PNC Bank 2014 Annual Report Download - page 39

Download and view the complete annual report

Please find page 39 of the 2014 PNC Bank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 268

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268

banking agencies have been taking into account expectations
regarding the ability of banks to meet these new requirements,
including under stressed conditions, in approving actions that
represent uses of capital, such as dividend increases, share
repurchases and acquisitions. Moreover, PNC, as a BHC that
is subject to the advanced approaches for regulatory capital
purposes, is subject to a higher LCR requirement than other
BHCs that have more than $50 billion in total assets but are
not subject to the advanced approaches. Until the scope and
terms of pending or future rulemakings relating to capital,
liquidity, or liability composition are known, the extent to
which such rules may apply to PNC and the potential impact
of such rules on PNC will remain uncertain.
We depend on information systems, both internally and
through third-parties, to conduct our business and could
suffer a material adverse impact from interruptions in the
effective operation of, or security breaches affecting, those
systems.
As a large financial company, we handle a substantial volume
of customer and other financial transactions virtually on a
continuous basis. As a result, we rely heavily on information
systems to conduct our business and to process, record, and
monitor our transactions. In recent years, PNC has increased
substantially in size, scope and complexity. We have also seen
more customer usage of technological solutions for financial
needs and higher expectations of customers and regulators
regarding effective and safe systems operation. We expect
these trends to continue for the foreseeable future. The need to
ensure proper functioning of these systems has become more
challenging, and the costs involved in that effort are greater
than ever.
The risks to these systems result from a variety of factors,
both internal and external. In some cases, these factors are
largely outside of our control, including the potential for bad
acts on the part of hackers, criminals, employees and others.
In other cases, our systems could fail to operate as needed due
to factors such as design or performance issues, human error,
unexpected transaction volumes, or inadequate measures to
protect against unauthorized access or transmissions. We are
also at risk for the impact of natural or other disasters,
terrorism, international hostilities and the like on our systems
or for the effect of outages or other failures involving power
or communications systems operated by others. In addition,
we face a variety of types of cyber attacks, some of which are
discussed in more detail below. Cyber attacks often include
efforts to disrupt our ability to provide services or to gain
access to confidential company and customer information.
We rely on other companies for the provision of a broad range
of products and services. Many of these products and services
include information systems themselves or involve the use of
such systems in connection with providing the products or
services. In some cases, these other companies provide the
infrastructure that supports electronic communications. These
other companies are generally subject to many of the same
risks we face with respect to our systems. To the extent we
rely on these other companies, we could be adversely affected
if they are impacted by system failures, cyber attacks or
employee misconduct.
All of these types of events, whether resulting from cyber
attacks or other internal or external sources, expose customer
and other confidential information to security risks. They also
could disrupt our ability to use our accounting, deposit, loan
and other systems and could cause errors in transactions with
customers, vendors or other counterparties.
In addition, our customers often use their own devices, such as
computers, smartphones and tablets, to do business with us.
We have limited ability to assure the safety and security of our
customers’ transactions with us to the extent they are utilizing
their own devices.
We are faced with ongoing efforts by others to breach data
security at financial institutions or with respect to financial
transactions. Some of these involve efforts to enter our
systems directly by going through or around our security
protections. Others involve the use of schemes such as
“phishing” to gain access to identifying customer information,
often from customers themselves. Most corporate and
commercial transactions are now handled electronically, and
our retail customers increasingly use online access and mobile
devices to bank with us. The ability to conduct business with
us in this manner depends on the transmission of confidential
information, which increases the risk of data security
breaches.
Starting in late 2012, there have been several well-publicized
series of apparently related denial of service attacks on large
financial services companies, including PNC. In a denial of
service attack, individuals or organizations flood commercial
websites with extraordinarily high volumes of traffic, with the
goal of disrupting the ability of commercial enterprises to
process transactions and possibly making their websites
unavailable to customers for extended periods of time. The
attacks against PNC have resulted in temporary disruptions in
customers’ ability to access the corporate website and to
perform on-line banking transactions. To date, no customer
data has been lost or compromised as a result of these attacks
and these efforts have not had a material impact on PNC. We
cannot, however, provide assurance that future attacks of this
type might not have a greater effect on PNC.
As our customers regularly use PNC-issued credit and debit
cards to pay for transactions with retailers and other
businesses, there is the risk of data security breaches at those
other businesses covering PNC account information. When
our customers use PNC-issued cards to make purchases from
those businesses, card account information may be provided to
the business. If the business’s systems that process or store
card account information are subject to a data security breach,
The PNC Financial Services Group, Inc. – Form 10-K 21