SunTrust 2011 Annual Report Download - page 35
Download and view the complete annual report
Please find page 35 of the 2011 SunTrust annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.19
Information security risks for large financial institutions such as ours have generally increased in recent years in part because of
the proliferation of new technologies, the use of the internet and telecommunications technologies to conduct financial transactions,
and the increased sophistication and activities of organized crime, hackers, terrorists, activists, and other external parties. As noted
above, our operations rely on the secure processing, transmission, and storage of confidential information in our computer systems
and networks. Our banking, brokerage, investment advisory, and capital markets businesses rely on our digital technologies,
computer and email systems, software, and networks to conduct their operations. In addition, to access our products and services,
our clients may use personal smartphones, tablet PC's, personal computers, and other mobile devices that are beyond our control
systems. Although we have information security procedures and controls in place, our technologies, systems, networks, and our
clients' devices may become the target of cyber attacks or information security breaches that could result in the unauthorized
release, gathering, monitoring, misuse, loss or destruction of our or our clients' confidential, proprietary and other information, or
otherwise disrupt our or our clients' or other third parties' business operations.
Third parties with whom we do business or that facilitate our business activities, including exchanges, clearing houses, financial
intermediaries, or vendors that provide services or security solutions for our operations, could also be sources of operational and
information security risk to us, including from breakdowns or failures of their own systems or capacity constraints.
Although to date we have not experienced any material losses relating to cyber attacks or other information security breaches,
there can be no assurance that we will not suffer such losses in the future. Our risk and exposure to these matters remains heightened
because of, among other things, the evolving nature of these threats, the prominent size and scale of SunTrust and our role in the
financial services industry, our plans to continue to implement our internet banking and mobile banking channel strategies and
develop additional remote connectivity solutions to serve our clients when and how they want to be served, our expanded geographic
footprint and international presence, the outsourcing of some of our business operations, and the continued uncertain global
economic environment. As a result, cybersecurity and the continued development and enhancement of our controls, processes and
practices designed to protect our systems, computers, software, data and networks from attack, damage or unauthorized access
remain a focus for us. As threats continue to evolve, we may be required to expend additional resources to continue to modify or
enhance our protective measures or to investigate and remediate information security vulnerabilities.
Disruptions or failures in the physical infrastructure or operating systems that support our businesses and clients, or cyber attacks
or security breaches of the networks, systems or devices that our clients use to access our products and services could result in
client attrition, regulatory fines, penalties or intervention, reputational damage, reimbursement or other compensation costs, and/
or additional compliance costs, any of which could materially adversely affect our results of operations or financial condition.
We rely on other companies to provide key components of our business infrastructure.
Third parties provide key components of our business infrastructure such as banking services, processing, and internet connections
and network access. Any disruption in such services provided by these third parties or any failure of these third parties to handle
current or higher volumes of use could adversely affect our ability to deliver products and services to clients and otherwise to
conduct business. Technological or financial difficulties of a third party service provider could adversely affect our business to
the extent those difficulties result in the interruption or discontinuation of services provided by that party. We may not be insured
against all types of losses as a result of third party failures and our insurance coverage may be inadequate to cover all losses
resulting from system failures or other disruptions. Failures in our business infrastructure could interrupt the operations or increase
the costs of doing business.
The soundness of other financial institutions could adversely affect us.
Our ability to engage in routine funding transactions could be adversely affected by the actions and commercial soundness of other
financial institutions. Financial services institutions are interrelated as a result of trading, clearing, counterparty, or other
relationships. We have exposure to many different industries and counterparties, and we routinely execute transactions with
counterparties in the financial industry, including brokers and dealers, commercial banks, investment banks, mutual and hedge
funds, and other institutional clients. As a result, defaults by, or even rumors or questions about, one or more financial services
institutions, or the financial services industry generally, in the past have led to market-wide liquidity problems and could lead to
losses or defaults by us or by other institutions. Many of these transactions expose us to credit risk in the event of default of our
counterparty or client. In addition, our credit risk may be exacerbated when the collateral held by us cannot be realized upon or
is liquidated at prices not sufficient to recover the full amount of the financial instrument exposure due us. There is no assurance
that any such losses would not materially and adversely affect our results of operations.