Capital One 2003 Annual Report Download - page 26

Download and view the complete annual report

Please find page 26 of the 2003 Capital One annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 136

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136

Asset and Liability Management Committee and its sub-committee on risk management chaired by the Vice
President of Global Planning. The Company currently manages and mitigates its interest rate sensitivity through
several techniques, which include, but are not limited to, changing the maturity and repricing characteristics of
various balance sheet categories and by entering into interest rate swaps. The Company currently manages and
mitigates its exposure to foreign currency exchange risk by entering into hedges for all material foreign currency
denominated transactions. See page 54 in Item 7 “Management’s Discussion and Analysis of Financial Condition
and Results of Operations—Market Risk Management” for additional information.
Operational Risk Management
Operational risk is the risk of direct or indirect loss resulting from inadequate or failed processes, systems,
people, or exposure to external events. The Company employs several principles in the management of
operational risk:
Business areas are accountable for managing their own operational risks and the maintenance of
effective internal controls.
The operational risk management group of the ERM department implements common methodologies
including a self assessment program and operational loss event database.
Governance of operational risk is provided by the ERM Committee, a committee of senior management,
and the Audit and Risk Committee of the Board of Directors.
Operational risk is a normal part of business for any financial services firm. It may manifest itself in many ways,
such as fraud by employees or persons outside the Company, business interruptions, errors related to processing
and systems, and model errors. The risk of loss includes the potential for legal actions arising as a result of an
operational deficiency or as a result of noncompliance with applicable laws or regulatory standards. The
Company could also suffer financial loss, face regulatory action, not be able to service customers and suffer
damages to its reputation.
The operational risk management group of the ERM department is responsible for building and implementing
methodologies and supporting technology to assist business areas in the management of operational risk, as well
as aggregating, analyzing and reporting the results. The individual business areas utilize Business Risk Offices
staffed by associates who are trained in operational loss event collection, operational risk assessment and
mitigation planning and reporting.
The key tools used in operational risk management are a risk self assessment process and an operational loss
event database. The goal is to create an explicit process for risk identification and assessment to increase
awareness of exposures and focus appropriate attention on important risks. Key risk exposures are identified by
each business area and evaluated according to potential impact and likelihood, as well as the quality of the
related controls. If appropriate, mitigation plans are developed for certain identified risks and progress is tracked
against the plans. Business units are required to conduct self assessments at least annually.
There are many specialized activities designed to mitigate key operational risks facing the Company. These
include a dedicated fraud management department, programs for third party supplier risk management,
information security and business continuity planning, development and maintenance of required policies and
procedures, and decision model analysis.
The Company also uses a comprehensive methodology to capture operational loss events. The goal is to create
awareness of the Company’s risks and learn from past experience. Loss events are captured from each business
area and central collection points where available. Each is valued according to a consistent methodology, and
categorized according to the standard Basel subcategories for operational risk. Reporting is provided for trends of
number and dollars of losses, analyses by event categories and business lines and assessments of common causes.
8