Morgan Stanley 2014 Annual Report Download - page 31

Download and view the complete annual report

Please find page 31 of the 2014 Morgan Stanley annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 327

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327

Although we devote significant resources to maintaining and upgrading our systems and networks with measures
such as intrusion and detection prevention systems, monitoring firewalls to safeguard critical business
applications, and supervising third party providers that have access to our systems, there is no guarantee that
these measures or any other measures can provide absolute security. The increased use of smartphones, tablets
and other mobile devices as well as cloud computing may also heighten these and other operational risks. Like
other financial services firms, we and our third party providers continue to be the subject of attempted
unauthorized access, mishandling or misuse of information, computer viruses or malware, cyber attacks designed
to obtain confidential information, destroy data, disrupt or degrade service, sabotage systems or cause other
damage, denial of service attacks and other events. These threats may derive from human error, fraud or malice
on the part of our employees or third parties, including third party providers, or may result from accidental
technological failure. Additional challenges are posed by external extremist parties, including foreign state
actors, in some circumstances as a means to promote political ends. Any of these parties may also attempt to
fraudulently induce employees, customers, clients, third parties or other users of our systems to disclose sensitive
information in order to gain access to our data or that of our customers or clients. There can be no assurance that
such unauthorized access or cyber incidents will not occur in the future, and they could occur more frequently
and on a more significant scale.
If one or more of these events occur, it could result in a security impact on our systems and jeopardize our or our
clients’, partners’ or counterparties’ personal, confidential, proprietary or other information processed and stored
in, and transmitted through, our and our third party providers’ computer systems. Furthermore, such events could
cause interruptions or malfunctions in our, our clients’, partners’, counterparties’ or third parties’ operations,
which could result in reputational damage with our clients and the market, client dissatisfaction, additional costs
to us (such as repairing systems or adding new personnel or protection technologies), regulatory investigations,
litigation or enforcement or regulatory fines or penalties, all or any of which could adversely affect our business,
financial condition or results of operations.
Given our global footprint and the high volume of transactions we process, the large number of clients, partners
and counterparties with which we do business, and the increasing sophistication of cyber attacks, a cyber attack
could occur without detection for an extended period of time. In addition, we expect that any investigation of a
cyber attack will be inherently unpredictable and it may take time before any investigation is complete and full
and reliable information is available. During such time we may not know the extent of the harm or how best to
remediate it and certain errors or actions may be repeated or compounded before they are discovered and
rectified, all or any of which would further increase the costs and consequences of a cyber attack.
While many of our agreements with partners and third party vendors include indemnification provisions, we may
not be able to recover sufficiently, or at all, under such provisions to adequately offset any losses. In addition,
although we maintain insurance coverage that may, subject to policy terms and conditions, cover certain aspects
of cyber risks, such insurance coverage may be insufficient to cover all losses.
Liquidity and Funding Risk.
Liquidity and funding risk refers to the risk that we will be unable to finance our operations due to a loss of
access to the capital markets or difficulty in liquidating our assets. Liquidity and funding risk also encompasses
our ability to meet our financial obligations without experiencing significant business disruption or reputational
damage that may threaten our viability as a going concern. For more information on how we monitor and manage
liquidity and funding risk, see “Management’s Discussion and Analysis of Financial Condition and Results of
Operations—Liquidity and Capital Resources” in Part II, Item 7.
Liquidity is essential to our businesses and we rely on external sources to finance a significant portion of our
operations.
Liquidity is essential to our businesses. Our liquidity could be negatively affected by our inability to raise
funding in the long-term or short-term debt capital markets or our inability to access the secured lending markets.
27