PNC Bank 2011 Annual Report Download - page 93

Download and view the complete annual report

Please find page 93 of the 2011 PNC Bank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 238

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238

PNC utilizes a number of sources to identify external
loss events occurring across the financial services
industry. These events are evaluated to determine
whether PNC is exposed to similar events, and if so,
whether the appropriate controls are in place.
Operational Risk Management, Compliance and Legal
professionals work closely with business areas to evaluate
risks and help ensure the appropriate controls are established
prior to the introduction of new or enhanced products,
services, and technologies. These risk professionals also
consult with business areas in the design and implementation
of mitigation strategies to address risks and issues identified
through ongoing assessment and monitoring activities.
We are in the process of implementing a methodology to
estimate capital requirements for Operational Risk using a
proprietary version of an Advanced Measurement Approach
(AMA). Under the AMA approach, the results of the program
elements described above are key inputs directly incorporated
into the capital calculation methodology.
PNC’s technology risk management and business resiliency
programs are aligned with the operational risk framework. Our
integrated security and technology risk management
framework is designed to help ensure a secure, sound, and
compliant infrastructure for information and system
management. The technology risk management process is
aligned with the strategic direction of the businesses and is
integrated into the technology management culture, structure
and practices.
Our business resiliency program manages the organization’s
capabilities to provide services in the case of an event that
results in material disruption of business activities.
Prioritization of investments in people, processes, technology
and facilities is based on different types of events, business
risk and criticality. Detailed testing validates our resiliency
capabilities on an ongoing basis, and an integrated governance
model is designed to help assure appropriate management
reporting.
PNC uses insurance where appropriate to mitigate the effects
of operational risk events. PNC purchases direct coverage
provided by various insurers, and retains certain corporate
risks via one of its two wholly owned captive insurance
companies, Alpine Indemnity Limited. PNC’s retention of
corporate risks associated with its participation as an insurer is
mitigated through policy limits. Insurance purchased in the
external market is governed by PNC’s Financial Stability
Carrier guidelines.
As a component of PNC’s risk management practices, we
purchase insurance designed to protect us against accidental
loss or losses, which, in the aggregate, may significantly affect
personnel, property, financial objectives, or our ability to
continue to meet our responsibilities to our various
stakeholder groups.
On a quarterly basis, an enterprise operational risk report is
made reporting key operational risks to senior management
and the Board of Directors. The report encompasses key
operational risk management conclusions, including the
overall operational risk level, risk management effectiveness
and outlook, grounded in quantitative measures and
qualitative factors. Key enterprise operational risks are also
included in the enterprise risk report. In addition, operational
risk is an integrated part of the quarterly business-specific risk
reports.
M
ODEL
R
ISK
M
ANAGEMENT
PNC relies on quantitative models to measure risks and to
estimate certain financial values. Models may be used in such
processes as determining the pricing of various products,
grading and granting loans, measuring interest rate risks and
other market risks, predicting losses, and assessing capital
adequacy, as well as to estimate the value of financial
instruments and balance sheet items. There are risks involved
in the use of models as they have the potential to provide
inaccurate output or results, could be used for purposes other
than those for which they have been designed, or may be
operated in an uncontrolled environment where unauthorized
changes can take place and where other control risks exist.
Model Risk Management is responsible for policies and
procedures describing how model risk is evaluated and
managed, and the application of the governance process to
implement these practices throughout the enterprise.
To better manage our business, our practices around the use of
models, and to comply with regulatory guidance and
requirements, we have in place policies and procedures that
define our governance processes for assessing and controlling
model risk. These processes focus on identifying, reporting,
and remediating any problems with the soundness, accuracy,
improper use, or operating environment of our models. We
recognize that models must be monitored over time to ensure
their continued accuracy and functioning, and our policies also
address the type and frequency of monitoring that is
appropriate according to the importance of each model.
There are a number of practices we undertake to identify and
control model risk. A primary consideration is that models be
well understood by those who use them as well as by other
parties. Our policies require detailed written model
documentation for significant models to assist in making their
use transparent and understood by users, independent
reviewers, and regulatory and auditing bodies. The
documentation must include details on the data and methods
used to develop each model, assumptions utilized within the
model, and a description of model limitations and
circumstances in which a model should not be relied upon.
84 The PNC Financial Services Group, Inc. – Form 10-K