1 / 15

Risk Analysis and Supply Risk Mitigation at Bank of America

Risk Analysis and Supply Risk Mitigation at Bank of America. Major Program Components Overview. SCRLC Meeting June 4 & 5 , 2008 Boeing Corporation Seattle, Washington. Bank of America Business Profile. $1.4 Trillion in Assets

lecea
Download Presentation

Risk Analysis and Supply Risk Mitigation at Bank of America

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Risk Analysis and Supply Risk Mitigation at Bank of America Major Program Components Overview SCRLC Meeting June 4 & 5 , 2008Boeing Corporation Seattle, Washington

  2. Bank of America Business Profile • $1.4 Trillion in Assets • According to Forbes latest “Global 2000” listing, BAC is the worlds 4th largest public company just behind CitiGroup Inc, General Electric and AIG. (based on composite sales profits, assets, and market capitalization) • The world’s 6th most-profitable company • Offices in 31 countries serving clients across 150 countries • 38 million consumer relationships • Retail footprint covers more than 75% of the U.S. population • >16,000 ATM’s • >5,600 Banking Centers • 52% of all internet banking transactions • The number-one issuer of debit cards in U.S., with over 17 million cards outstanding • Bankers to 96% of the US Fortune 500 and 82% of the Global Fortune 500

  3. Greg Taylor Supply Chain Management Executive Support Partners Bank of America Supply Chain Management LOB Customer Centric Consumer & Card Supply Management Global Operations and Supplier Relations Development GCIB, GWIM & GBFS Supply Management GTO Supply Management SCM Strategy ESP & S Supply Management Joe Hill Joseph Martinez Jill Bossi Cesar Penaherrara Rich Jones Benjamin Robinson • Multicultural Sup Dev • Cross Sell • European SCM • Chilean SCM • Argentinean SCM • Brazilian SCM • Uruguayan SCM • Asian SCMSourcing Services • Application Deployment • Process Design • Supplier Registration • Archiving & Records • Supplier Manager Services • Training & Certification • Supplier Scorecards Global Wealth & Investment Management Global Corporate Investment Banking Global Business & Financial Services • Transaction Services • Cash Transport • Non-Cash X-port • ATM • Imaging • Business Solutions • Desktop & Security • Tech Outsourcing • Enterprise Apps • Tech Infrastructure • Telecom • Mainframe / Storage • Midrange / Software • Enterprise Access / Svcs Card & Merchant Services Deposit and Debit Consumer Real Estate E-Commerce & Insurance Corporate Workplace Global Human Resources Corporate Marketing Corporate Staff & Support Treasury Quality & Productivity Finance Legal Risk Document Management Corporate Travel Services • Risk and Compliance • Compliance & Monitoring • Risk Assessment • Risk Monitoring • Project Management Office • Offshoring SCM Transition SCM Analytics Tim Marquardt Dave McCann

  4. US Patriot Act Gramm-Leach-Bliley Act 1990s e-Economy 2001 9/11 Terrorist Attacks Digital Flow of Customer Data Focus on Operational Risks Recovery / Continuity from Event Risks Operational Risk Customer Information Protection Consumer Awareness of Risks Business Continuity Check 21 Act Privacy Eliminate Funding Sources for Terrorists Anti-Money Laundering Payments Transformation Check Imaging & Truncation Increased Regulatory Oversight Out-sourcing / In-sourcing/ Off-shoring Finance Oversight and Assurance Increased pressure on Cost-to-serve Governance Capital Requirements Harmonization The combination of external events, legislation and supporting Bank programs has resulted in the current “galaxy” of Supplier Management activity. States AG Investigations Email Retention Country Risk of Supply Base Corporate Governance Cross-border funds and information flows 2000+ Globalization 2002 Corporate Scandal Effect Corporate Controls and Data Global companies requiring global banking partners Sarbanes-Oxley Act Basel II Corporate Scandal Effect External Events Legislation / Oversight US Patriot Act BAC Program Country Risk of Supply Base Supply Chain Management – Assumptions & Environment

  5. Supply Chain Strategic Propositions SCM Role and Value Proposition • Create Value: • Develop and execute supply strategies for LOBs • Deliver credible, transparent and sustainable productivity gains for the enterprise • Foster Innovation: • Identify and generate revenue opportunities as part of the Universal Bank • Protect BAC IP to drive competitive advantage • Minimize Risk: • Ensure that Bank of America suppliers meet rigorous risk and quality standards Build the Brand – SCM Relationship Responsibilities • > 30,000 suppliers • 12,346 active contracts (domestic) • 139 domestic agreements with 102 foreign Suppliers located in 20 countries • Supplier Diversity • > 7,500 diverse suppliers • $1,2 B spend with diverse suppliers • Supplier Cross-Sell 2002-2007 • 140 deals with over $58MM in Revenue • Leading BAC efforts on Environmental Impact • Quarterly OCC Reviews Shareholder Value / Low Cost Provider • SCM Non-Interest Expense Impact • $14.5 B supplier sourceable spend (est.) • 35% of the BAC NIE (incl. MBNA) • SCM Savings Impact • 2002-2005 Sum = $1.18B (SPS $0.19) • 2005 = $654.3MM (SPS $0.10) • 2007P = $900MM (SPS $0.16) • FLEET - $426.0MM Cumulative (2004-2006) • MBNA - $250.0 MM cumulative (2006 = $103MM) • SCM Operating Leverage Impact • Corporate Travel • Document / Print Management Top Challenges • Governance Maturity • Strategic Sourcing • End-to-End supplier management • Savings Governance and Execution • Savings either accrue or are reinvested per LOB decision • Infrastructure Investments • Not sexy but mission critical • Proactively Managing Operational Risk • Global Supply Chain Integration • Getting Ready for the NEXT BIG THING!

  6. Bank of America Supply Chain Mission Supply Chain Management has the fiduciary responsibility to: • Manage (mitigate) Enterprise Supply Base risk • Maximize Enterprise Supply Base Value (while not violating #1) • Support business partner needs for goods and services.” (while not violating #1 or #2)

  7. E2E Supplier Relationship Management Process Lead SCM Sourcing LOB Supplier Management Shared Establish Relationship Manage Relationship Terminate/ Change Relationship Engagement Pre-Engagement LOB Supplier Manager (SM) SCM Sourcing Manager LOB Champion SCM Sourcing Exec. LOB Risk Partners Note: Roles highlighted in blue represent 1st LOD; roles highlighted in orange represent 2nd LOD.

  8. Supplier Management Program (SMP) Purpose • Goal • Implement a World Class Enterprise Supplier Management Program to identify and mitigate supplier risk and maximize supplier performance and value Supplier Management Program (SMP) A framework of governance, processes and tools to manage enterprise supplier risk and performance annually for Tier 1 and Tier 2 suppliers. Supplier Managers and Suppliers submit program deliverables which enable our ability to assess, manage and mitigate supplier performance and risk issues in a timely manner. - LOB Supplier Managers – Serve as a liaison between the supplier and Bank of America while managing day to day relationship, monitoring supplier performance, and identifying and mitigating supplier risk. - LOB Champions – Tier and assign LOB Supplier Manager to LOB Suppliers, act as a point of escalation and drive appropriate management routines for the LOB, represent the LOB as a member of the Supplier Risk Steering Committee and work with support partners to drive SMP deliverables and issue resolution. SMP Suppliers The Supplier Management Program provides a framework for managing tier 1 and tier 2 suppliers, which include the 550 most critical/highest risk of Bank of America’s 31,000 total Suppliers. Tier 1 – Supplier scores Significantly High for Information Security, Business Continuity, Financial or Other Operational risks OR annual supplier spend totals $150mm or more. Tier 2 – Supplier scores High for Information Security, Business Continuity, Financial or Other Operational risks OR annual supplier spend ranges between $35mm and $150mm. The Three Lines of Defense 1st Line of Defense - Business unit managers are accountable for all risks in their units, both existing and emerging. For SMP - LOB Champions & Supplier Managers. 2nd Line of Defense - Business partners acting independently, work with business units to identify, assess and mitigate all risks. For SMP - includes SCM, GIPBC, Legal, Compliance & Operational Risk, etc. 3rd Line of Defense - Corporate Audit and Credit Review independently test, verify and evaluate management controls. For SMP - Audit. Supplier Risk Steering Committee (SRSC) The SRSC, which includes the LOB Champions, meets quarterly to review the Enterprise SMP status, the program status for key LOBs, and key supplier risk issues and themes across LOBs. The SRSC also decisions SMP enhancements, monitors key initiatives status, and encourages best practices sharing across the LOBs. The SRSC provides quarterly Supplier Risk updates to the Compliance and Operational Risk Committee (CORC). Rev. 1/16/08

  9. Approach • Comprehensive, enterprise-wide Supplier Management Program • Governed by Supplier Risk Executive Committee • Focus process rigor on most critical and complex supplier relationships • Drive program consistency through role clarity, training, & certification Program Scope • 552 Tier 1 and 2 suppliers, with approximately 245 supplier managers, covering approximately 55% of bank’s spend • Currently US, EMEA, and Canada, with plans to extend to Asia, India, Mexico, etc. in 2008 Supplier Management Program Structure and Governance SM Program Governance Supplier Risk Executive Committee Milton Jones, CFO Group Greg Taylor, Supply Chain Management Chris Higgins, GIPBC Mike Brosnan, Global Risk LOB Champions Global Supply Chain Management Greg Taylor Global Risk Management Mike Brosnan Finance Services Keith Jacobsen GT&O S&F Ops Jeanne Spradlin GT&O NCG Edie Fletcher GT&O CIOs Meril Thornton Corporate Workplace Jeff Hipple Global Human Resources Eadie Ferretti Global Marketing Dave Upton GC&SBB - Deposits Gregg Sheehy GC&SBB – eCommerce Ellen Fox GC&SBB – CRE/Insurance Tim O’Brien GC&SBB – Card Services Jeff Hennessy GC&SBB – Student Banking Tom Nerad GC&SBB – Small Business Banking David Head Global Product Solutions Tim Burdick Global Capital Markets & Investment Banking Marta Johnson Corporate Investments Leslee Bertsch Global Wealth & Investment Management Chantalle Couba Global Commercial Bank Mary Jo von Tillow Non-US Joe Hill Rev. 1/16/08 SM Program Council – Caroline Dellinger SM Program Teams

  10. Non-Tiered Tier 2 Tier 1 All Suppliers Manage Supplier Mgmt Program - Supplier Tiering & SM’s Supplier Managers Supplier Tiering • Assigned by Line of Business • All Supplier Managers must: • Complete 2.5 day Supplier Manager training program • Achieve certification w/in 60 days after completion of training • Recertify Annually • Manage suppliers to annual performance and risk management deliverables • Supplier Tiering is risk based with three key components. Tier Criteria • Criticality of supplier’s product or service to: • Operation of Bank of America • Operation of Line of Business • Sensitive Data Handling Risk • Annual Spend Tier Assignment • Supplier tier classifications • Tier 1 & Tier 2 Suppliers requireSupplier Managers • Supplier tiers revisited annually • Tier 3 = Low $, Low IS • Tier 4 = Negligible exposure

  11. Risk & Performance Elements • Supplier Financial Health • Supplier Information Protection • Supplier Performance Management • Contractual and Insurance Coverage • Supplier Business Continuity Capability • Supplier Work Executed Outside US (Indirect Offshoring) • BAC Ability to Replace Supplier (Contingency Plans) • Privacy • Supplier Sub-Contracting • Intellectual Asset Program Deliverables • Supplier Manager certified/re-certified • Supplier registered online • Supplier tier and risk tool (START) • Supplier performance scorecard • Supplier risk summary (SRS) • Insurance certificate review • LOB contingency plan (if required)1 • SAS 70 Type II Audit (if required)2 • Audited Financial Statements for non-public Tier 1 suppliers • Off-shoring and sub-contracting survey • Supplier business continuity plan1 • Supplier information security and business continuity questionnaire (SAQ) • Supplier business continuity remediation plan accepted (if required)1 • Supplier business continuity remediation plan completed (if required)1 • Supplier information security remediation plan accepted (if required)3 • Supplier information security remediation plan completed (if required)3 • Supplier portfolio risk dashboard, triggers list & remediation plan4 Program Deliverable Quality It is the responsibility of the LOB to ensure that the program deliverables are complete, Accurate and timely. Supplier Management Program Requirements Notes 1Required for suppliers scoring SIG HIGH, HIGH or MED for BC on START 2For appropriate suppliers based on START 3Required for suppliers scoring SIG HIGH, HIGH or MED for IS on START 4Deliverables in blue are the LOB Champion’s responsibility * Not required for Tier 2 Suppliers. Rev. 1/16/08

  12. Supplier Management Program Metrics 2008 Hoshin & Performance Plans • Business Executives – 1) SPI as component of Business Risk Review and/or 2) % Compliance to SMP Deliverables as component of Compliance Program Effectiveness Indicator (CPEI) • LOB Champions and Senior Supplier Managers– 1) SPI and 2) % targeted supplier enablements 3) % Compliance to SMP Deliverables as component of Compliance Program Effectiveness Indicator (CPEI, if B1 or 2) • Managers of Supplier Managers and Supplier Managers – 1) SMP deliverables are current, complete and submitted on-time in accordance with annual SMP Deliverable schedule. Deliverables that are not of acceptable quality will be rejected. 2) % Targeted payment channel supplier enablements completed The Supplier Portfolio Index (SPI) • Integrated view of supplier residual risk and performance. • Intended to drive simple actions for assessing and remediating risk and performance issues. • Single risk and performance metric for a portfolio of suppliers (business unit, LOB and enterprise). • Can be disaggregated to individual components to understand where corrective action is required. Rev. 1/16/08

  13. Supplier Management Program Reporting • Risk Review prepared quarterly • Used by LOB Champion to identify key risk issues & themes, drive risk remediation plans & report to Supplier Risk Exec. Comm. • Status Report produced weekly • Used by LOB Champion & Supplier Managers to monitor compliance with program deliverables Rev. 1/16/08

  14. Performance and Continuous Improvement Program Snapshot • 552 of highest risk (Tier 1 & 2) suppliers in program • 2008 YTD 86% of required deliverables completed • 200+ suppliers beginning fourth year of program • 245 Supplier Managers in program; All Certified by October of current year • 60% Recertify 2007 Strategies • Enhanced program quality and simplification (MBF, SM Program Council) • LOB Enablement and Program Integration • Successful MBNA and US Trust merger integration 2008 Strategies • Move from quantitative to qualitative deliverables (5 Auditable deliverables) • Migration to automated system • Adapt and drive the program internationally • Next gen risk opportunities are Offshore/Subcontractor and Business Continuity

  15. Corporate signature Do Not print this page. For projector presentations only.

More Related