Morgan Stanley 2015 Annual Report Download - page 125

Download and view the complete annual report

Please find page 125 of the 2015 Morgan Stanley annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 278

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278

Risk Oversight Committee, regional risk committees and senior management. In the event of a merger; joint venture;
divestiture; reorganization; or creation of a new legal entity, a new product or a business activity, operational risks are
considered, and any necessary changes in processes or controls are implemented.
The Operational Risk Department is independent of the divisions and reports to the Chief Risk Officer. The Operational Risk
Department provides oversight of operational risk management and independently assesses, measures and monitors
operational risk. The Operational Risk Department works with the divisions and control groups to help ensure a transparent,
consistent and comprehensive framework for managing operational risk within each area and across the Company. The
Operational Risk Department scope includes oversight of technology and data risks (e.g., cybersecurity) and supplier
management (vendor risk oversight and assessment) program. Furthermore, the Operational Risk Department supports the
collection and reporting of operational risk incidents and the execution of operational risk assessments; provides the
infrastructure needed for risk measurement and risk management; and ensures ongoing validation and verification of the
Company’s advanced measurement approach for operational risk capital.
Business Continuity Management is responsible for identifying key risks and threats to the Company’s resiliency and
planning to ensure that a recovery strategy and required resources are in place for the resumption of critical business
functions following a disaster or other business interruption. Disaster recovery plans are in place for critical facilities and
resources on a Company-wide basis, and redundancies are built into the systems as deemed appropriate. The key components
of the Company’s Business Continuity Management Program include: crisis management; business recovery plans;
applications/data recovery; work area recovery; and other elements addressing management, analysis, training and testing.
The Company maintains an information security program that coordinates the management of information security risks and
is designed to address regulatory requirements. Information security policies are designed to protect the Company’s
information assets against unauthorized disclosure, modification or misuse. These policies cover a broad range of areas,
including: application entitlements, data protection, incident response, Internet and electronic communications, remote access
and portable devices. The Company has also established policies, procedures and technologies to protect its computers and
other assets from unauthorized access.
In connection with its ongoing operations, the Company utilizes the services of external vendors, which it anticipates will
continue and may increase in the future. These services include, for example, outsourced processing and support functions
and consulting and other professional services. The Company manages its exposures to these services through a variety of
means such as the performance of due diligence, consideration of operational risk, implementation of service level and other
contractual agreements, and ongoing monitoring of the vendors’ performance. The Company maintains a supplier risk
management program with policies, procedures, organization, governance and supporting technology that satisfies regulatory
requirements. The program is designed to ensure that adequate risk management controls over the services exist, including,
but not limited to information security, operational failure, financial stability, disaster recoverability, reputational risk,
safeguards against corruption and termination.
Liquidity and Funding Risk.
Liquidity and funding risk refers to the risk that the Company will be unable to finance its operations due to a loss of access
to the capital markets or difficulty in liquidating its assets. Liquidity and funding risk also encompasses the Company’s
ability to meet its financial obligations without experiencing significant business disruption or reputational damage that may
threaten the Company’s viability as a going concern. Market or idiosyncratic stress events may negatively affect the
Company’s liquidity and may impact its ability to raise new funding. Generally, the Company incurs liquidity and funding
risk as a result of its trading, lending, investing and client facilitation activities.
The Company’s Liquidity Risk Management Framework is critical to helping ensure that the Company maintains sufficient
liquidity reserves and durable funding sources to meet its daily obligations and to withstand unanticipated stress events. In
2015, the Company established the Liquidity Risk Department as a distinct area in Risk Management to oversee and monitor
liquidity and funding risk. The Liquidity Risk Department is independent of the business units and reports to the Chief Risk
Officer. The Liquidity Risk Department ensures transparency of material liquidity and funding risks, compliance with
established risk limits and escalation of risk concentrations to appropriate senior management. To execute these
responsibilities, the Liquidity Risk Department establishes limits in line with the Company’s risk appetite, identifies and
119