View original document

The full text on this page is automatically extracted from the file linked above and may contain errors and inconsistencies.

Protecting the financial infrastructure
Before the Committee on Financial Services, U.S. House of Representatives
September 8, 2004
Thank you Chairman Oxley and Ranking Member Frank, for inviting me to discuss a matter
of significant importance to our country: protecting our financial infrastructure. As we
approach September 11, I would like to take a moment to honor the memory of those who
lost their lives and to honor those who supported one another on September 11, 2001.
Although the financial sector has years of experience dealing with operational disruptions
caused by weather, power, and other critical infrastructure outages, the September 11
attacks had a profound effect on how the industry thinks about physical and cyber security
as well as business-continuity planning. After the crisis subsided, sector participants,
including the Federal Reserve, reflected on lessons learned and how they should be
incorporated into daily business processes and business-resumption planning.
My remarks today will highlight the actions the Federal Reserve took on September 11 and
immediately following to maintain confidence in and restore the operation of our financial
system. I will also focus on numerous steps that we and the other financial regulators have
taken since September 11 to improve the resilience of--and to protect--the financial
Response to September 11
On Tuesday, September 11, terrorists destroyed a portion of the critical infrastructure that
supports the U.S. financial markets, disrupted communications networks, and forced
numerous market participants to move to contingency sites. These challenges, along with the
tragic loss of employees of a few major financial firms, complicated trading, clearing, and
settlement of a number of financial instruments. Operational disruptions caused uncertainties
about payment flows, making it difficult for the reserve market to channel funds to where
they were needed most. Depository institutions that held more reserve balances than they
preferred had difficulty placing and delivering the excess in the market; on the other hand,
depository institutions awaiting funds had to scramble to cover overdraft positions. As a
result, market participants experienced significant liquidity dislocations, and the demand for
reserves grew rapidly.
The Federal Reserve accommodated the demand for reserves through a variety of means,
the relative importance of which shifted through the week. On Tuesday morning, shortly
after the attacks, the Federal Reserve issued a press release stating that "the discount
window is available to meet liquidity needs," thus reassuring financial markets that the
Federal Reserve System was functioning normally. Borrowing by depository institutions
surged to a record $45.5 billion by Wednesday. Federal Reserve discount loans to banks to
meet liquidity needs dropped off sharply on Thursday and returned to lower levels by Friday.
Separately, overnight overdrafts on Tuesday and Wednesday rose to several billion dollars,
as a handful of depository and other institutions with accounts at the Federal Reserve were

forced into overdraft positions on their reserve accounts. Overdrafts returned to negligible
levels by the end of the week.
Like their U.S. counterparts, foreign financial institutions operating in the United States
faced elevated dollar liquidity needs. In some cases, however, these institutions encountered
difficulties positioning the collateral at their U.S. branches to secure Federal Reserve
discount window credit. To be in a position to help meet the enhanced need for funds, three
foreign central banks established new or expanded arrangements with the Federal Reserve to
receive U.S. dollars in exchange for their respective currencies. These swap lines, which
lasted for thirty days, consisted of $50 billion for the European Central Bank, $30 billion for
the Bank of England, and an increase of $8 billion (from $2 billion to $10 billion) for the
Bank of Canada. The European Central Bank drew on its line that week to channel funds to
institutions with a need for dollars.
During that week, the disruption in air traffic caused the Federal Reserve to extend record
levels of credit to depository institutions in the form of check float. Float increased
dramatically because the Federal Reserve continued to credit the accounts of banks for the
checks they deposited, even though the grounding of airplanes meant that checks normally
shipped by air could not be presented to the checkwriters' banks on the usual schedule. Float
declined to normal levels the following week once air traffic was permitted to recommence.
Finally, over the course of the week, as the market for reserves began to function more
normally, the Federal Reserve resumed the use of open market operations to provide the
bulk of reserves. The open market desk accommodated all propositions for funding through
repurchase agreements down to the target federal funds rate, operating exclusively through
overnight transactions for several days. The injection of reserves through open market
operations peaked at $81 billion on Friday. The combined infusion of liquidity from the
various sources caused the level of reserve balances at Federal Reserve Banks to rise to
more than $100 billion on Wednesday, September 12--about ten times the normal level.
In addition to accommodating the heightened demand for reserves, the Federal Reserve took
several steps to facilitate market functioning in the wake of the September 11 attacks. For
example, the hours of the funds and securities transfer systems for U.S. government and
agency securities operated by the Federal Reserve were significantly extended during the
week after the attacks. From September 11 through the 21st, the Federal Reserve reduced or
eliminated the penalty charged on overnight overdrafts, largely because those overdrafts
were almost entirely the result of extraordinary developments beyond the control of the
account holders. For four weeks after the attacks, the Federal Reserve Bank of New York
liberalized the terms under which it would lend securities from the System portfolio, and the
amount of securities lent rose to record levels in the second half of September. The Federal
Reserve working with the National Communications System (NCS) also assisted market
participants in restoring their telecommunications services.
The markets and financial market authorities worked hard to restore operations, and market
activity resumed relatively quickly after the attacks. By the week following September 11,
the financial system had largely begun to function normally, although activities to address
the aftermath of the attacks continued for some time.
Steps Taken Since September 11 to Protect the Financial Infrastructure
Within weeks of September 11, we initiated a self-assessment of our contingency
arrangements across the Federal Reserve and embarked on forty initiatives, which we
classified under five broad headings:

Ensure continuity of Federal Reserve operations.
Ensure market liquidity during a crisis.
Ensure effective communications and coordination during a crisis.
Improve resilience of the private-sector financial system infrastructure.
Improve resilience of the telecommunications infrastructure supporting critical
financial services.
Some of the key steps the Federal Reserve has taken to improve our infrastructure and the
delivery of critical central-bank and financial services include the following:
We have developed plans to ensure that critical central-bank activities, supervisory
functions, and financial services operations have sufficient redundancy in facilities
and staff. We have enhanced and tested business-continuity arrangements for critical
functions and business lines.
Our facilities for providing critical financial services are backed up at fully
operational, geographically diverse sites to ensure a speedy recovery even if the
critical infrastructure is disrupted across multistate areas.
We have enhanced our resiliency for discount window lending and cash services
provided by the Reserve Banks.
We have improved our tools and authority to provide liquidity in a crisis. In 2003, the
Board established the primary credit program, as well as special arrangements for
rapidly reducing the primary credit rate to the federal funds rate in an emergency. We
also have improved the ability of the Board to approve the extension of emergency
discount window credit.
The federal financial agencies took immediate steps to work together to identify new
vulnerabilities exposed by September 11. These efforts were coordinated under the umbrella
of the President's Working Group on Financial Markets, the Financial and Banking
Infrastructure Information Committee (FBIIC), and, for depository institutions more
specifically, the Federal Financial Institutions Examination Council (FFIEC). The agencies
have implemented a duty officer program and developed communications protocols for
dealing with their staffs, regulated financial institutions, and the public. We have also
developed and tested facilities for secure communication among ourselves and with other
The agencies that participate in FBIIC, including the Federal Reserve, and that have direct
supervisory and regulatory responsibilities for the financial sector have assessed potential
system vulnerabilities. We have shared that information with the Department of Homeland
Security (DHS). Indeed, I would like to commend the DHS for their work to share
information and coordinate with the financial sector including the FBIIC during the recent
elevation of the threat level to orange for financial services firms in New York City, northern
New Jersey, and Washington, D.C. The timely communications and sharing of information
enabled financial-sector participants and law enforcement authorities to take steps to
mitigate risks so that customers of financial services firms were able to conduct business in
the usual fashion. Financial-sector participants, including the financial regulators,
strengthened business-resumption plans with an overall goal of ensuring the smooth
operation of the financial system. Previously, terrorist attacks were treated as
low-probability/high-impact events affecting a single institution. As a result of September 11,
industry participants are now planning for events that affect wide areas, last longer, and
involve loss of life or widespread destruction of property and information assets.

The process of strengthening the resilience of the financial system and, in particular,
organizations that could have a systemic effect if they were disabled, is being accomplished
through the existing regulatory framework. More than a year ago, in April 2003, the Federal
Reserve, the Office of the Comptroller of the Currency (OCC), and the Securities and
Exchange Commission (SEC) issued an Interagency Paper on Sound Practices to
Strengthen the Resilience of the U.S. Financial System. The paper formalizes a set of sound
practices viewed as necessary by the agencies and the financial industry to ensure the rapid
recovery of the U.S. financial system following a wide-scale disruption that may include loss
or inaccessibility of staff. In particular, the paper articulates sound practices for resumption
and recovery of critical clearing and settlement activities by core clearing and settlement
organizations and financial institutions that play significant roles in critical markets by virtue
of their market share (greater than five percent in one or more critical financial markets).
The sound practices include establishing geographically dispersed backup facilities for
clearing and settlement so that these organizations can meet recovery objectives within the
business day if a wide-scale disruption takes place.
Using their respective supervisory and regulatory processes, the agencies are conducting
focused, ongoing dialogues with the organizations that are subject to the sound practices
paper. Financial organizations are investing millions of dollars to implement the sound
practices. Clearing and settlement organizations, which are the financial utilities for the U.S.
financial system, have made substantial progress in improving their resilience and achieving
out-of-region geographic dispersion between primary and backup operations facilities and
data centers. Several have met or will meet the sound practices by year-end, with the
remainder scheduled to complete implementation in the second half of 2005. Banks and
broker-dealers that play significant roles in the critical markets defined in the paper indicate
they will meet the paper's 2006 implementation date.
The sound practices are also relevant to other financial-sector participants. Many of the
concepts in the paper amplify long-standing and well-recognized principles relating to
safeguarding information and the ability to recover and resume essential financial services.
Over the past few years, the FFIEC has revised and expanded guidance for banking
organizations pertaining to operational risk. In December 2002, we issued revised guidance
on information security. In April 2003, the FFIEC issued expanded guidance on businesscontinuity planning. The guidance addresses both the operational- and business-risk issues
that depository institutions must incorporate into their business-continuity plans. The
guidance specifically refers to the need to plan and test for recovery of critical business lines
and functions--such as retail banking services--in the face of wide-scale disruption, as well
as scenarios in which physical or information assets and personnel are lost. Recently, the
FFIEC issued guidance on managing additional risks arising from information technology
operations, network management, and wholesale and retail payments systems. Our
examiners are assessing banks against these guidelines. Other financial market authorities
are taking similar steps for the organizations that they regulate.
Challenge of Protection
While the agencies and financial-sector participants are working to improve their operational
resilience, some vulnerabilities continue to pose challenges. The strategy underlying the
sound practices is to increase the likelihood that systemically critical institutions will be able
to recover rapidly from a wide-scale disruption. However, the sound practices address only
recovery, not the prevention of an attack.

The agencies are addressing this concern by working to improve coordination and
emergency planning efforts between federal, state, and local homeland security authorities;
the various federal, state, and local protection agencies; and the systemically critical
institutions. Efforts have focused on the locations where the systemically critical institutions
have their primary operations--including New York City. The agencies also plan to work
with local protection agencies in cities where critical institutions are locating backup sites.
As part of these efforts, the Department of the Treasury has arranged for site surveys of key
financial-services sector assets to determine whether physical security can be hardened.
Protection plans have been developed and are being implemented.
Importance of Telecommunications to the Financial Services Sector
The resilience of the telecommunications infrastructure is, from our perspective, one of the
most important national issues involving the nation's critical infrastructure. The U.S.
financial system depends on telecommunications to effect transactions and make payments.
Following September 11, the Federal Reserve and the FBIIC agencies expanded and
promoted the use of National Security/Emergency Preparedness (NS/EP)
telecommunications programs sponsored by NCS. These programs worked well in helping to
resume operations on September 11. The Federal Reserve is working with FBIIC agencies
through outreach to expand NCS services to clearing and settlement organizations
processing securities. Approximately 5,000 additional authorizations to ensure the priority of
voice telecommunications have been issued in the financial sector. Moreover, about 4,100
critical circuits used to transmit financial data have been registered for priority restoration
and provisioning of new lines; these include most circuits between the payment and
settlement systems, the markets, and key market participants.
The National Security/Emergency Preparedness telecommunications program operated by
the NCS currently focuses on recovery and restoration. The FBIIC agencies believe that a
third aspect--protection--through establishment of a national program for maintaining
physically diverse circuits and switches, should be incorporated into the program. Treasury
has designated the Federal Reserve as the lead agency for telecommunications for the FBIIC
interdependencies study. At the Federal Reserve's request, the telecommunications sector
through the National Security Telecommunications Advisory Committee (NSTAC) reviewed
the resilience of the telecommunications infrastructure. In response to the NSTAC's
recommendations that were submitted to the President in April 2004, the Alliance for
Telecommunications Industry Solutions (ATIS) is organizing a National Diversity Assurance
Initiative. ATIS has asked the Federal Reserve to participate in a pilot program to develop
and test the requirements for physical circuit diversity across multiple carriers that can be
used by the financial system and potentially other critical sectors. The Federal Reserve is
collaborating with telecommunications services providers through NSTAC and the Federal
Communications Commission Network Reliability and Interoperability Council. As an
example, the Federal Reserve is currently working with the NSTAC to plan how NS/EP
telecommunications services can be applied to the next generation of telecommunications
networks based on internet protocols.
In summary, Mr. Chairman, we believe that protecting the infrastructure that supports our
financial system is a matter of national importance. As a result of careful planning and
considerable investment by both the private and public sectors, the financial sector is one of
the most resilient parts of our economy. The supervisory framework for the financial sector

oversees compliance with security and business-resumption expectations, which are
relatively high because of the importance of ensuring the smooth operation of our financial
system. All financial institutions have been expected to incorporate lessons learned from
September 11, recent power outages, and cyber attacks. Organizations that we believe could
have a systemic effect on the financial system if their functions were disrupted are being
asked to meet very high standards of business resumption. The Federal Reserve will
continue to treat the protection and resilience of the sector as a key responsibility.
Thank you Mr. Chairman and members of the Committee. I am happy to respond to any
Return to top
2004 Testimony
Home | News and events
Accessibility | Contact Us
Last update: September 8, 2004, 10:00 AM