Bank of America 2013 Annual Report Download - page 60

Download and view the complete annual report

Please find page 60 of the 2013 Bank of America annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 284

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284

58 Bank of America 2013
measures and analyses of the major categories of risk that we
manage.
In choosing when and how to take risks, we evaluate our
capacity for risk and seek to protect our brand and reputation, our
financial flexibility, the value of our assets and the strategic
potential of the Corporation. We intend to maintain a strong and
flexible financial position. We also intend to focus on maintaining
our relevance and value to customers, employees and
shareholders. As part of our efforts to achieve these objectives,
we continue to build a comprehensive risk management culture
and to implement governance and control measures to strengthen
that culture.
We take a comprehensive approach to risk management. We
have a defined risk framework and articulated risk appetite which
are approved annually by the Corporation’s Board of Directors (the
Board). Risk management planning is integrated with strategic,
financial and customer/client planning so that goals and
responsibilities are aligned across the organization. Risk is
managed in a systematic manner by focusing on the Corporation
as a whole as well as managing risk across the enterprise and
within individual business units, products, services and
transactions, and across all geographic locations. We maintain a
governance structure that delineates the responsibilities for risk
management activities, as well as governance and oversight of
those activities.
Executive management assesses, with Board oversight, the
risk-adjusted returns of each business segment. Management
reviews and approves strategic and financial operating plans, and
recommends to the Board for approval a financial plan annually.
Our strategic plan takes into consideration return objectives and
financial resources, which must align with risk capacity and risk
appetite. Management sets financial objectives for each business
by allocating capital and setting a target for return on capital for
each business. Capital allocations and operating limits are
regularly evaluated as part of our overall governance processes
as the businesses and the economic environment in which we
operate continue to evolve.
In addition to reputational considerations, businesses operate
within their credit, market, compliance and operational risk
standards and limits in order to adhere to the risk appetite. These
limits are based on analyses of risk and reward in each business.
Executive management is responsible for tracking and reporting
performance measurements as well as any exceptions to
guidelines or limits. The Board, and its committees when
appropriate, monitor financial performance, execution of the
strategic and financial operating plans, compliance with the risk
appetite and the adequacy of internal controls.
As part of its annual review, the Board approved both the Risk
Framework and Risk Appetite Statement in January 2014. The Risk
Framework defines the accountability of the Corporation and its
employees and the Risk Appetite Statement defines the
parameters under which we will take risk. Both documents are
intended to enable us to maximize our long-term results and ensure
the integrity of our assets and the quality of our earnings. The Risk
Framework is designed to be used by our employees to understand
risk management activities, including their individual roles and
accountabilities. It also defines how risk management is integrated
into our core business processes, and it defines the risk
management governance structure, including management’s
involvement. The risk management responsibilities of the
businesses, governance and control functions, and Corporate
Audit are also clearly defined. The risk management process
includes four critical elements: identify and measure risk, mitigate
and control risk, monitor and test risk, and report and review risk,
and is applied across all business activities to enable an integrated
and comprehensive review of risk consistent with the Risk Appetite
Statement.
Risk Management Processes and Methods
To support our corporate goals and objectives, risk appetite, and
business and risk strategies, we maintain a governance structure
that delineates the responsibilities for risk management activities,
as well as governance and oversight of those activities, by
management and the Board. All employees have accountability for
risk management. Each employee’s risk management
responsibilities fall into one of three major categories: businesses,
governance and control, and Corporate Audit.
Business managers and employees are accountable for
identifying, managing and escalating attention to all risks in their
business units, including existing and emerging risks. Business
managers must ensure that their business activities are conducted
within the risk appetite defined by management and approved by
the Board. The limits and controls for each business must be
consistent with the Risk Appetite Statement. Employees in client
and customer facing businesses are responsible for day-to-day
business activities, including developing and delivering profitable
products and services, fulfilling customer requests and
maintaining desirable customer relationships. These employees
are accountable for conducting their daily work in accordance with
policies and procedures. It is the responsibility of each employee
to protect the Corporation and defend the interests of the
shareholders.
Governance and control functions are comprised of Global Risk
Management, Global Compliance, Legal and the enterprise control
functions, and are tasked with independently overseeing and
managing risk activities. Global Compliance (which includes
Regulatory Relations) and Legal report to the Global General
Counsel and Head of Compliance and Regulatory Relations
Executive. Enterprise control functions consist of the Chief
Financial Officer (CFO) Group, Global Technology and Operations,
Global Human Resources, and Global Marketing and Corporate
Affairs.
Global Risk Management is led by the Chief Risk Officer (CRO).
The CRO leads senior management in managing risk, is
independent from the Corporation’s businesses and enterprise
control functions, and maintains sufficient autonomy to develop
and implement meaningful risk management measures. This
position serves to protect the Corporation and its shareholders.
The CRO reports to the Chief Executive Officer (CEO) and is the
management team lead or a participant in Board-level risk
governance committees. The CRO has the mandate to ensure that
appropriate risk management practices are in place, and are
effective and consistent with our overall business strategy and
risk appetite. Global Risk Management is comprised of two types
of risk teams, Enterprise risk teams and independent business
risk teams, which report to the CRO and are independent from the
business and enterprise control functions.
Enterprise risk teams are responsible for setting and
establishing enterprise policies, programs and standards,
assessing program adherence, providing enterprise-level risk
oversight, and reporting and monitoring systemic and emerging
risk issues. In addition, the enterprise risk teams are responsible
for monitoring and ensuring that risk limits are reasonable and