Citibank 2013 Annual Report Download - page 85

Download and view the complete annual report

Please find page 85 of the 2013 Citibank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 342

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332
  • 333
  • 334
  • 335
  • 336
  • 337
  • 338
  • 339
  • 340
  • 341
  • 342

67
attacks on client systems, which attempted to allow unauthorized entrance
to Citi’s systems under the guise of a client and the extraction of client data.
For example, in 2013 Citi and other U.S. financial institutions experienced
distributed denial of service attacks which were intended to disrupt consumer
online banking services. In addition, various retail stores were the subject
of data breaches which led to access to customer account data. While Citi’s
monitoring and protection services were able to detect and respond to the
incidents targeting its systems before they became significant, they still
resulted in certain limited losses in some instances as well as increases in
expenditures to monitor against the threat of similar future cyber incidents.
There can be no assurance that such cyber incidents will not occur again,
and they could occur more frequently and on a more significant scale.
In addition, because the methods used to cause cyber attacks change
frequently or, in some cases, are not recognized until launched, Citi may be
unable to implement effective preventive measures or proactively address
these methods.
Third parties with which Citi does business may also be sources of
cybersecurity or other technological risks. Citi outsources certain functions,
such as processing customer credit card transactions, uploading content
on customer-facing websites, and developing software for new products and
services. These relationships allow for the storage and processing of customer
information, by third-party hosting of or access to Citi websites, which could
result in service disruptions or website defacements, and the potential to
introduce vulnerable code, resulting in security breaches impacting Citi
customers. While Citi engages in certain actions to reduce the exposure
resulting from outsourcing, such as performing onsite security control
assessments, limiting third-party access to the least privileged level necessary
to perform job functions, and restricting third-party processing to systems
stored within Citi’s data centers, ongoing threats may result in unauthorized
access, loss or destruction of data or other cyber incidents with increased
costs and consequences to Citi such as those discussed above. Furthermore,
because financial institutions are becoming increasingly interconnected
with central agents, exchanges and clearing houses, including through the
derivatives provisions of the Dodd-Frank Act, Citi has increased exposure to
operational failure or cyber attacks through third parties.
While Citi maintains insurance coverage that may, subject to policy terms
and conditions including significant self-insured deductibles, cover certain
aspects of cyber risks, such insurance coverage may be insufficient to cover
all losses.
Citi’s Performance and the Performance of Its Individual
Businesses Could Be Negatively Impacted If Citi Is Not Able
to Hire and Retain Qualified Employees for Any Reason.
Citi’s performance and the performance of its individual businesses is
largely dependent on the talents and efforts of highly skilled employees.
Specifically, Citi’s continued ability to compete in its businesses, to manage
its businesses effectively and to continue to execute its overall global strategy
depends on its ability to attract new employees and to retain and motivate its
existing employees. Citi’s ability to attract and retain employees depends on
numerous factors, including without limitation, its culture, compensation,
the management and leadership of the company as well as its individual
businesses, Citi’s presence in the particular market or region at issue and
the professional opportunities it offers. The banking industry has and may
continue to experience more stringent regulation of employee compensation,
including limitations relating to incentive-based compensation, clawback
requirements and special taxation. Moreover, given its continued focus
on the emerging markets, Citi is often competing for qualified employees
in these markets with entities that have a significantly greater presence in
the region or are not subject to significant regulatory restrictions on the
structure of incentive compensation. If Citi is unable to continue to attract
and retain qualified employees for any reason, Citi’s performance, including
its competitive position, the successful execution of its overall strategy and its
results of operations could be negatively impacted.
Incorrect Assumptions or Estimates in Citi’s Financial
Statements Could Cause Significant Unexpected Losses
in the Future, and Changes to Financial Accounting and
Reporting Standards Could Have a Material Impact on
How Citi Records and Reports Its Financial Condition and
Results of Operations.
Citi is required to use certain assumptions and estimates in preparing its
financial statements under U.S. GAAP, including determining credit loss
reserves, reserves related to litigation and regulatory exposures, DTAs and
the fair values of certain assets and liabilities, among other items. If Citi’s
assumptions or estimates underlying its financial statements are incorrect,
Citi could experience unexpected losses, some of which could be significant.
Moreover, the Financial Accounting Standards Board (FASB) is currently
reviewing or proposing changes to several financial accounting and reporting
standards that govern key aspects of Citi’s financial statements, including
those areas where Citi is required to make assumptions or estimates. For
example, the FASB’s financial instruments project could, among other things,
significantly change how Citi determines the accounting classification for
financial instruments and could result in certain loans that are currently
reported at amortized cost being accounted for at fair value through Other
comprehensive income. The FASB has also proposed a new accounting
model intended to require earlier recognition of credit losses on financial
instruments. The proposed accounting model would require that life-time
“expected credit losses” on financial assets not recorded at fair value through
net income be recorded at inception of the financial asset, replacing the
multiple existing impairment models under U.S. GAAP which generally
require that a loss be “incurred” before it is recognized. In addition, the
FASB has proposed changes in the accounting for insurance contracts, which