PNC Bank 2014 Annual Report Download - page 40
Download and view the complete annual report
Please find page 40 of the 2014 PNC Bank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.-
1 -
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30 -
31 -
32 -
33 -
34 -
35 -
36 -
37 -
38 -
39 -
40 -
41 -
42 -
43 -
44 -
45 -
46 -
47 -
48 -
49 -
50 -
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
 |
 |
holders of our cards who have made purchases from that
business may experience fraud on their card accounts. PNC
may suffer losses associated with reimbursing our customers
for such fraudulent transactions on customers’ card accounts,
as well as for other costs related to data security compromise
events, such as replacing cards associated with compromised
card accounts. In addition, PNC provides card transaction
processing services to some merchant customers under
agreements we have with payment networks such as Visa and
MasterCard. Under these agreements, we may be responsible
for certain losses and penalties if one of our merchant
customers suffers a data security breach.
Over the last several years, several large retailers, prominently
including Target and Home Depot, disclosed that they had
suffered substantial data security breaches compromising
millions of card accounts. To date, PNC’s losses and costs
related to these breaches have not been material, but other
similar events in the future could be more significant to PNC.
There have been other recent publicly announced cyber
attacks that were not focused on gaining access to credit card
information but instead sought access to a range of other types
of confidential information including internal emails and other
forms of customer financial information or sought to capture
and possibly shutdown systems and devices maintained by
target companies. Notable examples include attacks in 2014
on JP Morgan Chase and Sony Pictures and in early 2015 on
Anthem. These other attacks have generally not had any
financial impact on PNC but demonstrate the risks to
confidential information and systems operations potentially
posed by cyber attacks.
Methods used by others to attack information systems change
frequently (with generally increasing sophistication), often are
not recognized until launched against a target, may be
supported by foreign governments or other well-financed
entities, and may originate from less regulated and remote
areas around the world. As a result, we may be unable to
address these methods in advance of attacks, including by
implementing adequate preventive measures.
We have policies, procedures and systems (including business
continuity programs) designed to prevent or limit the effect of
possible failures, interruptions or breaches in security of
information systems. We design our business continuity and
other information and technology risk management programs
to manage our capabilities to provide services in the case of an
event resulting in material disruptions of business activities
affecting our employees, facilities, technology or suppliers.
We regularly seek to test the effectiveness of and enhance
these policies, procedures and systems.
Our ability to mitigate the adverse consequences of such
occurrences is in part dependent on the quality of our business
continuity planning and our ability to anticipate the timing and
nature of any such event that occurs. The adverse impact of
natural and other disasters, terrorist activities, international
hostilities and the like could be increased to the extent that
there is a lack of preparedness on the part of national or
regional governments, including emergency responders, or on
the part of other organizations and businesses with which we
deal, particularly those on which we depend but have no
control over.
In recent years, we have incurred significant expense towards
improving the reliability of our systems and their security
against external and internal threats. Nonetheless, there
remains the risk that an adverse event might occur. If one does
occur, we might not be able to remediate the event or its
consequences timely or adequately. To the extent that the risk
relates to products or services provided by others, we seek to
engage in due diligence and monitoring to limit the risk, but
here as well we cannot eliminate it. Should an adverse event
affecting another company’s systems occur, we may not have
indemnification or other protection from the other company
sufficient to compensate us or otherwise protect us from the
consequences.
The occurrence of any failure, interruption or security breach
of any of our information or communications systems, or the
systems of other companies on which we rely, could result in
a wide variety of adverse consequences to PNC. This risk is
greater if the issue is widespread or results in financial losses
to our customers. Possible adverse consequences include
damage to our reputation or a loss of customer business. We
also could face litigation or additional regulatory scrutiny.
Litigation or regulatory actions in turn could lead to liability
or other sanctions, including fines and penalties or
reimbursement of customers adversely affected by a systems
problem or security breach. Even if we do not suffer any
material adverse consequences as a result of events affecting
us directly, successful attacks or systems failures at other
financial institutions could lead to a general loss of customer
confidence in financial institutions, including PNC. Also,
systems problems, including those resulting from third party
attacks, whether at PNC or at our competitors, would likely
increase regulatory and customer concerns regarding the
functioning, safety and security of such systems generally. In
that case, we would expect to incur even higher levels of costs
with respect to prevention and mitigation of these risks.
We continually encounter technological change and we
could falter in our ability to remain competitive in this
arena.
The financial services industry is continually undergoing rapid
technological change with frequent introductions of new
technology-driven products and services. The effective use of
technology increases efficiency and enables financial
institutions to better serve customers and to reduce costs. We
have been investing in technology and connectivity to
automate functions previously performed manually, to
facilitate the ability of customers to engage in financial
22 The PNC Financial Services Group, Inc. – Form 10-K