Wells Fargo 2014 Annual Report Download - page 127

Download and view the complete annual report

Please find page 127 of the 2014 Wells Fargo annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 268

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268

addition, to access our products and services, our customers may
use personal smartphones, tablet PC’s, and other mobile devices
that are beyond our control systems. Although we believe we
have robust information security procedures and controls, our
technologies, systems, networks, and our customers’ devices may
become the target of cyber attacks or information security
breaches that could result in the unauthorized release, gathering,
monitoring, misuse, loss or destruction of Wells Fargo’s or our
customers’ confidential, proprietary and other information, or
otherwise disrupt Wells Fargo’s or its customers’ or other third
parties’ business operations. For example, various retailers have
reported they were victims of cyber attacks in which large
amounts of their customers’ data, including debit and credit card
information, was obtained. In these situations we generally incur
costs to replace compromised cards and address fraudulent
transaction activity affecting our customers.
Third parties with which we do business or that facilitate
our business activities, including exchanges, clearing houses,
financial intermediaries or vendors that provide services or
security solutions for our operations, could also be sources of
operational and information security risk to us, including from
breakdowns or failures of their own systems or capacity
constraints.
To date we have not experienced any material losses relating
to cyber attacks or other information security breaches, but there
can be no assurance that we will not suffer such losses in the
future. Our risk and exposure to these matters remains
heightened because of, among other things, the evolving nature
of these threats, the prominent size and scale of Wells Fargo and
its role in the financial services industry, our plans to continue to
implement our Internet banking and mobile banking channel
strategies and develop additional remote connectivity solutions
to serve our customers when and how they want to be served,
our expanded geographic footprint and international presence,
the outsourcing of some of our business operations, and the
current global economic and political environment. For example,
Wells Fargo and other financial institutions continue to be the
target of various evolving and adaptive cyber attacks, including
malware and denial-of-service, as part of an effort to disrupt the
operations of financial institutions, potentially test their
cybersecurity capabilities, or obtain confidential, proprietary or
other information. As a result, cybersecurity and the continued
development and enhancement of our controls, processes and
systems designed to protect our networks, computers, software
and data from attack, damage or unauthorized access remain a
priority for Wells Fargo. We are also proactively involved in
industry cybersecurity efforts and working with other parties,
including our third-party service providers and governmental
agencies, to continue to enhance defenses and improve resiliency
to cybersecurity threats. As cyber threats continue to evolve, we
may be required to expend significant additional resources to
continue to modify or enhance our protective measures or to
investigate and remediate any information security
vulnerabilities.
Disruptions or failures in the physical infrastructure or
operating systems that support our businesses and customers, or
cyber attacks or security breaches of the networks, systems or
devices that our customers use to access our products and
services could result in customer attrition, financial losses, the
inability of our customers to transact business with us, violations
of applicable privacy and other laws, regulatory fines, penalties
or intervention, reputational damage, reimbursement or other
compensation costs, and/or additional compliance costs, any of
which could materially adversely affect our results of operations
or financial condition.
Our framework for managing risks may not be effective
in mitigating risk and loss to us. Our risk management
framework seeks to mitigate risk and loss to us. We have
established processes and procedures intended to identify,
measure, monitor, report and analyze the types of risk to which
we are subject, including liquidity risk, credit risk, market risk,
interest rate risk, operational risk, legal and compliance risk, and
reputational risk, among others. However, as with any risk
management framework, there are inherent limitations to our
risk management strategies as there may exist, or develop in the
future, risks that we have not appropriately anticipated or
identified. In certain instances, we rely on models to measure,
monitor and predict risks, such as market and interest rate risks,
however there is no assurance that these models will
appropriately capture all relevant risks or accurately predict
future events or exposures. In addition, we rely on data to
aggregate and assess our various risk exposures and any issues
with the quality or effectiveness of our data aggregation and
validation procedures could result in ineffective risk
management practices or inaccurate risk reporting. The recent
financial and credit crisis and resulting regulatory reform
highlighted both the importance and some of the limitations of
managing unanticipated risks, and our regulators remain
focused on ensuring that financial institutions build and
maintain robust risk management policies. If our risk
management framework proves ineffective, we could suffer
unexpected losses which could materially adversely affect our
results of operations or financial condition.
We may incur fines, penalties and other negative
consequences from regulatory violations, possibly even
inadvertent or unintentional violations. We maintain
systems and procedures designed to ensure that we comply with
applicable laws and regulations. However, some legal/regulatory
frameworks provide for the imposition of fines or penalties for
noncompliance even though the noncompliance was inadvertent
or unintentional and even though there was in place at the time
systems and procedures designed to ensure compliance. For
example, we are subject to regulations issued by the Office of
Foreign Assets Control (OFAC) that prohibit financial
institutions from participating in the transfer of property
belonging to the governments of certain foreign countries and
designated nationals of those countries. OFAC may impose
penalties for inadvertent or unintentional violations even if
reasonable processes are in place to prevent the violations. There
may be other negative consequences resulting from a finding of
noncompliance, including restrictions on certain activities. Such
a finding may also damage our reputation as described below
and could restrict the ability of institutional investment
managers to invest in our securities.
Under the Iran Threat Reduction and Syria Human Rights
Act of 2012, we are required to make certain disclosures in our
periodic reports filed with the SEC relating to certain activities
that we or our worldwide affiliates knowingly engaged in
involving Iran during the quarterly period covered by the report.
If we or an affiliate were to engage in a reportable transaction,
we must also file a separate notice regarding the activity with the
SEC, which the SEC will make publicly available on its website.
The SEC will be required to forward the report to the President,
the Senate Committees on Foreign Relations and Banking,
Housing and Urban Affairs, and the House of Representatives
Committees on Foreign Affairs and Financial Services. The
President will then be required to initiate an investigation into
the reported activity and within 180 days make a determination
as to whether to impose sanctions on us. The scope of the
125