Huntington National Bank 2015 Annual Report Download - page 77

Download and view the complete annual report

Please find page 77 of the 2015 Huntington National Bank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 208

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208

69
Table 28 - Contractual Obligations (1)
(dollar amounts in millions) At December 31, 2015
One Year
or Less
1 to 3
Years
3 to 5
Years
More than
5 Years Total
Deposits without a stated maturity $ 48,573 $ — $ — $ — $ 48,573
Certificates of deposit and other time deposits 5,565 933 161 63 6,722
Short-term borrowings 615 — — — 615
Long-term debt 1,097 3,619 1,973 333 7,022
Operating lease obligations 53 95 82 191 421
Purchase commitments 80 73 17 6 176
(1) Amounts do not include associated interest payments.
Operational Risk
Operational risk is the risk of loss due to human error; inadequate or failed internal systems and controls, including the use of
financial or other quantitative methodologies that may not adequately predict future results; violations of, or noncompliance with,
laws, rules, regulations, prescribed practices, or ethical standards; and external influences such as market conditions, fraudulent
activities, disasters, and security risks. We continuously strive to strengthen our system of internal controls to ensure compliance with
laws, rules, and regulations, and to improve the oversight of our operational risk. We actively and continuously monitor cyber-attacks
such as attempts related to online deception and loss of sensitive customer data. We evaluate internal systems, processes and controls
to mitigate loss from cyber-attacks and, to date, have not experienced any material losses.
Our objective for managing cyber security risk is to avoid or minimize the impacts of external threat events or other efforts to
penetrate our systems. We work to achieve this objective by hardening networks and systems against attack, and by diligently
managing visibility and monitoring controls within our data and communications environment to recognize events and respond before
the attacker has the opportunity to plan and execute on its own goals. To this end we employ a set of defense in-depth strategies, which
include efforts to make Huntington less attractive as a target and less vulnerable to threats, while investing in threat analytic
capabilities for rapid detection and response. Potential concerns related to cyber security may be escalated to our board-level
Technology Committee, as appropriate. As a complement to the overall cyber security risk management, we use a number of internal
training methods, both formally through mandatory courses and informally through written communications and other updates.
Internal policies and procedures have been implemented to encourage the reporting of potential phishing attacks or other security
risks. We also use third-party services to test the effectiveness of our cyber security risk management framework, and any such third
parties are required to comply with our policies regarding information security and confidentiality.
To mitigate operational risks, we have a senior management Operational Risk Committee and a senior management Legal,
Regulatory, and Compliance Committee. The responsibilities of these committees, among other duties, include establishing and
maintaining management information systems to monitor material risks and to identify potential concerns, risks, or trends that may
have a significant impact and ensuring that recommendations are developed to address the identified issues. In addition, we have a
senior management Model Risk Oversight Committee that is responsible for policies and procedures describing how model risk is
evaluated and managed and the application of the governance process to implement these practices throughout the enterprise. These
committees report any significant findings and recommendations to the Risk Management Committee. Potential concerns may be
escalated to our ROC, as appropriate.
The goal of this framework is to implement effective operational risk techniques and strategies; minimize operational, fraud, and
legal losses; minimize the impact of inadequately designed models and enhance our overall performance.
Compliance Risk
Financial institutions are subject to many laws, rules, and regulations at both the federal and state levels. In September 2014, for
example, the Office of the Comptroller of the Currency issued its final rule formalizing its “heightened expectations” supervisory
regime for the largest federally chartered depository institutions, including Huntington, to improve risk management and ensure
boards can challenge decisions made by management. These broad-based laws, rules and regulations include, but are not limited to,
expectations relating to anti-money laundering, lending limits, client privacy, fair lending, prohibitions against unfair, deceptive or
abusive acts or practices, protections for military members as they enter active duty, and community reinvestment. Additionally, the
volume and complexity of recent regulatory changes have increased our overall compliance risk. As such, we utilize various resources
to help ensure expectations are met, including a team of compliance experts dedicated to ensuring our conformance with all applicable
laws, rules, and regulations. Our colleagues receive training for several broad-based laws and regulations including, but not limited to,
anti-money laundering and customer privacy. Additionally, colleagues engaged in lending activities receive training for laws and