PNC Bank 2015 Annual Report Download - page 99

Download and view the complete annual report

Please find page 99 of the 2015 PNC Bank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 256

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256

professionals also challenge Business Units’ design and
implementation of mitigation strategies to address risks and
issues identified through ongoing assessment and monitoring
activities.
PNC’s Technology Risk Management (TRM) program is
aligned with the operational risk framework. Technology risk
represents the risk associated with the use, ownership,
operation, involvement, influence and adoption of technology
within an enterprise.
Management of technology risk is embedded into the culture
and decision-making processes of PNC through an
information and technology risk management framework
designed to help ensure secure, sound, and compliant IT
systems and infrastructure in support of business strategies
and goals. The management of technology risk is a core
business skill and an integral part of day-to-day activity.
Cybersecurity is a principal concern for financial institutions
and is a very high priority for PNC. The ever changing and
complex threat landscape is closely monitored and PNC
participates in proactive information sharing with intelligence
sources, law enforcement, and the private sector. The cyber
security program is based on a continuous improvement
strategy by assessing current and emerging threats to protect
our critical business functions, as well as the integrity,
privacy, and confidentiality of data. We continue to strengthen
our controls, processes and systems to help protect our
networks, computers, software, and data from attack, damage
or unauthorized access. See Item 1A Risk Factors in this
Report for additional information regarding the risk of a
material adverse impact from interruptions in the effective
operation of, or security breaches affecting, those systems.
Managers and staff at all levels are responsible for applying
risk management policies, procedures, and strategies in their
areas of responsibility. PNC’s TRM function supports
enterprise management of technology risk by independently
assessing technology and information security risks, and by
serving in an oversight role by measuring, monitoring, and
challenging enterprise technology capabilities. Specifically,
Technology Risk Management has the following objectives:
A sound control infrastructure is in place to
effectively manage technology risks to help drive
informed business decisions,
Technology risks related to ongoing business and
operational activities are identified, assessed, and
monitored,
Technology risks related to new key initiatives are
assessed and appropriately managed, and
Emerging technology risks are monitored and
assessed to verify their potential impact to PNC’s
overall risk profile.
To support PNC’s overall risk profile within risk appetite and
the Enterprise Risk Appetite Statement, Technology Risk
Management has established governance, operating structures,
metrics, and guiding principles designed to ensure that
technology risk is distinctly considered in business activities
and strategic decision making processes.
PNC has defined an enterprise-wide business continuity
program that provides structure and guidelines to ensure
resiliency and recovery of PNC’s facilities, employees,
suppliers and technology should there be a business
disruption. It is a comprehensive program based upon a life
cycle containing repeatable activities to identify and mitigate
internal and external business disruptive threats. It is the
responsibility of PNC’s business units to execute and comply
with the business continuity program. The program is
administered by a separate group, with governance and
oversight being provided by additional resources in the
Independent Risk Management function.
PNC’s Corporate Insurance Group is responsible for
managing insurance risk across the organization, and is
aligned within the enterprise risk management governance
framework. PNC retains select corporate risks through its
wholly-owned captive insurance company Alpine Indemnity
Limited, and transfers excess risk through the purchase of
insurance where appropriate, to mitigate the effects of
operational loss events. PNC’s risks associated with its
participation as an insurer for these programs are mitigated
through policy and annual aggregate limits. Decisions
surrounding PNC’s retention of its operating risks through
deductibles or captive participation are made in conjunction
with the enterprise risk management governance framework.
The Corporate Insurance Group monitors and manages
insurable risks through a combination of risk mitigation,
retention and transfer consistent with the organization’s risk
appetite and philosophy. To ensure the lines of business have
a clear understanding of insurance risk and the ability to retain
or transfer risk, management holds regular meetings with the
lines of business regarding risk evaluation and the utilization
of insurance as a risk transfer technique. Furthermore,
Corporate Insurance management and the Insurance Risk
Committee have primary oversight of reporting insurance
related activities through the governance structure that allows
management to fully vet risk information.
Quarterly, an enterprise operational risk report is developed to
report key operational risks to senior management and the
Board of Directors. The report encompasses key operational
risk management conclusions, including the overall
operational risk level, risk management effectiveness and
outlook, grounded in quantitative measures and qualitative
factors. Key enterprise operational risks are also included in
the enterprise risk report. In addition, operational risk is an
integrated part of the quarterly business-specific risk reports.
The PNC Financial Services Group, Inc. – Form 10-K 81