Capital One 2006 Annual Report Download - page 27

Download and view the complete annual report

Please find page 27 of the 2006 Capital One annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 148

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148

9
The Risk Management Committee reviews our operational risk profile, which includes assessment of the operational
controls, significant operational risks and mitigation plans and loss event experience across the enterprise. Operational risk
information is also reported to the Audit and Risk Committee of the Board of Directors. Corporate Audit Services also
assesses operational risk and the related quality of internal controls and quality of risk management through our audit
activities.
The key tools used in operational risk management are a risk self assessment process, operational loss event management and
economic capital quantification. Key risk exposures are identified by each business area and evaluated according to potential
impact and likelihood, as well as the quality of the related controls. If appropriate, risk response plans are developed for
certain identified risks and progress is tracked against the plans. Business units are required to conduct self assessments at
least annually. Internal loss histories, self assessment results, and data from industry sources are combined with senior
managements assessments of future loss rates in a structured scenario approach to quantify economic capital for operational
risk. The capital methodology is intended to ensure capital adequacy to withstand extreme events, and to create incentives for
business areas to improve their control environments.
There are many specialized activities designed to mitigate key operational risks facing us. These include dedicated fraud
management departments, programs for third party supplier risk management, information security, business continuity
planning and data risk management. We incorporate the output of these functions with our analysis and reporting to senior
management to achieve a broad assessment of operational risk levels and trends.
Legal Risk Management
Legal risk represents the risk of loss related to (i) new and changed laws and regulations, (ii) interpretations of law, (iii) our
legal entity structure and (iv) the drafting of contracts. The management of legal risk, domestically and internationally, is
overseen by our General Counsel. We operate in a heavily regulated industry, have an evolving corporate structure and rely
significantly on certain contractual relationships, all of which contribute to the level of risk we face. We also face risk of loss
from litigation, which is primarily managed by our legal department.
Strategic Risk Management
Strategic risk is the risk to earnings or capital from operating in a competitive environment. The Executive Committee,
described above, is the principal management forum for discussion of strategic risk. We assess strategic risk in our annual
planning process, which includes both a top-down process set by senior management and a bottom-up process led by the
business lines. Consideration of strategic risk is also a vital component of due diligence when evaluating acquisitions or new
products, ventures or markets.
Reputation Risk Management
Reputation risk represents the risk to: (i) market value; (ii) recruitment and retention of associates; and (iii) maintenance of a
loyal customer base due to negative perceptions of our internal and external stakeholders regarding our business strategies
and activities. The management of reputation risk is overseen by the General Counsel and Corporate Secretary with advice
and guidance from Corporate Affairs. We use qualitative criteria to assess reputation risk. Various measures, both internal
and external, are considered to gauge changes to our reputation and overall reputation risk and include brand market research,
customer studies, internal operational loss event data and external measures.
Compliance Risk Management
Compliance risk is the risk of non-conformance to laws, rules and regulations. The management of compliance risk is
overseen by the Chief Compliance Officer who reports to the Chief Risk Officer, with the oversight and guidance of the
Audit and Risk Committee as well as the Risk Management Committee and its compliance sub-committee. The Corporate
Compliance organization provides the business areas with consulting, training and assistance in the implementation of
business processes to ensure compliance with applicable laws and regulations. The business areas, in conjunction with
corporate compliance, assess and mitigate compliance risk through our enterprise risk self assessment process. Compliance
monitoring and associated exception remediation activities are conducted jointly between Corporate Compliance and the
business areas. Corporate Compliance is also responsible for independent reporting with respect to compliance risk activities
to the Board and executive management.
Technology / Systems
We leverage information technology to achieve our business objectives and to develop and deliver products and services that
satisfy our customers needs. A key part of our strategic focus is the development of efficient, flexible computer and