Sallie Mae 2014 Annual Report Download - page 68

Download and view the complete annual report

Please find page 68 of the 2014 Sallie Mae annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 146

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146

Disclosure Committee. Our Disclosure Committee reviews and approves content of periodic SEC reporting documents,
earnings releases, investor materials and related disclosure policies and procedures.
Compliance Committee. Our Bank Compliance Committee oversees regulatory compliance risk management activities
for the Company and its affiliates.
Internal Audit Risk Assessment
Internal Audit regularly monitors our various risk management and compliance efforts, identifies areas that may require
increased focus and resources, and reports significant control issues and recommendations to executive management and the
Audit Committee of the Board of Directors. Annually, Internal Audit performs an independent risk assessment to evaluate the
risk of all significant components of the Company and uses the results to develop their annual Internal Audit plan. Additionally,
Internal Audit performs selected reviews of both risk management and compliance functions, including key controls, processes
and systems, in order to assess the effectiveness of the overall risk management framework.
Risk Categories
Our ERM framework is designed to address the following risk categories.
Credit Risk. Credit risk is the risk to earnings or capital resulting from an obligor’s failure to meet the terms of any
contract with us or otherwise fail to perform as agreed. Credit risk is found in all activities where success depends on
counterparty, issuer or borrower performance.
We have credit or counterparty risk exposure with borrowers and cosigners with whom we have made Private Education
Loans, the various counterparties with whom we have entered into derivative contracts and the various issuers with whom we
make investments. Credit and counterparty risks are overseen by our Chief Risk Officer, his staff and the management-level
Credit Committee he chairs. Our Chief Risk Officer reports regularly to the Board’s Risk Committee as well as the Board of
Directors.
The credit risk related to Private Education Loans is managed within a credit risk infrastructure which includes: (i) a well-
defined underwriting, asset quality and collection policy framework; (ii) an ongoing monitoring and review process of portfolio
concentration and trends; (iii) assignment and management of credit authorities and responsibilities; and (iv) establishment of
an allowance for loan losses that covers estimated future losses based upon an analysis of portfolio metrics and economic
factors.
Credit risk related to derivative contracts is managed by reviewing counterparties for credit strength on an ongoing basis
and through our credit policies, which place limits on the amount of exposure we may take with any one counterparty and, in
most cases, require collateral to secure the position. The credit and counterparty risk associated with derivatives is measured
based on the replacement cost should the counterparty with contracts in a gain position to the Company fail to perform under
the terms of the contract.
Operational Risk. Operational risk is the risk to earnings resulting from inadequate or failed internal processes, people
and systems or from external events. Operational risk is pervasive in that it exists in all business lines, functional units, legal
entities and geographic locations, and it includes information technology risk, physical security risk on tangible assets, as well
as regulatory, legal and governance risk.
Operational risk exposures are managed through a combination of business line management and enterprise-wide
oversight. The management-level, Operational Risk Committee is the oversight body for operational risks and supports the
ERC in its oversight duties. The subcommittee is responsible for escalation to the ERC, as appropriate. Additionally,
operational risk metrics, thresholds and limits are included in the periodic reporting to the Risk Committee of our Board of
Directors in the context of the ERM framework.
Regulatory, Legal and Governance Risk. Regulatory risk is the current and prospective risk to earnings or capital arising
from violations of, or non-conformance with, laws, rules, regulations, prescribed practices, internal policies and procedures, or
ethical standards. Legal risk is the risk to earnings, capital or reputation manifested by claims made through the legal system
and may arise from a product, a transaction, a business relationship, property (real, personal or intellectual), conduct of an
employee or a change in law or regulation. Governance risk is the risk of not establishing and maintaining a control
66