Discover 2015 Annual Report Download - page 33

Download and view the complete annual report

Please find page 33 of the 2015 Discover annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 192

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192

-17-
Strategic Risk
Strategic risk can arise from: adverse business decisions; improper implementation of decisions; or a failure to
anticipate and respond to industry changes, create and maintain a competitive business model, and attract and
profitably serve clients.
Our Risk Committee actively manages strategic risk through the development, implementation and oversight of
our business strategies, including the development of budgets and business plans. Our business units take on and are
accountable for managing strategic risk in pursuit of their objectives.
Enterprise Risk Management Framework
Our enterprise risk management principles are executed through a risk management framework that is based
upon industry standards for managing risk and controls. While the detailed activities vary by risk type, there are
common process elements that apply across risk types. We seek to apply these elements consistently in the interest of
effective and efficient risk management. This framework seeks to link risk processes and infrastructure with the
appropriate risk oversight to create a risk management structure that raises risk awareness, reduces impact of potential
risk events, improves business decision-making and increases operational efficiency.
Risk Identification
We seek to identify potential exposures that could adversely affect our ability to successfully implement strategies
and achieve objectives. To ensure that the full scale and scope of risk exposures from firm-wide activities are identified,
we seek to identify risk exposures based on (i) significant enterprise-level risks that are strategic, systemic, or emerging
in nature, (ii) granular risk exposures from on-balance sheet and off-balance sheet positions, including concentrations,
and (iii) risk exposures from initiatives focused on new, expanded, customized, or modified products, services, and
processes.
Risk exposures identified through these three approaches are consolidated to create a comprehensive risk
inventory. This inventory is leveraged by a number of processes within the Company including stress scenario design,
capital planning, risk appetite setting, and risk modeling. The risk inventory is reviewed and approved at least annually
by the Risk Committee while the sub-committees review the risks mapped to the relevant risk categories for transparency
and comprehensive coverage of risk exposures.
Risk Measurement
Our risk measurement process seeks to ensure that the identified risk exposures are appropriately assessed. Risk
measurement techniques appropriate to the risk category, econometric modeling, statistical analysis, peer
benchmarking, and qualitative assessments are employed to measure our material risk exposures.
Risk Monitoring
Our risks are monitored through an integrated monitoring framework consisting of risk appetite metrics and key
risk indicators ("KRIs"). These metrics are established to monitor changes in our risk exposures and external
environment. Risk appetite metrics are used to monitor the overall risk profile of the Company by setting risk boundaries
and expectations through quantitative limits and qualitative expressions. We use KRIs to monitor our risk profile through
direct or indirect alignment with the risk appetite limits.
These metrics enable monitoring of risk by business management and by measuring risk and performance data
against risk appetite and KRI escalation thresholds that are updated periodically. Escalation procedures are in place to
notify the appropriate governance committees in the event of any actual risk limit breaches or potential upcoming
breaches.
Risk Management
We have policies and a defined governance structure in place to manage risks. In the event of a risk exposure
exceeding established thresholds, management determines appropriate response actions. Responses which may be
taken by the Board of Directors, the Risk Oversight Committee, the Audit Committee, the Risk Committee, sub-
committees or the CRO, or business units may include (i) actions to directly mitigate or resolve risk, (ii) actions to
terminate any activities resulting in an undesired or unintended risk position, or (iii) actions to prevent, avoid or modify
an undesired risk position (or activity prior to its occurrence), risk reduction, risk sharing or risk acceptance.