PNC Bank 2014 Annual Report Download - page 101

Download and view the complete annual report

Please find page 101 of the 2014 PNC Bank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 268

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268

is a standard process for business units to document
and assess operational risks, evaluate key control
design and operating effectiveness, and determine if
control enhancements are required,
A Scenario Analysis program that is leveraged to
proactively evaluate operational risks with the
potential for severe business, financial, operational or
regulatory impact on the company or a major
business unit. This methodology leverages standard
processes and tools to evaluate a wide range of
business and operational risks encompassing both
external and internal events relevant to the company.
Based upon scenario analysis conclusions,
management may implement additional controls or
risk management activities to reduce exposure to an
acceptable level,
A Metrics and Key Risk Indicator framework that
allows management to proactively monitor and assess
shifts in operational risk exposure or key control
effectiveness compared to expectations and
thresholds. Enterprise-level Operational Risk
Appetite metrics support PNC’s Operational Risk
Management framework and guiding principles with
the objective of maintaining a risk profile within risk
appetite. A broad set of operational risk indicators are
in place to monitor and report exposures across the
different inherent operational risk types. Lastly,
business-specific risk indicators are established to
monitor the most significant risks and controls
identified in the individual risk and control self
assessments, and
Operational loss events as well as technology and
operational breakdowns that do not result in direct loss
(near miss events) across the enterprise are
continuously captured and maintained in a central
repository. This information is analyzed and used to
help determine the root causes of these events and to
identify trends that could indicate changes in the
company’s risk exposure or control effectiveness.
PNC’s External Loss Event program utilizes a number
of sources to monitor and identify external loss events
occurring across the financial services industry.
Relevant external events are evaluated by appropriate
business and risk management personnel to determine
whether PNC is exposed to similar events, and if so,
whether appropriate controls are in place.
We continue to refine our methodology to estimate capital
requirements for operational risk using a proprietary version
of an Advanced Measurement Approach (AMA) as prescribed
in Basel II. Under the AMA, the results of the program
elements described above are key inputs directly incorporated
into the capital calculation methodology.
Risk professionals from Operational Risk, Technology Risk
Management, Compliance and Legal work closely with
business areas to evaluate risks and challenge that appropriate
key controls are established prior to the introduction of new or
enhanced products, services and technologies. These risk
professionals also challenge Business Units’ design and
implementation of mitigation strategies to address risks and
issues identified through ongoing assessment and monitoring
activities.
PNC’s Technology Risk Management (TRM) program is
aligned with the operational risk framework. Technology risk
represents the risk associated with the use, ownership,
operation, involvement, influence and adoption of technology
within an enterprise.
Management of technology risk is embedded into the culture
and decision-making processes of PNC through an
information and technology risk management framework
designed to help ensure secure, sound, and compliant IT
systems and infrastructure in support of business strategies
and goals. The management of technology risk is a core
business skill and an integral part of day-to-day activity.
Cybersecurity is a principal concern for financial institutions
and is a very high priority for PNC. The ever changing and
complex threat landscape is closely monitored and PNC
participates in proactive information sharing with intelligence
sources, law enforcement, and the private sector. The cyber
security program is based on a continuous improvement
strategy by assessing current and emerging threats to protect
our critical business functions, as well as the integrity,
privacy, and confidentiality of data. We continue to strengthen
our controls, processes and systems to help protect our
networks, computers, software, and data from attack, damage
or unauthorized access. See Item 1A Risk Factors in this
Report for additional information regarding the risk of a
material adverse impact from interruptions in the effective
operation of, or security breaches affecting, those systems.
Managers and staff at all levels are responsible for applying
risk management policies, procedures, and strategies in their
areas of responsibility. PNC’s TRM function supports
enterprise management of technology risk by independently
assessing technology and information security risks, and by
serving in an oversight role by measuring, monitoring, and
challenging enterprise technology capabilities. Specifically,
Technology Risk Management has the following objectives:
A sound control infrastructure is in place to
effectively manage technology risks to help drive
informed business decisions,
Technology risks related to ongoing business and
operational activities are identified, assessed, and
monitored,
Technology risks related to new key initiatives are
assessed and appropriately managed, and
Emerging technology risks are monitored and
assessed to verify their potential impact to PNC’s
overall risk profile.
The PNC Financial Services Group, Inc. – Form 10-K 83