Risk is an inherent part of JPMorgan Chase’s business activities. The Firm employs a holistic approach to risk management that is intended to ensure the broad spectrum of risk types are considered in managing its business activities.
The Firm believes effective risk management requires:
• Acceptance of responsibility by all individuals within the Firm;
• Ownership of risk management within each line of business; and
• Firmwide structures for risk governance and oversight.
Firmwide Risk Management is overseen and managed on an enterprise-wide basis. The Firm’s Chief Executive Officer (“CEO”), Chief Financial Officer (“CFO”), Chief Risk Officer (“CRO”) and Chief Operating Officer (“COO”) develop and set the risk management framework and governance structure for the Firm which is intended to provide comprehensive controls and ongoing management of the major risks inherent in the Firm’s business activities. The
Firm’s risk management framework is intended to create a culture of risk transparency and awareness, and personal responsibility throughout the Firm where collaboration, discussion, escalation and sharing of information are encouraged. The CEO, CFO, CRO and COO are ultimately responsible and accountable to the Firm’s Board of Director’s.
The Firm believes that risk management is the responsibility of every employee. Employees are expected to operate with the highest standards of integrity and identify, escalate, and correct mistakes. The Firm’s risk culture strives for
continual improvement through ongoing employee training and development, as well as talent retention. The Firm also approaches its incentive compensation arrangements through an integrated risk, compensation and financial management framework to encourage a culture of risk awareness and personal accountability. The Firm’s overall objective in managing risk is to protect the safety and soundness of the Firm, and avoid excessive risk taking.
Management’s discussion and analysis
114 JPMorgan Chase & Co./2013 Annual Report
The following sections outline the key risks that are inherent in the Firm’s business activities.
Risk Definition Key risk management metrics Page
references
Risks managed centrally
Capital risk The risk the Firm has insufficient capital resources to support the Firm’s
business activities and related risks. Risk-based capital ratios, Supplementary Leverage
ratio 160-167
Liquidity risk
The risk the Firm will not have the appropriate amount, composition or tenor of funding and liquidity to support its assets and obligations.
LCR; Stress; Parent Holding Company Pre-Funding 168-173 Non-USD FX
risk
Risk arising from capital investments, forecasted expense and revenue, investment securities portfolio or issuing debt in denominations other than the U.S. dollar.
FX Net Open Position (“NOP”) 220,
229-231 Structural
interest rate risk
Risk resulting from the Firm’s traditional banking activities (both on- and off-balance sheet positions) arising from the extension of loans and credit facilities, taking deposits and issuing debt, and the impact of the CIO investment securities portfolio.
Earnings-at-risk 147-148
Risks managed on an LOB
aligned basis
Country risk Risk that a sovereign’s unwillingness or inability to pay will result in market, credit, or other losses.
Default exposure at 0% recovery, Stress 149-152 Credit risk Risk of loss from obligor or counterparty default. Total exposure; industry and geographic
concentrations; risk ratings; delinquencies; loss experience; stress
117-141
Fiduciary risk
Risk of failing to exercise the applicable standard of care or to act in the best interests of clients or treat all clients fairly as required under applicable law or regulation.
Not Applicable 159
Legal risk Risk of loss or imposition of damages, fines, penalties or other liability arising from failure to comply with a contractual obligation or to comply with laws or regulations to which the Firm is subject.
Not Applicable 158
Market risk Risk of loss arising from adverse changes in the value of the Firm’s assets and liabilities resulting from changes in market variables such as interest rates, foreign exchange rates, equity and commodity prices and their implied volatilities, and credit spreads.
VaR, Stress, Sensitivities 142-148
Model risk Risk of a material inaccuracy in the quantification of the value of, or an inaccuracy of the identification and measurement of a position held by or activity engaged in by the Firm.
Model Status, Model Tier 153
Operational
risk Risk of loss resulting from inadequate or failed processes or systems,
human factors or external events Various metrics- see page 156 155-157
Principal
risk Risk of an adverse change in the value of privately-held financial assets and instruments, typically representing an ownership or junior capital position. These positions have unique risks due to their illiquidity or for which there is less observable market or valuation data.
Carrying Value, Stress 154
Regulatory and Compliance risk
Risk of regulatory actions, including fines or penalties, arising from the failure to comply with the various U.S. federal and state laws and regulations and the laws and regulations of the various jurisdictions outside the United States in which the Firm conducts business.
Not Applicable 158
Reputation risk
Risk that an action, transaction, investment or event will reduce the trust that clients, shareholders, employees or the broader public has in the Firm’s integrity or competence.
Not Applicable 159
Risk governance and oversight
The Board of Directors provides oversight of risk principally through the Board of Directors’ Risk Policy Committee (“DRPC”), Audit Committee and, with respect to
compensation, Compensation & Management Development Committee.
The Firm’s overall risk appetite is established by
management taking into consideration the Firm’s capital and liquidity positions, earnings power, and diversified business model. The risk appetite framework is a tool to measure the capacity to take risk and is expressed in loss tolerance parameters at the Firm and/or LOB levels, including net income loss tolerances, liquidity limits and market limits. Performance against these parameters informs management's strategic decisions and is reported to the DRPC.
The Firm-level risk appetite parameters are set and approved by the Firm’s CEO, CFO, CRO and COO. LOB-level risk appetite parameters are set by the LOB CEO, CFO, and CRO and are approved by the Firm’s functional heads as noted above. Firmwide LOB diversification allows the sum of the LOBs’ loss tolerances to be greater than the Firmwide loss tolerance.
The CRO is responsible for the overall direction of the Firm’s Risk Management function and is the head of the Risk Management Organization. The LOBs and legal entities are ultimately responsible for managing the risks inherent in their respective business activities.
The Firm’s Risk Management Organization and other Firmwide functions with risk-related responsibilities (i.e., Regulatory Capital Management Office (“RCMO”), Oversight and Control Group, Valuation Control Group (“VCG”), Legal and Compliance) provide independent oversight of the monitoring, evaluation and escalation of risk.
JPMorgan Chase & Co./2013 Annual Report 115
The chart below illustrates the Firm’s Risk Governance structure and certain key management level committees that are primarily responsible for key risk-related functions; there are additional committees not represented in the chart (e.g.
Firmwide Fiduciary Risk Committee, and other functional forums) that are also responsible for management and oversight of risk. Additionally, the chart illustrates how the primary escalation mechanism works.
In assisting the Board in its oversight of risk, primary responsibility with respect to credit risk, market risk, structural interest rate risk, principal risk, liquidity risk, country risk, fiduciary risk and model risk rests with the DRPC, while primary responsibility with respect to operating risk, legal risk and compliance risk rests with the Audit Committee. Each committee of the Board oversees reputation risk issues within its scope of responsibility.
The Directors’ Risk Policy Committee (“DRPC”) assists the Board in its oversight of management’s exercise of its responsibility to (i) assess and manage the Firm’s risk; (ii) ensure that there is in place an effective system reasonably designed to evaluate and control such risks throughout the Firm; and (iii) manage capital and liquidity planning and analysis. The DRPC reviews and approves Primary Risk Policies (as designated by the DRPC), reviews firmwide value-at-risk, stress limits and any other metrics agreed to with management, and performance against such metrics.
The Firm’s CRO, LOB CROs, LOB CEOs, heads of risk for Country Risk, Market Risk, Wholesale Credit Risk, Consumer Credit Risk, Model Risk, Risk Management Policy, Reputation Risk Governance, Fiduciary Risk Governance, and
Operational Risk Governance (all referred to as Firmwide Risk Executives) meet with and provide updates and escalations to the DRPC. Additionally, breaches in risk
appetite tolerances, liquidity issues that may have a material adverse impact on the Firm and other significant matters as determined by the CRO or Firmwide functions with risk responsibility are escalated to the DRPC.
The Audit Committee assists the Board in its oversight of guidelines and policies that govern the process by which risk assessment and management is undertaken. In addition, the Audit Committee reviews with management the system of internal control that is relied upon to provide reasonable assurance of compliance with the Firm’s execution of operational risk. In addition, Internal Audit, an independent function within the Firm that provides independent and objective assessments of the control environment, reports directly to the Audit Committee and administratively to the CEO. Internal Audit conducts independent reviews to evaluate the Firm’s internal control structure and compliance with applicable regulatory requirements and is responsible for providing the Audit Committee, senior management and regulators with an independent assessment of the Firm’s ability to manage and control risk.
The Compensation & Management Development Committee, assists the Board in its oversight of the Firm’s compensation programs and reviews and approves the Firm’s overall compensation philosophy and practices. The Committee
Management’s discussion and analysis
116 JPMorgan Chase & Co./2013 Annual Report
reviews the Firm’s compensation practices as they relate to risk and risk management in light of the Firm’s objectives, including its safety and soundness and the avoidance of excessive risk taking. The Committee reviews and approves the terms of compensation award programs, including recovery provisions, restrictive covenants and vesting periods. The Committee also reviews and approves the Firm’s overall incentive compensation pools and reviews those of each of the Firm’s lines of business and Corporate/
Private Equity segment. The Committee reviews the performance and approves all compensation awards for the Firm’s Operating Committee on a name-by-name basis. The full Board’s independent directors review the performance and approve the compensation of the Firm’s CEO.
Among the Firm’s management level committees that are primarily responsible for key risk-related functions are:
The Asset-Liability Committee (“ALCO”), chaired by the Corporate Treasurer under the direction of the COO, monitors the Firm’s overall liquidity risk. ALCO is
responsible for reviewing and approving the Firm’s liquidity policy and contingency funding plan. ALCO also reviews the Firm’s funds transfer pricing policy (through which lines of business “transfer” interest rate and foreign exchange risk to Treasury), overall structural interest rate risk position, funding requirements and strategy, and the Firm’s
securitization programs (and any required liquidity support by the Firm of such programs).
The Capital Governance Committee, chaired by the Firm’s CFO, is responsible for reviewing the Firm’s Capital Management Policy and the principles underlying capital issuance and distribution alternatives. The Committee is also responsible for governing the capital adequacy assessment process, including overall design, assumptions and risk streams; and, ensuring that capital stress test programs are designed to adequately capture the idiosyncratic risks across the Firm’s businesses.
The Firmwide Risk Committee (“FRC”) provides oversight of the risks inherent in the Firm’s businesses, including market, credit, principal, structural interest rate,
operational risk framework, fiduciary, reputational, country, liquidity and model risks. The Committee is co-chaired by the Firm’s CEO and CRO. Members of the committee include the the Firm’s COO, LOB CEOs, LOB CROs, General Counsel, and other senior managers from risk and control functions.
This committee serves as an escalation point for risk topics and issues raised by the Firm’s Operating Committee, the Line of Business Risk Committees, Firmwide Control Committee (“FCC”) and other subordinate committees.
The Firmwide Control Committee (“FCC”) provides a forum for senior management to review and discuss firmwide operational risks including existing and emerging issues, as well as operational risk metrics, management and
execution. The FCC serves as an escalation point for significant issues raised from LOB and Functional Control Committees, particularly those with potential enterprise-wide impact. The FCC (as well as the LOB and Functional Control Committees) oversees the risk and control environment, which includes reviewing the identification, management and monitoring of operational risk, control issues, remediation actions and enterprise-wide trends. The FCC escalates significant issues to the FRC.
Each LOB Risk Committee is responsible for decisions relating to risk strategy, policy, measurement and control within its respective LOB. The committee is co-chaired by the LOB CRO and LOB CEO or equivalent. The committee has a clear set of escalation rules and it is the responsibility of committee members to escalate line of business risk topics to the Firmwide Risk Committee as appropriate.
Other corporate functions and forums with risk management-related responsibilities include:
The Firm’s Oversight and Control Group is comprised of dedicated control officers within each of the lines of
business and Corporate functional areas, as well as a central oversight team. The group is charged with enhancing the Firm’s controls by looking within and across the lines of business and Corporate functional areas to identify and control issues. The group enables the Firm to detect control problems more quickly, escalate issues promptly and get the right people involved to understand common themes and interdependencies among the various parts of the Firm.
The group works closely with the Firm’s other control-related functions, including Compliance, Legal, Internal Audit and Risk Management, to effectively remediate identified control issues across all affected areas of the Firm. As a result, the group facilitates the effective execution of the Firm’s control framework and helps support operational risk management across the Firm.
The Firmwide Valuation Governance Forum (“VGF”) is composed of senior finance and risk executives and is responsible for overseeing the management of risks arising from valuation activities conducted across the Firm. The VGF is chaired by the firmwide head of the Valuation Control function (under the direction of the Firm’s CFO), and also includes sub-forums for the CIB, Mortgage Bank, and certain corporate functions, including Treasury and CIO.
In addition to the committees, forums and groups listed above, the Firm has other management committees and forums at the LOB and regional levels, where risk-related topics are discussed and escalated as necessary. The membership of these committees is composed of senior management of the Firm including representation from the business and various control functions. The committees meet regularly to discuss a broad range of topics.
The JPMorgan Chase Bank N.A. Board of Directors is responsible for the oversight of management on behalf of JPMorgan Chase Bank N.A. The JPMorgan Chase Bank N.A.
Board accomplishes this function acting directly and through the principal standing committees of the Firm's Board of Directors. Risk oversight on behalf of JPMorgan Chase Bank N.A. is primarily the responsibility of the Firm’s DRPC, Audit Committee and, with respect to compensation-related matters, the Compensation & Management Development Committee.
JPMorgan Chase & Co./2013 Annual Report 117