Discover 2010 Annual Report Download - page 25

Download and view the complete annual report

Please find page 25 of the 2010 Discover annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 185

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185

Operational risk exposures are managed through a combination of business line management and enterprise-wide
oversight. Enterprise-wide oversight is provided through our Operational Risk Committee. Responsibilities of our
Operational Risk Committee include (i) establishing and communicating operational risk policies, tolerance and
philosophy; (ii) establishing procedures for implementing our operational risk measurement, monitoring and management
policies; and (iii) reviewing aggregate risk exposures and efficacy of our risk identification, measurement, monitoring and
management policies and procedures, and related controls within our business units. In addition, model risk is managed
through a model governance process and models are subject to independent validation.
Compliance and Legal Risk. Compliance risk is the operational risk of legal or regulatory sanctions, financial loss or
damage to reputation resulting from failure to comply with laws, regulations, rules, other regulatory requirements, or
codes of conduct and other standards of self-regulatory organizations applicable to us. Legal risk arises from the potential
that unenforceable contracts, lawsuits or adverse judgments can disrupt or otherwise negatively affect our operations or
condition. These risks are inherent in all of our businesses. Both compliance and legal risk are sub-sets of operational risk
but are recognized as a separate and complementary risk category by us given their importance to us and the specific
capabilities and resources we deploy to manage these risk types effectively.
Compliance and legal risk exposures are actively and primarily managed by our business units in conjunction with our
Law and Compliance Department. Our compliance program governs the management of compliance risk. Our Risk
Committee oversees our compliance and legal risk management. Our Law and Compliance Department provides
independent oversight for all of our compliance and legal risk management activities. Our Law and Compliance
Department coordinates with Corporate Risk Management for the management of compliance and legal risks by
reporting and escalating material incidents, completing risk and control self-assessments, and monitoring and reporting
key risk indicators.
Strategic Risk. Strategic risk can arise from adverse business decisions, improper implementation of decisions,
unanticipated economic events, failure to anticipate and respond to industry changes (including regulatory and legislative
changes), failure to create and maintain a competitive business model, and failure to attract and profitably serve
customers. Our Executive Committee actively manages strategic risk through the development, implementation and
oversight of our business strategies, including the development of budgets and business plans. Our business units take
and are accountable for managing strategic risk in pursuit of their objectives. Various policies govern the management of
our strategic risk. In addition, the assessment of strategic risk is an important consideration of various sub-committees of
our Risk Committee. For example, the strategic and other risks associated with new products or services are reviewed and
reported on by our New Initiatives Committee and our Payment Services Steering Committee.
Our Corporate Risk Management function also plays an important role in the management of strategic risk by:
(i) overseeing the objective setting and strategic planning processes from a risk perspective, to gain comfort that strategic
risks have been adequately considered in the setting of objectives and development of strategies; (ii) providing an
independent risk perspective to the new initiatives process; and (iii) assessing if there is effective alignment of
management’s proposed long-term strategic objectives with the risk appetite and strategic limits approved by our board
of directors.
Risk Management Review of Compensation
Our employee compensation program is designed to appropriately balance risk and reward without encouraging
imprudent risk-taking. Our Corporate Risk Officer leads periodic risk assessments of our compensation plans and reports
results to the Compensation Committee of our board of directors.
Supervision and Regulation
General
Our operations are subject to extensive regulation, supervision and examination under U.S. federal, state and foreign
laws and regulations. We are a bank holding company under the Bank Holding Company Act of 1956 (“BHC Act”) and
a financial holding company under the Gramm-Leach-Bliley Act (“GLBA”), subject to the supervision, examination and
regulation of the Federal Reserve Board (“Federal Reserve”).
Permissible activities for a bank holding company include those activities that are so closely related to banking as to be
a proper incident thereto such as consumer lending and other activities that have been approved by the Federal Reserve
-14-