JP Morgan Chase 2015 Annual Report Download - page 154

Download and view the complete annual report

Please find page 154 of the 2015 JP Morgan Chase annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 332

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332

Management’s discussion and analysis
144 JPMorgan Chase & Co./2015 Annual Report
OPERATIONAL RISK MANAGEMENT
Operational risk is the risk of loss resulting from inadequate
or failed processes or systems, human factors or due to
external events that are neither market- nor credit-related.
Operational risk is inherent in the Firm’s activities and can
manifest itself in various ways, including fraudulent acts,
business interruptions, inappropriate behavior of
employees, failure to comply with applicable laws and
regulations or failure of vendors to perform in accordance
with their arrangements. These events could result in
financial losses, litigation and regulatory fines, as well as
other damage to the Firm. The goal is to keep operational
risk at appropriate levels, in light of the Firm’s financial
strength, the characteristics of its businesses, the markets
in which it operates, and the competitive and regulatory
environment to which it is subject.
Overview
To monitor and control operational risk, the Firm maintains
an Operational Risk Management Framework (“ORMF”)
designed to enable the Firm to maintain a sound and well-
controlled operational environment. The four main
components of the ORMF include: governance, risk
identification and assessment, monitoring and reporting,
and measurement.
Risk Management is responsible for prescribing the ORMF to
the lines of business and corporate functions and for
providing independent oversight of its implementation. The
lines of business and corporate functions are responsible
for implementing the ORMF. The Firmwide Oversight and
Control Group (“O&C”), which consists of dedicated control
officers within each of the lines of business and corporate
functional areas, as well as a central oversight team, is
responsible for day to day execution of the ORMF.
Operational risk management framework
The components of the Operational Risk Management
Framework are:
Governance
The Firm’s operational risk governance function reports to
the Firm’s CRO and is responsible for defining the ORMF and
establishing the firmwide operational risk management
governance structure, policies and standards. The Firmwide
Risk Executive for Operational Risk Governance, a direct
report of the CRO, works with the line of business CROs to
provide independent oversight of the implementation of the
ORMF across the Firm. Operational Risk Officers (“OROs”),
who report to the LOB Chief Risk Officers or to the Firmwide
Risk Executive for Operational Risk Governance, are
independent of the lines of business and corporate
functions, and O&C. The OROs provide oversight of the
implementation of the ORMF within in each line of business
and corporate function.
Line of business, corporate function and regional control
committees oversee the operational risk and control
environments of their respective businesses, functions or
regions. These committees escalate operational risk issues
to the FCC, as appropriate. For additional information on
the Firmwide Control Committee, see Enterprise Risk
Management on pages 107–111.
Risk Identification and Self-Assessment
In order to evaluate and monitor operational risk, the lines
of business and corporate functions utilize several
processes to identify, assess, mitigate and manage
operational risk. Firmwide standards are in place for each of
these processes and set the minimum requirements for how
they must be applied.
The Firm’s risk and control self-assessment (“RCSA”)
process and supporting architecture requires management
to identify material inherent operational risks, assess the
design and operating effectiveness of relevant controls in
place to mitigate such risks, and evaluate residual risk.
Action plans are developed for control issues that are
identified, and businesses are held accountable for tracking
and resolving issues on a timely basis. Risk Management
performs an independent challenge of the RCSA program
including residual risk results.
The Firm also tracks and monitors operational risk events
which are analyzed by the responsible businesses and
corporate functions. This enables identification of the root
causes of the operational risk events and evaluation of the
associated controls.
Furthermore, lines of business and corporate functions
establish key risk indicators to manage and monitor
operational risk and the control environment. These assist
in the early detection and timely escalation of issues or
events.
Risk monitoring and reporting
Operational risk management and control reports provide
information, including actual operational loss levels, self-
assessment results and the status of issue resolution to the
lines of business and senior management. In addition, key
control indicators and operating metrics are monitored
against targets and thresholds. The purpose of these
reports is to enable management to maintain operational
risk at appropriate levels within each line of business, to
escalate issues and to provide consistent data aggregation
across the Firms businesses and functions.