SunTrust 2014 Annual Report Download - page 37

Download and view the complete annual report

Please find page 37 of the 2014 SunTrust annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 199

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199

14
affecting the financial services industry, including mortgage
foreclosure issues. Negative public opinion regarding us could
result from our actual or alleged conduct in any number of
activities, including lending practices, the failure of any product
or service sold by us to meet our clients' expectations or
applicable regulatory requirements, corporate governance and
acquisitions, or from actions taken by government regulators
and community organizations in response to those activities.
Negative public opinion can adversely affect our ability to keep
and attract and/or retain clients and personnel and can expose
us to litigation and regulatory action. Actual or alleged conduct
by one of our businesses can result in negative public opinion
about our other businesses.
We rely on other companies to provide key components of
our business infrastructure.
Third parties provide key components of our business
infrastructure such as banking services, processing, and internet
connections and network access. Any disruption in such services
provided by these third parties or any failure of these third parties
to handle current or higher volumes of use could adversely affect
our ability to deliver products and services to clients and
otherwise to conduct business. Technological or financial
difficulties of a third party service provider could adversely
affect our business to the extent those difficulties result in the
interruption or discontinuation of services provided by that
party. Further, in some instances we may be responsible for
failures of such third parties to comply with government
regulations. We may not be insured against all types of losses
as a result of third party failures and our insurance coverage may
be inadequate to cover all losses resulting from system failures
or other disruptions. Failures in our business infrastructure could
interrupt the operations or increase the costs of doing business.
We are at risk of increased losses from fraud.
Recently, we have seen an increase in the frequency and
sophistication of fraudulent activity. Criminals committing
fraud increasingly are using more sophisticated techniques and
in some cases are part of larger criminal rings which allows them
to be more effective.
The fraudulent activity has taken many forms, ranging from
check fraud, mechanical devices attached to ATM machines,
social engineering and phishing attacks to obtain personal
information. Further, in addition to fraud committed against us,
we may suffer losses as a result of fraudulent activity committed
against third parties. For example, in 2014 several national retail
merchants suffered data compromises involving the personal
and payment card information of SunTrust customers. The
perpetrators of this fraud executed unauthorized charges against
SunTrust account holders which we were required to reimburse.
While we may be entitled to full or partial indemnification from
such merchants for their failure to protect our client’s personal
data, there can be no assurance that we will receive such
indemnification, that it will be adequate, or that it will cover
other losses such as lost profits or costs to reissue payment cards.
Further, as a result of increased fraud activity, we have increased
our spending on systems to detect and prevent fraud, and may
need to make further investments in the future.
A failure in or breach of our operational or security systems
or infrastructure, or those of our third party vendors and
other service providers, including as a result of cyber-
attacks, could disrupt our businesses, result in the disclosure
or misuse of confidential or proprietary information,
damage our reputation, increase our costs and cause losses.
We depend upon our ability to process, record, and monitor
a large number of client transactions on a continuous basis. As
client, public, and regulatory expectations regarding operational
and information security have increased, our operational
systems and infrastructure must continue to be safeguarded and
monitored for potential failures, disruptions, and breakdowns.
Our business, financial, accounting, data processing, or other
operating systems and facilities may stop operating properly or
become disabled or damaged as a result of a number of factors
including events that are wholly or partially beyond our control.
For example, there could be sudden increases in client
transaction volume; electrical or telecommunications outages;
natural disasters such as earthquakes, tornadoes, and hurricanes;
disease pandemics; events arising from local or larger scale
political or social matters, including terrorist acts; and, as
described below, cyber-attacks. Although we have business
continuity plans and other safeguards in place, our business
operations may be adversely affected by significant and
widespread disruption to our physical infrastructure or operating
systems that support our businesses and clients.
Information security risks for large financial institutions
such as ours have generally increased in recent years in part
because of the proliferation of new technologies, the use of the
internet and telecommunications technologies to conduct
financial transactions, and the increased sophistication and
activities of organized crime, hackers, terrorists, activists, and
other external parties. As noted above, our operations rely on
the secure processing, transmission, and storage of confidential
information in our computer systems and networks. Our
banking, brokerage, investment advisory, and capital markets
businesses rely on our digital technologies, computer and email
systems, software, and networks to conduct their operations. In
addition, to access our products and services, our clients may
use personal smartphones, tablet PCs, personal computers, and
other mobile devices or software that are beyond our control.
Although we have information security procedures and controls
in place, our technologies, systems, networks, and our clients'
devices and software may become the target of cyber-attacks or
information security breaches that could result in the
unauthorized release, gathering, monitoring, misuse, loss or
destruction of our or our clients' confidential, proprietary and
other information, or otherwise disrupt our or our clients' or
other third parties' business operations. The Internet and
computing devices in general are prime targets for criminals
who utilize sophisticated technology to seek, discover and
exploit vulnerabilities that may, or may not, be generally known.
In 2014 several vulnerabilities in core Internet security
technologies were announced and widely publicized in the
media. These vulnerabilities increased the potential of loss or
compromise for users of the Internet until specific actions were
taken by the user or entities outside our direct control. SunTrust
experienced no material loss or disruption of services relating
to these vulnerabilities.