KeyBank 2014 Annual Report Download - page 32

Download and view the complete annual report

Please find page 32 of the 2014 KeyBank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 247

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247

Changes in accounting policies, standards, and interpretations could materially affect how we report our
financial condition and results of operations.
The FASB, regulatory agencies, and other bodies that establish accounting standards periodically change the
financial accounting and reporting standards governing the preparation of Key’s financial statements.
Additionally, those bodies that establish and interpret the accounting standards (such as the FASB, SEC, and
banking regulators) may change prior interpretations or positions on how these standards should be applied.
These changes can be difficult to predict and can materially affect how Key records and reports its financial
condition and results of operations. In some cases, Key could be required to retroactively apply a new or revised
standard, resulting in changes to previously reported financial results.
III. Operational Risk
Our information systems may experience an interruption or breach in security.
We rely heavily on communications, information systems (both internal and provided by third parties) and the
Internet to conduct our business. Our business is dependent on our ability to process and monitor large numbers
of daily transactions in compliance with legal, regulatory and internal standards and specifications. In addition, a
significant portion of our operations relies heavily on the secure processing, storage and transmission of personal
and confidential information, such as the personal information of our customers and clients. These risks may
increase in the future as we continue to increase mobile payments and other internet-based product offerings and
expand our internal usage of web-based products and applications.
In the event of a failure, interruption or breach of our information systems, we may be unable to avoid impact to
our customers. Other U.S. financial service institutions and companies have reported breaches, some severe, in
the security of their websites or other systems and several financial institutions, including Key, experienced
significant distributed denial-of-service attacks, some of which involved sophisticated and targeted attacks
intended to disable or degrade service, or sabotage systems. Other potential attacks have attempted to obtain
unauthorized access to confidential information or destroy data, often through the introduction of computer
viruses or malware, phishing, cyberattacks, and other means. To date, none of these efforts has had a material
adverse effect on our business or operations. Such security attacks can originate from a wide variety of sources,
including persons who are involved with organized crime or who may be linked to terrorist organizations or
hostile foreign governments. Those same parties may also attempt to fraudulently induce employees, customers
or other users of our systems to disclose sensitive information in order to gain access to our data or that of our
customers or clients. Our security systems may not be able to protect our information systems from similar
attacks due to the rapid evolution and creation of sophisticated cyberattacks. We are also subject to the risk that
our employees may intercept and transmit unauthorized confidential or proprietary information. An interception,
misuse or mishandling of personal, confidential or proprietary information being sent to or received from a
customer or third party could result in legal liability, remediation costs, regulatory action, and reputational harm.
We rely on third parties to perform significant operational services for us.
Third parties perform significant operational services on our behalf. These third-party vendors are subject to
similar risks as Key relating to cybersecurity, breakdowns or failures of their own systems or employees. One or
more of our vendors may experience a cybersecurity event or operational disruption and, if any such event does
occur, it may not be adequately addressed, either operationally or financially, by the third-party vendor. Certain
of our vendors may have limited indemnification obligations or may not have the financial capacity to satisfy
their indemnification obligations. Financial or operational difficulties of a vendor could also impair our
operations if those difficulties interfere with the vendor’s ability to serve us. Additionally, some of our
outsourcing arrangements are located overseas and, therefore, are subject to risks unique to the regions in which
they operate. If a critical vendor is unable to meet our needs in a timely manner or if the services or products
provided by such a vendor are terminated or otherwise delayed and if we are not able to develop alternative
sources for these services and products quickly and cost-effectively, it could have a material adverse effect on
21