Bank of America 2014 Annual Report Download - page 57

Download and view the complete annual report

Please find page 57 of the 2014 Bank of America annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 272

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272

Bank of America 2014 55
and alerts to executive management, management-level
committees or the Board (directly or through an appropriate
committee).
Control – We establish and communicate risk limits and controls
through policies, standards, procedures and processes that
define the responsibilities and authority for risk taking. The
limits and controls can be adjusted by the Board or
management when conditions or risk tolerances warrant.
These limits may be absolute (e.g., loan amount, trading
volume) or relative (e.g., percentage of loan book in higher-risk
categories). Our lines of business are held accountable to
perform within the established limits.
Among the key tools in the risk management process are the
Risk and Control Self Assessments (RCSAs). The RCSA process,
consistent with IMMC, is one of our primary methods for capturing
the identification and assessment of operational risk exposures,
including inherent and residual operational risk ratings, and control
effectiveness ratings. The end-to-end RCSA process incorporates
risk identification and assessment of the control environment;
monitoring, reporting and escalating risk; quality assurance and
data validation; and integration with the risk appetite. This results
in a comprehensive risk management view that enables
understanding of and action on operational risks and controls for
our processes, products, activities and systems.
The formal processes used to manage risk represent a part of
our overall risk management process. Corporate culture and the
actions of our employees are also critical to effective risk
management. Through our Code of Conduct, we set a high standard
for our employees. The Code of Conduct provides a framework for
all of our employees to conduct themselves with the highest
integrity. We instill a strong and comprehensive risk management
culture through communications, training, policies, procedures,
and organizational roles and responsibilities. Additionally, we
continue to strengthen the link between the employee performance
management process and individual compensation to encourage
employees to work toward enterprise-wide risk goals.
Corporation-wide Stress Testing
As a part of our core risk management practices, we conduct
corporation-wide stress tests on a periodic basis to better
understand balance sheet, earnings, capital and liquidity
sensitivities to certain economic and business scenarios,
including economic and market conditions that are more severe
than anticipated. These corporation-wide stress tests provide
illustrative hypothetical potential impacts from our risk profile on
our balance sheet, earnings, capital and liquidity and serve as a
key component of our capital, liquidity and risk management
practices. Scenarios are recommended by the MRC and approved
by the CFO and the CRO. Impacts to each business from each
scenario are then determined and analyzed, primarily by leveraging
the models and processes utilized in everyday management
routines. Impacts are assessed along with potential mitigating
actions that may be taken. Analysis from such stress scenarios
is compiled for and reviewed by the MRC and ERC.
Contingency Planning Routines
We have developed and maintain contingency plans that are
designed to prepare us in advance to respond in the event of
potential adverse outcomes and scenarios. These contingency
planning routines include capital contingency planning, liquidity
contingency funding plans, recovery planning and enterprise
resiliency, and provide monitoring, escalation routines and
response plans. Contingency response plans are designed to
enable us to increase capital, access funding sources and reduce
risk through consideration of potential actions that include asset
sales, business sales, capital or debt issuances, and other de-
risking strategies.
Strategic Risk Management
Strategic risk is embedded in every business and is one of the
major risk categories along with credit, market, liquidity,
compliance, operational and reputational risks. It is the risk that
results from incorrect assumptions, unsuitable business plans,
ineffective strategy execution, or failure to respond in a timely
manner to changes in the regulatory, macroeconomic and
competitive environments, customer preferences, and technology
developments in the geographic locations in which we operate.
We face significant strategic risk due to the changing regulatory
environment and the fast-paced development of new products and
technologies in the financial services industries. Our appetite for
strategic risk is assessed based on the strategic plan, with
strategic risks selectively and carefully considered against the
backdrop of the evolving marketplace. Strategic risk is managed
in the context of our overall financial condition, risk appetite and
stress test results, among other considerations. The CEO and
executive management team manage and act on significant
strategic actions, such as divestitures, consolidation of legal
entities or capital actions subsequent to required review and
approval by the Board.
Executive management develops and approves a strategic plan
each year, which is reviewed and approved by the Board. Annually,
executive management develops a financial operating plan, which
is reviewed and approved by the Board, that implements the
strategic goals for that year. With oversight by the Board, executive
management ensures that consistency is applied while executing
the Corporation’s strategic plan, core operating tenets and risk
appetite. The following are assessed in the executive reviews:
forecasted earnings and returns on capital, the current risk profile,
current capital and liquidity requirements, staffing levels and
changes required to support the plan, stress testing results, and
other qualitative factors such as market growth rates and peer
analysis. At the business level, as we introduce new products, we
monitor their performance relative to expectations (e.g., for
earnings and returns on capital). With oversight by the Board and
the ERC, executive management performs similar analyses
throughout the year, and evaluates changes to the financial
forecast or the risk, capital or liquidity positions as deemed
appropriate to balance and optimize achieving the targeted risk
appetite, shareholder returns and maintaining the targeted
financial strength.
We use proprietary models to measure the capital requirements
for credit, country, market, operational and strategic risks. The
allocated capital assigned to each business is based on its unique
risk exposures. With oversight by the Board, executive
management assesses the risk-adjusted returns of each business
in approving strategic and financial operating plans. The
businesses use allocated capital to define business strategies,
and price products and transactions. For more information on how
this measure is calculated, see Supplemental Financial Data on
page 29.