Capital One Financial Corporation (the “Corporation”) is one of the largest financial institutions in the United States, incorporated in Delaware on July 21, 1994. The Corporation’s principal subsidiaries include Capital One Bank (USA), National Association (“COBNA”) which currently offers credit and debit card products, other lending products, and deposit products; and Capital One, National Association (“CONA”) which offers a broad spectrum of banking products and financial services to consumers, small businesses and commercial clients. The Corporation and its subsidiaries are collectively referred to as the “Company.” Unless indicated otherwise, the terms “Corporation” “Capital One” “we” “us” and “our” refer to the Corporation and its consolidated subsidiaries.
As of December 31, 2009, we had $115.8 billion in deposits and $136.8 billion in managed loans outstanding. We are the fourth largest issuer of Visa® (“Visa”) and MasterCard® (“MasterCard”) credit cards in the United States based on managed credit card loans outstanding, and we are the eighth largest depository institution in the United States based on deposits.
We offer our products throughout the United States. We also offer our products outside of the United States principally through Capital One Bank (Europe) plc, an indirect subsidiary of COBNA organized and located in the United Kingdom (the “U.K. Bank”), and through a branch of COBNA in Canada. Our U.K. Bank has authority, among other things, to accept deposits and provide credit card and installment loans. Our branch of COBNA in Canada has the authority to provide credit card loans.
Our common stock is listed on the New York Stock Exchange under the symbol COF and as of January 31, 2010, the Company’s common stock was held by 16,955 shareholders. Our principal executive office is located at 1680 Capital One Drive, McLean, Virginia 22102 (telephone number (703) 720-1000). The Corporation maintains a website at www.capitalone.com. Documents available on our website include (i) Codes of Business Conduct and Ethics for the Corporation; (ii) the Corporation’s Corporate Governance Principles; and (iii) charters for the Audit and Risk, Compensation, Finance and Trust Oversight, and Governance and Nominating Committees of the Board of Directors. These documents are also available in print to any shareholder who requests a copy. In addition, we make available free of charge through our website our annual reports on Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K and amendments to those reports as soon as reasonably practicable after electronic filing or furnishing such material to the SEC.
Capital One is one of the largest financial institutions in the United States. We focus on consumer and commercial lending and deposit taking. Our principal business segments are Credit Card, Commercial Banking and Consumer Banking. For further discussion of our segments, see Item 7 “Management’s Discussion and Analysis of Financial Condition and Results of Operations – Reportable Segment Summary for Continuing Operations” and “Note 5 – Segments”.
Credit Card Segment. The credit card segment includes the Company’s domestic consumer and small business card lending, domestic national small business lending, national closed end installment lending and the international card lending businesses in Canada and the United Kingdom.
Commercial Banking Segment. Commercial Banking includes the Company’s lending, deposit gathering and treasury management services to commercial real estate and middle market customers. The Commercial segment also includes the financial results of a national portfolio of small ticket commercial real estate loans that are in run-off mode.
Consumer Banking Segment. Consumer Banking includes the Company’s branch based lending and deposit gathering activities for small business customers as well as its branch based consumer deposit gathering and lending activities, national deposit gathering, national automobile lending, consumer mortgage lending and servicing activities.
Chevy Chase Bank Acquisition
On February 27, 2009, the Company acquired all of the outstanding common stock of Chevy Chase Bank F.S.B., (“Chevy Chase Bank”), one of the largest retail depository institutions in the Washington DC region, in exchange for Capital One common stock and cash with a total value of $475.9 million. Under the terms of the stock purchase agreement, Chevy Chase Bank common shareholders received $445 million in cash and 2.56 million shares of Capital One common stock. The acquisition of Chevy Chase Bank greatly expanded our banking footprint in one of the strongest markets in the country.
Our consumer loan portfolios, including credit cards, are diversified across the United States with modest concentration in New York, New Jersey, Louisiana, and Texas. We also have credit card loans in the U.K. and Canada. Our commercial loans are concentrated in New York, New Jersey, Louisiana and Texas. See Item 7 “Management’s Discussion and Analysis of Financial Condition and results of Operations – Loans Held for Investment”, “Management’s Discussion and Analysis of Financial Condition and results of Operations – Credit Concentration” and “Note 24—Significant Concentration of Credit Risk” for further details.
Enterprise Risk Management
Capital One’s policy is to identify, assess, and mitigate risks that affect or have the potential to affect our business, to target financial returns commensurate with the Company’s risk appetite, and to avoid excessive risk-taking. We follow three key principles related to this policy.
1. Individual businesses take and manage risk in pursuit of strategic, financial, and other business objectives
2. Independent risk management organizations support individual businesses by providing risk management tools and policies, and by aggregating risks; in some cases, risks are managed centrally
3. The Board of Directors and top management review our aggregate risk position and establish the risk appetite
Our approach is reflected in four critical risk management practices of particular importance in today’s environment.
First, we recognize liquidity risk as among the critical risks facing financial institutions today. We seek to mitigate this risk strategically and tactically. From a strategic perspective, we have acquired and built deposit gathering businesses and significantly reduced our loan to deposit ratio. From a tactical perspective, we have accumulated a very large liquidity reserve comprising cash, high-quality, unencumbered securities, and committed collateralized credit lines and conduit facilities.
Second, we recognize that credit issues are a frequent cause of financial institution stress and that we are exposed to cyclical changes in credit quality. Consequently, we try to ensure our credit portfolio is resilient to economic downturns. Our most important tool is sound underwriting, using what we deem to be conservative assumptions. In unsecured consumer loan underwriting, we assume that loans will be subject to an environment in which losses are significantly higher than those prevailing at the time of underwriting. In commercial underwriting, we insist on strong cash flow, strong collateral, and strong covenants and guarantees. In addition to conservative underwriting, we aggressively monitor our portfolio and aggressively collect or work out distressed loans.
Third, we recognize that reputational risk is of particular concern in today’s turbulent environment. Consequently, our CEO and executive team manage both tactical and strategic reputation issues and build our relationships with the government, media, and other constituencies to help strengthen the reputations of both Capital One and our industry. This includes taking public positions in support of better consumer practices in our industry and, where possible, unilaterally implementing those practices in our business.
Finally, we recognize that maintaining appropriate capital levels is a concern in today’s environment. See Item 7 “Management’s Discussion and Analysis of Financial Condition and results of Operations – Capital,” for further information regarding capital.
Risk Management Roles and Responsibilities
The Board of Directors is responsible for establishing Capital One’s overall risk framework; approving and overseeing execution of the Enterprise Risk Management Policy and key risk category policies; establishing the Company’s risk appetite; and regularly reviewing Capital One’s risk profile.
The Chief Risk Officer, who reports to the CEO, is responsible for overseeing Capital One’s risk management program and driving appropriate action to resolve any weaknesses. The risk management program begins with a set of policies and risk appetites approved by the Board that are implemented through a system of risk committees and senior executive risk stewards. The company has established risk committees at both the corporate and divisional level to identify and manage risk. In addition, we have assigned a senior executive expert to each of eight risk categories (the risk stewards). These executive risk stewards work with the Chief Risk Officer and the risk committees to ensure that risks are identified and given appropriate priority and attention. The Chief Risk Officer aggregates the results of these processes to assemble a view of the company’s risk profile. Both management and the Board regularly review the risk profile.
Risk Management and Control Framework
Capital One uses a consistent framework to manage risk. The framework applies at all levels, from the development of the Enterprise Risk Management Program itself to the tactical operations of the front-line business team. The framework has six key elements:
1. Objective Setting;
2. Risk Assessment;
3. Control Activities;
4. Communication and Information;
5. Program Monitoring; and
6. Organization and Culture.
Objective Setting is at the beginning of our risk management approach. We set strategic, financial, operational, and other objectives during our strategic and annual planning processes and throughout the year. These objectives cascade through the organization to individual teams of associates.
Risk Assessment is the process of identifying risks to our objectives, evaluating the impact of those risks and choosing a response. Responses include avoidance, mitigation, or acceptance. Risk responses are guided by our established risk appetite. In certain risk categories, risk assessment is largely conducted by central risk groups or jointly between business areas and central groups (market, liquidity, legal, credit, compliance). In other risk categories, risk assessment is primarily the responsibility of business areas with more limited central support (strategic, operational, reputation).
Control Activities are the day-to-day backbone of our Enterprise Risk Management Program. Controls provide reasonable assurance that financial accounting and reporting, legal, regulatory, and business requirements are met, and identified risks are being mitigated, avoided, or accepted according to our risk appetite. We have practices in place to ensure key controls are established, evaluated, and effective in preventing a breakdown. Control activities include the monitoring of adherence to current requirements, regular reporting to management, and regular reviews and sign-offs. They also include the resolution of regulatory and audit findings and issues and the procedures that trigger objective setting and risk assessments when new business opportunities are evaluated or business hierarchy changes occur.
Communication and Information must provide a solid infrastructure to support the objective setting, risk assessment, and control activities described above. We have established policies for each risk category which define the specific reports to be used and the communication infrastructure. Robust risk management requires well-functioning communication channels to inform associates of their responsibilities, alert them to issues or changes that might affect their activities, and to enable an open flow of information up, down, and across the company.
Program Monitoring is critical to the Enterprise Risk Management Program itself because it assesses the accuracy, sufficiency, and effectiveness of current objectives, risk assessments, controls, ownership, communication, and management support. Where deficiencies are discovered, the Enterprise Risk Management Program must be updated to resolve the deficiencies in a timely manner. Clear accountability must also be defined when resolving deficiencies to ensure the desired outcome is achieved. Risk management programs are monitored at every level; from the overall Enterprise Risk Management Program to the individual risk management activities in each business area.
Our Organization and Culture promote risk management as a key factor in making important business decisions. An effective risk management culture starts with a well-defined risk management philosophy. It requires established risk management objectives that align to business objectives and make targeted risk management activities part of ongoing business management activities.
We have a corporate Code of Business Conduct and Ethics (the “Code”) (available on the Corporate Governance page of our website at www.capitalone.com/about) under which each associate is obligated to behave with integrity in dealing with customers and business partners and to comply with applicable laws and regulations. We disclose any waivers to the Code on our website. We also have an associate performance management process that emphasizes achieving business results while ensuring integrity, compliance, and sound business management. Our risk management culture is also encouraged through frequent direction and communications from the Board of Directors, senior leadership, corporate and departmental risk management policies, risk management and compliance training programs and on-going risk assessment activities in the business areas.
Capital One organizes its Enterprise Risk Management Program around eight risk categories. The risk categories enable us to efficiently aggregate risks, provide a mechanism to discuss risk appetite, and facilitate the assignment of expert risk resources to support our business activities. We customize specific risk objectives and control methodologies to each risk category; they share, at the highest level, a common approach to describing and measuring risk appetite. Risk appetites are approved by the Board of Directors and are used both to monitor the company’s evolving risk position and to guide strategic and tactical decision making.
Capital One’s risk management program is organized around eight risk categories. They are:
Liquidity Risk: is the risk that future financial obligations are not met or future asset growth cannot occur because of an inability to obtain funds at a reasonable price within a reasonable time. The Chief Financial Officer is the accountable executive for liquidity risk.
Liquidity strength is assessed through balance sheet metrics, and stress testing is used to ensure that Capital One can withstand significant degradation in the funding markets (particularly in the wholesale funding markets). We regularly evaluate our liquidity position under various liquidity stress scenarios with management’s Asset/Liability Management Committee and the Finance and Trust Oversight Committee of the Board, providing recommendations for any necessary actions to ensure our liquidity risk exposure is well managed. Management reports liquidity metrics to the Finance and Trust Oversight Committee no less than quarterly. Breaches in liquidity policy limits are reported to the Treasurer as soon as they are identified and to the Asset/Liability Management Committee at the next regularly scheduled committee meeting, unless said breach activates the Liquidity Contingency Plan. Breaches are also reported to the Finance and Trust Oversight Committee no later than the next regularly scheduled meeting. Detailed processes, requirements and controls are contained in our policies and supporting procedures.
Credit Risk: is the risk of loss from a borrower’s failure to meet the terms of any contract or failure to otherwise perform as agreed. There are four primary sources of credit risk: (1) changing economic conditions, which affect borrowers’ ability to pay and the value of any collateral; (2) a changing competitive environment, which affects customer debt loads, borrowing patterns and loan terms; (3) our underwriting strategies and standards, which determine to whom we offer credit and on what terms; and (4) the quality of our internal controls, which establish a process to test that underwriting conforms to our standards and identifies credit quality issues so we can act upon them in a timely manner. The Chief Risk Officer is the accountable executive for credit risk.
We have quantitative credit risk guidelines for each of our lines of business. We conduct portfolio and decision level monitoring and stress tests using economic and legislative stress scenarios. Credit risk objectives are achieved by establishing a credit governance framework and by establishing policies, procedures, and controls for each step in the credit process. The Board, Chief Executive Officer, Chief Risk Officer, Chief Consumer and Commercial Credit Officers, and Division Presidents have specific accountable roles in the management of credit risk. These include policy approval, creation of credit strategy, review of credit position, and delegation of authority. Our evolving credit risk position and recommendations to address issues are reviewed by management’s Credit Policy Committee and the Board of Directors.
Reputation Risk: is the risk to market value, recruitment, and retention of talented associates and a loyal customer base due to the negative perceptions of Capital One’s internal and external stakeholders regarding Capital One’s business strategies and activities. The Company’s General Counsel is the accountable executive for reputation risk.
Reputation risk is managed and owned by business areas in accordance with our Reputation Risk Policy. Each Division President is responsible for highlighting potential reputational issues and executing appropriate risk mitigation activities. Our Corporate Affairs Department assists these executives in evaluating the reputation risk of new and existing business activities and is responsible for assessing and reporting our aggregate reputation risk and the state of Capital One’s reputation with specific stakeholders, to the General Counsel, Chief Risk Officer, and management’s Risk Management Committee.
Market Risk: is the risk that earnings or the economic value of equity will under-perform due to changes in interest rates, foreign exchange rates (market rates), or other financial market asset prices. Our ability to manage market risks contributes to our overall capital management. The Chief Financial Officer is the accountable executive for market risk.
The market risk positions of Capital One’s banking entities and the consolidated Company are calculated separately and in total, are compared to the pre-established limits, and are reported to management’s Asset/Liability Management Committee and the Finance and Trust Oversight Committee of the Board no less than quarterly. Management is authorized to utilize financial instruments to actively manage market risk exposure. Detailed processes, requirements and controls are contained in our policies and supporting procedures.
Strategic Risk: is the risk that Capital One fails to achieve short and long-term business objectives because we fail to develop the products, capabilities, and competitive position necessary to attract consumers, compete with competitors and withstand market volatility. The result is a failure to deliver returns expected by stakeholders (customers, associates, shareholders, investors, communities, and regulators). The Chief Executive Officer is the accountable executive for Capital One strategy.
The Chief Executive Officer develops an overall corporate strategy and leads alignment of the entire organization with this strategy through definition of strategic imperatives and top-down communication. The Chief Executive Officer and other senior executives spend significant time throughout the entire company sharing the Company’s strategic imperatives to promote an understanding of our strategy and connect it to day-to-day associate activities to enable effective execution. Division Presidents are accountable for defining business strategy within the context of the overall corporate level strategy and Strategic Imperatives. Business strategies are integrated into the Corporate Strategic Plan and are reviewed and approved separately and together on an annual basis by the Chief Executive Officer and the Board of Directors.
Operational Risk: is the risk of direct or indirect financial loss from failed or inadequate processes, associate capabilities or systems, or exposure to external events. The risk of financial loss associated with litigation is also included under operational risk. The Chief Compliance Officer is the accountable executive for establishment of risk management standards and for governance and monitoring of operational risk at a corporate level. Division Presidents have primary accountability for management of operational risk within their business areas.
While most operational risks are managed and controlled by business areas, the Operational Risk Management Program establishes requirements and control processes that assure certain consistent practices in the management of operational risk, and provides transparency to the corporate operational risk profile. Our Operational Risk Management Program also includes two primary additional functions. Operational Risk Reporting involves independent assessments of the control and sustainability of key business processes at a corporate and business area level, and such assessments are provided to the Chief Risk Officer, management’s Risk Management Committee, and the Audit and Risk Committee of the Board. The Operational Risk Capital function, in conjunction with the corporate capital process managed by Global Finance, establishes necessary operational risk capital levels to assure resiliency against extreme operational risk event scenarios.
Operational Risk results and trends are reported to the Risk Management Committee and the Audit and Risk Committee of the Board.
Compliance Risk: is the risk of financial loss due to regulatory fines or penalties, restriction or suspension of business, or cost of mandatory corrective action as a result of failing to adhere to applicable laws, regulations, and supervisory guidance. Division Presidents are the accountable executives for compliance risk and are responsible for building and maintaining compliance processes. With the Chief Compliance Officer, Division Presidents are jointly accountable for ensuring the Compliance Management Program requirements are met for their division.
We ensure compliance by maintaining an effective Compliance Management Program consisting of sound policies, systems, processes, and reports. The Compliance Management Program provides management with guidance, training, and monitoring to provide reasonable assurance of our compliance with internal and external compliance requirements. Additionally, management and the Corporate Compliance department jointly and separately conduct on-going monitoring and assess the state of compliance. The assessment provides the basis for performance reporting to management and the Board, allows business areas to determine if their compliance performance is acceptable, and confirms effective compliance controls are in place. Business areas embed compliance requirements and controls into their business policies, standards, processes and procedures. They regularly monitor and report on the efficiency of their compliance controls. Corporate Compliance, jointly working with the business, defines and validates a standard compliance monitoring and reporting methodology. Compliance results and trends are reported to management’s Risk Management Committee and the Audit and Risk Committee of the Board.
Legal Risk: is the risk of material adverse impact due to: (i) new and changed laws and regulations; (ii) new interpretations of law; (iii) the drafting, interpretation and enforceability of contracts; (iv) adverse decisions or consequences arising from litigation or regulatory scrutiny; (v) the establishment, management and governance of our legal entity structure; and (vi) the failure to seek or follow appropriate Legal counsel when needed. The company’s General Counsel is the accountable executive for monitoring and controlling legal risk.
Technology / Systems
We leverage information technology to achieve our business objectives and to develop and deliver products and services that satisfy our customers’ needs. A key part of our strategic focus is the development of efficient, flexible computer and operational systems to support complex marketing and account management strategies, the servicing of our customers, and the development of new and diversified products. Our commitment to managing risk and ensuring effective controls is built into all of our strategies. We believe that the continued development and integration of these systems is an important part of our efforts to reduce costs, improve quality and provide faster, more flexible technology services. Consequently, we continuously review capabilities and develop or acquire systems, processes and competencies to meet our unique business requirements.
As part of our continuous efforts to review and improve our technologies, we may either develop such capabilities internally or rely on third party outsourcers who have the ability to deliver technology that is of higher quality, lower cost, or both. Over time, we have increasingly relied on third party outsourcers to help us deliver systems and operational infrastructure. These relationships include (but are not limited to): Total System Services Inc. (“TSYS”) for processing services for Capital One’s North American and United Kingdom portfolios of consumer and small business credit card accounts, Fidelity National Information Services (“Fidelity”) for the Capital One banking systems, and IBM Corporation for management of our North American data centers.
The Card division has a program in place to address systems changes associated with the Credit Card Accountability Responsibility and Disclosure Act of 2009 (the “Credit CARD Act”), including the recent clarifications from the Federal Reserve. We are on track to meet all systems changes required by the first quarter of 2010.
We also remain on target to complete the systems integration of Chevy Chase Bank in the third quarter of 2010. Additionally, a multi-year effort is underway to build a scalable banking infrastructure.
Funding and Liquidity
A discussion of our funding programs and liquidity has been included in Item 7 “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Liquidity and Funding.”
As a diversified financial institution that markets credit cards and consumer and commercial financial products and services, we face intense competition in all aspects of our business from numerous bank and non-bank providers of financial services.
We compete with national and state banks for deposits, commercial loans and trust accounts and with savings and loan associations and credit unions for loans and deposits. We also compete with other financial services providers for loans, deposits, and other services and products. In addition, we compete against non-depository institutions that are able to offer products and services that were typically banking products and services. In general, in the current economic environment, customers are attracted to depository institutions that are perceived as stable, with solid liquidity and funding.
We compete with international, national, regional and local issuers of Visa® and MasterCard® credit cards, as well as with American Express®, Discover Card® and, to a certain extent, debit cards. In general, customers are attracted to credit card issuers largely on the basis of price, credit limit and other product features, and customer loyalty is often limited.
In our Auto Finance business, we face competition from banks and non-bank lenders who provide financing for dealer-originated loans.
We believe that we are able to compete effectively in our current markets. There can be no assurance, however, that our ability to market products and services successfully or to obtain adequate returns on our products and services will not be impacted by the nature of the competition that now exists or may later develop, or by the broader economic environment. For a discussion of the risks related to our competitive environment, please refer to Item 1A. Risk Factors “We Face Intense Competition in All of Our Markets.”
As part of our overall and ongoing strategy to protect and enhance our intellectual property, we rely on a variety of protections, including copyrights, trademarks, trade secrets, patents and certain restrictions on disclosure and competition. We also undertake other measures to control access to and distribution of our other proprietary information. Despite these precautions, it may be possible for a third party to copy or otherwise obtain and use certain intellectual property or proprietary information without authorization. Our precautions may not prevent misappropriation or infringement of our intellectual property or proprietary information. In addition, our competitors also file patent applications for innovations that are used in our industry. The ability of our competitors to obtain such patents may adversely affect our ability to compete. Conversely, our ability to obtain such patents may increase our competitive advantage. There can be no assurance that we will be successful in such efforts, or that the ability of our competitors to obtain such patents may not adversely impact our financial results.
A central part of our philosophy is to attract and retain a highly capable staff. As of December 31, 2009, we employed approximately 28,000 employees, whom we refer to as “associates,” and almost 2,900 of whom were formerly employees of Chevy Chase Bank. We view current associate relations to be satisfactory, and none of our associates is covered under a collective bargaining agreement.