Sallie Mae 2012 Annual Report Download - page 91

Download and view the complete annual report

Please find page 91 of the 2012 Sallie Mae annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 207

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207

Risk Management Roles and Responsibilities
Responsibility for risk management is held at several different levels of our organization, including our
Board and its committees. Each business area within our organization is primarily responsible for managing its
specific risks utilizing formalized processes and procedures developed in collaboration with our executive
management team and internal risk management partners. Our compliance, credit, human resources, legal,
information technology, finance and accounting, and information security groups, are responsible for providing
our business segments with the training, systems and specialized expertise necessary to properly perform their
risk management responsibilities.
Board of Directors. Our Board, directly and through its standing committees, is responsible for overseeing
our overall strategic direction and risk management approach. The Board approves our annual business plan,
periodically reviews our strategic approach and priorities and spends significant time considering our capital
requirements and our dividend and share repurchase levels and activities. Standing committees of our Board
include Executive, Audit, Compensation and Personnel, Nominations and Governance, Finance and Operations,
Preferred Stock and Strategy Committees. Charters for each committee providing their specific responsibilities
and areas of risk oversight are published at www.salliemae.com under “Investors-Corporate Governance.”
Additional information regarding their activities and responsibilities will also be contained in the Corporate
Governance section of our Proxy Statement to be filed on Schedule 14A relating to our Annual Meeting of
Shareholders scheduled to be held on May 30, 2013 and is incorporated herein by reference.
Chief Executive Officer. Our Chief Executive Officer is ultimately responsible for ensuring proper
oversight, management and reporting to Board regarding our risk management practices and the timely escalation
of any significant issues. Our Chief Executive Officer is responsible for establishing our risk management culture
and ensuring business areas operate within directed risk parameters and in accordance with our annual business
plan.
Internal Risk Oversight Committees. We have a number of standing management committees dedicated to
oversight of various risks relating to our business. In 2012, we formed the Corporate Incentive Compensation
Plan Committee and in 2013 we will initiate an additional senior-executive level committee, the Enterprise Risk
Committee. Both committees have broader risk oversight agendas and responsibilities. Below is a description of
our key internal risk management committees.
Enterprise Risk Committee. As part of the adoption of our formal Risk Appetite Framework, we recently
formed an Enterprise Risk Committee to more efficiently assist our Chief Executive Officer in the execution of
his risk responsibilities. This committee is an executive management-level committee that will provide a forum
for our senior management team to review and discuss our significant risks, receive periodic reports on
adherence to agreed risk parameters and continue to supervise the evolution of our enterprise risk management
program. Committee membership consists of our Chief Executive Officer, President and Chief Operating Officer,
Executive Vice President and General Counsel, Executive Vice President and Chief Financial Officer, Executive
Vice President and Chief Marketing Officer, Executive Vice President — Administration, Chief Credit Officer,
Chief Compliance Officer and the Chief Audit Officer (in a non-voting capacity). The predominance of
committee members are direct reports to our Chief Executive Officer. The committee will meet at least six times
per year in advance of each regularly scheduled Board meeting and more frequently as may needed to address
particular issues.
Corporate Incentive Compensation Plan Committee. Our Corporate Incentive Compensation Plan
Committee is comprised of a cross-functional team of senior officers from human resources, risk and legal who
oversee our incentive compensation plans. The committee’s responsibilities include ensuring that our incentive
compensation plans do not incent our employees to take inappropriate risks which could impact our financial
position and controls, reputation and operations; reviewing the annual risk assessment of our incentive
compensation plans conducted by our Chief Compliance Officer and Chief Credit Officer; and developing
policies and procedures for the development and approval of new incentive compensation plans in line with our
89