Discover 2014 Annual Report Download - page 49

Download and view the complete annual report

Please find page 49 of the 2014 Discover annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 200

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200

-35-
Banking laws and regulations and our banking regulators may limit or prohibit our transfer of funds freely, either to or
from our subsidiaries, at any time. These laws, regulations and rules may hinder our ability to access funds that we may
need to make payments on our obligations or otherwise achieve strategic objectives. For more information, see
"Business — Supervision and Regulation — Capital, Dividends and Share Repurchases."
Operational and Other Risk
Our framework and models for managing risks may not be effective in mitigating our risk of loss.
Our risk management framework seeks to identify and mitigate risk and appropriately balance risk and return.
We have established processes and procedures intended to identify, measure, monitor and report the types of risk to
which we are subject, including credit risk, market risk, liquidity risk, operational risk, compliance and legal risk, and
strategic risk. We seek to monitor and control our risk exposure through a framework of policies, procedures, limits and
reporting requirements.
Management of our risks in some cases depends upon the use of analytical and/or forecasting models. We use a
variety of models to manage and inform decision making with respect to customers, and for the measurement of risk
including credit, market and operational risks and for our finance and treasury functions. Models used by Discover can
vary in their complexity and are designed to identify, measure, and mitigate risks at various levels such as loan-level,
portfolio segments, entire portfolios and products. These models use a set of computational rules to generate numerical
estimates of uncertain values to be used for assessment of price, financial forecasts, and estimates of credit, interest rate,
market, and operational risk. All models carry some level of uncertainty that introduces risks in the estimates.
If the models that we use to mitigate risks are inadequate, we may incur increased losses. In addition, there may
be risks that exist, or that develop in the future, that we have not appropriately anticipated, identified or mitigated. If
our risk management framework and models do not effectively identify or mitigate our risks, we could suffer unexpected
losses and our financial condition and results of operations could be materially adversely affected.
If our security systems, or those of third parties, containing information about us, our customers or third parties with
which we do business, are compromised, our business could be disrupted and we may be subject to significant
financial exposure, liability and damage to our reputation.
Our direct banking and network operations rely heavily on the secure processing, storage and transmission of
confidential information about us, our customers and third parties with which we do business. Information security risks
for financial institutions have increased and continue to increase in part because of the proliferation of new
technologies, the use of the internet, mobile and telecommunications technologies to conduct financial transactions, and
the increased sophistication and activities of organized crime, activists, hackers, terrorist organizations, nation state
actors and other external parties. Those parties may also attempt to fraudulently induce employees, customers or other
users of our systems to disclose sensitive information in order to gain access to our data or that of our customers.
Our technologies, systems, networks and software, and those of other financial institutions, have been and are
likely to continue to be the target of increasingly frequent cyber-attacks, malicious code, computer viruses, denial of
service attacks, social engineering, other remote access attacks, and physical attacks that could result in unauthorized
access, misuse, loss or destruction of data (including confidential customer information), account takeovers,
unavailability of service or other events. These types of threats may derive from human error, fraud or malice on the
part of external or internal parties, or may result from accidental technological failure.
Despite our efforts to ensure the integrity of our systems through our information security and business continuity
programs, we may not be able to anticipate or to implement effective preventive measures against all security breaches
or events of these types, especially because the techniques used change frequently and quickly or are not recognized
until launched, and because:
Security attacks can originate from a wide variety of sources and geographic locations.
Because we rely on many third-party service providers and network participants, including merchants, a
security breach or cyber-attack affecting one of these third parties could impact us. For example, the
financial services industry has seen an increase in point-of-sale breaches at retail merchant locations, which
are remote attacks against the environment where retail transactions are authorized (especially card-present
purchases), resulting in potential exposure of personal and identifiable information impacting millions of
households. For additional information see the risk factor " We rely on third parties to deliver services. If