TCFD Recommendation Disclosure 3b. Describe the organization’s processes for managing climate- related risks ESG and climate-related risks are managed as part of our comprehensive ERM program. Risk management is overseen by our Board of Directors through its Risk Committee, Audit and Compliance Committee, and Compensation and Benefits Committee, each of which provide regular reports to the full Board regarding matters reviewed by these committees. These committees meet regularly with our Chief Risk Officer, Chief Compliance & Ethics Officer, the Chief Audit Executive, Chief Operational Risk Officer, and other senior management with regards to our risk management processes, controls, talent, and capabilities to monitor our risk culture and emerging and strategic risks. The Risk Committee of our Board of Directors and the Enterprise Risk Management Committee (ERMC) provides oversight of our Enterprise Risk Management framework, processes, and methodologies, and approves our Enterprise Risk Management policy, which governs risk governance, risk oversight, and risk appetite. ESG risks—in particular climate risk—have been included as an emerging risk for the company and are part of our Enterprise Risk Management scope. A dedicated group associated with climate risk, with direct accountability to the ERMC, has been established. Additionally, the Nominating, Governance, and Public Responsibility Committee (NGPRC) of the Board has oversight of ESG matters including climate-related issues. The ESG Steering Committee, comprised of senior leaders across the organization, and Advance Climate Solutions Working Group consider climate-related risks in connection with developing climate-related goals and operational strategies. In 2020, we completed a comprehensive assessment to identify priority environmental, social, and governance issues for our business with input from internal and external stakeholders. As a result of this process, we ranked 20 priority ESG issues based on their relative importance to our business and to our stakeholders. Key issues identified included climate change, energy, and GHG emissions, data privacy and security, financial resiliency, business ethics, responsible travel and consumption, inclusion and diversity, and colleague attraction and retention. 3c. Describe how processes for identifying, assessing, and managing climate-related risks are integrated into the organization’s overall risk management We have a comprehensive ERM program to identify, aggregate, monitor, and manage risks. The program also defines our risk appetite, governance, culture, and capabilities. ESG and climate- related risks are currently identified as an “emerging risk” within our risk governance framework. The implementation and execution of the ERM program is headed by our Chief Risk Officer. The ERMC, chaired by our Chief Risk Officer, is the highest-level management committee to oversee all firm-wide risks and is responsible for risk governance, risk oversight, and risk appetite. The ERMC reviews key risk exposures, trends and concentrations, significant compliance matters, and provides guidance on the steps to monitor, control, and report major risks. ERMC has also approved the formation of the Climate Risk Management Working Group, composed of cross-functional representation with direct oversight specifically to address evolving regulatory expectations on management of climate-related financial risks. In addition, the Asset Liability Committee, chaired by our Chief Financial Officer, is responsible for managing our capital, funding and liquidity, investment, market risk, and asset/liability activities in accordance with our policies and in compliance with applicable regulatory requirements. The ESG Steering Committee, comprised of senior leadership, discuss ESG topics and climate-related risks, opportunities, and strategies to advance our ESG goals. Transition risks and opportunities, including current and emerging regulations, disclosure requirements, legal and reputational risks, and customer requirements are considered by teams including Global Real Estate and Workplace Experience, Global Risk and Compliance, General Counsel’s Organization, Finance, Technology, CA&C, Corporate Sustainability, and ESG Teams. Physical risks and opportunities, including extreme weather events and natural disasters, are identified and measured for severity as part of our business continuity planning and primarily overseen by our Global Real Estate and Workplace Experience and Technology Teams. Disaster Recovery and Business Continuity Plans are developed and updated regularly to ensure steps are in place to identify and respond before, during, and after a service continuity event. Our facility and data center teams review these established procedures and controls, test them annually, and certify key equipment and systems operations to ensure uninterrupted operation of our data centers during localized weather events. Our facility infrastructure is monitored 24/7 and test results are tracked and reported. Our US-based data center facilities are ISO-certified to ensure that environmental risks and/or opportunities are identified and prioritized. INTRODUCTION PROMOTING DE&I ADVANCING CLIMATE SOLUTIONS BUILDING FINANCIAL CONFIDENCE OUR ESG GOVERNANCE & OPERATING RESPONSIBLY SUPPORTING DATA OUR COMMITMENT TO ESG 107
American Express ESG Report Page 106 Page 108