Bank of America 2015 Annual Report Download - page 100

Download and view the complete annual report

Please find page 100 of the 2015 Bank of America annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 256

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256

98 Bank of America 2015
We approach operational risk management from two
perspectives within the structure of the Corporation: (1) at the
enterprise level to provide independent, integrated management
of operational risk across the organization, and (2) at the business
and control function levels to address operational risk in revenue
producing and non-revenue producing units. The Operational Risk
Management Program addresses the overarching processes for
identifying, measuring, monitoring and controlling operational risk,
and reporting operational risk information to management and the
Board. A sound internal governance structure enhances the
effectiveness of the Corporation’s Operational Risk Management
Program and is accomplished at the enterprise level through formal
oversight by the Board, the ERC, the CRO and a variety of
management committees and risk oversight groups aligned to the
Corporation’s overall risk governance framework and practices. Of
these, the MRC oversees the Corporation’s policies and processes
for sound operational risk management. The MRC also serves as
an escalation point for critical operational risk matters within the
Corporation. The MRC reports operational risk activities to the
ERC. The independent operational risk management teams
oversee the businesses and control functions to monitor
adherence to the Operational Risk Management Program and
advise and challenge operational risk exposures.
Within the Global Risk Management organization, the
Enterprise Operational Risk team develops and guides the
strategies, enterprise-wide policies, practices, controls and
monitoring tools for assessing and managing operational risks
across the organization. The Enterprise Operational Risk team
reports results to businesses, control functions, senior
management, management committees, the ERC and the Board.
The businesses and control functions are responsible for
assessing, monitoring and managing all the risks within their units,
including operational risks. In addition to enterprise risk
management tools such as loss reporting, scenario analysis and
RCSAs, operational risk executives, working in conjunction with
senior business executives, have developed key tools to help
identify, measure, monitor and control risk in each business and
control function. Examples of these include personnel
management practices; data management, data quality controls
and related processes; fraud management units; cybersecurity
controls, processes and systems; transaction processing,
monitoring and analysis; business recovery planning; and new
product introduction processes. The business and control
functions are also responsible for consistently implementing and
monitoring adherence to corporate practices.
Business and control function management uses the
enterprise RCSA process to capture the identification and
assessment of operational risk exposures and evaluate the status
of risk and control issues including risk mitigation plans, as
appropriate. The goals of this process are to assess changing
market and business conditions, evaluate key risks impacting each
business and control function, and assess the controls in place
to mitigate the risks. Key operational risk indicators have been
developed and are used to assist in identifying trends and issues
on an enterprise, business and control function level. Independent
review and challenge to the Corporation’s overall operational risk
management framework is performed by the Corporate Operational
Risk Program Adherence Team and reported through the
operational risk governance committees and management
routines.
Where appropriate, insurance policies are purchased to
mitigate the impact of operational losses. These insurance
policies are explicitly incorporated in the structural features of
operational risk evaluation. As insurance recoveries, especially
given recent market events, are subject to legal and financial
uncertainty, the inclusion of these insurance policies is subject to
reductions in their expected mitigating benefits.
Reputational Risk Management
Reputational risk is the risk that negative perceptions of the
Corporation’s conduct or business practices will adversely affect
its profitability or operations through an inability to establish new
or maintain existing customer/client relationships. Reputational
risk may result from many of the Corporation’s activities, including
those related to the management of our strategic, operational,
compliance and credit risks.
The Corporation manages reputational risk through
established policies and controls in its businesses and risk
management processes to mitigate reputational risks in a timely
manner and through proactive monitoring and identification of
potential reputational risk events. The Corporation has processes
and procedures in place to respond to events that give rise to
reputational risk, including educating individuals and organizations
that influence public opinion, external communication strategies
to mitigate the risk, and informing key stakeholders of potential
reputational risks.
The Corporation’s organization and governance structure
provides oversight of reputational risks, and key risk indicators are
reported regularly and directly to management and the ERC, which
provides primary oversight of reputational risk. In addition, each
FLU has a committee, which includes representatives from
Compliance, Legal and Risk, that is responsible for the oversight
of reputational risk. Such committees’ oversight includes providing
approval for business activities that present elevated levels of
reputational risks.
Complex Accounting Estimates
Our significant accounting principles, as described in Note 1 –
Summary of Significant Accounting Principles to the Consolidated
Financial Statements, are essential in understanding the MD&A.
Many of our significant accounting principles require complex
judgments to estimate the values of assets and liabilities. We
have procedures and processes in place to facilitate making these
judgments.
The more judgmental estimates are summarized in the following
discussion. We have identified and described the development of
the variables most important in the estimation processes that
involve mathematical models to derive the estimates. In many
cases, there are numerous alternative judgments that could be
used in the process of determining the inputs to the models. Where
alternatives exist, we have used the factors that we believe
represent the most reasonable value in developing the inputs.
Actual performance that differs from our estimates of the key
variables could impact our results of operations. Separate from
the possible future impact to our results of operations from input
and model variables, the value of our lending portfolio and market-
sensitive assets and liabilities may change subsequent to the
balance sheet date, often significantly, due to the nature and
magnitude of future credit and market conditions. Such credit and
market conditions may change quickly and in unforeseen ways and
the resulting volatility could have a significant, negative effect on
future operating results. These fluctuations would not be indicative
of deficiencies in our models or inputs.