Risk is an inherent part of JPMorgan Chase’s business activities. When the Firm extends a consumer or wholesale loan, advises customers on their investment decisions, makes markets in securities, or conducts any number of other services or activities, the Firm takes on some degree of risk. The Firm’s overall objective in managing risk is to protect the safety and soundness of the Firm, avoid excessive risk taking, and manage and balance risk in a manner that serves the interest of our clients, customers and shareholders.
The Firm’s approach to risk management covers a broad spectrum of risk areas, such as credit, market, liquidity, model, structural interest rate, principal, country, operational, fiduciary and reputation risk.
The Firm believes that effective risk management requires:
• Acceptance of responsibility, including identification and escalation of risk issues, by all individuals within the Firm;
• Ownership of risk management within each line of business and corporate functions; and
• Firmwide structures for risk governance.
Firmwide Risk Management is overseen and managed on an enterprise-wide basis. The Firm’s Chief Executive Officer (“CEO”), Chief Financial Officer (“CFO”), Chief Risk Officer (“CRO”) and Chief Operating Officer (“COO”) develop and set the risk management framework and governance structure for the Firm, which is intended to provide comprehensive controls and ongoing management of the major risks inherent in the Firm’s business activities. The Firm’s risk management framework is intended to create a culture of transparency, awareness and personal
responsibility through reporting, collaboration, discussion, escalation and sharing of information. The CEO, CFO, CRO and COO are ultimately responsible and accountable to the Firm’s Board of Directors.
The Firm’s risk culture strives for continual improvement through ongoing employee training and development, as well as talent retention. The Firm also approaches its incentive compensation arrangements through an integrated risk, compensation and financial management framework to encourage a culture of risk awareness and personal accountability.
Management’s discussion and analysis
106 JPMorgan Chase & Co./2014 Annual Report
The following sections outline the key risks that are inherent in the Firm’s business activities.
Risk Definition Key risk management metrics Page
references Capital risk The risk the Firm has an insufficient level and composition of capital to support the
Firm’s business activities and associated risks during normal economic environments and stressed conditions.
Risk-based capital ratios, Supplementary Leverage
ratio 146-155
Compliance risk
The risk of fines or sanctions or of financial damage or loss due to the failure to comply with laws, rules, and regulations.
Not Applicable 144
Country risk The risk that a sovereign event or action alters the value or terms of contractual obligations of obligors, counterparties and issuers or adversely affects markets related to a particular country.
Default exposure at 0% recovery, Stress 137-138
Credit risk The risk of loss arising from the default of a customer, client or counterparty. Total exposure; industry, geographic and customer concentrations; risk ratings; delinquencies; loss experience; stress
110-130
Fiduciary
risk The risk of a failure to exercise the applicable high standard of care, to act in the best interests of clients or to treat clients fairly, as required under applicable law or regulation.
Not Applicable 145
Legal risk The risk of loss or imposition of damages, fines, penalties or other liability arising from failure to comply with a contractual obligation or to comply with laws or regulations to which the Firm is subject.
Not Applicable 144
Liquidity
risk The risk that the Firm will not have the appropriate amount, composition and tenor of funding and liquidity in support of its assets, and that the Firm will be unable to meet its contractual and contingent obligations through normal economic cycles and market stress events.
LCR; Stress 156-160
Market risk The risk of loss arising from potential adverse changes in the value of the Firm’s assets and liabilities resulting from changes in market variables such as interest rates, foreign exchange rates, equity prices, commodity prices, implied volatilities or credit spreads.
VaR, Stress, Sensitivities 131-136
Model risk The risk of the potential for adverse consequences from decisions based on incorrect
or misused model outputs and reports. Model Status, Model Tier 139
Non-USD FX risk
The risk arising from capital investments, forecasted expense and revenue, investment securities portfolio or issuing debt in denominations other than the U.S.
dollar.
FX Net Open Position (“NOP”) 203,
211-213 Operational
risk
The risk of loss resulting from inadequate or failed processes or systems or due to external events that are neither market nor credit-related.
Firm-specific loss experience; industry loss experience; business environment and internal control factors (“BEICF”)
140-143
Principal
risk The risk of an adverse change in the value of privately-held financial assets and instruments, typically representing an ownership or junior capital position. These positions have unique risks due to their illiquidity or for which there is less observable market or valuation data.
Carrying Value, Stress 140
Reputation
risk The risk that an action, transaction, investment or event will reduce the trust that clients, shareholders, employees or the broader public has in the Firm’s integrity or competence.
Not Applicable 145
Structural interest rate risk
The risk resulting from the Firm’s traditional banking activities (both on- and off-balance sheet positions) arising from the extension of loans and credit facilities, taking deposits and issuing debt (collectively referred to as “non-trading activities”), and also the impact from the CIO investment securities portfolio and other related CIO, Treasury activities.
Earnings-at-risk 136
Risk organization
The LOBs are responsible for managing the risks inherent in their respective business activities. The Risk organization operates independently from the revenue-generating businesses, providing a credible challenge to them. The CRO is the head of the Risk organization and is responsible for the overall direction of Risk oversight. The CRO is supported by individuals and organizations that align to lines of business and corporate functions, as well as others that align to specific risk types.
The Firm’s Risk Management Organization and other Firmwide functions with risk-related responsibilities (i.e., Regulatory Capital Management Office (“RCMO”), Firmwide Oversight and Control Group, Valuation Control Group (“VCG”), Legal and Compliance) provide independent oversight of the monitoring, evaluation and escalation of risk.
Risk governance
The independent stature of the Risk organization is supported by a governance structure that provides for escalation of risk issues up to senior management and the Board of Directors.
JPMorgan Chase & Co./2014 Annual Report 107
The chart below illustrates the governance structure and certain senior management level committees and forums that are primarily responsible for key risk-related functions. There are additional committees and forums not represented in the chart that are also responsible for management and oversight of risk.
The Board of Directors provides oversight of risk principally through the Board of Directors’ Risk Policy Committee (“DRPC”), Audit Committee and, with respect to
compensation, Compensation & Management Development Committee. Each committee of the Board oversees
reputation risk issues within its scope of responsibility.
The Directors’ Risk Policy Committee approves and
periodically reviews the primary risk management policies of the Firm’s global operations and oversees the operation of the Firm’s global risk management framework. The committee’s responsibilities include oversight of
management’s exercise of its responsibility to assess and manage: (i) credit risk, market risk, liquidity risk, model risk, structural interest rate risk, principal risk and country risk; (ii) the governance frameworks or policies for operational, fiduciary, reputational risks and the New Business Initiative Approval (“NBIA”) process; and (iii) capital and liquidity planning and analysis. The DRPC
reviews the firmwide value-at-risk and market stress tolerances, as well as any other parameter tolerances established by management in accordance with the Firm’s Risk Appetite Policy. It reviews reports of significant issues identified by risk management officers, including reports describing the Firm’s credit risk profile, and information about concentrations and country risks. The Firm’s CRO, LOB CROs, LOB CEOs, heads of risk for Country Risk, Market Risk, Structural Interest Rate Risk, Liquidity Risk, Principal Risk, Wholesale Credit Risk, Consumer Credit Risk, Model Risk, Risk Management Policy, Reputation Risk Governance, Fiduciary Risk Governance, and Operational Risk Governance (all referred to as Firmwide Risk Executives) meet with and provide updates to the DRPC. Additionally, breaches in risk appetite tolerances, liquidity issues that may have a material adverse impact on the Firm and other significant matters as determined by the CRO or Firmwide functions with risk responsibility are escalated to the DRPC.
Management’s discussion and analysis
108 JPMorgan Chase & Co./2014 Annual Report
The Audit Committee has primary responsibility for assisting the Board in its oversight of the system of controls designed to reasonably assure the quality and integrity of the Firm’s financial statements and that are relied upon to provide reasonable assurance of the Firm’s management of
operational risk. The Audit Committee also assists the Board in its oversight of legal and compliance risk. Internal Audit, an independent function within the Firm that provides independent and objective assessments of the control environment, reports directly to the Audit Committee and administratively to the CEO. Internal Audit conducts independent reviews to evaluate the Firm’s internal control structure and compliance with applicable regulatory requirements and is responsible for providing the Audit Committee, senior management and regulators with an independent assessment of the Firm’s ability to manage and control risk.
The Compensation & Management Development Committee assists the Board in its oversight of the Firm’s compensation programs and reviews and approves the Firm’s overall compensation philosophy and practices. The Committee reviews the Firm’s compensation practices as they relate to risk and risk management in light of the Firm’s objectives, including its safety and soundness and the avoidance of practices that encourage excessive risk taking. The Committee reviews and approves the terms of compensation award programs, including recovery
provisions, vesting periods, and restrictive covenants, taking into account regulatory requirements. The Committee also reviews and approves the Firm’s overall incentive
compensation pools and reviews those of each of the Firm’s lines of business and the Corporate segment. The
Committee reviews the goals relevant to compensation for the Firm’s Operating Committee, reviews Operating Committee members’ performance against such goals, and approves their compensation awards. The Committee recommends to the full Board’s independent directors, for ratification, the CEO’s compensation. In addition, the Committee periodically reviews the Firm’s management development and succession planning, as well as the Firm’s diversity programs.
Among the Firm’s senior management level committees that are primarily responsible for key risk-related functions are:
The Firmwide Risk Committee (“FRC”) is the Firm’s highest management-level Risk Committee. It provides oversight of the risks inherent in the Firm’s businesses, including credit risk, market risk, liquidity risk, model risk, structural interest rate risk, principal risk and country risk. It also provides oversight of the governance frameworks for operational, fiduciary and reputational risks. The Committee is co-chaired by the Firm’s CEO and CRO. Members of the committee include the Firm’s COO, the Firm’s CFO, LOB CEOs, LOB CROs, General Counsel, and other senior managers from risk and control functions. This committee serves as an escalation point for risk topics and issues raised by its members, the Line of Business Risk Committees, Firmwide Control Committee, Firmwide
Fiduciary Risk Committee, Reputation Risk committees and regional Risk Committees. The committee escalates significant issues to the Board of Directors, as appropriate.
The Firmwide Control Committee (“FCC”) is a forum to review and discuss firmwide operational risk, metrics and
management, including existing and emerging issues, and execution against the operational risk management framework. The committee is co-chaired by the Firm’s Chief Control Officer and the head of Firmwide Operational Risk Governance/Model Risk and Development. It serves as an escalation point for the line of business, function and regional Control Committees and escalates significant issues to the Firmwide Risk Committee, as appropriate.
The Firmwide Fiduciary Risk Committee (“FFRC”) is a forum for risk matters related to the Firm’s fiduciary activities and oversees the firmwide fiduciary risk governance framework, which supports the consistent identification and escalation of fiduciary risk matters by the relevant lines of business or corporate functions responsible for managing fiduciary activities. The committee escalates significant issues to the Firmwide Risk Committee and any other committee considered appropriate.
The Firmwide Reputation Risk Governance group seeks to promote consistent management of reputational risk across the Firm. Its objectives are to increase visibility of
reputation risk governance; promote and maintain a globally consistent governance model for reputation risk across lines of business; promote early self-identification of potential reputation risks to the Firm; and provide thought leadership on cross-line of business reputation risk issues.
Each line of business has a separate reputation risk governance structure which includes, in most cases, one or more dedicated reputation risk committees.
Line of business, corporate function, and regional risk and control committees:
Risk committees oversee the inherent risks in the respective line of business, function or region, including the review, assessment and decision making relating to specific risks, risk strategy, policy and controls. These committees escalate issues to the Firmwide Risk Committee, as appropriate.
Control committees oversee the operational risks and control environment of the respective line of business, function or region. These committees escalate operational risk issues to their respective line of business, function or regional Risk committee and also escalate significant risk issues (and/or risk issues with potential firmwide impact) to the Firmwide Control Committee.
The Asset-Liability Committee (“ALCO”), chaired by the Corporate Treasurer under the direction of the COO, monitors the Firm’s overall balance sheet, liquidity risk and interest rate risk. ALCO is responsible for reviewing and approving the Firm’s funds transfer pricing policy (through which lines of business “transfer” interest rate and foreign exchange risk to Treasury). ALCO is responsible for reviewing the Firm’s Liquidity Risk Management and
JPMorgan Chase & Co./2014 Annual Report 109
Oversight Policy and contingency funding plan. ALCO also reviews the Firm’s overall structural interest rate risk position, funding requirements and strategy, and the Firm’s securitization programs (and any required liquidity support by the Firm of such programs).
The Capital Governance Committee, chaired by the Head of Regulatory Capital Management Office (under the direction of the Firm’s CFO) is responsible for reviewing the Firm’s Capital Management Policy and the principles underlying capital issuance and distribution alternatives. The Committee is also responsible for governing the capital adequacy assessment process, including overall design, assumptions and risk streams and ensuring that capital stress test programs are designed to adequately capture the idiosyncratic risks across the Firm’s businesses.
Other corporate functions and forums with risk management-related responsibilities include:
The Firmwide Oversight and Control Group is comprised of dedicated control officers within each of the lines of business and corporate functional areas, as well as a central oversight team. The group is charged with enhancing the Firm’s controls by looking within and across the lines of business and corporate functional areas to identify and control issues. The group enables the Firm to detect control problems more quickly, escalate issues promptly and get the right people involved to understand common themes and interdependencies among the various parts of the Firm.
The group works closely with the Firm’s other control-related functions, including Compliance, Legal, Internal Audit and Risk Management, to effectively remediate identified control issues across all affected areas of the Firm. As a result, the group facilitates the effective execution of the Firm’s control framework and helps support operational risk management across the Firm.
The Firmwide Valuation Governance Forum (“VGF”) is composed of senior finance and risk executives and is responsible for overseeing the management of risks arising from valuation activities conducted across the Firm. The VGF is chaired by the firmwide head of the Valuation Control function (under the direction of the Firm’s CFO), and also includes sub-forums for the CIB, Consumer & Community Banking, Commercial Banking, Asset Management and certain corporate functions, including Treasury and CIO.
In addition to the committees, forums and groups listed above, the Firm has other management committees and forums at the LOB and regional levels, where risk-related topics are discussed and escalated as necessary. The membership of these committees is composed of senior management of the Firm including representation from the business and various control functions. The committees meet regularly to discuss a broad range of topics.
The JPMorgan Chase Bank N.A. Board of Directors is responsible for the oversight of management on behalf of JPMorgan Chase Bank N.A. The JPMorgan Chase Bank N.A.
Board accomplishes this function acting directly and through the principal standing committees of the Firm’s Board of Directors. Risk oversight on behalf of JPMorgan Chase Bank N.A. is primarily the responsibility of the Firm’s DRPC, Audit Committee and, with respect to compensation-related matters, the Compensation & Management Development Committee.
Risk appetite
The Firm’s overall risk appetite is established by
management taking into consideration the Firm’s capital and liquidity positions, earnings power, and diversified business model. The risk appetite framework is a tool to measure the capacity to take risk and is expressed in loss tolerance parameters at the Firm and/or LOB levels, including net income loss tolerances, liquidity limits and market limits. Performance against these parameters informs management’s strategic decisions and is reported to the DRPC.
The Firm-level risk appetite parameters are set and approved by the Firm’s CEO, CFO, CRO and COO. LOB-level risk appetite parameters are set by the LOB CEO, CFO, and CRO and are approved by the Firm’s functional heads as noted above. Firmwide LOB diversification allows the sum of the LOBs’ loss tolerances to be greater than the Firmwide loss tolerance.
Risk identification for large exposures
The Firm has certain potential low-probability but plausible and material, idiosyncratic risks not well captured by its other existing risk analysis and reporting for credit, market, and other risks. These idiosyncratic risks may arise in a number of forms, e.g. changes in legislation, an unusual combination of market events, or specific counterparty events. These identified risks are grouped under the term Risk Identification for Large Exposures (“RIFLEs”). The identified and monitored RIFLEs allow the Firm to monitor earnings vulnerability that is not adequately covered by its other standard risk measurements.
Management’s discussion and analysis
110 JPMorgan Chase & Co./2014 Annual Report