Capital One 2012 Annual Report Download - page 112

Download and view the complete annual report

Please find page 112 of the 2012 Capital One annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 311

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311

communication channels to inform associates of their responsibilities, alert them to issues or changes that might
affect their activities, and to enable an open flow of information up, down, and across our company. Robust risk
management also requires management information to enable controls to work effectively and to support the
analysis needed to set objectives and assess risk accurately. Our risk governance structure is designed to support
solid and ongoing communication. Specific reports and communication infrastructure are defined within our
individual risk category policies.
Program Monitoring
Program monitoring is critical to our overall risk management program. Program monitoring involves assessing
the accuracy, sufficiency, and effectiveness of current objectives, risk assessments, controls, ownership,
communication, and management support. The assessment of a risk program or activity can be qualitative or
quantitative. We encourage the use of measurements and metrics where it is possible, recognizing that some risks
or programs cannot be measured quantitatively. Where deficiencies are discovered, we seek to update the risk
management program to resolve the deficiencies in a timely manner. Significant deficiencies are escalated to the
appropriate risk executive or risk committee. Clear accountability is defined when resolving deficiencies so that
the desired outcome is achieved. Risk management programs are monitored at every level from the overall
Enterprise Risk Management Program to the individual risk management activities in each business area.
Organization and Culture
Our intent is to create and maintain an effective risk management organization and culture. A strong organization
and culture promotes risk management as a key factor in making important business decisions and helps drive
risk management activities deeper into the company. An effective risk management culture starts with a well-
defined risk management philosophy. It requires established risk management objectives that align to business
objectives and make targeted risk management activities part of ongoing business management activities. We
believe we staff risk functions at the appropriate levels with qualified associates and effective tools that support
risk management practices and activities. Senior management and the Board of Directors are ultimately
accountable for promoting adherence to sound risk principles and tolerances. We seek to incent associates at all
levels to perform according to corporate policies and risk tolerance and in conformity with applicable laws and
regulations. Additionally, management establishes performance goals, plans, and incentives that are designed to
promote financial performance within the confines of a sound risk management program and within defined risk
tolerances.
We have a corporate Code of Business Conduct and Ethics (the “Code”) (available on the Corporate Governance
page of our Web site at www.capitalone.com/about) under which each associate is obligated to behave with
integrity in dealing with customers and business partners and to comply with applicable laws and regulations. We
disclose any waivers to the Code on our Web site. We also have an associate performance management process
that emphasizes achieving business results while ensuring integrity, compliance, and sound business
management.
Risk Appetite
We have a defined risk appetite for each of our eight risk categories that is approved by the Board of Directors.
Stated risk appetites define the parameters for taking and accepting risks and are used by management and the
Board of Directors to make business decisions.
For some risk categories (credit, liquidity, market), our risk appetite statements are translated into largely
quantitative limits and guidelines. For other risk categories, our risk appetite is defined more qualitatively and is
supported by indicative metrics where appropriate. We communicate risk appetite statements, metrics and limits
to the appropriate levels in the organization and monitor adherence.
93