Sallie Mae 2012 Annual Report Download - page 94

Download and view the complete annual report

Please find page 94 of the 2012 Sallie Mae annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 207

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207

market conditions. Funding and liquidity risks are overseen and recommendations approved primarily through
our internal Asset and Liability Committee. The Finance and Operations Committee of our Board is responsible
for periodically reviewing and approving the funding and liquidity positions and contingency funding plan
developed and administered by our internal Asset and Liability Committee. The Finance and Operations
Committee of our Board also receives regular reports on our performance against funding and liquidity plans at
each of its meetings.
Operational Risk. Operational risk is the risk to earnings resulting from inadequate or failed internal
processes, people and systems or from external events. Operational risk is pervasive in that it exists in all
business lines, functional units, legal entities and geographic locations, and it includes information technology
risk, physical security risk on tangible assets, as well as legal/compliance risk and reputational risk.
Our Board receives operations reports (which include operating metrics and performance against annual
plan) from our Chief Executive Officer and Chief Operating Officer at each regularly scheduled meeting.
Additionally, the Finance & Operations Committee of our Board receives business development updates
regarding our various business initiatives that provide information and metrics about each key component of
business operations. The Audit Committee of our Board receives periodic information security updates and
reviews operational and systems-related matters to insure their implementation produces no significant internal
control issues.
Operational risk exposures are managed through a combination of business line management and enterprise-
wide oversight. Our Chief Operating Officer is responsible for all of our business operations (credit, servicing,
collections and technology). Management committees, comprised of senior managers and subject matter experts,
focus on particular aspects of operational risk. Enterprise-wide oversight is conducted by a number of our
internal risk management committees. Most importantly, the Customer Products and Services Assessment
Committee oversees the process, in connection with new, expanded or modified products or services it
recommends for approval, for determining that significant risks are properly identified; confirming that adequate
controls are in place to monitor risks to established, prudent limits; and monitors risk management activities,
exposures, and issues.
Compliance, Legal and Governance Risk. Compliance risk is the current and prospective risk to earnings or
capital arising from violations of, or non-conformance with, laws, rules, regulations, prescribed practices,
internal policies and procedures, or ethical standards. Legal risk is the risk to earnings, capital or reputation that
is manifested by claims made through the legal system and may arise from a product, a transaction, a business
relationship, property (real, personal or intellectual), conduct of an employee or a change in law or regulation.
Governance risk is the risk of not establishing and maintaining a control environment that aligns with stakeholder
and regulatory expectations, including tone at the top and board performance. These risks are inherent in all of
our businesses. Compliance, legal and governance risk are sub-sets of operational risk but are recognized as a
separate and complementary risk category given their importance in our business. We can be exposed to these
risks in key areas such as our private education lending, collections or loan servicing businesses if compliance
with legal and regulatory requirements is not properly implemented, documented or tested, as well as when an
oversight program does not include appropriate audit and control features.
The Audit Committee of our Board has oversight over the establishment of standards related to our
monitoring and control of legal and compliance risks and the qualification of employees overseeing these risk
management functions. The Audit Committee of our Board annually approves our Corporate Compliance Plan,
has responsibility for considering significant breaches of our Code of Business Conduct and receives regular
reports from executive management team members responsible for the regulatory and compliance risk
management functions.
Primary ownership and responsibility for legal and compliance risk is placed with the business segments to
manage their specific regulatory and compliance risks. Our Compliance group supports these activities by
providing extensive training, monitoring and testing of the processes, policies and procedures utilized by our
business segments, maintaining consumer lending regulatory and information security policies and procedures,
92