Sallie Mae 2012 Annual Report Download - page 19

Download and view the complete annual report

Please find page 19 of the 2012 Sallie Mae annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 207

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207

Our loan originations and conversions and the servicing, financial, accounting, data processing or other
operating systems and facilities that support them may fail to operate properly or become disabled as a result of
events that are beyond our control, adversely affecting our ability to process these transactions. Any such failure
could adversely affect our ability to service our clients, result in financial loss or liability to our clients, disrupt
our business, result in regulatory action or cause reputational damage. Despite the plans and facilities we have in
place, our ability to conduct business may be adversely affected by a disruption in the infrastructure that supports
our businesses. This may include a disruption involving electrical, communications, Internet, transportation or
other services used by us or third parties with which we conduct business. Notwithstanding our efforts to
maintain business continuity, a disruptive event impacting our processing locations could adversely affect our
business, financial condition and results of operations.
Our operations rely on the secure processing, storage and transmission of personal, confidential and other
information in our computer systems and networks. Although we take protective measures, our computer
systems, software and networks may be vulnerable to unauthorized access, computer viruses, malicious attacks
and other events that could have a security impact beyond our control. Our technologies, systems, networks and
those of third parties may become the target of cyber-attacks or information security breaches that could result in
the unauthorized release, gathering, monitoring, misuse, loss or destruction of our or our customers’ confidential,
proprietary and other information, or otherwise disrupt our or our customers’ or other third parties’ business
operations. Moreover, information security risks for large financial institutions such as Sallie Mae have generally
increased in recent years in part because of the proliferation of new technologies, the use of the Internet and
telecommunications technologies to conduct financial transactions, and the increased sophistication and activities
of organized crime, hackers, terrorists, activists, and other external parties.
If one or more of such events occur, personal, confidential and other information processed and stored in,
and transmitted through, our computer systems and networks, could be jeopardized or could cause interruptions
or malfunctions in our operations that could result in significant losses or reputational damage. We also routinely
transmit and receive personal, confidential and proprietary information, some through third parties. We have put
in place secure transmission capability, and work to ensure third parties follow similar procedures. An
interception, misuse or mishandling of personal, confidential or proprietary information being sent to or received
from a customer or third party could result in legal liability, regulatory action and reputational harm. In the event
personal, confidential or other information is jeopardized, intercepted, misused or mishandled, we may be
required to expend significant additional resources to modify our protective measures or to investigate and
remediate vulnerabilities or other exposures, and we may be subject to fines, penalties, litigation costs and
settlements and financial losses that are either not insured against or not fully covered through any insurance
maintained by us. If one or more of such events occur, our business, financial condition or results of operations
could be significantly and adversely affected.
We increasingly depend on third parties for a wide array of services, systems and information technology
applications. Third-party vendors are significantly involved in aspects of our software and systems development,
the timely transmission of information across our data communication network, and for other
telecommunications, processing, remittance and technology-related services in connection with our banking and
payment services businesses. We also utilize third-party debt collectors significantly in the collection of
defaulted Private Education Loans. If a service provider fails to provide the services we require or expect, or fails
to meet applicable contractual or regulatory requirements, such as service levels or compliance with applicable
laws, the failure could negatively impact our business by adversely affecting our ability to process customers’
transactions in a timely and accurate manner, otherwise hampering our ability to serve our customers, or
subjecting us to litigation and regulatory risk for matters as diverse as poor vendor oversight or improper release
or protection of personal information. Such a failure could adversely affect the perception of the reliability of our
networks and services, and the quality of our brands, and could materially adversely affect our revenues and/or
our results of operations.
17