PNC Bank 2014 Annual Report Download - page 102

Download and view the complete annual report

Please find page 102 of the 2014 PNC Bank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 268

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268

To support PNC’s overall risk profile within risk appetite and
the Enterprise Risk Appetite Statement, Technology Risk
Management has established governance, operating structures,
metrics, and guiding principles designed to ensure that
technology risk is distinctly considered in business activities
and strategic decision making processes.
PNC has defined an enterprise-wide business continuity
program that provides structure and guidelines to ensure
resiliency and recovery of PNC’s facilities, employees,
suppliers and technology should there be a business
disruption. It is a comprehensive program based upon a life
cycle containing repeatable activities to identify and mitigate
internal and external business disruptive threats. It is the
responsibility of PNC’s business units to execute and comply
with the business continuity program. The program is
administered by a separate group, with governance and
oversight being provided by additional resources in the
Independent Risk Management function.
PNC’s Corporate Insurance Group is responsible for
managing insurance risk across the organization, and is
aligned within the enterprise risk management governance
framework. PNC retains select corporate risks through its
wholly-owned captive insurance company Alpine Indemnity
Limited, and transfers excess risk through the purchase of
insurance where appropriate, to mitigate the effects of
operational loss events. PNC’s risks associated with its
participation as an insurer for these programs are mitigated
through policy and annual aggregate limits. Decisions
surrounding PNC’s retention of its operating risks through
deductibles or captive participation are made in conjunction
with the enterprise risk management governance framework.
The Corporate Insurance Group monitors and manages
insurable risks through a combination of risk mitigation,
retention and transfer consistent with the organization’s risk
appetite and philosophy. To ensure the lines of business have
a clear understanding of insurance risk and the ability to retain
or transfer risk, management holds regular meetings with the
lines of business regarding risk evaluation and the utilization
of insurance as a risk transfer technique. Furthermore,
Corporate Insurance management and the Insurance Risk
Committee have primary oversight of reporting insurance
related activities through the governance structure that allows
management to fully vet risk information.
Quarterly, an enterprise operational risk report is developed to
report key operational risks to senior management and the
Board of Directors. The report encompasses key operational
risk management conclusions, including the overall
operational risk level, risk management effectiveness and
outlook, grounded in quantitative measures and qualitative
factors. Key enterprise operational risks are also included in
the enterprise risk report. In addition, operational risk is an
integrated part of the quarterly business-specific risk reports.
Compliance Risk
Enterprise Compliance is responsible for coordinating the
compliance risk component of PNC’s Operational Risk
framework. Compliance issues are identified and tracked
through enterprise-wide monitoring and tracking programs.
Key compliance risk issues are escalated through a
comprehensive risk reporting process at both a business and
enterprise level and incorporated, as appropriate, into the
development and assessment of the firm’s operational risk
profile. The Compliance, Conflicts & Ethics Policy
Committee, chaired by the Chief Compliance Officer,
provides oversight for compliance, conflicts and ethics
programs and strategies across PNC. This committee also
oversees the compliance processes related to fiduciary and
investment risk. In order to help understand, and where
appropriate, proactively address emerging regulatory issues,
Enterprise Compliance communicates regularly with various
regulators with supervisory or regulatory responsibilities with
respect to PNC, its subsidiaries or businesses and participates
in forums focused on regulatory and compliance matters in the
financial services industry.
Risk professionals from Operational Risk, Technology Risk
Management, Compliance and Legal work closely with
business areas to evaluate risks and challenge that appropriate
key controls are established prior to the introduction of new or
enhanced products, services and technologies. These risk
professionals also challenge Business Units’ design and
implementation of mitigation strategies to address risks and
issues identified through ongoing assessment and monitoring
activities.
84 The PNC Financial Services Group, Inc. – Form 10-K