CORRESP 1 filename1.htm

 

July 27, 2012

 

VIA EDGAR

 

Mr. Christian Windsor

Special Counsel

U.S. Securities and Exchange Commission

Division of Corporation Finance

100 F Street, N.E.

Washington, D.C. 20549

 

Re:

City National Corporation

 

Form 10-K for Fiscal Year Ended December 31, 2011

 

Filed February 28, 2012

 

Form 10-Q for the Period Ending March 31, 2012

 

Filed May 9, 2012

 

File Number 1-10521

 

Dear Mr. Windsor:

 

On behalf of City National Corporation (the “Company”), this letter is in response to the comment letter dated July 12, 2012, from Mr. Windsor to Mr. Carey with respect to the Company’s Annual Report on Form 10-K for the year ended December 31, 2011 and Form 10-Q for the period ended March 31, 2012. The text of your letter has been included for your reference and the Company’s response is presented below the comment.

 

Form 10-K

 

Disruption of our information systems and security breaches could adversely affect our business and reputation, page 20

 

1.            In your response to prior comment 1, you indicate that you have experienced various attacks, but that your policies, testing and information security resources have been sufficient to avoid any significant compromises of your data systems.  In your future filings, starting with your next 10-Q, please disclose that you have experienced attacks to place the risk of cyber security breaches in context for your investors.  You may include language, similar to your response that describes the low historical impact of these attacks.

 

Proposed revised disclosure to be included in the Form 10-Q for the period ending June 30, 2012:

 

In the ordinary course of business, the Company relies on electronic communications and information systems to conduct our businesses and to store sensitive data, including financial information regarding our customers. The Company employs an in-depth defense approach that leverages people, processes and technology to manage and maintain cyber security controls. The Company has an experienced team of Information Security professionals, the latest automated tools, and Board-approved policies, to secure our digital environment. The Company employs a variety of preventative and detective tools to monitor, block, and alert on any suspicious activity, as well as to report on any

 


 

July 27, 2012

Page Two

 

 

suspected advanced persistent threats. The Company has not experienced any significant compromises due to cyber security attacks. There have been no security breaches of its systems, no virus outbreaks, no compromise of data, and no material financial losses related to cyber attacks. Although rogue viruses on occasion do penetrate the external automated tools, they have been caught timely by internal filters. The historical impact of such attacks on the Company’s operations, expenses and risks has been very low, with no incidents experienced in recent years that pose any significant risks to the integrity of confidential company or client information. Although to date we have not experienced material financial losses related to these risks, there can be no assurance that the Company will not suffer such losses in the future. Any such losses can adversely affect our financial condition or results of operations, and could expose the Company to reputation risk, the loss of client business, as well as additional regulatory scrutiny, possible litigation, and related financial liability. These risks also include possible business interruption. Cyber security risks may also occur with the Company’s third party technology service providers, and may interfere with their ability to fulfill their contractual obligations to the Company, with attendant potential for financial loss or liability that could adversely affect the Company’s financial condition or results of operations.  Risks and exposures related to cyber security attacks are expected to remain high for the foreseeable future due to the rapidly evolving nature and sophistication of these threats, as well as due to the expanding use of Internet banking, mobile banking and other technology-based products and services by the Company and our clients.

 

We acknowledge that:

·

the Company is responsible for the adequacy and accuracy of the disclosure in the filing;

·

staff comments or changes to disclosure in response to staff comments do not foreclose the Commission from taking any action with respect to the filing; and

·

the Company may not assert staff comments as a defense in any proceeding initiated by the Commission or any person under the federal securities laws of the United States.

 

If you have any questions or comments concerning the responses contained in this letter, please do not hesitate to contact the undersigned at (310) 888-6777.

 

Very truly yours,

 

/s/ Christopher J. Carey

 

Christopher J. Carey

Executive Vice President

Chief Financial Officer

 

cc:

Russell Goldsmith

 

President and Chief Executive Officer

 

 

 

Michael B. Cahill

 

Executive Vice President

 

General Counsel & Secretary

 

 

 

Olga Tsokova

 

Senior Vice President

 

Chief Accounting Officer