Bank of America 2013 Annual Report Download - page 115

Download and view the complete annual report

Please find page 115 of the 2013 Bank of America annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 284

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284

Bank of America 2013 113
identifying, measuring, mitigating, controlling, monitoring, testing
and reviewing operational risk, and reporting operational risk
information to management and the Board. A sound internal
governance structure enhances the effectiveness of the
Corporation’s Operational Risk Management Program and is
accomplished at the enterprise level through formal oversight by
the Board, the CRO and a variety of management committees and
risk oversight groups aligned to the Corporation’s overall risk
governance framework and practices. Of these, the Compliance
and Operational Risk Committee (CORC) oversees the
Corporation’s policies and processes for sound operational risk
management. The CORC also serves as an escalation point for
critical operational risk matters within the Corporation. The CORC
reports operational risk activities to the Enterprise Risk Committee
of the Board.
Within the Global Risk Management organization, the
Corporate Operational Risk team develops and guides the
strategies, policies, practices, controls and monitoring tools for
assessing and managing operational risks across the organization
and reports results to businesses, enterprise control functions,
senior management, governance committees and the Board.
Corporate Audit provides independent assessment and
validation through testing of key processes and controls across
the Corporation. An annual Audit Plan ensures that coverage
activities address the significant aspects of the Corporation’s risk
profile. Risk assessments incorporating operational risk are
completed within the audit planning process.
The business and enterprise control functions are responsible
for managing all the risks within their units, including operational
risks. In addition to enterprise risk management tools such as
loss reporting, scenario analysis and RCSAs, operational risk
executives, working in conjunction with senior business
executives, have developed key tools to help identify, measure,
mitigate and monitor risk in each business and enterprise control
function. Examples of these include personnel management
practices; data reconciliation processes; fraud management units;
cybersecurity controls, processes and systems; transaction
processing, monitoring and analysis; business recovery planning;
and new product introduction processes. The business and
enterprise control functions are also responsible for consistently
implementing and monitoring adherence to corporate practices.
Business and enterprise control function management uses
the enterprise RCSA process to identify and evaluate the status
of risk and control issues including mitigation plans, as
appropriate. The goals of this process are to assess changing
market and business conditions, evaluate key risks impacting each
business and enterprise control function and assess the controls
in place to mitigate the risks. Key operational risk indicators for
these risks have been developed and are used to assist in
identifying trends and issues on an enterprise, business and
enterprise control function level. Independent review and challenge
to the Corporation’s overall operational risk management
framework is performed by the Corporate Operational Risk
Validation Team.
Enterprise control functions have risk governance and control
responsibilities for their enterprise programs (e.g., Global
Technology and Operations Group, CFO Group, Global Marketing
and Corporate Affairs, Global Human Resources). They provide
insights on day-to-day risk activities throughout the Corporation by
overseeing and managing the performance of their functions
against Corporation-wide expectations. The enterprise control
functions participate in the operational risk management process
in two ways. First, these organizations manage risk in their
functional department. Second, they provide specialized risk
management services (e.g., information management, vendor
management) within their area of expertise to the enterprise,
businesses and other enterprise control functions they support.
These groups also work with business and risk executives to
develop and guide appropriate strategies, policies, practices,
controls and monitoring tools for each business and enterprise
control function relative to these programs.
Where appropriate, insurance policies are purchased to
mitigate the impact of operational losses. These insurance
policies are explicitly incorporated in the structural features of
operational risk evaluation. As insurance recoveries, especially
given recent market events, are subject to legal and financial
uncertainty, the inclusion of these insurance policies is subject to
reductions in their expected mitigating benefits.
Complex Accounting Estimates
Our significant accounting principles, as described in Note 1 –
Summary of Significant Accounting Principles to the Consolidated
Financial Statements are essential in understanding the MD&A.
Many of our significant accounting principles require complex
judgments to estimate the values of assets and liabilities. We
have procedures and processes in place to facilitate making these
judgments.
The more judgmental estimates are summarized in the following
discussion. We have identified and described the development of
the variables most important in the estimation processes that
involve mathematical models to derive the estimates. In many
cases, there are numerous alternative judgments that could be
used in the process of determining the inputs to the models. Where
alternatives exist, we have used the factors that we believe
represent the most reasonable value in developing the inputs.
Actual performance that differs from our estimates of the key
variables could impact our results of operations. Separate from
the possible future impact to our results of operations from input
and model variables, the value of our lending portfolio and market-
sensitive assets and liabilities may change subsequent to the
balance sheet date, often significantly, due to the nature and
magnitude of future credit and market conditions. Such credit and
market conditions may change quickly and in unforeseen ways and
the resulting volatility could have a significant, negative effect on
future operating results. These fluctuations would not be indicative
of deficiencies in our models or inputs.
Allowance for Credit Losses
The allowance for credit losses, which includes the allowance for
loan and lease losses and the reserve for unfunded lending
commitments, represents management’s estimate of probable
losses inherent in the Corporation’s loan portfolio excluding those
loans accounted for under the fair value option. Our process for
determining the allowance for credit losses is discussed in Note
1 – Summary of Significant Accounting Principles to the
Consolidated Financial Statements. We evaluate our allowance at
the portfolio segment level and our portfolio segments are Home
Loans, Credit Card and Other Consumer, and Commercial. Due to
the variability in the drivers of the assumptions used in this
process, estimates of the portfolio’s inherent risks and overall
collectability change with changes in the economy, individual
industries, countries, and borrowers’ ability and willingness to
repay their obligations. The degree to which any particular