Protecting Customer Privacy & Security

Privacy and confidentiality play a critical role in building and
maintaining customer trust.

Managing Customer Privacy

Our customers trust us to safeguard the privacy of their personal and financial information at all times. PNC designs its programs to be compliant with applicable privacy laws and regulations through ongoing monitoring and frequent risk assessments.

PNC’s Privacy Office oversees compliance with privacy laws and regulations and ensures that the personal information of our customers is treated with respect and care. This includes developing and enhancing privacy policies, standards and procedures for the organization that govern the collection, use and management of personal information and also monitors and enforces that privacy requirements and standards are being addressed by the organization. The board of directors regularly reviews and approves our Enterprise Privacy Policy.

PNC requires employees to take mandatory privacy training courses at least annually. To ensure accuracy and completeness, we regularly update the privacy training content to address new privacy requirements and standards.

We track the effectiveness of our privacy program and training through regular self-evaluation and feedback from customers and external parties. The ongoing monitoring of this program allows the Privacy Office to review trends and risks, identify areas for improvement and, where necessary, implement remediation.

For more information on how we protect our customers’ data, read our Privacy Notice, which is provided to new consumers, to existing customers on an annual basis, and as otherwise required by law.

Doing Right is a Brilliant Way To Do Business

PNC’s success is dependent upon our ability to create long-term value for our stakeholders. Our steadfast focus on smart risk management and relationship-based customer service builds the foundation to engage deeply and meaningfully across our stakeholder groups.

Managing Responsibly
Delivering for our Stakeholders
Building a Sustainable Future

Prioritizing Customer Security

PNC’s cybersecurity program is designed to identify, prevent, respond to and recover from cyber threats. Program capabilities follow industry guidance and security frameworks so that threats and ultimately risks to information are addressed. The governance of the program is overseen within the organization as well as through various working groups and internal committees, including the Technology Risk and Business Committee, Independent Technology Risk Management Committee and Technology Committee of the board of directors. PNC also participates in multiple industry groups such as the Financial Services Information Sharing and Analysis Center (FS-ISAC), the National Cyber Forensics and Training Alliance (NCFTA) and the Financial Services Sector Coordinating Council (FSSCC).

In monitoring threats, PNC leverages a converged model where threats — cyber, physical, fraud and insider — are unified to provide intelligence across the bank. This model provides better awareness of threats in a real-time way that enhances our ability to protect, communicate with, and educate our customers and employees.

Security at PNC

Learn more about our security program.

PNC Security & Privacy Center

Our Security Practices

We invest time and resources to educate and empower our customers to protect themselves from fraud and scams. Our Security team partners with our lines of business to build client relationships inclusive of presentations and responses to customer security assessments.

Our cybersecurity program investments work to reduce both technology risks and human error. PNC employees complete security training as required by our policies, covering topics such as maintaining privacy and security of information, cybersecurity core concepts, and are frequently tested to ensure they can recognize and take appropriate actions against a phishing email.

Responsible AI

PNC takes a prudent, human-centric approach to artificial intelligence (AI), true to our brand and in line with our values. PNC’s Responsible AI Principles include accountability; transparency, explainability and accuracy; diversity and inclusion; fairness; reliability and security; and privacy.

Our responsibility to serve in the best interest of our customers, communities, employees and shareholders is at the front of our AI decisions. Our teams carefully evaluate the use of AI to ensure return on investment while controlling for and anticipating risks to the best of our ability. Fundamental to this is maintaining scrutiny around our data quality and model development, validation and monitoring while maintaining a human-in-the-loop approach where applicable to enable the highest level of quality control.

AI is not new, and PNC uses it responsibly for functions such as credit risk management and cybersecurity. However, advances in technologies present us with opportunities and challenges. The opportunities come with thoughtful, intentional application of well-vetted AI tools that can help PNC better serve our customers, enable our employees and manage risk. The policies and procedures that govern AI are evaluated and updated regularly given the pace of change in the environment. We closely monitor state and federal rule-making to plan for compliance with emerging laws, regulations and policies.

PNC’s Responsible AI Working Group, managed by Model Risk Management, provides periodic updates to our Operational Risk Committee. These updates promote broad understanding of PNC’s Responsible AI Principles and how our use of AI will align with evolving industry rules and regulations.


PNC’s Regulatory Change Management process assesses applicability of upcoming and finalized legislation, which includes the latest AI state proposed regulations. As the industry awaits AI-specific federal regulation, PNC is undergoing a self-assessment against the National Institute of Standards and Technology (NIST) AI requirements to identify enhancements to policy, procedures and controls. We are also engaged in several public- and private-sector efforts to define industry AI standards.

AI poses unique privacy challenges: the risk of feeding personal information into an AI system, and the risk that AI could identify or treat an individual differently based on the available information. To mitigate those risks, we review the use of personal information to ensure that it aligns with law and with PNC’s Responsible AI principles, and we monitor the results.