Bank of America 2009 Annual Report Download - page 59

Download and view the complete annual report

Please find page 59 of the 2009 Bank of America annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 220

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220

responsibilities for risk management activities, as well as governance and
the oversight of those activities, by executive management and the
Board.
Economic capital is assigned to each business segment using a risk-
adjusted methodology incorporating each segment’s stand-alone credit,
market, interest rate and operational risk components, and is used to
measure risk-adjusted returns. Executive management assesses, and the
Board oversees, the risk-adjusted returns of each business through
review and approval of strategic and financial operating plans. By allocat-
ing economic capital to and establishing a risk appetite for a line of
business, we effectively manage the ability to take on risk. Businesses
operate within their credit, market, compliance, and operational risk
standards and limits in order to adhere to the risk appetite. These limits
are based on analyses of risk and reward in each line of business, and
executive management is responsible for tracking and reporting perform-
ance measurements as well as any exceptions to guidelines or limits. The
Board monitors financial performance, execution of the strategic and
financial operating plans, compliance with the risk appetite and the
adequacy of internal controls through its committees.
Our business exposes us to strategic, credit, market, liquidity, com-
pliance, operational and reputational risk. Strategic risk is the risk that
adverse business decisions, ineffective or inappropriate business plans,
or failure to respond to changes in the competitive environment, business
cycles, customer preferences, product obsolescence, execution and/or
other intrinsic risks of business will impact our ability to meet our
objectives. Credit risk is the risk of loss arising from a borrower’s or
counterparty’s inability to meet its obligations. Market risk is the risk that
values of assets and liabilities or revenues will be adversely affected by
changes in market conditions such as interest rate movements. Liquidity
risk is the inability to accommodate liability maturities and deposit with-
drawals, fund asset growth and meet contractual obligations through
unconstrained access to funding at reasonable market rates. Compliance
risk is the risk posed by the failure to manage regulatory, legal and eth-
ical issues that could result in monetary damages, losses or harm to our
reputation or image. Operational risk is the risk of loss resulting from
inadequate or failed internal processes, people and systems or external
events. Reputational risk, the risk that negative publicity will adversely
affect the Corporation, is managed as a natural part of managing the
other six types of risk. The following sections, Strategic Risk Management
on page 59, Liquidity Risk and Capital Management beginning on
page 59, Credit Risk Management beginning on page 66, Market Risk
Management beginning on page 91, Compliance Risk Management on
page 98, and Operational Risk Management beginning on page 98,
address in more detail the specific procedures, measures and analyses
of the major categories of risk that the Corporation manages.
On October 28, 2009, the Board approved the Risk Framework and
Risk Appetite Statement for the Corporation. The Risk Framework is
designed to be used by our associates to understand risk management
activities, including their individual roles and accountabilities. The Risk
Framework defines how risk management is integrated into our core busi-
ness processes, and it defines the risk management governance struc-
ture, including management’s involvement. The risk management
responsibilities of the lines of business, Governance and Control func-
tions, and Corporate Audit are also clearly defined. The Risk Framework
reflects how the Board-approved risk appetite influences business and
risk strategy. The management process (i.e., identify and measure risk,
mitigate and control risk, monitor and test risk, and report and review
risk) was enhanced for execution across all business activities. The Risk
Framework supports the accountability of the Corporation and its asso-
ciates to ensure the integrity of assets and the quality of earnings. The
Risk Appetite Statement defines the parameters under which we will take
risk to maximize our long-term results by ensuring the integrity of our
assets and the quality of our earnings. Our intent is for our risk appetite
to reflect a “through the cycle” view which will be reviewed and assessed
annually.
Risk Management Processes and Methods
To ensure that our corporate goals and objectives, risk appetite, and
business and risk strategies are achieved, we utilize a risk management
process that is applied in executing all business activities. All functions
and roles fall into one of three categories where risk must be managed.
These are lines of business, Governance and Control (Global Risk Man-
agement or other support groups) and Corporate Audit.
The lines of business are responsible for identifying and managing all
existing, reputational and emerging risks in their business units, since
this is where most of our risk-taking occurs. Line of business manage-
ment makes and executes the business plan and is closest to the chang-
ing nature of risks and, therefore, we believe is best able to implement
procedures and controls that align to policies and limits. Risk self-
assessments conducted by the business are used to identify risks and
calibrate the severity of potential risk issues. These assessments are
reviewed by the lines of business and executive management, including
senior Risk executives. To the extent appropriate, the assessments are
reviewed by the Board or its committees to ensure appropriate risk
management and oversight, and to identify enterprise-wide issues. Our
management processes, structures and policies aid us in complying with
laws and regulations and provide clear lines for decision-making and
accountability. Wherever practical, we attempt to house decision-making
authority as close to the transaction as possible while retaining super-
visory control functions from both inside and outside of the lines of busi-
ness.
The Governance and Control functions include our Risk Management,
Finance, Treasury, Technology and Operations, Human Resources, and
Legal functions. These groups are independent of the lines of business
and are organized with both line of business-aligned and enterprise-wide
functions. The Governance and Control functions are accountable for set-
ting policies, standards and limits according to the Risk Appetite State-
ment, providing risk reporting and monitoring, and ensuring
compliance. For example, in Global Risk Management, a senior risk
executive is assigned to each of the lines of business and is responsible
for the oversight of all the risks associated with that line of business and
ensuring compliance with policies, standards and limits. Enterprise-level
risk executives have responsibility to develop and implement the frame-
work for policies and practices to assess and manage enterprise-wide
credit, market, compliance and operational risks.
Corporate Audit provides an independent assessment of our manage-
ment and internal control systems through testing of key processes and
controls across the organization. Corporate Audit activities are designed
to provide reasonable assurance that resources are adequately pro-
tected; significant financial, managerial and operating information is
materially complete, accurate and reliable; and employees’ actions are in
compliance with the Corporation’s policies, standards, procedures, and
applicable laws and regulations.
We use a risk management process, applied across the execution of
all business activities, that is designed to identify and measure, mitigate
and control, monitor and test, and report and review risks. This process
enables us to review risks in an integrated and comprehensive manner
and make strategic and business decisions based on that comprehensive
view. Corporate goals and objectives and risk appetite are established by
executive management, approved by the Board, and are inputs to setting
business and risk strategy which guide the execution of business activ-
ities. Governance, continuous feedback, and independent testing and
validation provide structured controls, reporting and audit of the execution
Bank of America 2009
57