US Bank 2013 Annual Report Download - page 53

Download and view the complete annual report

Please find page 53 of the 2013 US Bank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 163

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163

also includes the potential legal actions that could arise as a
result of an operational deficiency or as a result of
noncompliance with applicable regulatory standards,
adverse business decisions or their implementation, and
customer attrition due to potential negative publicity.
The Company operates in many different businesses in
diverse markets and relies on the ability of its employees and
systems to process a high number of transactions.
Operational risk is inherent in all business activities, and the
management of this risk is important to the achievement of
the Company’s objectives. In the event of a breakdown in the
internal control system, unauthorized access or improper
operation of systems, or improper employees’ actions, the
Company could suffer financial loss, face regulatory action
and suffer damage to its reputation.
Business lines have direct and primary responsibility
and accountability for identifying, controlling, and monitoring
operational risks embedded in their business activities.
Business managers maintain a system of controls with the
objective of providing proper transaction authorization and
execution, proper system operations, safeguarding of assets
from misuse or theft, and ensuring the reliability of financial
and other data. Business managers ensure the controls are
appropriate and are implemented as designed.
Each business line within the Company has designated risk
managers. These risk managers are responsible for, among
other things, coordinating the completion of ongoing risk
assessments and ensuring that operational risk management is
integrated into business decision-making activities. The
Company’s internal audit function validates the system of
internal controls through regular and ongoing risk-based audit
procedures and reports on the effectiveness of internal controls
to executive management and the Audit Committee of the
Board of Directors. Business managers are also required to
report on their business line’s management of operational risk.
Business managers are responsible for resolving escalated
matters, and keeping the Company’s operating, executive, and
Board committees informed of the status of such matters. In
addition, the Company’s enterprise risk management personnel
are also expected to promptly escalate known instances where
a risk limit has been exceeded.
The significant increase in regulation and regulatory
oversight initiatives over the past several years has
substantially increased the importance of the Company’s risk
management personnel and activities. For example, the
Consumer Financial Protection Bureau (“CFPB”) has authority
to prescribe rules, or issue orders or guidelines pursuant to
any federal consumer financial law. The CFPB regulates and
examines the Company, its banks and other subsidiaries with
respect to matters that relate to these laws and consumer
financial services and products. The CFPB’s rulemaking,
examination and enforcement authority increases enforcement
risk in this area including the potential for fines and penalties.
Refer to “Supervision and Regulation” in the Company’s
Annual Report on Form 10-K for further discussion of the
regulatory framework applicable to bank holding companies
and their subsidiaries, and the substantial changes to that
regulation.
Customer-related business conditions may also increase
operational risk, or the level of operational losses in certain
transaction processing business units, including merchant
processing activities. Ongoing risk monitoring of customer
activities and their financial condition and operational
processes serve to mitigate customer-related operational risk.
Refer to Note 22 of the Notes to Consolidated Financial
Statements for further discussion on merchant processing.
Business continuation and disaster recovery planning is also
critical to effectively managing operational risks. Each
business unit of the Company is required to develop, maintain
and test these plans at least annually to ensure that recovery
activities, if needed, can support mission critical functions,
including technology, networks and data centers supporting
customer applications and business operations.
While the Company believes it has designed effective
methods to minimize operational risks, there is no absolute
assurance that business disruption or operational losses
would not occur in the event of a disaster. On an ongoing
basis, management makes process changes and
investments to enhance its systems of internal controls and
business continuity and disaster recovery plans.
In the past, the Company has experienced attack
attempts on its computer systems including various denial-of-
service attacks on customer-facing websites. The Company
has not experienced any material losses relating to these
attempts, as a result of its controls, processes and systems to
protect its networks, computers, software and data from
attack, damage or unauthorized access. However, attack
attempts on the Company’s computer systems are increasing
and the Company continues to develop and enhance its
controls and processes to protect against these attempts.
Interest Rate Risk Management In the banking industry,
changes in interest rates are a significant risk that can impact
earnings, market valuations and safety and soundness of an
entity. To minimize the volatility of net interest income and the
market value of assets and liabilities, the Company manages
its exposure to changes in interest rates through asset and
liability management activities within guidelines established by
its Asset Liability Committee (“ALCO”) and approved by the
Board of Directors. The ALCO has the responsibility for
approving and ensuring compliance with the ALCO
management policies, including interest rate risk exposure.
The Company uses net interest income simulation analysis
and market value of equity modeling for measuring and
analyzing consolidated interest rate risk.
U.S. BANCORP 51