Bank of America 2013 Annual Report Download - page 61

Download and view the complete annual report

Please find page 61 of the 2013 Bank of America annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 284

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284

Bank of America 2013 59
consistent with the risk appetite. These risk teams also carry out
risk-based oversight of the enterprise control functions.
Independent business risk teams are responsible for
establishing policies, limits, standards, controls, metrics and
thresholds within the defined corporate standards for the
businesses to which they are aligned. The independent business
risk teams are also responsible for ensuring that risk limits and
standards are reasonable and consistent with the risk appetite.
Enterprise control functions are independent of the businesses
and have risk governance and control responsibilities for
enterprise programs. In this role, they are responsible for setting
policies, standards and limits; providing risk reporting; monitoring
systemic risk issues including existing and emerging; and
implementing procedures and controls at the enterprise and
business levels for their respective control functions.
The Corporate Audit function maintains independence from the
businesses and governance and control functions by reporting
directly to the Audit Committee of the Board. Corporate Audit
provides independent assessment and validation through testing
of key processes and controls across the Corporation. Corporate
Audit also provides an independent assessment of the
Corporation’s management and internal control systems.
Corporate Audit activities are designed to provide reasonable
assurance that resources are adequately protected; significant
financial, managerial and operating information is materially
complete, accurate and reliable; and employees’ actions are in
compliance with the Corporation’s policies, standards, procedures,
and applicable laws and regulations.
To assist the Corporation in achieving its goals and objectives,
risk appetite, and business and risk strategies, we utilize a risk
management process that is applied across the execution of all
business activities. This risk management process, which is an
integral part of our Risk Framework, enables the Corporation to
review risk in an integrated and comprehensive manner across all
risk categories and make strategic and business decisions based
on that comprehensive view. Corporate goals and objectives are
established by management, and management reflects these
goals and objectives in our risk appetite.
One of the key tools of the risk management process is the
use of Risk and Control Self Assessments (RCSAs). RCSAs are
the primary method for facilitating management of the business
environment and internal control factor data. The end-to-end RCSA
process incorporates risk identification and assessment of the
control environment; monitoring, reporting and escalating risk;
quality assurance and data validation; and integration with the risk
appetite. The RCSA process also incorporates documentation by
either the business or governance and control functions of the
business environment, risks, controls, and monitoring and
reporting. This results in a comprehensive risk management view
that enables understanding of and action on operational risks and
controls for all of our processes, products, activities and systems.
The formal processes used to manage risk represent a part of
our overall risk management process. Corporate culture and the
actions of our employees are also critical to effective risk
management. Through our Code of Conduct, we set a high standard
for our employees. The Code of Conduct provides a framework for
all of our employees to conduct themselves with the highest
integrity. We instill a strong and comprehensive risk management
culture through communications, training, policies, procedures,
and organizational roles and responsibilities. Additionally, we
continue to strengthen the link between the employee performance
management process and individual compensation to encourage
employees to work toward enterprise-wide risk goals.
Enterprise-wide Stress Testing
As a part of our core risk management practices, we conduct
enterprise-wide stress tests on a periodic basis to better
understand balance sheet, earnings, capital and liquidity
sensitivities to certain economic and business scenarios,
including economic and market conditions that are more severe
than anticipated. These enterprise-wide stress tests provide
illustrative hypothetical potential impacts from our risk profile on
our balance sheet, earnings, capital and liquidity and serve as a
key component of our capital, liquidity and risk management
practices. Scenarios are recommended by the Asset Liability and
Market Risk Committee (ALMRC) and approved by the CFO and
the CRO. Impacts to each business from each scenario are then
determined and analyzed, primarily by leveraging the models and
processes utilized in everyday management routines. Impacts are
assessed along with potential mitigating actions that may be
taken. Analysis from such stress scenarios is compiled for and
reviewed through our Chief Financial Officer Risk Committee
(CFORC), ALMRC and the Board’s Enterprise Risk Committee.
Contingency Planning Routines
We have developed and maintain contingency plans that prepare
us in advance to respond in the event of potential adverse
outcomes and scenarios. These contingency planning routines
include capital contingency planning, liquidity contingency funding
plans, recovery planning and enterprise resiliency, and provide
monitoring, escalation routines and response plans. Contingency
response plans are designed to enable us to increase capital,
access funding sources and reduce risk through consideration of
potential actions that includes asset sales, business sales, capital
or debt issuances and other de-risking strategies.
Board Oversight of Risk
The Board is comprised of a substantial majority of independent
directors. The Board is committed to strong, independent oversight
of management and risk through a governance structure that
includes Board committees and management committees. The
Board’s standing committees that oversee the management of the
majority of the risks faced by the Corporation include the Audit
and Enterprise Risk Committees, comprised of independent
directors, and the Credit Committee, comprised of non-
management directors. This governance structure is designed to
align the interests of the Board and management with those of
our shareholders and to foster integrity over risk management
throughout the Corporation.