Risk Appetite We maintain a firm-wide risk appetite statement which defines the types and levels of risk we are willing to take in order to achieve our business objectives, and reflects our risk management philosophy. We engage in risk activities based on our core expertise that aim to enhance value for our stockholders. Our activities focus on income generation and capital preservation through proactive portfolio management, supported by a conservative liquidity and leverage posture. The risk appetite statement asserts the following key risk parameters to guide our investment management activities: Risk Parameter Description Portfolio Composition We will maintain a portfolio comprised of target assets approved by our Board and in accordance with our capital allocation policy. Leverage We generally expect to maintain an economic leverage ratio no greater than 10:1 considerate of our overall capital allocation framework. Liquidity Risk We will seek to maintain an unencumbered asset portfolio sufficient to meet our liquidity needs under adverse market conditions. Interest Rate Risk We will seek to manage interest rate risk to protect the portfolio from adverse rate movements utilizing derivative instruments targeting both income and capital preservation. Credit Risk We will seek to manage credit risk by making investments which conform to our specific investment policy parameters and optimize risk-adjusted returns. Capital Preservation We will seek to protect our capital base through disciplined risk management practices. Operational Risk We will seek to limit impacts to our business through disciplined operational risk management practices addressing areas including but not limited to, management of key third party relationships (i.e. originators, subservicers), human capital management, cybersecurity and technology related matters, business continuity and financial reporting risk. Compliance, Regulatory and Legal We will seek to comply with regulatory requirements needed to maintain our REIT status and our exemption from registration under the Investment Company Act and the licenses and approvals of our regulated and licensed subsidiaries. Governance Risk management begins with our Board, through the review and oversight of the risk management framework, and executive management, through the ongoing formulation of risk management practices and related execution in managing risk. The Board exercises its oversight of risk management primarily through the Risk Committee and Audit Committee with support from the other Board Committees. The Risk Committee is responsible for oversight of our risk governance structure, risk management (operational and market risk) and risk assessment guidelines and policies and our risk appetite. The Audit Committee is responsible for oversight of the quality and integrity of our accounting, internal controls and financial reporting practices, including independent auditor selection, evaluation and review, and oversight of the internal audit function. The Risk Committee and the Audit Committee jointly oversee practices and policies related to cybersecurity and receive regular reports from management throughout the year on cybersecurity and related risks. The Management Development and Compensation Committee is responsible for oversight of risk related to our compensation policies and practices and other human capital matters such as succession and culture. The Nominating/Corporate Governance Committee assists the Board in its oversight of our corporate governance framework and the annual self-evaluation of the Board, and the Corporate Responsibility Committee assists the Board in its oversight of any matters that may present reputational or ESG risk to us. The Corporate Responsibility Committee shares oversight of specific ESG-related matters with other Board Committees and meets jointly with the Management Development and Compensation Committee on the Company's human capital management and culture and with the Risk Committee on ESG-related regulatory and policy risks. Risk assessment and risk management are the responsibility of our management. A series of management committees has oversight or decision-making responsibilities for risk management activities. Membership of these committees is reviewed regularly to ensure the appropriate personnel are engaged in the risk management process. Three primary management committees have been established to provide a comprehensive framework for risk management. The management committees responsible for our risk management include the Enterprise Risk Committee (“ERC”), Asset / Liability Committee (“ALCO”) and the Financial Reporting and Disclosure Committee (“FRDC”). Each of these committees reports to our management Operating Committee, which is responsible for oversight and management of our operations, including oversight and approval authority over all aspects of our enterprise risk management. Audit Services is an independent function with reporting lines to the Audit Committee. Audit Services is responsible for performing our internal audit activities, which includes independently assessing and validating key controls within the risk management framework. ANNALY CAPITAL MANAGEMENT, INC. AND SUBSIDIARIES Item 7. Management’s Discussion and Analysis 68
RkJQdWJsaXNoZXIy NDQ4NTc1