Fannie Mae 2011 Annual Report Download - page 154

Download and view the complete annual report

Please find page 154 of the 2011 Fannie Mae annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 374

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332
  • 333
  • 334
  • 335
  • 336
  • 337
  • 338
  • 339
  • 340
  • 341
  • 342
  • 343
  • 344
  • 345
  • 346
  • 347
  • 348
  • 349
  • 350
  • 351
  • 352
  • 353
  • 354
  • 355
  • 356
  • 357
  • 358
  • 359
  • 360
  • 361
  • 362
  • 363
  • 364
  • 365
  • 366
  • 367
  • 368
  • 369
  • 370
  • 371
  • 372
  • 373
  • 374

as frequency, severity, concentration, correlation, volatility and loss. Information obtained from these
assessments is reviewed on a regular basis to ensure that our risk assumptions are reasonable and reflect our
current positions.
Risk Mitigation & Control. We proactively develop appropriate mitigation strategies to prevent excessive
risk exposure, address risks that exceed established tolerances, and address risks that create unanticipated
business impact. Mitigation strategies and controls can be in the form of reduction, transference, acceptance
or avoidance of the identified risk. We also manage risk through four control elements that are designed to
work in conjunction with each other: (1) risk policies, (2) risk limits, (3) delegations of authority, and
(4) risk committees.
Risk Reporting & Monitoring. Our business units actively monitor emerging and identified risks that are
taken when executing our strategies. Risks and concerns are reported to the appropriate level of
management to ensure that the necessary action is taken to mitigate the risk.
Enterprise Risk Governance
Our enterprise risk management structure was reorganized in 2011, and we continue to work with FHFA to
implement its final form. We intend the final structure to be designed to balance a strong corporate risk
management philosophy, appetite and culture with a well-defined, independent risk management function. Our
objective is to ensure that people and processes are organized in a way to promote a cross-functional approach to
risk management and that controls are in place to better manage our risks and comply with legal and regulatory
requirements.
Our enterprise risk governance structure consists of the Board of Directors, executive leadership, including the
Chief Risk Officer, the Enterprise Risk Management division, designated officers responsible for managing our
financial risks, business unit chief risk officers, and risk management committees. This structure is designed to
encourage a culture of accountability within the divisions and promote effective risk management throughout the
company.
Our organizational structure and risk management framework work in conjunction with each other to identify
risk-related trends with respect to customers, products or portfolios and external events to develop appropriate
strategies to mitigate emerging and identified risks.
Board of Directors
The Board’s Risk Policy & Capital Committee provides oversight of enterprise risk management activities and
pursuant to its charter, assists the Board in providing oversight of our risk management, including overseeing the
management of credit, market and operational risk policies and limits. In addition, the Audit Committee reviews
the system of internal controls that we rely upon to provide reasonable assurance of compliance with our
enterprise risk management processes.
Enterprise Risk Management Division
Our Enterprise Risk Management division reports directly to the Chief Risk Officer who reports directly to the
Chief Executive Officer. The Chief Risk Officer also reports independently to the Board’s Risk Policy & Capital
Committee. Enterprise Risk Management is responsible for the identification of emerging risks, the monitoring
and reporting of risk within the existing policies and limits and independent oversight of risk management across
the company.
We manage risk by using a “three line of defense” structure. The first line of defense is the active management of
risk by the business unit. Each business unit is charged with conforming to the risk guidelines, risk appetite, risk
policies and limits approved by the Board’s Risk Policy & Capital Committee and the Management Committee,
with additional oversight provided by FHFA. The second line of defense is Enterprise Risk Management, which
is responsible for ensuring compliance with the risk framework and independently reporting on risk management
- 149 -