Testimony of Governor Mark W. Olson
Protecting the financial infrastructure
Before the Committee on Financial Services, U.S. House of Representatives
September 8, 2004
Although the financial sector has years of experience dealing with operational disruptions caused by weather, power, and other critical infrastructure outages, the September 11 attacks had a profound effect on how the industry thinks about physical and cyber security as well as business-continuity planning. After the crisis subsided, sector participants, including the Federal Reserve, reflected on lessons learned and how they should be incorporated into daily business processes and business-resumption planning.
My remarks today will highlight the actions the Federal Reserve took on September 11 and immediately following to maintain confidence in and restore the operation of our financial system. I will also focus on numerous steps that we and the other financial regulators have taken since September 11 to improve the resilience of--and to protect--the financial infrastructure.
Response to September 11
The Federal Reserve accommodated the demand for reserves through a variety of means, the relative importance of which shifted through the week. On Tuesday morning, shortly after the attacks, the Federal Reserve issued a press release stating that "the discount window is available to meet liquidity needs," thus reassuring financial markets that the Federal Reserve System was functioning normally. Borrowing by depository institutions surged to a record $45.5 billion by Wednesday. Federal Reserve discount loans to banks to meet liquidity needs dropped off sharply on Thursday and returned to lower levels by Friday. Separately, overnight overdrafts on Tuesday and Wednesday rose to several billion dollars, as a handful of depository and other institutions with accounts at the Federal Reserve were forced into overdraft positions on their reserve accounts. Overdrafts returned to negligible levels by the end of the week.
Like their U.S. counterparts, foreign financial institutions operating in the United States faced elevated dollar liquidity needs. In some cases, however, these institutions encountered difficulties positioning the collateral at their U.S. branches to secure Federal Reserve discount window credit. To be in a position to help meet the enhanced need for funds, three foreign central banks established new or expanded arrangements with the Federal Reserve to receive U.S. dollars in exchange for their respective currencies. These swap lines, which lasted for thirty days, consisted of $50 billion for the European Central Bank, $30 billion for the Bank of England, and an increase of $8 billion (from $2 billion to $10 billion) for the Bank of Canada. The European Central Bank drew on its line that week to channel funds to institutions with a need for dollars.
During that week, the disruption in air traffic caused the Federal Reserve to extend record levels of credit to depository institutions in the form of check float. Float increased dramatically because the Federal Reserve continued to credit the accounts of banks for the checks they deposited, even though the grounding of airplanes meant that checks normally shipped by air could not be presented to the checkwriters' banks on the usual schedule. Float declined to normal levels the following week once air traffic was permitted to recommence. Finally, over the course of the week, as the market for reserves began to function more normally, the Federal Reserve resumed the use of open market operations to provide the bulk of reserves. The open market desk accommodated all propositions for funding through repurchase agreements down to the target federal funds rate, operating exclusively through overnight transactions for several days. The injection of reserves through open market operations peaked at $81 billion on Friday. The combined infusion of liquidity from the various sources caused the level of reserve balances at Federal Reserve Banks to rise to more than $100 billion on Wednesday, September 12--about ten times the normal level.
In addition to accommodating the heightened demand for reserves, the Federal Reserve took several steps to facilitate market functioning in the wake of the September 11 attacks. For example, the hours of the funds and securities transfer systems for U.S. government and agency securities operated by the Federal Reserve were significantly extended during the week after the attacks. From September 11 through the 21st, the Federal Reserve reduced or eliminated the penalty charged on overnight overdrafts, largely because those overdrafts were almost entirely the result of extraordinary developments beyond the control of the account holders. For four weeks after the attacks, the Federal Reserve Bank of New York liberalized the terms under which it would lend securities from the System portfolio, and the amount of securities lent rose to record levels in the second half of September. The Federal Reserve working with the National Communications System (NCS) also assisted market participants in restoring their telecommunications services.
The markets and financial market authorities worked hard to restore operations, and market activity resumed relatively quickly after the attacks. By the week following September 11, the financial system had largely begun to function normally, although activities to address the aftermath of the attacks continued for some time.
Steps Taken Since September 11 to Protect the Financial Infrastructure
Some of the key steps the Federal Reserve has taken to improve our infrastructure and the delivery of critical central-bank and financial services include the following:
The federal financial agencies took immediate steps to work together to identify new vulnerabilities exposed by September 11. These efforts were coordinated under the umbrella of the President's Working Group on Financial Markets, the Financial and Banking Infrastructure Information Committee (FBIIC), and, for depository institutions more specifically, the Federal Financial Institutions Examination Council (FFIEC). The agencies have implemented a duty officer program and developed communications protocols for dealing with their staffs, regulated financial institutions, and the public. We have also developed and tested facilities for secure communication among ourselves and with other agencies.
The agencies that participate in FBIIC, including the Federal Reserve, and that have direct supervisory and regulatory responsibilities for the financial sector have assessed potential system vulnerabilities. We have shared that information with the Department of Homeland Security (DHS). Indeed, I would like to commend the DHS for their work to share information and coordinate with the financial sector including the FBIIC during the recent elevation of the threat level to orange for financial services firms in New York City, northern New Jersey, and Washington, D.C. The timely communications and sharing of information enabled financial-sector participants and law enforcement authorities to take steps to mitigate risks so that customers of financial services firms were able to conduct business in the usual fashion. Financial-sector participants, including the financial regulators, strengthened business-resumption plans with an overall goal of ensuring the smooth operation of the financial system. Previously, terrorist attacks were treated as low-probability/high-impact events affecting a single institution. As a result of September 11, industry participants are now planning for events that affect wide areas, last longer, and involve loss of life or widespread destruction of property and information assets.
The process of strengthening the resilience of the financial system and, in particular, organizations that could have a systemic effect if they were disabled, is being accomplished through the existing regulatory framework. More than a year ago, in April 2003, the Federal Reserve, the Office of the Comptroller of the Currency (OCC), and the Securities and Exchange Commission (SEC) issued an Interagency Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System. The paper formalizes a set of sound practices viewed as necessary by the agencies and the financial industry to ensure the rapid recovery of the U.S. financial system following a wide-scale disruption that may include loss or inaccessibility of staff. In particular, the paper articulates sound practices for resumption and recovery of critical clearing and settlement activities by core clearing and settlement organizations and financial institutions that play significant roles in critical markets by virtue of their market share (greater than five percent in one or more critical financial markets). The sound practices include establishing geographically dispersed backup facilities for clearing and settlement so that these organizations can meet recovery objectives within the business day if a wide-scale disruption takes place.
Using their respective supervisory and regulatory processes, the agencies are conducting focused, ongoing dialogues with the organizations that are subject to the sound practices paper. Financial organizations are investing millions of dollars to implement the sound practices. Clearing and settlement organizations, which are the financial utilities for the U.S. financial system, have made substantial progress in improving their resilience and achieving out-of-region geographic dispersion between primary and backup operations facilities and data centers. Several have met or will meet the sound practices by year-end, with the remainder scheduled to complete implementation in the second half of 2005. Banks and broker-dealers that play significant roles in the critical markets defined in the paper indicate they will meet the paper's 2006 implementation date.
The sound practices are also relevant to other financial-sector participants. Many of the concepts in the paper amplify long-standing and well-recognized principles relating to safeguarding information and the ability to recover and resume essential financial services. Over the past few years, the FFIEC has revised and expanded guidance for banking organizations pertaining to operational risk. In December 2002, we issued revised guidance on information security. In April 2003, the FFIEC issued expanded guidance on business-continuity planning. The guidance addresses both the operational- and business-risk issues that depository institutions must incorporate into their business-continuity plans. The guidance specifically refers to the need to plan and test for recovery of critical business lines and functions--such as retail banking services--in the face of wide-scale disruption, as well as scenarios in which physical or information assets and personnel are lost. Recently, the FFIEC issued guidance on managing additional risks arising from information technology operations, network management, and wholesale and retail payments systems. Our examiners are assessing banks against these guidelines. Other financial market authorities are taking similar steps for the organizations that they regulate.
Challenge of Protection
The agencies are addressing this concern by working to improve coordination and emergency planning efforts between federal, state, and local homeland security authorities; the various federal, state, and local protection agencies; and the systemically critical institutions. Efforts have focused on the locations where the systemically critical institutions have their primary operations--including New York City. The agencies also plan to work with local protection agencies in cities where critical institutions are locating backup sites. As part of these efforts, the Department of the Treasury has arranged for site surveys of key financial-services sector assets to determine whether physical security can be hardened. Protection plans have been developed and are being implemented.
Importance of Telecommunications to the Financial Services Sector
Following September 11, the Federal Reserve and the FBIIC agencies expanded and promoted the use of National Security/Emergency Preparedness (NS/EP) telecommunications programs sponsored by NCS. These programs worked well in helping to resume operations on September 11. The Federal Reserve is working with FBIIC agencies through outreach to expand NCS services to clearing and settlement organizations processing securities. Approximately 5,000 additional authorizations to ensure the priority of voice telecommunications have been issued in the financial sector. Moreover, about 4,100 critical circuits used to transmit financial data have been registered for priority restoration and provisioning of new lines; these include most circuits between the payment and settlement systems, the markets, and key market participants.
The National Security/Emergency Preparedness telecommunications program operated by the NCS currently focuses on recovery and restoration. The FBIIC agencies believe that a third aspect--protection--through establishment of a national program for maintaining physically diverse circuits and switches, should be incorporated into the program. Treasury has designated the Federal Reserve as the lead agency for telecommunications for the FBIIC interdependencies study. At the Federal Reserve's request, the telecommunications sector through the National Security Telecommunications Advisory Committee (NSTAC) reviewed the resilience of the telecommunications infrastructure. In response to the NSTAC's recommendations that were submitted to the President in April 2004, the Alliance for Telecommunications Industry Solutions (ATIS) is organizing a National Diversity Assurance Initiative. ATIS has asked the Federal Reserve to participate in a pilot program to develop and test the requirements for physical circuit diversity across multiple carriers that can be used by the financial system and potentially other critical sectors. The Federal Reserve is collaborating with telecommunications services providers through NSTAC and the Federal Communications Commission Network Reliability and Interoperability Council. As an example, the Federal Reserve is currently working with the NSTAC to plan how NS/EP telecommunications services can be applied to the next generation of telecommunications networks based on internet protocols.
Thank you Mr. Chairman and members of the Committee. I am happy to respond to any questions.
Home | News and events
Accessibility | Contact Us
Last update: September 8, 2004, 10:00 AM