Capital One 2004 Annual Report Download - page 32

Download and view the complete annual report

Please find page 32 of the 2004 Capital One annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 137

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137

There are many specialized activities designed to mitigate key operational risks facing the Company. These
include a dedicated fraud management department, programs for third party supplier risk management,
information security and business continuity planning, development and maintenance of required policies and
procedures, and decision model analysis.
Legal Risk Management
Legal risk represents the risk of loss related to (i) new and changed laws and regulations, (ii) interpretations of
law, (iii) the Company’s legal entity structure and (iv) the drafting of contracts. The management of legal risk,
domestically and internationally, is overseen by the Company’s General Counsel. Due to the Company’s
significant reliance on certain contractual relationships, including with its funding providers, as well as its
evolving corporate structure and heavily regulated industry, the Company faces significant levels of legal risk.
The Company also faces risk of loss from litigation, which is primarily managed by the Company’s legal
department.
Strategic Risk Management
Strategic risk is the risk to earnings or capital from operating the Company in a competitive environment. The
Executive Committee, described above, is the principal management forum for discussion of strategic risk. The
Company assesses strategic risk in its annual planning process, which includes both a top-down process set by
the Board of Directors and a bottom-up process led by business lines. The Company also performs quarterly
business reviews for the Executive Committee to compare business performance and risk assessments to plan.
Consideration of strategic risk is also a vital component of due diligence when evaluating acquisitions or new
products, ventures or markets.
Reputation Risk Management
Reputation risk represents the risk to earnings or capital arising from negative public or associate opinion. The
management of reputation risk is overseen by the Executive Vice President of Corporate Reputation and
Governance with the advice and guidance of the Corporate Reputation Committee, a committee of senior
management. The Company currently utilizes qualitative criteria to assess reputation risk. Several measures, both
internal and external, are considered to gauge changes to the Company’s reputation and overall reputation risk
and include brand market research, customer studies, internal operational loss event data and external measures.
Compliance Risk Management
Compliance risk is the risk of non-conformance to laws, rules and regulations. The management of compliance
risk is overseen by the Chief Enterprise Risk Officer with the advice and guidance of the ERM Committee and its
sub-committee on compliance risk, chaired by the Chief Compliance Officer. The corporate compliance
organization, a part of the ERM department, provides the business areas with consulting, training and assistance
in the implementation of business processes to ensure compliance with applicable laws and regulations. The
business areas assess compliance risk through the Company’s enterprise risk self assessment process and conduct
monitoring and remediation activities for which the compliance organization establishes standards.
Technology / Systems
We leverage information technology to achieve our business objectives and to develop and deliver products and
services that satisfy our customers’ needs. A key part of our strategic focus is the development of efficient,
flexible computer and operational systems to support complex marketing and account management strategies and
the development of new and diversified products. We believe that the continued development and integration of
these systems is an important part of our efforts to reduce costs, improve quality and provide faster, more flexible
technology services. Consequently, we continuously review capabilities and develop or obtain systems, processes
and competencies to meet our unique business requirements. As part of our continuous efforts to review and
9