KeyBank 2014 Annual Report Download - page 33

Download and view the complete annual report

Please find page 33 of the 2014 KeyBank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 247

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247

our business. Additionally, regulatory guidance adopted by federal banking regulators in 2013 related to how
banks select, engage and manage their outside vendors may affect the circumstances and conditions under which
we work with third parties and the cost of managing such relationships.
We are subject to claims and litigation.
From time to time, customers, vendors or other parties may make claims and take legal action against us. We
maintain reserves for certain claims when deemed appropriate based upon our assessment that a loss is probable,
consistent with applicable accounting guidance. At any given time we have a variety of legal actions asserted
against us in various stages of litigation. Resolution of a legal action can often take years. Whether any particular
claims and legal actions are founded or unfounded, if such claims and legal actions are not resolved in our favor,
they may result in significant financial liability and adversely affect how the market perceives us and our
products and services as well as impact customer demand for those products and services.
We are also involved, from time to time, in other reviews, investigations and proceedings (both formal and
informal) by governmental and self-regulatory agencies regarding our business, including, among other things,
accounting and operational matters, certain of which may result in adverse judgments, settlements, fines,
penalties, injunctions or other relief. The number and risk of these investigations and proceedings has increased
in recent years with regard to many firms in the financial services industry due to legal changes to the consumer
protection laws provided for by the Dodd-Frank Act and the creation of the CFPB.
There have also been a number of highly publicized legal claims against financial institutions involving fraud or
misconduct by employees, and we run the risk that employee misconduct could occur. It is not always possible to
deter or prevent employee misconduct, and the precautions we take to prevent and detect this activity may not be
effective in all cases.
We are subject to operational risk.
We are subject to operational risk, which represents the risk of loss resulting from human error, inadequate or
failed internal processes and systems, and external events. Operational risk includes the risk of fraud by
employees, clerical and record-keeping errors, nonperformance by vendors, threats to cybersecurity, and
computer/telecommunications malfunctions. Operational risk also encompasses compliance and legal risk, which
is the risk of loss from violations of, or noncompliance with, laws, rules, regulations, prescribed practices or
ethical standards, as well as the risk of our noncompliance with contractual and other obligations. We are also
exposed to operational risk through our outsourcing arrangements, and the effect that changes in circumstances
or capabilities of our outsourcing vendors can have on our ability to continue to perform operational functions
necessary to our business, such as certain loan processing functions. For example, breakdowns or failures of our
vendors’ systems or employees could be a source of operational risk to us. Resulting losses from operational risk
could take the form of explicit charges, increased operational costs, harm to our reputation, inability to secure
insurance, litigation, regulatory intervention or sanctions or foregone business opportunities.
Our controls and procedures may fail or be circumvented, and our methods of reducing risk exposure may
not be effective.
We regularly review and update our internal controls, disclosure controls and procedures, and corporate
governance policies and procedures. We also maintain an ERM program designed to identify, measure, monitor,
report and analyze our risks. Any system of controls and any system to reduce risk exposure, however well
designed and operated, is based in part on certain assumptions and can provide only reasonable, not absolute,
assurances that the objectives of the system are met. Additionally, instruments, systems and strategies used to
hedge or otherwise manage exposure to various types of market compliance, credit, liquidity, operational and
business risks and enterprise-wide risk could be less effective than anticipated. As a result, we may not be able to
effectively mitigate our risk exposures in particular market environments or against particular types of risk.
22