Sallie Mae 2015 Annual Report Download - page 73

Download and view the complete annual report

Please find page 73 of the 2015 Sallie Mae annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 257

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257

71
The re-engineering of the model risk management framework within the business to ensure the integrity of our
model inventory, particularly as it relates to the DFAST; and
Continued investment in the ERM infrastructure and staffing to ensure the program can appropriately address the
challenges facing our business and industry.
The Governance Framework
Our overall objective pertaining to risk and control is to ensure all significant risks inherent in our business can be
identified, remediated, controlled and monitored. To this end, we have adopted the “three lines of defense” governance
framework. Specifically, the business units form the “first line of defense” and are the “owners” of risks present in their
business activities. As the owners of risk, the first line of defense is accountable for the day-to-day execution of risk and control
policy and procedures. The “second line of defense” (e.g., ERM and Compliance) provides oversight of the execution by the
first line of defense. Rather than focused on execution, the second line of defense is accountable for the related policy and
standards executed upon by the first line of defense. Finally, the Internal Audit function comprises the “third line of defense.”
The Internal Audit function provides opinions to the Board on the effectiveness of the first and second lines of defense. The
lines of defense distinction determines accountabilities; the ERM framework contains the processes and infrastructure
necessary to deliver on those accountabilities.
Enterprise Risk Management Policy and Framework
The ERM policy and framework are designed to provide a holistic perspective of risk and control performance across the
Company. The policy, which is approved annually by the Board of Directors, outlines the framework used to ensure that risk
and control issues across the enterprise are identified, remediated, controlled and reported. The Bank’s ERM framework and
related policies are the core of the overall governance structure within the enterprise.
The risk appetite statement is a central component of the ERM framework. The risk appetite statement establishes the
level of risk we are willing to accept within each risk category, described below, in pursuit of our business objectives. Our risk
appetite is captured in a set of performance metrics specific to our business activities, both quantitative and qualitative. These
metrics have corresponding thresholds and limits and are adopted as operating standards. Compliance with our risk appetite is
monitored by our management-level Enterprise Risk Committee ("ERC") with escalation to the Risk Committee of the Board or
the Board of Directors, as appropriate. Our Board of Directors approves the risk appetite statement annually and requires that
management provide periodic updates on compliance to the Risk Committee of our Board.
Board of Directors Committee Structure
We have a robust committee structure that facilitates oversight, effective challenge and escalation of risk and control
issues.
Risk Committee. The Risk Committee of the Board was established to assist the Board in fulfilling its oversight
responsibilities of risk and controls. The Risk Committee recommends the ERM framework, related policies and the risk
appetite statements to the Board of Directors for approval. The Risk Committee receives periodic updates on compliance with
the ERM framework from the ERC.
Audit Committee. The Audit Committee is responsible for oversight of the Internal Audit function. Additionally, the
Audit Committee oversees the quality and integrity of our financial reporting process and financial statements; the
qualifications, hiring, performance and independence of our independent registered accounting firm; the performance of our
Internal Audit function; our system of internal controls; and our compliance with the Code of Business Conduct.
Nominations, Governance and Compensation Committee. The Nominations, Governance and Compensation Committee,
among other things: (1) periodically reviews our compliance and performance against the risk measures and limits as contained
in our Board approved risk appetite framework relating to our personnel, including compensation policies and practices,
attrition and succession planning, and aspects of shareholder confidence relating to compensation policies, and assesses whether
any such risks are reasonably likely to have a materially adverse effect on us; and (2) periodically reviews our compliance and
performance against the risk measures as contained in our Board approved risk appetite framework relating to political risk,
reputational risk and governance risks as related to compliance with NASDAQ listing standards and applicable rules and
regulations relating to Board of Directors and management composition, governance, and independence.
Preferred Stock Committee. The Preferred Stock Committee monitors and evaluates proposed actions that may impact
the rights of holders of preferred stock.