and applicable laws and regulations.
To assist the Corporation in achieving its goals and objectives,
risk appetite, and business and risk strategies, we utilize a risk
management process that is applied across the execution of all
business activities. This risk management process, which is an
integral part of our Risk Framework, enables the Corporation to
review risk in an integrated and comprehensive manner across all
risk categories and make strategic and business decisions based
on that comprehensive view. Corporate goals and objectives are
established by management, and management reflects these
goals and objectives in our risk appetite which is approved by the
Board and serves as a key driver for setting business and risk
strategy.
One of the key tools of the risk management process is the
use of Risk and Control Self Assessments (RCSAs). RCSAs are
the primary method for facilitating the management of business
environment and internal control factor data. The end-to-end RCSA
process incorporates risk identification and assessment of the
control environment; monitoring, reporting and escalating risk;
quality assurance and data validation; and integration with the risk
appetite. The RCSA process also incorporates documentation by
either the business or governance and control functions of the
business environment, risks, controls, and monitoring and
reporting. This results in a comprehensive risk management view
that enables understanding of and action on operational risks and
controls for all of our processes, products, activities and systems.
The formal processes used to manage risk represent a part of
our overall risk management process. Corporate culture and the
actions of our employees are also critical to effective risk
management. Through our Code of Ethics, we set a high standard
for our employees. The Code of Ethics provides a framework for
all of our employees to conduct themselves with the highest
integrity. We instill a strong and comprehensive risk management
culture through communications, training, policies, procedures,
and organizational roles and responsibilities. Additionally, we
continue to strengthen the link between the employee performance
management process and individual compensation to encourage
employees to work toward enterprise-wide risk goals.
Enterprise-wide Stress Testing
As a part of our core risk management practices, we conduct
enterprise-wide stress tests on a periodic basis to better
understand balance sheet, earnings, capital and liquidity
sensitivities to certain economic and business scenarios,
including economic and market conditions that are more severe
than anticipated. These enterprise-wide stress tests provide
illustrative hypothetical potential impacts from our risk profile on
our balance sheet, earnings, capital and liquidity and serve as a
key component of our capital, liquidity and risk management
practices. Scenarios are selected by the Asset Liability and Market
Risk Committee (ALMRC) and approved by the CFO and the CRO.
Impacts to each business from each scenario are then determined
and analyzed, primarily by leveraging the models and processes
utilized in everyday management routines. Impacts are assessed
along with potential mitigating actions that may be taken. Analysis
from such stress scenarios is compiled for and reviewed through
our Chief Financial Officer Risk Committee (CFORC), ALMRC and
the Board’s Enterprise Risk Committee.
Contingency Planning Routines
We have developed and maintain contingency plans that prepare
us in advance to respond in the event of potential adverse
outcomes and scenarios. These contingency planning routines
include capital contingency planning, liquidity contingency funding
plans, recovery planning and enterprise resiliency, and provide for
monitoring, escalation routines, and response plans. Contingency
response plans are designed to enable us to increase capital,
access funding sources, and reduce risk through consideration of
potential actions that includes asset sales, business sales, capital
or debt issuances, and other de-risking strategies.
Board Oversight of Risk
The Board, comprised of a substantial majority of independent
directors, including an independent Chairman of the Board,
oversees the management of the Corporation through a
governance structure that includes Board committees and
management committees. The Board’s standing committees that
oversee the management of the majority of the risks faced by the
Corporation include the Audit and Enterprise Risk Committees,
comprised of independent directors, and the Credit Committee,
comprised of non-management directors. This governance
structure is designed to align the interests of the Board and
management with those of our stockholders and to foster integrity
throughout the Corporation.