PNC Bank 2015 Annual Report Download - page 98

Download and view the complete annual report

Please find page 98 of the 2015 PNC Bank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 256

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256

model, sound and consistent risk management processes and
transparent operational risk reporting across the enterprise.
The PNC Board determines the strategic approach to
operational risk via establishment of guiding principles, risk
appetite and appropriate risk management structure. This
includes establishment of risk metrics and limits and
operational risk committee hierarchy and reporting structure to
identify, understand and manage operational risks.
Executive Management has responsibility for operational risk
management. The executive management team is responsible
for monitoring significant risks, key controls and related
issues through management reporting and a governance
structure of risk committees, to help ensure that objectives are
pursued within the bounds of our risk appetite.
Within the Independent Risk Management function,
Operational Risk Management (ORM) is responsible for
developing and maintaining the policies, methodologies, tools,
and technology utilized across the enterprise to identify,
assess, monitor, and report operational risks. ORM monitors
enterprise-wide adherence with related policies and
procedures and regularly assesses overall program
effectiveness. In addition, ORM independently challenges the
results and conclusions generated by the business units during
the execution of the operational risk management program.
Business Unit management is responsible for the day-to-day
management of operational risks inherent in the products,
services, and activities for which they are responsible.
Business Unit management is also responsible for adhering to
PNC’s enterprise-wide operational risk management policies
and procedures including regularly identifying, measuring,
and monitoring operational risks in their respective areas, as
well as capturing, analyzing and reporting operational risks
and issues.
Management of operational risk is based upon a
comprehensive framework designed to enable PNC to
determine the enterprise and individual business unit’s
operational risk profile in comparison to the established risk
appetite and identify operational risks that may require further
mitigation. This framework is established around a set of
enterprise-wide policies and a system of internal controls that
are designed to manage risk and to provide management with
timely and accurate information about the operations of PNC.
This framework employs a number of techniques to manage
operational risk, including:
Risk and Control Self Assessments (RCSAs) that are
performed at least annually across PNC’s businesses,
processes, systems and products. RCSA methodology
is a standard process for business units to document
and assess operational risks, evaluate key control
design and operating effectiveness, and determine if
control enhancements are required,
A Scenario Analysis program that is leveraged to
proactively evaluate operational risks with the
potential for severe business, financial, operational or
regulatory impact on the company or a major
business unit. This methodology leverages standard
processes and tools to evaluate a wide range of
business and operational risks encompassing both
external and internal events relevant to the company.
Based upon scenario analysis conclusions,
management may implement additional controls or
risk management activities to reduce exposure to an
acceptable level,
A Metrics and Key Risk Indicator framework that
allows management to proactively monitor and assess
shifts in operational risk exposure or key control
effectiveness compared to expectations and
thresholds. Enterprise-level Operational Risk
Appetite metrics support PNC’s Operational Risk
Management framework and guiding principles with
the objective of maintaining a risk profile within risk
appetite. A broad set of operational risk indicators are
in place to monitor and report exposures across the
different inherent operational risk types. Lastly,
business-specific risk indicators are established to
monitor the most significant risks and controls
identified in the individual risk and control self
assessments, and
Operational loss events as well as technology and
operational breakdowns that do not result in direct
loss (near miss events) across the enterprise are
continuously captured and maintained in a central
repository. This information is analyzed and used to
help determine the root causes of these events and to
identify trends that could indicate changes in the
company’s risk exposure or control effectiveness.
PNC’s External Loss Event program utilizes a
number of sources to monitor and identify external
loss events occurring across the financial services
industry. Relevant external events are evaluated by
appropriate business and risk management personnel
to determine whether PNC is exposed to similar
events, and if so, whether appropriate controls are in
place.
We continue to refine our methodology to estimate capital
requirements for operational risk using a proprietary version
of an Advanced Measurement Approach (AMA) as prescribed
in Basel II. Under the AMA, the results of the program
elements described above are key inputs directly incorporated
into the capital calculation methodology.
Risk professionals from Operational Risk, Technology Risk
Management, Compliance and Legal work closely with
business areas to evaluate risks and challenge that appropriate
key controls are established prior to the introduction of new or
enhanced products, services and technologies. These risk
80 The PNC Financial Services Group, Inc. – Form 10-K