(Archived Content)
FROM THE OFFICE OF PUBLIC AFFAIRS
JS-740I would like to begin by thanking you and the Continuity Planning Exchange for this opportunity to speak to you about critical financial infrastructure protection. I would also like to thank John Dinuzzo, even though he could not be with us today, for introducing me to the Continuity Planning Exchange. Your organization has accomplished much. It demonstrates that here, in the center of the most ruthlessly competitive community on earth, we are, at bottom a community committed to working together to address common problems like business continuity.
Today, I will provide a quick introduction to the work that Treasury is doing, together with our fellow financial regulators and the private sector, to enhance the resiliency of our critical financial infrastructure.
I will outline the principles that guide our work. I will then outline the partnerships that we have established with our fellow financial regulators and the private sector to advance our work. I will next describe some of
Guiding Principles
Every thing that we do at Treasury to protect the critical financial infrastructure is guided by a few important principles. I will talk about three, although there are others.
People. First, as the President has said, the highest responsibility of government is the protection of its citizens. We are devoted to protecting the critical financial infrastructure, because it is essential to meeting that responsibility.
For one thing, the most important component of our financial infrastructure is the people who make it work. We must protect the safety of the tellers, loan officers, traders, and technicians that make up our financial infrastructure. Americans trust these employees with their money. Financial services employees, in turn, trust us with their lives. We have a profound obligation to keep these employees safe.
For another thing, Americans depend on the critical financial infrastructure to make the economy work and grow. As Treasury Secretary Snow has said, the financial system is the engine of our free enterprise economy. We have to protect this engine so that it can continue to support growth in the American economy, so that it can continue to create jobs for American workers.
Confidence. Second, we work to ensure that Americans and the world maintain their well-placed confidence in the U.S. financial system. It is hard to overstate our dependence on the financial infrastructure. We depend on it to receive our paychecks; to withdraw cash from an ATM; to pay for our groceries with cash, check, debit cards, or credit cards; to finance the purchase of a house or a car; to save for our childrens education; to plan for a secure retirement.
Americans have confidence in our financial infrastructure. And they should. Our financial infrastructure is the most resilient in the world. Our job is to keep it that way, to ensure the resiliency of the infrastructure in the face of evolving threats.
Continuity. Third, we are committed to ensuring that our financial institutions continue to function even during especially during times of stress. Of course, the physical safety of your employees and customers comes first. But absent a specific and credible threat to physical safety, it is important for financial institutions and markets to continue to operate as close to business-as-usual as possible. There are several important reasons for this. One is that it is precisely during times of stress that Americans need the financial system most. During times of stress, investors need to price the impact of that disruption on assets. The longer they are prevented from pricing the impact, the more anxiety builds and the worse the consequences will be, we believe, when markets eventually re-open.
Competence. A fourth guiding principle is that we want to promote decentralized decision-making and problem-solving, both as we prepare for disruptions and as we weather them. We favor a cooperative, public-private partnership as we work together to protect our financial infrastructure. In the event of a disruption to the payment system, for example, we want the subject matter experts in payments systems to fix it. We dont want them to wait for guidance from Treasury on how to fix it. Just fix it. You are in the best position to determine what steps you should take to protect your employees and your customers. We will help where we can, but we intend to stand out of the way and let the financial institutions and the regulators that are closest to the problems find the solutions.
These principles have important implications for national-regional cooperation. State and local governments are, of course, right here, right now. Financial institutions are closer to their employees and customers than we are in Washington.
Partnerships
The President has established two principle partnerships for enhancing the resiliency of the critical financial infrastructure.
Shortly after September 11, 2001, the President established the Financial and Banking Information Infrastructure Committee, the FBIIC. This Committee is now sponsored by the Presidents Working Group on Financial Markets an interagency task force lead by Secretary Snow, Chairman Greenspan, Chairman Donaldson, and Chairman Newsome Treasury chairs the FBIIC. Its members include the Federal Reserve Board, the Securities and Exchange Commission, the Commodity Futures Trading Commission, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, the Office of Thrift Supervision, the National Credit Union Administration, and the Office of Federal Housing Enterprise Oversight. It includes state authorities as well the Conference of State Banking Supervisors, and the National Association of Insurance Commissioners.
One of the things that we use the FBIIC for is as a mechanism to evaluate and share available threat information. For example, Treasury has installed secure telecommunications equipment and arranged for appropriate security clearances for personnel in the members of FBIIC, so that we can effectively share sensitive and even classified information. Where appropriate, we can share information with an individual institution, in the case of a specific and credible threat against a specific institution, or with the financial sector more generally.
Another important partnership is the Financial Services Sector Coordinating Council. The Council is led by Rhonda MacLean, a senior executive with Bank of America. Treasury appointed Ms. MacLean last June. She has done an outstanding job. Over two dozen financial services trade associations have joined the council. Among many other things, the Council has worked to collect and disseminate considerations for private institutions to bear in mind in the event that the threat advisory level is at some point in the future raised to red. The Council is also working to construct a repository of table-top exercises, war-games, and tests. This repository will provide a central source for the industry to learn what is happening in the critical financial protection area. In the future, the repository will be a useful tool as we move to more coordinated, inter-institutional testing and planning. Our hope is that we can improve from the situation we have today, in which many well-intentioned exercises are taking place, but without much coordination between exercises. We need to improve coordination so that the exercises build on each other and, over time, systematically improve the resiliency of the industry as a whole. The government and the private sector did a good job of coordinating the planning, preparation, and testing for Y2K. We hope we can replicate that experience in this context.
A third important partnership is the Financial Services Information Sharing and AnalysisCenter, the FS/ISAC. Under the leadership of Suzanne Gorman, a senior executive at the Securities Industry Automation Corporation, the FS/ISAC has emerged as a leader in information sharing. For example, many of you will remember that in January of this year a worm called Slammer rocketed around the internet. The FS/ISAC was instrumental in alerting the financial services sector to this threat. We believe that the FS/ISAC was largely responsible for the fact that the financial sector experienced relatively low disruption from the worm.
Each sector has an ISAC, and I am proud of the fact that the Financial Services ISAC was both the first and the best. I am even more proud of the vision that Ms. Gorman has shown to enhance the value proposition of the FS/ISAC by expanding its membership base; improving cross-sectoral information sharing; and working to encourage members to contribute more information, not just receive it. Treasury was pleased to devote resource to the FS/ISAC as it planned these improvements. We look forward to supporting the FS/ISAC with a significant financial investment as it implements its next phase. Already, I am told by Homeland Security officials that they regard the FS/ISACs vision as a model that other ISACs can look to and learn from.
Programs and Products
We have several programs and products that we have developed with our fellow financial regulators and the private sector to enhance the resiliency of the critical financial infrastructure. I will provide just two examples.
Priority Telecommunications Programs. Together with our fellow financial regulators, we sponsor critical financial institutions for participation in three priority telecommunications programs run by the National Communications Services. These three programs enable key personnel and telecommunications lines to receive access to priority telecommunications services. If you are interested in learning more about these services, please contact Brian Peretti ( brian.peretti@treasury.gov), who manages this program in my office.
Protective Response Plans. We work with certain key financial institutions and their regulators to develop integrated protective plans. These plans incorporate the response of local, state, and federal protectors from the local Chief of Police to the CountySheriff, to the State Police authority, to the FBI, to the United States Secret Service, and others. We have conducted one planning exercise and are preparing to conduct two more over the next six months. Thus far, we have found that the exercise vastly improves coordination among local, state, and federal authorities and we look forward to replicating it with more institutions in varying locales. We limit participation in this program to major institutions and require the institution to jointly fund the planning exercise. If you are interested in learning more about this program, please contact Scott Parsons ( scott.parsons@treasury.gov), who manages this program in my office.
That, in a nutshell, is a quick overview of our efforts to enhance the resiliency of the critical financial infrastructure. We undertake these efforts in close partnership with our fellow financial regulators and with the private sector. We look forward to continuing these partnerships as we work together in the future to ensure that the U.S. financial infrastructure remains the most resilient in the world.