KeyBank 2015 Annual Report Download - page 33
Download and view the complete annual report
Please find page 33 of the 2015 KeyBank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.-
1 -
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23 -
24 -
25 -
26 -
27 -
28 -
29 -
30 -
31 -
32 -
33 -
34 -
35 -
36 -
37 -
38 -
39 -
40 -
41 -
42 -
43 -
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
 |
 |
These enforcement actions may be initiated for violations of laws and regulations, for practices determined to be
unsafe or unsound, or for practices or acts that are determined to be unfair, deceptive, or abusive.
For more information, see “Supervision and Regulation” in Item 1 of this report.
Changes in accounting policies, standards, and interpretations could materially affect how we report our
financial condition and results of operations.
The FASB and other bodies that establish accounting standards periodically change the financial accounting and
reporting standards governing the preparation of Key’s financial statements. Additionally, those bodies that
establish and/or interpret the financial accounting and reporting standards (such as the FASB, SEC, and banking
regulators) may change prior interpretations or positions on how these standards should be applied. These
changes can be difficult to predict and can materially affect how Key records and reports its financial condition
and results of operations. In some cases, Key could be required to retroactively apply a new or revised standard,
resulting in changes to previously reported financial results.
III. Operational Risk
We are subject to a variety of operational risks.
In addition to the other risks discussed in this section, we are subject to operational risk, which represents the risk
of loss resulting from human error, inadequate or failed internal processes and systems, and external events.
Operational risk includes the risk of fraud by employees, clerical and record-keeping errors, nonperformance by
vendors, threats to cybersecurity, and computer/telecommunications malfunctions. Operational risk also
encompasses compliance and legal risk, which is the risk of loss from violations of, or noncompliance with, laws,
rules, regulations, prescribed practices or ethical standards, as well as the risk of our noncompliance with
contractual and other obligations. We are also exposed to operational risk through our outsourcing arrangements,
and the effect that changes in circumstances or capabilities of our outsourcing vendors can have on our ability to
continue to perform operational functions necessary to our business, such as certain loan processing functions.
For example, breakdowns or failures of our vendors’ systems or employees could be a source of operational risk
to us. Resulting losses from operational risk could take the form of explicit charges, increased operational costs,
harm to our reputation, inability to secure insurance, litigation, regulatory intervention or sanctions or foregone
business opportunities.
Our information systems may experience an interruption or breach in security.
We rely heavily on communications, information systems (both internal and provided by third parties) and the
Internet to conduct our business. Our business is dependent on our ability to process and monitor large numbers
of daily transactions in compliance with legal, regulatory and internal standards and specifications. In addition, a
significant portion of our operations relies heavily on the secure processing, storage and transmission of personal
and confidential information, such as the personal information of our customers and clients. These risks may
increase in the future as we continue to increase mobile payments and other internet-based product offerings and
expand our internal usage of web-based products and applications.
In the event of a failure, interruption or breach of our information systems, we may be unable to avoid impact to
our customers. Other U.S. financial service institutions and companies have reported breaches, some severe, in
the security of their websites or other systems and several financial institutions, including Key, experienced
significant distributed denial-of-service attacks, some of which involved sophisticated and targeted attacks
intended to disable or degrade service, or sabotage systems. Other potential attacks have attempted to obtain
unauthorized access to confidential information or destroy data, often through the introduction of computer
viruses or malware, phishing, cyberattacks, and other means. To date, none of these efforts has had a material
adverse effect on our business or operations. Such security attacks can originate from a wide variety of sources,
21