KeyBank 2015 Annual Report Download - page 34

Download and view the complete annual report

Please find page 34 of the 2015 KeyBank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 256

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256

including persons who are involved with organized crime or who may be linked to terrorist organizations or
hostile foreign governments. Those same parties may also attempt to fraudulently induce employees, customers
or other users of our systems to disclose sensitive information in order to gain access to our data or that of our
customers or clients. Our security systems may not be able to protect our information systems from similar
attacks due to the rapid evolution and creation of sophisticated cyberattacks. We are also subject to the risk that
our employees may intercept and transmit unauthorized confidential or proprietary information. An interception,
misuse or mishandling of personal, confidential or proprietary information being sent to or received from a
customer or third party could result in legal liability, remediation costs, regulatory action, and reputational harm.
We rely on third parties to perform significant operational services for us.
Third parties perform significant operational services on our behalf. These third parties are subject to similar
risks as Key relating to cybersecurity, breakdowns or failures of their own systems or employees. One or more of
these third parties may experience a cybersecurity event or operational disruption and, if any such event does
occur, it may not be adequately addressed, either operationally or financially, by such third party. Certain of
these third parties may have limited indemnification obligations or may not have the financial capacity to satisfy
their indemnification obligations. Financial or operational difficulties of a third party could also impair our
operations if those difficulties interfere with such third party’s ability to serve us. Additionally, some of our
outsourcing arrangements are located overseas and, therefore, are subject to risks unique to the regions in which
they operate. If a critical third party is unable to meet our needs in a timely manner or if the services or products
provided by such third party are terminated or otherwise delayed and if we are not able to develop alternative
sources for these services and products quickly and cost-effectively, it could have a material adverse effect on
our business. Additionally, regulatory guidance adopted by federal banking regulators related to how banks
select, engage and manage their third parties affects the circumstances and conditions under which we work with
third parties and the cost of managing such relationships.
We are subject to claims and litigation.
From time to time, customers, vendors or other parties may make claims and take legal action against us. We
maintain reserves for certain claims when deemed appropriate based upon our assessment that a loss is probable,
estimable, and consistent with applicable accounting guidance. At any given time we have a variety of legal
actions asserted against us in various stages of litigation. Resolution of a legal action can often take years.
Whether any particular claims and legal actions are founded or unfounded, if such claims and legal actions are
not resolved in our favor, they may result in significant financial liability and adversely affect how the market
perceives us and our products and services as well as impact customer demand for those products and services.
We are also involved, from time to time, in other reviews, investigations and proceedings (both formal and
informal) by governmental and self-regulatory agencies regarding our business, including, among other things,
accounting and operational matters, certain of which may result in adverse judgments, settlements, fines,
penalties, injunctions or other relief. The number and risk of these investigations and proceedings has increased
in recent years with regard to many firms in the financial services industry due to legal changes to the consumer
protection laws provided for by the Dodd-Frank Act and the creation of the CFPB.
There have also been a number of highly publicized legal claims against financial institutions involving fraud or
misconduct by employees, and we run the risk that employee misconduct could occur. It is not always possible to
deter or prevent employee misconduct, and the precautions we take to prevent and detect this activity may not be
effective in all cases.
Our controls and procedures may fail or be circumvented, and our methods of reducing risk exposure may
not be effective.
We regularly review and update our internal controls, disclosure controls and procedures, and corporate
governance policies and procedures. We also maintain an ERM program designed to identify, measure, monitor,
report and analyze our risks. Any system of controls and any system to reduce risk exposure, however well
22