JP Morgan Chase 2009 Annual Report Download - page 135

Download and view the complete annual report

Please find page 135 of the 2009 JP Morgan Chase annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 260

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260

JPMorgan Chase & Co./2009 Annual Report 133
OPERATIONAL RISK MANAGEMENT
Operational risk is the risk of loss resulting from inadequate or failed
processes or systems, human factors or external events.
Overview
Operational risk is inherent in each of the Firm’s businesses and
support activities. Operational risk can manifest itself in various ways,
including errors, fraudulent acts, business interruptions, inappropriate
behavior of employees, or vendors that do not perform in accordance
with their arrangements. These events could result in financial losses
and other damage to the Firm, including reputational harm.
To monitor and control operational risk, the Firm maintains a system
of comprehensive policies and a control framework designed to
provide a sound and well-controlled operational environment. The
goal is to keep operational risk at appropriate levels, in light of the
Firm’s financial strength, the characteristics of its businesses, the
markets in which it operates, and the competitive and regulatory
environment to which it is subject. Notwithstanding these control
measures, the Firm incurs operational losses.
The Firm’s approach to operational risk management is intended to
mitigate such losses by supplementing traditional control-based
approaches to operational risk with risk measures, tools and disci-
plines that are risk-specific, consistently applied and utilized firmwide.
Key themes are transparency of information, escalation of key issues
and accountability for issue resolution.
One of the ways operational risk is mitigated is through insurance
maintained by the Firm. The Firm purchases insurance to be in com-
pliance with local laws and regulations, as well as to serve other
needs of the Firm. Insurance may also be required by third parties
with whom the Firm does business. The insurance purchased is
reviewed and approved by senior management.
The Firm’s operational risk framework is supported by Phoenix, an
internally designed operational risk software tool. Phoenix integrates
the individual components of the operational risk management
framework into a unified, web-based tool. Phoenix enhances the
capture, reporting and analysis of operational risk data by enabling
risk identification, measurement, monitoring, reporting and analysis
to be done in an integrated manner, thereby enabling efficiencies in
the Firm’s monitoring and management of its operational risk.
For purposes of identification, monitoring, reporting and analysis, the
Firm categorizes operational risk events as follows:
Client service and selection
Business practices
Fraud, theft and malice
Execution, delivery and process management
Employee disputes
Disasters and public safety
Technology and infrastructure failures
Risk identification
Risk identification is the recognition of the operational risk events that
management believes may give rise to operational losses. All busi-
nesses utilize the Firm’s standard self-assessment process and sup-
porting architecture as a dynamic risk management tool. The goal of
the self-assessment process is for each business to identify the key
operational risks specific to its environment and assess the degree to
which it maintains appropriate controls. Action plans are developed
for control issues identified, and businesses are held accountable for
tracking and resolving these issues on a timely basis.
Risk measurement
Operational risk is measured for each business on the basis of histori-
cal loss experience using a statistically based loss-distribution ap-
proach. The current business environment, potential stress scenarios
and measures of the control environment are then factored into the
statistical measure in determining the Firmwide operational risk
capital. This methodology is designed to comply with the advanced
measurement rules under the new Basel II Framework.
Risk monitoring
The Firm has a process for monitoring operational risk-event data,
permitting analysis of errors and losses as well as trends. Such analy-
sis, performed both at a line-of-business level and by risk-event type,
enables identification of the causes associated with risk events faced
by the businesses. Where available, the internal data can be supple-
mented with external data for comparative analysis with industry
patterns. The data reported enables the Firm to back-test against self-
assessment results. The Firm is a founding member of the Operational
Riskdata eXchange Association, a not-for-profit industry association
formed for the purpose of collecting operational loss data, sharing
data in an anonymous form and benchmarking results back to mem-
bers. Such information supplements the Firm’s ongoing operational
risk measurement and analysis.
Risk reporting and analysis
Operational risk management reports provide timely and accurate
information, including information about actual operational loss levels
and self-assessment results, to the lines of business and senior man-
agement. The purpose of these reports is to enable management to
maintain operational risk at appropriate levels within each line of
business, to escalate issues and to provide consistent data aggrega-
tion across the Firm’s businesses and support areas.
Audit alignment
Internal Audit utilizes a risk-based program of audit coverage to
provide an independent assessment of the design and effectiveness of
key controls over the Firm’s operations, regulatory compliance and
reporting. This includes reviewing the operational risk framework, the
effectiveness and accuracy of the business self-assessment process
and the loss data-collection and reporting activities.