PNC Bank 2013 Annual Report Download - page 103

Download and view the complete annual report

Please find page 103 of the 2013 PNC Bank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 266

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266

policies, methodologies, tools, and technology utilized across the
enterprise to identify, assess, monitor, and report operational
risks, including compliance risk. A key function of Operational
Risk Management is to ensure business units’ alignment with the
Operational Risk Management framework and to independently
challenge results and overall program effectiveness.
Business Unit management is responsible for the day-to-day
management of operational risks inherent in the products,
services, and activities for which they are responsible. Business
Unit management is also responsible for adhering to PNC’s
enterprise-wide operational risk management policies and
procedures including regularly identifying, measuring, and
monitoring operational risks in their respective areas, as well as
capturing, analyzing and reporting operational risk events.
Management of operational risk is based upon a
comprehensive framework designed to enable the company to
determine the enterprise and individual business unit’s
operational risk profile in comparison to the established risk
appetite and identify operational risks that may require further
mitigation. This framework is established around a set of
enterprise-wide policies and a system of internal controls that
are designed to manage risk and to provide management with
timely and accurate information about the operations of PNC.
This framework employs a number of techniques to manage
operational risk, including:
RCSAs that are performed at least annually across
PNC’s businesses, processes, systems and products.
RCSA methodology is a standard process for
management to document and assess operational
risks, evaluate key control design and operating
effectiveness, and determine if control enhancements
are required,
A Scenario Analysis program that is leveraged to
proactively evaluate operational risks with the
potential for severe business, financial, operational or
regulatory impact on the company or a major
business unit. This methodology leverages standard
processes and tools to evaluate a wide range of
business and operational risks encompassing both
external and internal events relevant to the company.
Based upon scenario analysis conclusions,
management may implement additional controls or
risk management activities to reduce exposure to an
acceptable level,
A KRI framework that allows management to
proactively monitor and assess shifts in operational
risk exposure or key control effectiveness compared
to expectations and thresholds. Enterprise-level KRIs
are in place to monitor exposure across the different
inherent operational risk types, including compliance
risk. Business-specific KRIs are established in
support of the individual risk and control self
assessments, and
Operational loss events as well as technology and
operational breakdowns that do not result in direct
loss (near miss events) across the enterprise are
continuously captured and maintained in a central
repository. This information is analyzed and used to
help determine the root causes of these events and to
identify trends that could indicate changes in the
company’s risk exposure or control effectiveness.
PNC utilizes a number of sources to identify external
loss events occurring across the financial services
industry. These events are evaluated to determine
whether PNC is exposed to similar events, and if so,
whether appropriate controls are in place.
We continue to refine our methodology to estimate capital
requirements for operational risk using a proprietary version
of an Advanced Measurement Approach (AMA). Under the
AMA approach, the results of the program elements described
above are key inputs directly incorporated into the capital
calculation methodology.
Risk professionals from Operational Risk, Technology Risk
Management, Compliance and Legal work closely with business
areas to evaluate risks and challenge that appropriate key controls
are established prior to the introduction of new or enhanced
products, services and technologies. These risk professionals also
challenge Business Units’ design and implementation of
mitigation strategies to address risks and issues identified through
ongoing assessment and monitoring activities.
PNC’s Technology Risk Management (TRM) program is
aligned with the operational risk framework. Technology risk
represents the risk associated with the use, ownership,
operation, involvement, influence and adoption of technology
within an enterprise. Management of technology risk is
embedded into the culture and decision making processes of
PNC through an information and technology risk management
framework designed to help ensure secure, sound, and
compliant IT systems and infrastructure in support of business
strategies and goals. The management of technology risk is a
core business skill and an integral part of day-to-day activity.
Managers and staff at all levels are responsible for applying
risk management policies, procedures, and strategies in their
areas of responsibility. PNC’s TRM function supports
enterprise management of technology risk by independently
assessing technology and information security risks, and by
serving in an oversight role by measuring, monitoring, and
challenging enterprise technology capabilities. Specifically,
Technology Risk Management has the following objectives:
A sound control infrastructure is in place to
effectively manage technology risks to help drive
informed business decisions,
Technology risks related to ongoing business and
operational activities are identified, assessed, and
monitored,
Technology risks related to new key initiatives are
assessed and appropriately managed, and
Emerging technology risks are monitored and
assessed to verify their potential impact to PNC’s
overall risk profile.
Our business continuity risk (BCR) program provides
governance and oversight of PNC’s enterprise wide business
The PNC Financial Services Group, Inc. – Form 10-K 85