ISBC 2017 Form 10-K & 2018 Proxy Statement

FORM 10-K consider, among other things, the elimination of or reduction in the amount and/or frequency of cash dividends paid on our common stock. We could be adversely affected by failure in our internal controls. We continue to devote a significant amount of effort, time and resources to continually strengthen our controls and ensure compliance with complex accounting standards and banking regulations. A failure in our internal controls could have a significant negative impact not only on our earnings, but also on the perception that customers, regulators and investors may have of us. Failures or material breaches in security of the Company’s systems and telecommunications networks, or those of a third-party service provider, may have a material adverse effect on our results of operations, financial condition and earnings. Investors Bank collects, processes and stores sensitive consumer data by utilizing computer systems and telecommunications networks operated by both the Bank and third-party service providers. Our necessary dependence upon automated systems to record and process transactions poses the risk that technical system flaws, employee errors, tampering or manipulation of those systems, or attacks by third parties will result in losses and may be difficult to detect. The Bank has security and backup recovery systems in place, as well as a business continuity plan, designed to ensure the computer systems will not be inoperable, to the extent possible. Our inability to use or access those information systems at critical points in time could unfavorably impact the timeliness and efficiency of the Bank’s business operations. Risks to our systems result from a variety of factors, including the potential for bad acts on the part of hackers, criminals, employees or others. As one example, in recent years, some banks have experience denial of service attacks in which individuals or organizations flood the bank’s website with extraordinarily high volumes of traffic, with the goal and effect of disrupting the ability of the bank to process transactions. Other businesses have been victims of ransomware attacks in which the business becomes unable to access its own information and is presented with a demand to pay a ransom in order to once again have access to its information. The Bank is also at risk from the impact of natural disasters, terrorism and international hostilities on its systems or from the effects of outages or other failures involving power or communications systems operated by others. These risks also arise from the same types of threats to businesses with which the Bank conducts business. The Bank could be adversely affected if one of its employees causes a significant operational break-down or failure, either as a result of human error or where an individual purposefully sabotages or fraudulently manipulates our operations or systems. The Bank is further exposed to the risk that its third-party service providers may be unable to fulfill their contractual obligations (or will be subject to the same risks as the Bank). These disruptions may interfere with service to our customers, cause additional regulatory scrutiny and result in a financial loss or liability. Misconduct by employees could include fraudulent, improper or unauthorized activities on behalf of clients or improper use of confidential information. The Bank may not be able to prevent employee errors or misconduct, and the precautions the Bank takes to detect this type of activity might not be effective in all cases. Employee errors or misconduct could subject the Bank to civil claims for negligence or regulatory enforcement actions, including fines and restrictions on our business. In addition, there have been instances where financial institutions have been victims of fraudulent activity in which criminals pose as customers to initiate wire and automated clearinghouse transactions out of customer accounts. The recent massive breach of the systems of a credit bureau presents additional threats as criminals now have more information about a larger portion of the population of the United States than past breaches have involved, which could be used by criminals to pose as customers initiating transfers of money from customer accounts. Although the Bank has policies and procedures in place to verify the authenticity of its customers, the Bank cannot assure that such policies and procedures will prevent all fraudulent transfers. Such activity can result in financial liability and harm to our reputation. 46