PNC Bank 2012 Annual Report Download - page 117

Download and view the complete annual report

Please find page 117 of the 2012 PNC Bank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 280

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280

Operational Risk Management
Operational risk is the risk of loss resulting from inadequate or
failed internal processes or systems, human factors, or
external events. This includes losses that may arise as a result
of non-compliance with laws or regulations, failure to fulfill
fiduciary responsibilities, as well as litigation or other legal
actions. Operational risk may occur in any of our business
activities and manifests itself in various ways, including but
not limited to:
Transaction processing errors,
Unauthorized transactions and fraud by employees or
third parties,
Material disruption in business activities,
System breaches and misuse of sensitive information,
Regulatory or governmental actions, fines or
penalties, and
Significant legal expenses, judgments or settlements.
PNC’s Operational Risk Management is inclusive of
Technology Risk Management, Compliance, and Business
Resiliency. Operational Risk Management focuses on
balancing business needs, regulatory expectations and risk
management priorities through an adaptive and proactive
program that is designed to provide a strong governance
model, sound and consistent risk management processes and
transparent operational risk reporting across the enterprise.
The PNC Board determines the strategic approach to
operational risk via establishment of the operational risk
appetite and appropriate risk management structure. This
includes establishment of risk metrics and limits and a
reporting structure to identify, understand and manage
operational risks.
Executive Management has responsibility for operational risk
management. The executive management team is responsible
for monitoring risk issues through management reporting and
a governance structure of risk committees and sub-
committees.
Within Risk Management, Operational Risk Management
functions are responsible for developing and maintaining the
policies, methodologies, tools, and technology utilized across
the enterprise to identify, assess, monitor, and report
operational risks, including compliance risk. A key function of
Operational Risk Management is to help ensure business
units’ alignment with the Operational Risk Management
framework and to validate results and overall program
effectiveness.
Business Unit management is responsible for the day-to-day
management of operational risks inherent in the products,
services, and activities for which they are responsible.
Business Unit management is also responsible for adhering to
PNC’s enterprise-wide operational risk management policies
and procedures; including regularly identifying, measuring,
and monitoring operational risks in their respective area, as
well as capturing, analyzing and reporting operational loss
events.
Management of operational risk is based upon a
comprehensive framework designed to enable the company to
determine the enterprise and individual business unit’s
operational risk profile in comparison to the established risk
appetite and identify operational risks that may require further
mitigation. This framework is established around a set of
enterprise-wide policies and a system of internal controls that
are designed to manage risk and to provide management with
timely and accurate information about the operations of PNC.
This framework employs a number of techniques to manage
operational risk, including:
Risk and Control Self-Assessments (RCSAs) are
performed at least annually across PNC’s businesses,
processes, systems and products. RCSA methodology
is a standard process for management to self assess
operational risks, evaluate control effectiveness, and
determine if risk exposure is within established
tolerances,
Scenario Analysis is leveraged to proactively
evaluate operational loss events with the potential for
severe business, financial, operational or regulatory
impact on the company or a major business unit. This
methodology leverages standard processes and tools
to evaluate a wide range of business and operational
risks encompassing both external and internal events
relevant to the company. Based upon scenario
analysis conclusions, management may implement
additional controls or risk management activities to
reduce exposure to an acceptable level,
A Key Risk Indicator (KRI) framework allows
management to assess actual operational risk results
compared to expectations and thresholds, as well as
proactively identify unexpected shifts in operational
risk exposure or control effectiveness. Enterprise-
level KRIs are designed to monitor exposure across
the different inherent operational risk types,
including compliance risk. Business-specific KRIs
are established in support of the individual risk and
control self assessments, and
Operational loss events across the enterprise are
continuously captured and maintained in a central
repository. This information is analyzed and used to
help determine the root causes of these events and to
identify trends that could indicate changes in the
company’s risk exposure or control effectiveness.
PNC utilizes a number of sources to identify external
loss events occurring across the financial services
industry. These events are evaluated to determine
whether PNC is exposed to similar events, and if so,
whether appropriate controls are in place.
98 The PNC Financial Services Group, Inc. – Form 10-K