US Bank 2014 Annual Report Download - page 163

Download and view the complete annual report

Please find page 163 of the 2014 US Bank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 173

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173

systems inaccessible to customers for extended periods.
These “denial-of-service” attacks have not breached the
Company’s data security systems, but require substantial
resources to defend, and may affect customer satisfaction
and behavior. Furthermore, even if not directed at the
Company, attacks on financial or other institutions important
to the overall functioning of the financial system could
adversely affect, directly or indirectly, aspects of the
Company’s businesses.
Third parties with which the Company does business or
that facilitate its business activities, including exchanges,
clearinghouses, payment and ATM networks, financial
intermediaries or vendors that provide services or technology
solutions for the Company’s operations, could also be
sources of operational and security risks to the Company,
including with respect to breakdowns or failures of their
systems, misconduct by their employees or cyber attacks
that could affect their ability to deliver a product or service to
the Company or result in lost or compromised information of
the Company or its customers.
It is possible that the Company may not be able to
anticipate or to implement effective preventive measures
against all security breaches of these types, especially
because the techniques used change frequently, generally
increase in sophistication, often are not recognized until
launched, and because security attacks can originate from a
wide variety of sources, including organized crime, hackers,
terrorists, activists, and other external parties, including
parties sponsored by hostile foreign governments. Those
parties may also attempt to fraudulently induce employees,
customers or other users of the Company’s systems to
disclose sensitive information in order to gain access to the
Companysdataorthatofitscustomersorclients,suchas
through “phishing” schemes. These risks may increase in the
future as the Company continues to increase its mobile
payments and other internet-based product offerings and
expands its internal usage of web-based products and
applications. In addition, the Company’s customers often use
their own devices, such as computers, smart phones and
tablets, to make payments and manage their accounts. The
Company has limited ability to assure the safety and security
of its customers’ transactions with the Company to the
extent they are using their own devices, which could be
subject to similar threats.
If the Company’s security systems were penetrated or
circumvented, or if an authorized user intentionally or
unintentionally removed, lost or destroyed operations data, it
could cause serious negative consequences for the
Company, including significant disruption of the Company’s
operations, misappropriation of confidential information of
the Company or that of its customers, or damage to
computers or systems of the Company or those of its
customers and counterparties. These consequences could
result in violations of applicable privacy and other laws;
financial loss to the Company or to its customers; loss of
confidence in the Company’s security measures; customer
dissatisfaction; significant litigation exposure; regulatory
fines, penalties or intervention; reimbursement or other
compensatory costs; additional compliance costs; and harm
to the Company’s reputation, all of which could adversely
affect the Company.
The Company relies on its employees, systems and third
party vendors to conduct its business, and certain failures
could adversely affect its operations The Company
operates in many different businesses in diverse markets
and relies on the ability of its employees and systems to
process a high number of transactions. The Company incurs
risks for potential losses resulting from its operations,
including, but not limited to, the risk of fraud by employees or
persons outside of the Company, unauthorized access to its
computer systems, the execution of unauthorized
transactions by employees, errors relating to transaction
processing and technology, breaches of the internal control
system and compliance requirements and business
continuation and disaster recovery. This risk of loss also
includes the potential legal actions, fines or civil money
penalties that could arise as a result of an operational
deficiency or as a result of noncompliance with applicable
regulatory standards, adverse business decisions or their
implementation, and customer attrition due to potential
negative publicity.
Third party vendors provide key components of the
Company’s business infrastructure, such as internet
connections, network access and mutual fund distribution.
While the Company has selected these third party vendors
carefully, it does not control their actions. Any problems
caused by third parties, including as a result of their not
providing the Company their services for any reason or their
performing their services poorly, could adversely affect the
Company’s ability to deliver products and services to the
Company’s customers and otherwise to conduct its business.
Replacing third party vendors could also entail significant
delay and expense. In addition, failure of third party vendors
to handle current or higher volumes of use could adversely
affect the Company’s ability to deliver products and services
to clients and otherwise to conduct business. Technological
or financial difficulties of a third party service provider could
adversely affect the Company’s businesses to the extent
those difficulties result in the interruption or discontinuation
of services provided by that party.
U.S. BANCORP The power of potential
161