JP Morgan Chase 2014 Annual Report Download - page 144
Download and view the complete annual report
Please find page 144 of the 2014 JP Morgan Chase annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.-
1 -
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134 -
135 -
136 -
137 -
138 -
139 -
140 -
141 -
142 -
143 -
144 -
145 -
146 -
147 -
148 -
149 -
150 -
151 -
152 -
153 -
154 -
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
 |
 |
Management’s discussion and analysis
142 JPMorgan Chase & Co./2014 Annual Report
and the calculation generally continues to reflect such
losses even after the issues or business activities giving rise
to the losses have been remediated or reduced.
The LDA is supplemented by both management’s view of
plausible tail risk, which is captured as part of the Scenario
Analysis process, and evaluation of key LOB internal control
metrics (BEICF). The Firm may further supplement such
analysis to incorporate management judgment and
feedback from its bank regulators. For information related
to operational risk RWA, see Regulatory capital on pages
146–153.
Audit alignment
Internal Audit utilizes a risk-based program of audit
coverage to provide an independent assessment of the
design and effectiveness of key controls over the Firm’s
operations, regulatory compliance and reporting. This
includes reviewing the operational risk framework, the
effectiveness of the RCSA process, and the loss data-
collection and reporting activities.
Insurance
One of the ways operational loss is mitigated is through
insurance maintained by the Firm. The Firm purchases
insurance to be in compliance with local laws and
regulations (e.g., workers compensation), as well as to
serve other needs (e.g., property loss and public liability).
Insurance may also be required by third parties with whom
the Firm does business. The insurance purchased is
reviewed and approved by senior management.
Cybersecurity
The Firm devotes significant resources to maintain and
regularly update its systems and processes that are
designed to protect the security of the Firm’s computer
systems, software, networks and other technology assets
against attempts by unauthorized parties to obtain access
to confidential information, destroy data, disrupt or
degrade service, sabotage systems or cause other damage.
In 2014, the Firm spent more than $250 million, and had
approximately 1,000 people focused on cybersecurity
efforts, and these efforts are expected to grow significantly
over the coming years.
Third parties with which the Firm does business or that
facilitate the Firm’s business activities (e.g., vendors,
exchanges, clearing houses, central depositories, and
financial intermediaries) could also be sources of
cybersecurity risk to the Firm, including with respect to
breakdowns or failures of their systems, misconduct by the
employees of such parties, or cyberattacks which could
affect their ability to deliver a product or service to the Firm
or result in lost or compromised information of the Firm or
its clients. In addition, customers with which or whom the
Firm does business can also be sources of cybersecurity risk
to the Firm, particularly when their activities and systems
are beyond the Firm’s own security and control systems.
Customers will generally be responsible for losses incurred
due to their own failure to maintain the security of their
own systems and processes.
The Firm and several other U.S. financial institutions have
experienced significant distributed denial-of-service attacks
from technically sophisticated and well-resourced
unauthorized parties which are intended to disrupt online
banking services. The Firm and its clients are also regularly
targeted by unauthorized parties using malicious code and
viruses.
On September 10, 2014, the Firm disclosed that a
cyberattack against the Firm had occurred. On October 2,
2014, the Firm updated that information and disclosed
that, while user contact information (name, address, phone
number and email address) and internal JPMorgan Chase
information relating to such users had been compromised,
there had been no evidence that account information for
such affected customers -- account numbers, passwords,
user IDs, dates of birth or Social Security numbers -- was
compromised during the attack. The Firm continues to
vigilantly monitor the situation. In addition, as of the
October 2, 2014 announcement, as well as of the date of
this Annual Report, the Firm has not seen any unusual
customer fraud related to this incident. The Firm is
cooperating with government agencies in connection with
their investigation of the incident. The Firm also notified its
customers that they were not liable for unauthorized
transactions in their accounts attributable to this attack that
they promptly alerted the Firm about.
The Firm has established, and continues to establish,
defenses on an ongoing basis to mitigate this and other
possible future attacks. The cyberattacks experienced to
date have not resulted in any material disruption to the
Firm’s operations or had a material adverse effect on the
Firm’s results of operations. The Board of Directors and the
Audit Committee are regularly apprised regarding the
cybersecurity policies and practices of the Firm as well as
the Firm’s efforts regarding this attack and other significant
cybersecurity events.
Cybersecurity attacks, like the one experienced by the Firm,
highlight the need for continued and increased cooperation
among businesses and the government, and the Firm
continues to work with the appropriate government and law
enforcement agencies and other businesses, including the
Firm’s third-party service providers, to continue to enhance
defenses and improve resiliency to cybersecurity threats.
Business and Technology Resiliency
JPMorgan Chase’s global resiliency and crisis management
program is intended to ensure that the Firm has the ability
to recover its critical business functions and supporting
assets (i.e., staff, technology and facilities) in the event of a
business interruption, and to remain in compliance with
global laws and regulations as they relate to resiliency risk.
The program includes corporate governance, awareness and
training, as well as strategic and tactical initiatives aimed to
ensure that risks are properly identified, assessed, and
managed.