SunTrust 2014 Annual Report Download - page 81

Download and view the complete annual report

Please find page 81 of the 2014 SunTrust annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 199

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199

58
responsible for independent governance and oversight of the
first line of defense relative to specific risks. Risk stewards
represent areas of subject matter expertise relative to certain
risks, including, but not limited to: Technology Risk and
Compliance, which among other things, encompasses
information and cyber security; Finance Risk Management;
Human Resources; Third-Party Risk Management; Model
Risk Management; and Anti-Money Laundering/Bank
Secrecy Act. Second line of defense responsibilities include
developing appropriate risk management frameworks/
programs that facilitate first line of defense identification,
reporting, assessment, control, mitigation, and
communication of risk. It also monitors first line of defense
execution of these responsibilities. Second line of defense
frameworks/ programs conform to applicable laws, rules,
regulations, regulatory guidance, decrees and orders, and
stated corporate business and risk objectives, including risk
appetite, tolerances, and limits.
The third line of defense is comprised of our assurance
functions, i.e., Audit Services and Risk Review, which
independently test, verify, and evaluate management
controls and provide risk-based advice and counsel to
management to help develop and maintain a risk
management culture that supports safety, soundness, and
business objectives.
Enterprise risk oversight is supported by a number of risk-
focused senior management committees. These “enterprise
governance committees” are responsible for ensuring effective
risk measurement and management within their respective areas
of authority, and include the Corporate Risk Committee, Asset/
Liability Committee, Capital Committee, and Portfolio
Management Committee.
CRC is chaired by the CRO and supports the CRO in
measuring and managing our aggregate risk profile.
ALCO is chaired by the CFO, and provides management
and oversight of market, liquidity, and balance sheet-related
risks, and has the responsibility to manage those risks in
relation to the profitability of the underlying businesses.
CC is also chaired by the CFO and provides management
and oversight of our capital actions and our enterprise stress
analytics programs that, among other things, support our
annual CCAR/DFAST submissions.
PMC is chaired by the Wholesale Banking Executive and
provides active portfolio management and oversight of
balance sheet allocations to ensure that new asset
originations, asset sales, and asset purchases meet our risk
and business objectives. PMC also oversees progress
towards long-term balance sheet objectives.
The CEO, CFO, and the CRO are members of each enterprise
governance committee to promote a culture of consistency and
communication. Additionally, other executive and senior
officers of the Company are members of these committees based
upon their responsibilities and subject matter expertise.
The CRO and, by extension, CRM, establishes sound
subsidiary risk frameworks, policies, and processes that focus
on identifying, measuring, analyzing, managing, and reporting
the risks that we face. At its core, CRM’s objective is to deliver
sophisticated risk management capabilities throughout the
organization that:
Identify, measure, analyze, manage, and report risk at the
transaction, portfolio, and enterprise levels;
Support client facing businesses as they seek to balance risk
taking with business and safety and soundness objectives;
Optimize decision making;
Promote sound processes and regulatory compliance;
Maximize shareholder value; and
Support our Purpose of Lighting the Way to Financial Well-
Being and conform to our supporting principles of Client
First, One Team, Executional Excellence, and Profitable
Growth.
To achieve this objective, CRM continually refines our risk
governance structures, frameworks and management limits,
policies, processes, and procedures to reflect changes in our
operating environment and/or corporate goals and strategies. In
terms of underwriting, CRM Credit Risk seeks to mitigate risk
through analysis of such things as a borrower's credit history;
pertinent financial information, e.g., financial statements and tax
returns, cash flow, and liquidity; and collateral value.
Additionally, our loan products and underwriting elements are
continuously reviewed and refined. Examples include: client
eligibility requirements, documentation requirements, loan
types, collateral types, LTV ratios, and minimum credit scores.
Prior reviews have resulted in changes such as enhanced
documentation standards, maximum LTV ratios and production
channels, which contributed to material reductions in higher-risk
exposures, such as higher-risk mortgage, home equity, and
commercial construction loans, as well as a decline in early stage
delinquencies and nonperforming loans.
In practice, CRM measures and oversees business execution
and risk management along a number of primary risk
dimensions: credit, market, liquidity, operational, and
compliance. Other risks, such as legal, strategic, and reputational
risk, which can arise from any corporate activity, are also
monitored by CRM and other risk stewards. Subject matter
experts directly supporting the CRO in the management/
oversight of these risks include, but are not limited to the:
Chief Wholesale Credit Officer and the Chief Retail
(Consumer/Mortgage) Credit Officer;
Corporate Market/Liquidity Risk and Enterprise Analytics
Officer;
Corporate Operational Risk Officer, who is also responsible
for oversight of risk stewards;
Corporate Compliance Officer;
Corporate Model Risk Management Officer; and
Corporate Regulatory Liaison Officer.
Risk Review, an assurance function, reports directly to the BRC
and administratively to the CRO.
Credit Risk Management
Credit risk refers to the potential for economic loss arising from
the failure of clients to meet their contractual agreements on all
credit instruments, including on-balance sheet exposures from
loans and leases, investment securities, and contingent exposures
including unfunded commitments, letters of credit, credit
derivatives, and counterparty risk under derivative products. As
credit risk is an essential component of many of the products and