Capital One 2005 Annual Report Download - page 17

Download and view the complete annual report

Please find page 17 of the 2005 Capital One annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 129

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129

and by entering into interest rate swaps. The Company currently manages and mitigates its exposure to foreign currency
exchange risk by entering into forward foreign currency exchange contracts and cross currency swaps. The hedging of
foreign currency exchange rates is limited to certain intercompany obligations related to international operations. See page 47
in Item 7 “Management’ s Discussion and Analysis of Financial Condition and Results of Operations—Market Risk
Management” for additional information.
Operational Risk Management
Operational risk is the risk of direct or indirect loss resulting from inadequate or failed processes, systems, people, or
exposure to external events. The management of operational risk is overseen by the Chief Enterprise Risk Officer with the
advice and guidance of the ERM Committee.
Operational risk is a normal part of business for any financial services firm. It may manifest itself in many ways, such as
fraud by employees or persons outside the Company, business interruptions, errors related to processing and systems, and
model errors. The risk of loss includes the potential for legal actions arising as a result of an operational deficiency or as a
result of noncompliance with applicable laws or regulatory standards. The Company could also suffer financial loss, face
gulatory action, not be able to service customers and suffer damages to its reputation. re
The key governance forum for operational risk is the ERM Committee, described above. The Committee reviews significant
operational risks from business unit self assessments, progress against mitigation plans and analyses of the Company’ s
operational loss event experience. In addition, key risk management initiatives and programs are reviewed by the Committee.
Operational risk information is also reported to the Executive Committee and the Audit and Risk Committee of the Board of
Directors. Corporate Audit Services also assesses operational risk and the related quality of internal controls and quality of
risk management through its audit activities.
The key tools used in operational risk management are a risk self assessment process, an operational loss event process and
economic capital quantification. Key risk exposures are identified by each business area and evaluated according to potential
impact and likelihood, as well as the quality of the related controls. If appropriate, risk response plans are developed for
certain identified risks and progress is tracked against the plans. Business units are required to conduct self assessments at
least annually. Internal loss histories, self assessment results, and data from industry sources are combined with senior
management’ s assessments of future loss rates in a structured scenario approach to quantify economic capital for operational
risk. The capital methodology is intended to ensure capital adequacy to withstand extreme events, and to create incentives for
usiness areas to improve their control environments. b
There are many specialized activities designed to mitigate key operational risks facing the Company. These include a
dedicated fraud management department, programs for third party supplier risk management, information security and
business continuity planning, data risk management, and development and maintenance of required policies and procedures.
The Company incorporates the output of these functions with its analysis and reporting to senior management to achieve a
road assessment of operational risk levels and trends. b
Legal Risk Management
Legal risk represents the risk of loss related to (i) new and changed laws and regulations, (ii) interpretations of law, (iii) the
Company’ s legal entity structure and (iv) the drafting of contracts. The management of legal risk, domestically and
internationally, is overseen by the Company’ s General Counsel. The Company operates in a heavily regulated industry, has
an evolving corporate structure and relies significantly on certain contractual relationships, all of which contribute to the level
of risk the Company faces. The Company also faces risk of loss from litigation, which is primarily managed by the
ompany’ s legal department. C
S
trategic Risk Management
Strategic risk is the risk to earnings or capital from operating the Company in a competitive environment. The Executive
Committee, described above, is the principal management forum for discussion of strategic risk. The Company assesses
strategic risk in its annual planning process, which includes both a top-down process set by the Board of Directors and a
bottom-up process led by business lines. The Company also performs monthly financial reviews to compare business
performance and risk assessments to plan. Consideration of strategic risk is also a vital component of due diligence when
evaluating acquisitions or new products, ventures or markets.
R
eputation Risk Management
Reputation risk represents the risk to: (i) market value; (ii) recruitment and retention of associates; and (iii) maintenance of a
loyal customer base based on possible negative perceptions of Capital One’ s internal and external stakeholders regarding
8