[House Hearing, 108 Congress]
[From the U.S. Government Publishing Office]
RECOVERY AND RENEWAL: PROTECTING
THE CAPITAL MARKETS AGAINST
TERRORISM POST 9/11
=======================================================================
HEARING
BEFORE THE
SUBCOMMITTEE ON
CAPITAL MARKETS, INSURANCE, AND
GOVERNMENT SPONSORED ENTERPRISES
OF THE
COMMITTEE ON
FINANCIAL SERVICES
U.S. HOUSE OF REPRESENTATIVES
ONE HUNDRED EIGHTH CONGRESS
FIRST SESSION
__________
FEBRUARY 12, 2003
__________
Printed for the use of the Committee on Financial Services
Serial No. 108-2
U.S. GOVERNMENT PRINTING OFFICE
WASHINGTON : 2003
86-850 PDF
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpr.gov Phone: toll free (866) 512-1800; (202) 512-1800
Fax: (202) 512-2250 Mail: Stop SSOP, Washington, DC 20402-0001
HOUSE COMMITTEE ON FINANCIAL SERVICES
MICHAEL G. OXLEY, Ohio, Chairman
JAMES A. LEACH, Iowa BARNEY FRANK, Massachusetts
DOUG BEREUTER, Nebraska PAUL E. KANJORSKI, Pennsylvania
RICHARD H. BAKER, Louisiana MAXINE WATERS, California
SPENCER BACHUS, Alabama CAROLYN B. MALONEY, New York
MICHAEL N. CASTLE, Delaware LUIS V. GUTIERREZ, Illinois
PETER T. KING, New York NYDIA M. VELAZQUEZ, New York
EDWARD R. ROYCE, California MELVIN L. WATT, North Carolina
FRANK D. LUCAS, Oklahoma GARY L. ACKERMAN, New York
ROBERT W. NEY, Ohio DARLENE HOOLEY, Oregon
SUE W. KELLY, New York, Vice JULIA CARSON, Indiana
Chairman BRAD SHERMAN, California
RON PAUL, Texas GREGORY W. MEEKS, New York
PAUL E. GILLMOR, Ohio BARBARA LEE, California
JIM RYUN, Kansas JAY INSLEE, Washington
STEVEN C. LaTOURETTE, Ohio DENNIS MOORE, Kansas
DONALD A. MANZULLO, Illinois CHARLES A. GONZALEZ, Texas
WALTER B. JONES, Jr., North MICHAEL E. CAPUANO, Massachusetts
Carolina HAROLD E. FORD, Jr., Tennessee
DOUG OSE, California RUBEN HINOJOSA, Texas
JUDY BIGGERT, Illinois KEN LUCAS, Kentucky
MARK GREEN, Wisconsin JOSEPH CROWLEY, New York
PATRICK J. TOOMEY, Pennsylvania WM. LACY CLAY, Missouri
CHRISTOPHER SHAYS, Connecticut STEVE ISRAEL, New York
JOHN B. SHADEGG, Arizona MIKE ROSS, Arkansas
VITO FOSELLA, New York CAROLYN McCARTHY, New York
GARY G. MILLER, California JOE BACA, California
MELISSA A. HART, Pennsylvania JIM MATHESON, Utah
SHELLEY MOORE CAPITO, West Virginia STEPHEN F. LYNCH, Massachusetts
PATRICK J. TIBERI, Ohio BRAD MILLER, North Carolina
MARK R. KENNEDY, Minnesota RAHM EMANUEL, Illinois
TOM FEENEY, Florida DAVID SCOTT, Georgia
JEB HENSARLING, Texas ARTUR DAVIS, Alabama
SCOTT GARRETT, New Jersey
TIM MURPHY, Pennsylvania BERNARD SANDERS, Vermont
GINNY BROWN-WAITE, Florida
J. GRESHAM BARRETT, South Carolina
KATHERINE HARRIS, Florida
RICK RENZI, Arizona
Robert U. Foster, III, Staff Director
Subcommittee on Capital Markets, Insurance, and
Government Sponsored Enterprises
RICHARD H. BAKER, Louisiana, Chairman
DOUG OSE, California, Vice Chairman PAUL E. KANJORSKI, Pennsylvania
CHRISTOPHER SHAYS, Connecticut GARY L. ACKERMAN, New York
PAUL E. GILLMOR, Ohio DARLENE HOOLEY, Oregon
SPENCER BACHUS, Alabama BRAD SHERMAN, California
MICHAEL N. CASTLE, Delaware GREGORY W. MEEKS, New York
PETER T. KING, New York JAY INSLEE, Washington
FRANK D. LUCAS, Oklahoma DENNIS MOORE, Kansas
EDWARD R. ROYCE, California CHARLES A. GONZALEZ, Texas
DONALD A. MANZULLO, Illinois MICHAEL E. CAPUANO, Massachusetts
SUE W. KELLY, New York HAROLD E. FORD, Jr., Tennessee
ROBERT W. NEY, Ohio RUBEN HINOJOSA, Texas
JOHN B. SHADEGG, Arizona KEN LUCAS, Kentucky
JIM RYUN, Kansas JOSEPH CROWLEY, New York
VITO FOSSELLA, New York STEVE ISRAEL, New York
JUDY BIGGERT, Illinois MIKE ROSS, Arkansas
MARK GREEN, Wisconsin WM. LACY CLAY, Missouri
GARY G. MILLER, California CAROLYN McCARTHY, New York
PATRICK J. TOOMEY, Pennsylvania JOE BACA, California
SHELLEY MOORE CAPITO, West Virginia JIM MATHESON, Utah
MELISSA A. HART, Pennsylvania STEPHEN F. LYNCH, Massachusetts
MARK R. KENNEDY, Minnesota BRAD MILLER, North Carolina
PATRICK J. TIBERI, Ohio RAHM EMANUEL, Illinois
GINNY BROWN-WAITE, Florida DAVID SCOTT, Georgia
KATHERINE HARRIS, Florida
RICK RENZI, Arizona
C O N T E N T S
----------
Page
Hearing held on:
February 12, 2003............................................ 1
Appendix:
February 12, 2003............................................ 33
WITNESSES
Wednesday, February 12, 2003
Britz, Robert G., President and Co-Chief Operating Officer, New
York Stock Exchange............................................ 24
Colby, Robert L. D., Deputy Director, Division of Market
Regulation, Securities and Exchange Commission................. 4
D'Agostino, Davi M., Director, Financial Markets and Community
Investment, U.S. General Accounting Office..................... 2
Green, Micah S., President, The Bond Market Association.......... 28
Ketchum, Richard, President, NASDAQ Stock Market................. 22
Kittell, Donald D., Executive Vice President, Securities Industry
Association.................................................... 26
APPENDIX
Prepared statements:
Clay, Hon. Wm. Lacy.......................................... 34
Israel, Hon. Steve........................................... 35
Kanjorski, Hon. Paul E....................................... 36
Maloney, Hon. Carolyn B...................................... 38
Royce, Hon. Ed............................................... 39
Britz, Robert G.............................................. 40
Colby, Robert L. D........................................... 48
D'Agostino, Davi M. (with attachments)....................... 56
Green, Micah S............................................... 185
Ketchum, Richard G........................................... 278
Kittell, Donald D............................................ 290
Additional Material Submitted for the Record
NYSE response to questions posed by Hon. Richard Baker........... 298
RECOVERY AND RENEWAL: PROTECTING
THE CAPITAL MARKETS AGAINST
TERRORISM POST-9/11
----------
Wednesday, February 12, 2003
U.S. House of Representatives,
Subcommittee on Capital Markets, Insurance
and Government Sponsored Enterprises,
Committee on Financial Services,
Washington, D.C.
The subcommittee met, pursuant to call, at 3 p.m., in Room
2128, Rayburn House Office Building, Hon. Richard H. Baker
[chairman of the subcommittee] presiding.
Present: Representatives Baker, Ose, Manzullo, Hart, Brown-
Waite, Harris, Renzi, Kanjorski, Sherman, Inslee, Moore,
Israel, Capuano, Lucas of Kentucky, Clay, McCarthy, Matheson,
Miller of North Carolina, Emanuel, Scott, and Maloney.
Chairman Baker. I would like to call this meeting of the
Capital Markets Subcommittee to order. It is my understanding
that Mr. Kanjorski is on his way and will join us momentarily.
I would first like to say--as I speak, here comes Mr.
Kanjorski.
This is our first meeting of the new session, and we will
have a very busy agenda over the coming weeks and months. March
and April are particularly going to be time-consuming for
Members. But I think we have a lot of important work to do.
Today is certainly exemplary of the types of issues with which
the committee will be engaged.
We will be in receipt today of a report from the General
Accounting Office relative to their assessments of market
participants' capabilities to help preclude or, in the adverse
consequence, respond to another economic terrorist assault on
American soil. And from the initial reading of the report and
comments of those who will participate today, although all
answers have not been found, it does appear that successful
improvements have been in the making. And we look forward to
having the committee's assistance in helping the regulators and
market participants achieve the level of security needed to
ensure that no one can bring our economic system to its knees,
an extraordinarily important matter, and I am certain that the
committee will return to it on many occasions as circumstances
require.
But I extend my welcome to the Members and certainly to the
Ranking Member Mr. Kanjorski, I look forward to working with
you again this session. And the gentleman is recognized for any
opening statement he might make.
Mr. Kanjorski. Thank you, Mr. Chairman. I think I will move
that my full remarks be made part of the record.
Mr. Chairman, first of all, I prize the relationship for
the last 8 years that you and I have had as chairman and
Ranking Member of this subcommittee, and really take great
pleasure in the fact that we were able to rise to the occasion
in providing terrorism reinsurance and restoring investor
confidence in corporate America to some degree in the last
Congress.
Today we are here to examine the physical problems that may
exist in a future terrorist attack on the United States and
what actions and efforts we should take and what legislation
will be necessary to accomplish that end. Also, as I suggested
in my amendment to our policy consideration of the committee,
we not only should take into consideration the physical effects
of a terrorist attack on our economy and our markets, but also
what economic disasters could befall the United States, and to
start looking at some of the necessary actions to prevent that
or to provide the legal authority for appropriate action. And
some of the witnesses that are here today representing the
various and sundry areas would be instrumental in examining
that, because, in my estimation, I believe that terrorism can
cause unreasonable and untold loss of life in America, it can
cause tremendous physical damage in America, but cannot
threaten the national security of America. On the other hand,
economic destruction or events could bring down the American
economy and, in fact, America in its entirety.
So I think that not only do we have the opportunity to look
at the physical effects on the markets and what we can do to
shore them up, but also anticipating what economic occurrences
may occur over the next several years that could really
threaten the economy of the United States. And I look forward
to working very closely with you in that end, and I move that
my remarks be made part of the record.
[The prepared statement of Hon. Paul E. Kanjorski can be
found on page 36 in the appendix.]
Chairman Baker. Without objection, in their entirety.
Does any other Member wish to make any opening statement at
this time? If not, then I would proceed to our first panel of
witnesses, and welcome Ms. Davi D'Agostino, who is the Director
of the Financial Markets and Community investment Division of
the U.S. General Accounting Office.
I think all Members have been provided a copy of your
report. Please feel free to summarize and give us any
perspectives you think would be helpful to the committee.
Welcome.
STATEMENT OF DAVI M. D'AGOSTINO, DIRECTOR, FINANCIAL MARKETS
AND COMMUNITY INVESTMENT, U.S. GENERAL ACCOUNTING OFFICE
Ms. D'Agostino. Thank you very much, Mr. Chairman. With
your permission, I would like to submit my full written
statement for the record, and I would summarize my remarks
orally.
Chairman Baker. Without objection. And all witnesses'
testimony will be made part of the official record. Thank you.
Ms. D'Agostino. Thank you very much.
Mr. Chairman, members of the subcommittee, I am pleased to
be here today before you to discuss GAO's work on the readiness
of the U.S. Financial markets to respond to potential terrorist
attacks. The markets are vitally important to our Nation's
financial system and to our economy. The devastating attacks on
the World Trade Center on September 11th revealed that our
markets could be vulnerable to such events.
Today I will talk about, one, how the markets recovered
from these attacks; two, the limitations that existed in
participants' readiness to recover; and, three, steps that
regulators have taken to assure that U.S. markets are better
prepared for such attacks and what more needs to be done.
First, because the attacks occurred in the heart of Wall
Street, over 70 percent of the nearly 2,800 people who lost
their lives worked at financial firms such as broker/dealers
and banks. The attacks damaged or destroyed over 400 buildings,
and electricity and telephone services were also severely
disrupted. Facing enormous obstacles, the utilities, exchanges,
and firms worked around the clock and used creative solutions
to reopen the markets within days of the attacks. Our report
has numerous examples of the amazing efforts behind the market
restoration. Still, by that Friday, September 14th, broker/
dealers that normally provide 40 percent of market liquidity
were not fully ready to trade, and the industry and regulators
chose to test the newly established telecommunications over the
weekend. On September 17th, the markets reopened, trading
record volumes. In retrospect, the markets probably would not
have been able to open so quickly if certain organizations had
been directly hit.
Second, the attacks also revealed limitations in the
disaster planning of many market participants. In some cases
firms did not have backup facilities, and others had located
their backups too close to their primary sites. Some firms also
found that the backup telephone lines they bought from
different providers were routed down the same pipes or through
the same switches as their primary lines. Our reviews of 15
important exchanges, clearing organizations, ECNs, and payment
system processors from February through June 2002 showed that
they had taken many steps to prevent disruptions to their
operations from physical or electronic attacks. Most had also
invested in backup facilities or other measures to be able to
recover from such attacks, but many of these 15 organizations
still faced increased risk to their operations.
For example, most organizations did not have complete plans
to continue operations if the staff at their primary sites were
incapacitated. Some of these organizations also faced increased
risk of disruption from widescale disasters because their
backup facilities were nearby.
Third, the financial regulators have taken some important
steps to improve the resiliency of the financial markets to
recover from future disasters, but these efforts are not
complete. Banking and securities regulators issued a white
paper that proposed recovery practices for crucial clearing and
settling functions, but they have not made a similar proposal
for trading activities. To better assure that trading can also
recover in a smooth and timely manner following a disaster, we
recommended that SEC take a leadership role and work with the
industry to develop goals and strategies to resume trading.
Such strategies could be based on likely disaster scenarios and
should identify the organizations that are able to trade in the
event that others cannot. SEC also needs to work with the
industry to identify sound recovery practices for organizations
to adopt--to better assure they can trade after another
disaster.
There will be a need to balance the business decisions and
risk management trade-offs that individual market participants
make with the need for a sound, viable plan for assuring the
U.S. markets can resume important trading activities when
appropriate. The 9/11 attacks showed that the market's ability
to reopen depends on the readiness of key broker/dealers. The
plans SEC develops will have to assure that sufficient firms
are available to trade, and that customers' accounts at firms
unable to operate can be transferred to others who can.
We also recommended that SEC improve its program to oversee
operations risks at exchanges, clearing organizations, and
ECNs. These improvements included making its voluntary program
rule-based, and using a portion of any future budget increases
to expand and retain its experienced staff and technical
resources.
Mr. Chairman, this concludes my prepared remarks, and I
would be happy to answer questions at any time.
Chairman Baker. Thank you very much.
[The prepared statement of Davi M. D'Agostino can be found
on page 56 in the appendix.]
Chairman Baker. Our next witness is Mr. Robert Colby,
Deputy Director, Division of Market Regulation, from the
Securities and Exchange Commission. Welcome, Mr. Colby.
STATEMENT OF ROBERT L.D. COLBY, DEPUTY DIRECTOR, DIVISION OF
MARKET REGULATION, SECURITIES AND EXCHANGE COMMISSION
Mr. Colby. Thank you. Chairman Baker, Ranking Member
Kanjorski, and members of the subcommittee, I appreciate the
opportunity to testify before you today regarding the efforts
since the September 11th terrorist attacks to better protect
U.S. financial markets and institutions, and to address issues
raised in the report released today by the General Accounting
Office.
As the GAO recognizes in its reports, participants in the
United States financial markets made heroic efforts to recover
from the devastation of the September 11th attacks, with the
result that all markets reopened successfully within a week
after those tragic events. Nevertheless, the Commission and
other regulators in the industry have engaged in wide-ranging
and intensive efforts to consider the lessons learned from the
events of September 11th and strengthen the resiliency of the
financial sector so that we are better prepared going forward.
Immediately after the September 11th attacks, the
securities industry recognized the need to develop more
rigorous business continuity plans that addressed problems of
wider geographic scope and longer duration. Market participants
have taken a number of significant steps to improve their
resiliency, including establishing more robust and
geographically disbursed backup facilities for operations in
data recovery, improving crisis management procedures, and
seeking telecommunications diversity.
The Commission and other financial regulators have also
been devoting substantial resources to projects designed to
strengthen the resilience of the financial sector. For example,
the Commission, working with the Federal Reserve Board and the
Office of the Comptroller of the Currency, are in an effort to
identify sound practices for business continuity planning for
key market participants.
This past August we published for comment a draft white
paper that focused on a small but critical group of
participants in the U.S. clearance and settlement system. The
goal of this project is to minimize the immediate systemic
effects of a widescale disruption by assuring that the key
payment settlement systems can resume operation promptly
following a widescale disaster, and major participants in those
systems can recover sufficiently to complete pending
transactions. The agencies expect to issue the final white
paper next month after an additional amount of consultation
with the industry, and then incorporate the sound practices
into their respective forms of supervisory guidance.
In addition, Commission staff has been reviewing on an
ongoing basis the efforts of the organized markets to
strengthen their resiliency in the post-September 11th
environment. These markets have taken a variety of steps to
improve their physical security, information system protections
and business continuity capabilities, and Commission staff
continue to work with them to further increase the robustness
of their individual plans. In addition, we have been exploring
with the markets the possibility of mutual backup arrangements.
As to the resilience of securities firms, the New York
Stock Exchange and the NASD have proposed rules that would
require all broker/dealers to have business continuity plans
that address a number of important areas. We have also been
working with the relevant industry associations, the SIA and
the Bond Market Association, on their members' business
continuity disaster recovery efforts.
To date, the Commission's intensive efforts have focused on
measuring and ensuring the resilience of the U.S. clearance and
settlement system because, in our view, that infrastructure is
the single most important element of the securities markets. As
a practical matter, securities transactions cannot be completed
in the absence of a functioning clearance and settlement
system. Accordingly, the Commission has given priority to
initiatives that assure the prompt implementation of vigorous
business continuity plans by critical participants in the
clearance and settlement system.
The GAO report recommends that the Commission do more to
assure the resumption of trading by securities markets and
broker/dealers following a major disaster. We share the GAO's
views regarding the importance of emergency preparedness of the
financial markets, and generally agree with the report's
principle: that the financial market should be prepared to
resume trading in a timely, fair, and orderly fashion following
a catastrophe. But we believe that different, in some cases
more complex, policy considerations apply to the resumption of
trading than to the resumption of clearance and settlement
activities. Because trading activities is relatively fungible
across markets and market participants, we are of the view that
individual markets and securities firms are less critical to
the securities markets than the key clearance and settlement
utilities. Were any single securities market to become
incapacitated, for example, we believe that trading could be
shifted to one or more of the remaining markets. We recognize
that sufficient advanced preparation is required for such an
arrangement to work smoothly and promptly, and, as I indicated
earlier, Commission staff is in the midst of just such an
effort.
As to the resumption of trading by securities firms, in our
view, strong business incentives exist for broker/dealers to
develop robust business continuity plans for their trading
operations. Trading operations, of course, are in--at least in
good markets, are a source of significant revenue for
securities firms, and few would risk a situation where their
competitors are in a position to trade and they are not.
I also note that as a provision of liquidity to the market
by securities firm is voluntary; they cannot be compelled to
resume trading activities.
Finally, there are critical policy considerations relating
to the reopening of trading markets following a major disaster
that could suggest not compelling the speediest reopening.
Difficult judgments may be required to strike the appropriate
balance between the desire to resume trading as soon as
possible and the practical necessity of waiting long enough to
minimize the risks that, when trading resumes, it will be of
inferior quality or interrupted by further problems.
For example, in the aftermath of the September 11th events,
many praised the decision to wait until Monday, September 17th,
to reopen the equity markets as it allowed market participants
the preceding weekend to test connectivity in systems and
thereby better assure the smooth resumption of trading.
Despite these policy concerns, we nevertheless agree with
the GAO that more needs to be done to prepare the securities
markets for the resumption of trading in the event of a crisis.
Specifically, the Commission intends to consider whether it
should identify a time frame against which markets should plan
to resume trading following a widescale regional disaster. We
also will continue to work with the New York Stock Exchange,
NASDAQ, and other organized securities markets to develop and
test mutual backup arrangements for various scenarios, and we
will pursue efforts to increase the resilience of important
shared information systems such as the consolidated market data
stream generated for equity and options markets. Any timing
goal established for the resumption of trading markets could
serve as a useful resumption benchmark for securities firms as
well.
In addition, the Commission will consider developing
standards in conjunction with the self-regulatory organizations
to help assure that broker/dealers are able to provide
customers prompt access to their funds and securities even in
the face of widescale regional disturbance.
The GAO report also recommends that the Commission improve
its oversight of operations risk by issuing a rule to require
exchanges and clearing organizations to engage in practices
consistent with the Commission's automation review policy, or
ARP program, and by expanding the resources dedicated to that
program. The Commission recognizes the critical role that
technology plays in the securities industry and specifically
the importance of having in place adequate safeguards and
controls over information resources to ensure reliable and
timely trading services to investors.
The events of September 11th underscored the financial
markets' critical and increasing dependence on the integrity of
their systems' infrastructure. In light of the GAO's
recommendations, we will consider alternative mechanisms to
improve the effectiveness of the Commission's automation
oversight, including the appropriateness of rulemaking. We will
also assess the additional resources that may be necessary to
accomplish the objectives of the ARP program and the GAO
report.
Thank you for the opportunity to testify, and I would be
happy to answer any questions.
Chairman Baker. Thank you, Mr. Colby.
[The prepared statement of Robert L.D. Colby can be found
on page 48 in the appendix.]
Chairman Baker. Ms. D'Agostino, it appears from the basic
recommendations, there were principally two things I found of
interest. One was the resource limitation on ARP staffing and
their ability to only review perhaps 7 of 32 particular
agencies on an annual basis, which means 4-1/2 years before you
would make the full cycle. So resource allocation for the
technical folks we need to make that system work is essential.
But number two, and I think Mr. Colby's closing comments
spoke to it briefly, is the advisability of having rulemaking
as opposed to voluntary participation as a result of the ARP
program findings.
It would appear to me that most of what I have read from
the industry perspective is that we should be careful not to
mandate something, a particular standard or a particular time
line or particular steps to be taken, because each shop is
different, each conducts its business in a slightly different
manner. But would it not be consistent with the report that we
at least by rule adopt goals; that first, after whatever event
may occur--and that obviously is the difficult thing to
predict--that efforts should be made for an immediate
operability, but subject to some period of time to test? I
think the lessons of September 11 was the Monday, September
17th success. Had it opened and stumbled, I think the
repercussions would have been significant. Can't we get to a--
could we not construct a goal, an operational plan that would
not so constrain individual companies or participant, but yet
set a standard in place that would be mandatory?
Ms. D'Agostino. Actually the ARP program and the ARP policy
is sort of like a goal. It does not have very specific
technical standards to which an organization must live up, and
it is not with a huge amount of specificity that programs are
reviewed. It is more of a performance-based-type policy and
program that they operate with now, and that would be
consistent with what we are recommending.
We acknowledge, I think, in our conclusions in our report
the need for flexibility and for technology to continue to
evolve and to have the opportunity to avoid--well, to ensure
avoidance of a one-size-fits-all or a cookie cutter approach
where everybody has to do the same thing, because of course
there are many technology paths just as there are for physical
security solutions and other issues.
Chairman Baker. But you do believe that the ARP findings or
recommendations should be in the form of a mandatory
requirement as opposed to voluntary participation?
Ms. D'Agostino. Actually they are mandatory on the ECNs
now. SEC did pass a rule that makes compliance with the ARP by
the ECNs required. So if we made that an across-the-board
requirement for all organizations subject to ARP, it would
simply even it out.
Chairman Baker. Right.
Mr. Colby, listening to our exchange, do you have a concern
or caution about mandatory ARP compliance or not?
Mr. Colby. Let me drop back and explain why the ARP program
is the way it is. It was developed a number of years ago, and
it is a little different for the Commission, because it was a
program of looking at the computer resources and the process of
examining, assessing, evaluating computer resources is
something that has been developing as automation has grown. So
we did it on a voluntary basis in part because we didn't want
to freeze into place something that was still in an evolving
state, and it stayed voluntary because on the whole, given our
influence over the self-regulatory organizations that it
applies to, it has worked quite effectively.
Now, within the ARP process, it assesses, processes, and
controls the system development mechanisms. There is room for
differing of opinions. So our people might come in and say, we
think that there is this weakness in your process, and the SROs
may come back and say, well, we disagree.
I think the sort of rule that the GAO is talking about is
one that mandates the process, in compliance with the process,
as opposed to any particular result that would come out of that
evaluation.
Chairman Baker. But the compliance for the ECNs which is
mandatory was principally centered, as I understand it, on the
reality that they were not open outcry systems, they were a
communications-based marketplace. And as I view the markets
today, we are clearly moving rapidly to emulate that structure.
And it would seemed to me that verification by someone that the
communication skills and abilities, whatever the platforms may
be, can have functionality even after the aftermath of one of
these events would be advisable.
Mr. Colby. We absolutely agree. The ARP rules that applied
to ECNs were applied in part because of their structure, but in
part because they are not in the same regulatory state as the
self-regulatory organizations which we examine, review their
rules, and have a lot of interaction. But the ECNs are
typically private organizations, for-profit organizations, and
so in that sense it seems it needed to be mandatory.
It also is a process-based approach, and so I think what
they are recommending could be transferred over to the self-
regulatory organizations.
Chairman Baker. I have exhausted my time, but just one more
quick question about the funding levels for the ARP program.
Mr. Colby. Funding levels.
Chairman Baker. Yes. Where are we? What has the Congress
done in relation to that issue? And where is the agency with
regard to requests for this year?
Mr. Colby. As you know very well, we have had a funding
problem over the years, and the ARP program is one of the
things that has been constrained by those funds. Another
practical problem that constrains that process is--and this
committee by moving to address it--that hiring the sort of
people that go into the ARP process is quite difficult, partly
because the government process for hiring is sort of skilled
automation experts that we need is protracted, and partly
because with the dot.com boom, these people were just not
available.
Chairman Baker. Well, your ringing endorsement of the
Oxley-Baker bill has been duly noted. Thank you.
Mr. Colby. And that is what I intended.
Chairman Baker. Thank you very much.
Mr. Kanjorski.
Mr. Kanjorski. Thank you very much, Mr. Chairman.
Most of your concentration has been on physical damage and
a physical terrorist attack and what the implications of that
are in the marketplace; is that correct?
Mr. Colby. Our program both looks at physical and at
information vulnerabilities.
Mr. Kanjorski. But as a result of physical damage.
Mr. Colby. Not necessarily. It also looks at the security
measures that are taken with respect to cyberthreats and the
like. Cyberthreats are quite difficult, of course, to predict
and respond to, but it does intend to look at that, and it has
been a focus of the ARP process.
Mr. Kanjorski. If the attack on September 11th had, in
fact, not taken place against the World Trade Center buildings
in New York but in the Sears building in Chicago, has anyone
done a study as to what the disruption of the market, if any,
and the economic effect of the terrorist attack on the market,
if any, would have been relative to what did happen?
Mr. Colby. There is a very high concentration of critical
financial markets in the Chicago area, and it is something that
we have been focused on. Our agency, of course, is only the
securities markets.
Mr. Kanjorski. I guess I'm not directing myself, because
that again goes to the question of physical damage. I am trying
to say, has anybody said what the physical damage in the delay
of opening the markets and functioning in a physical way in the
market as compared to the economic impact of a terrorist attack
was on the economy of the United States? In other words, I
would like to know in that September period after--September
through October after the attack when we had the tremendous
downturn in the market, was that a result of the economy, or
was that just a result of fear in the marketplace and the
failure and the time required to open the markets and get back
to an orderly operation?
Mr. Colby. I think it is indisputable that the immediate
drop--there was a 3 percent drop on the day after the markets
opened, was clearly a result of concern about what the
terrorist attack meant. I don't think that the rest of the fall
in the markets can be attributed to that directly. We have
participated, but not been chiefly responsible, in economic
studies done by what is now the Homeland Security Department
about the economic consequences of a terrorist attack in trying
to assess how the September 11th and how a possible future
attack might affect the economy.
Mr. Kanjorski. And have you participated in those, or
should you participate?
Mr. Colby. We have participated to provide our expertise,
to try to give them a sense of what the impact on the markets
would be. And then--
Mr. Kanjorski. If you can answer: The CIA Director today
testified that the untested potential exists for an ICBM to--
with an atomic warhead to hit the cities on the west coast of
the United States. Making the assumption that two 20-kiloton
bombs were to hit either San Diego, Los Angeles, San Francisco,
Portland, or Seattle, what would be the ramifications to the
economy of the United States? And are we looking at that in
terms of--are we just being functional and physical here in
looking at how to handle the marketplace as opposed to what we
have to think about the disruption of the economy?
Mr. Colby. This level of response is the functional and
physical. There are elements of the government that are looking
at the broader consequences. It is being conducted in the
context of the Homeland Security Department, and there is an
entire community of which we are one small member whose title
is The Economic Consequences of An Attack, and they are trying
to both scope out what those sort of consequences would be and
also what sort of steps might be necessary to respond to them.
Mr. Kanjorski. So this committee should start thinking in
terms of not only the physical consequences of terrorism, but
the economic consequences of terrorism and other economic
circumstances unrelated to terrorism as to what kind of
structures and processes should be put in place in an
anticipatory way in order to keep the economy sufficiently
existing so that we don't really lose the war.
Mr. Colby. The physical and functional is just the
beginning of the process of trying to address what the
consequence of a terrorist attack would be.
Chairman Baker. Thank you, Mr. Kanjorski.
I want to recognize the gentleman from California and
welcome him to his new capacity as vice chair of the capital
market subcommittee. Mr. Ose.
Mr. Ose. Thank you, Mr. Chairman. Your wish is my command.
Mr. Colby, my questions really relate to the alternative
means by which liquidity and transparency can be provided to
the marketplace in the event of a catastrophe. If I understand
the testimony of yourself and Ms. D'Agostino and the others who
are going to follow, there is a certain level of redundancy
between, say, New York, the Pacific, and the American and the
NASDAQ and some of the other ECNs to the extent that New York
Stock Exchange is prepared to trade the top 250 volumewise
companies traded on NASDAQ. And I imagine there are similar
relationships elsewhere. It is my--I am aware that the NASDAQ
folks have come forward seeking to have--I am trying to
remember the language that they used, but to have the SEC
designate NASDAQ as an approved marketplace for any number of
reasons, one of which might be to facilitate liquidity and
transparency in the event of a catastrophe.
Now, I have been working on this for 2 or 3 years. I am
still interested in it. I am going to keep sending letters. I
would like to know what the status is on the application that
was filed in November of 2001 by the advocates for NASDAQ in
terms of their application.
Mr. Colby. NASDAQ's exchange application is still being
processed. There were both practical, legal, and policy
concerns. The most fundamental policy concern emanated from a
concern of what an exchange should be. One of the first things
we expect to do with our new chairman when he is confirmed is
to move this application forward.
May I drop back and address the first part of your
question, which is that we believe--and I hope that NASDAQ will
confirm--that from an operational standpoint, that they are
just as prepared to address the sort of concerns about
redundancy in their current status as they would be as an
exchange. And so while there are very good reasons to be
forwarding the exchange application, I am hopeful, and I think
Rick Ketchum could confirm it, that the question of backing up
the New York Stock Exchange and other markets is not one of the
things that turns on an exchange application registration.
Mr. Ose. So what are the conditions that have yet to be
resolved on this? I mean, 2 or 3 years is a long time.
Mr. Colby. Two or three years is a long time. This is a
monumental enterprise. The rules and rule changes that they
submitted would fill half of this table.
Mr. Ose. Do all the rule changes still need to be vetted,
or have you narrowed it down to a few?
Mr. Colby. We have narrowed it down to a few major and a
larger number of minor changes, but the minor are more minor.
The sort of things that are still at issue besides the question
of how much, what the nature of the market has to be, is a
question of what is the scope of the registered exchange? What
sort of representation must members be provided in the
governance of the exchange? Because there is a statutory
requirement for fair representation of members, and that has to
be reconciled to a corporate, for-profit, ownership structure.
Those are the primary issues.
The minor issues involve such things as what sort of short
sale rules should apply, whether the exchange requirements
about separation of member trading should apply to this sort of
an exchange when it applies to all other sorts of exchanges.
And there is a list of smaller issues, but those are the key
ones.
Mr. Ose. It is my understanding that the governance issue
had been resolved. And if I read, I think it was Mr. Ketchum's
next testimony, they are, if I read this correctly, prepared to
abide by the short sale rules that exist in NYSE today.
So, my time has expired, Mr. Chairman, but I would be
following up in writing because I intend to get this thing
resolved. No is an answer. But if it is no, let us get to it.
All right?
Mr. Colby. We agree. We hope to be moving it forward.
Mr. Ose. Thank you, Mr. Chairman.
Chairman Baker. Thank you, Mr. Ose.
Chairman Baker. Mrs. McCarthy?
Mrs. McCarthy. Thank you. This is my first day on this
committee, so I don't know whether my questions are going to be
that intelligent. But just listening to--well, you both have
been talking about, and then obviously with the heightened
security on Friday, are we better off today than we were on
September 11th? And how are we going to handle it? And just
listening to the debate, and I know government runs very
slowly, but just God forbid something did happen, and we are
still waiting almost a year and three-quarters on waiting for
some rules to come through so we can be ready to go the
following day, hopefully, if we had an attack. Where are we
today if something happened by the end of this weekend?
Mr. Colby. We are much better off today than we were on
September 11th, and I can give you some specific examples of
things that have changed. There is still work to be done, and I
think what you see is the GAO's pointing out that there is work
to be done, but let us not minimize the work that has been
done.
All the major markets have dropped back and looked at their
resiliency and what they can be doing to continue trading in
the case of a problem with their main trading site. The New
York Stock Exchange will detail for you their plans for a
backup trading site. NASDAQ has long had two separate
locations. There are efforts well under way in the clearance
and settlement system in order to create more diversity. The
main processing sites have been relocated. And there--each of
the major securities firms, and I believe it is true for banks,
though that is not our responsibility, have been spending the
time since September 11th completely revising their business
continuity plans to take into account the new realities, and
many of them have already put in place more resilient operation
centers. There are vastly improved coordination mechanisms
between--within the firm. Don Kittell will talk about the SIA's
efforts with respect to command centers and business continuity
planning.
And so I think--I don't know if you would agree, Davi--that
we have come a very long way, but there is room to go farther.
Mrs. McCarthy. Because my only concern is, and this will be
my final question, that when we had a heightened security on
Friday, then the market, I believe, dropped quite a few points
on Monday and Tuesday, if I am correct. My concern is obviously
the security firms, they can only do as well as the confidence
of the people that are buying their stocks. So obviously they
are going to do everything possible to make sure that people
feel confident. And I haven't seen anything, you know, out
there to the general public on talking about how well we have
done and how well we came back.
I was down on Wall Street a few days after September 11th,
and to me it was amazing how everybody worked together. To me
it was amazing how everybody just came together to get this up,
because we certainly--as horrible experience it was, and I lost
an awful lot of people from Camp Fitzgerald in my district, but
the bottom line is, we can't let the terrorist win, because
whether they are going to attack us or not, the majority of
people do believe it is going to be New York or D.C. Whether it
is true or not, that is what people believe in. And we have to
do--I personally think we have to do a better job on just
getting it out to the normal consumer that we are ready, and it
is not going to affect us the way it did on September 11th.
Thank you for your testimony.
Chairman Baker. Thank you, Mrs. McCarthy.
I didn't announce earlier, but it is a general
understanding that the recognition of Members for questions
will proceed based on seniority by time of arrival. So the
short message is if you are here on time when the meeting
starts, you have got a good chance of getting recognized early.
Mrs. Maloney. Point of personal privilege?
Chairman Baker. Certainly.
Mrs. Maloney. I am not a member of the committee, but may I
ask unanimous consent to place into the record a statement? I
have a conflict with another meeting, and I wanted to thank my
constituents, Rick Ketchum from NASDAQ and Robert Britz from
New York Stock Exchange, for appearing today and for all of
their work in combating terrorism and getting our financial
markets ready.
Chairman Baker. Without objection, and certainly appreciate
their efforts.
Mrs. Maloney. Thank you, Mr. Chairman, and thank you for
having this hearing.
Chairman Baker. Certainly.
Ms. Hart.
Ms. Hart. Thank you, Mr. Chairman. I missed, unfortunately,
a big piece of the GAO testimony, so I am going to ask Ms.
D'Agostino a question that she may have answered already, so
bear with me.
I understand the concern, I was on the committee when we
went through September 11th and all the aftermath, the concern
that everybody had about everybody being able to get back to
work and everything going again. As far as recommendations that
the GAO has made, do you rank the actual physical proximity of
the alternative place where they would work if they can't be
where they are supposed to be of any high importance at all,
the physical proximity of sort of the alternative? You
mentioned something in the testimony about the--sort of always
having an alternative place to be. Is that relevant, or is that
something that is important?
Ms. D'Agostino. I think we would say that it is very
important to have backup facilities, particularly if you are a
critical organization and no alternatives exist for your
services and functions. And again, we do not--GAO hasn't
developed a position on the right number of miles between a
primary and backup facility. I mean, we haven't even considered
that. But clearly from our lessons learned from the 9/11
experience, having a backup facility to handle your operations
or to take you far enough away from a widescale incident is a
good idea. So I think that is about where we stand on it. But
we think it is important to have backup facilities.
Ms. Hart. Okay. You are not going to micromanage where and
how and all those sorts of things, or you have no suggestions
that are really specific in that way?
Ms. D'Agostino. Not about mileage, but about functionality,
yes, it is a good idea to have a backup facility that can
perform your critical operations in full.
Ms. Hart. There was an--I was just reading the
testimonies--a mention of 60 percent wasn't enough; 60 percent
of your operations wasn't enough.
Ms. D'Agostino. I believe 60 percent of the market
liquidity was ready to trade represented by broker/dealers.
Ms. Hart. Okay.
Ms. D'Agostino. Forty percent was not ready to trade on
Friday, the 14th of September. That 40 percent was not fully
ready.
Ms. Hart. So would you expect them all to be fully ready?
Should they all be able to be fully ready with an alternative
facility?
Ms. D'Agostino. I think that is a question for the SEC and
the industry to work out in its strategy and plan for restoring
market operations or trading operations after a disaster.
Ms. Hart. Since the SEC is here, what do you think about
that?
Mr. Colby. Well, I don't think you can plan or try to
compel everyone to be able to come back, because you don't know
what the consequences could be. And, frankly, we don't need to
because we have multiple competing providers of services. There
are two positive consequences from that. The first is that many
clients can just move. If one broker is not operational, they
use another broker. And because of that, the brokers have very
strong incentive not to have their customers leave them, so
they have strong business incentives that align with the
government objectives in order to be able to continue
operating. And it is most true with respect to the securities
firms. It is also true with respect to securities markets,
because there are very few products, publicly-traded products,
in this country that are traded only in one location, which
gives a built-in resilience to the system.
Ms. Hart. Are you hopeful then that as this issue is
being--continues to be examined, that most organizations
involved will certainly, as a matter of their own survival,
make the best plan they possibly can and expend whatever
resources they have at their fingertips to be able to do that?
It is going to be a huge cost to them.
Mr. Colby. It will be a huge cost, and I think we have to
keep those costs in mind particularly in an environment where
there is not just one central utility that is providing the
service, but a number of competing entities.
It is said that the shelf life of a securities firm must be
measured in weeks. If they are not operational and their
competitors are, their business is gone very quickly, and it
may never return. And so securities firms have an incentive to
operate--which is not to say we don't need to set guidelines
and objectives and standards, but I think the incentives are
aligned.
Ms. Hart. Thank you, Mr. Chairman.
Chairman Baker. Thank you, Ms. Hart.
Mr. Emanuel?
Mr. Emanuel. Thank you, Mr. Chairman.
As somebody representing Chicago, and as a former board
member of the Chicago Mercantile Exchange, as I listen to your
testimony and read the report, more and more what you seem to
have talked about was the physical location. And given that
more and more trading is going electronic, away from the open
outcry--talking about my area--we have the options exchange and
the clearinghouse most specifically that has been a
concentration. I kind of recognize the problem of dealing with
cyberterrorism. But given where the markets are going every day
increasingly--I do think you have to worry about physical
location, backup facilities, dealing with the clearinghouse--my
bigger concern is the electronic piece of this market, where
the market really is going tomorrow, and less about the
physical locations.
I am not--given that we have the Board of Trade, the
options, and the Merc and the stock exchange in Chicago, I do
care about the physical locations, but if you just look at the
trading future of where they are going, where handhelds are now
on the floor, I am more and more interested about the
electronic piece of this business and not the physical location
of it.
I may have to go into a witness protection plan now that
Chicago hears I could care less about the physical. I don't
care less about it, but what I care about is what is going on
electronically and what you are doing to protect that. And as
you said, it is the most difficult part of what we have to do,
and yet if you look at where trading is today and how it is
moving tomorrow, it is almost purely electronic, and you could
do that by each of the exchanges and go through them and talk
about what their futures are like. And having sat on the Merc
board, that was the preoccupation of the board for a long time,
and that is where the exchange is going now.
Mr. Colby. You are right in pointing out that the physical
threats are less significant if you have an electronic market,
because as long as you have dispersion between your operating
centers, the market can continue. In fact, some of the markets
that have physical floors, have as their backup plans an
electronic market. So they recognize that, though that is not
where they want to go to, but if they have to maintain their
operations, they can do it electronically, which then puts a
premium on cybersecurity. And this is something that it is very
much a focus. It is a focus for the government, from the
President's Committee on Infrastructure Protection right on
through down to our level. And there have been a lot of
measures taken by the various markets and clearance and
settlement systems to try to assess and protect their
information security.
Mr. Emanuel. Well, I want to drive this point home, because
as I look at this report, obviously you have the shadow of
September 11th that hangs on it, but the truth is I don't want
to protect for September 11th alone. They are not going to just
do a repetition of September 11th. We have to actually prepare
for the next attack that is going to be, in my view, a lot
different than September 11th. And we have to deal with where
our exchanges are going, where our trades are going.
And my one last comment as well as question is given that a
lot of these functions today--the clearinghouse in Chicago is
really a consolidation for the different exchanges. That
consolidation actually makes it at one level economically
efficient and another level a far greater target for--and
easier to disrupt for a terrorist organization. And I don't
even know if that--that is more of a statement than a question.
So, given the trends of what is going on in the industry, I
want us to be thinking about the future not so much about
laying in place the protections about what happened in the past
and only the past. Thank you.
Chairman Baker. Thank you, Mr. Emanuel.
Ms. Brown-Waite.
Ms. Brown-Waite. Thank you, Mr. Chairman. I apologize for
not being here sooner; I had some constituents from my
district.
This question may have already been answered, but have the
agencies actually reviewed the inter-agency white paper that
set a goal that may be so costly and unreasonable that it would
be unachievable? Have you done an economic analysis of what
this recommendation would mean to the industry? And I think I
would ask this to Mr. Colby.
Mr. Colby. We have tried to do an economic analysis. We
received comments on the one that was initially put out. We are
in the process of revising it. We plan a process of consulting
with the firms to try to assess what the impact of the revised
statement would be in order to try to take into account the
cost impacts.
Ms. Brown-Waite. But do you actually have an estimate of
what the cost impacts are?
Mr. Colby. We have a sense from the people, the firms that
would be affected, of what the costs were. These are, of
course, proprietary expenses. We have not made them public, but
we have been pursuing with them what the costs would be.
Frankly, a lot of the cost depends on the implementation
schedule, because if it is something that can be worked into
their computer planning and automation development, it is much
less expensive than if it has to be done immediately.
Ms. Brown-Waite. Thank you, Mr. Chairman. I yield the rest
of my time.
Chairman Baker. Thank you very much.
Mr. Scott?
Mr. Scott. Yes. Thank you, Mr. Chairman.
In the wake of 9/11, of course, we have put together the
Department of Homeland Security. I would be interested in
knowing both of your opinions.
What do you see the role that the new Homeland Security
Department will play in ensuring that we have continuity in the
event of another terrorist attack and in preparation,
particularly as it relates to business continuity and investor
confidence?
Mr. Colby. The topic of business continuity and investor
confidence is one that is important to the homeland security.
To date, they have been interacting with the group that was set
up before the Homeland Security Department called the Financial
and Banking Information Infrastructure Committee, chaired by
the Treasury Department, of which we, the bank regulators and a
number of other agencies, are part.
They have been working through this group in order to try
to coordinate policies and improve the development. But from
our interaction with them, it is very clear that this is a
matter that is of concern to that Department.
Mr. Scott. Are you satisfied with what the Department of
Homeland Security is doing or projected to be doing to ensure
that our markets will continue to operate? Is there anything
else you would recommend?
Mr. Colby. My sense is that they are taking this very
seriously, and it is going to be one of the important items on
their agenda.
Mr. Scott. Okay. Thank you Mr. Chairman.
Chairman Baker. Thank you, Mr. Scott.
Ms. Harris.
Ms. Harris. Thank you, Mr. Chairman.
With a follow-up to Ms. Brown-Waite's question concerning
technology, is there an overall assessment concerning
cyberterrorism and how this would affect the financial markets?
And then secondly, how would you characterize the state of
preparedness with regard to future terrorist attacks and how
they will affect our financial markets?
Mr. Colby. I did not hear the last question, I'm sorry.
Ms. Harris. How would you characterize the state of
preparedness of our financial markets with respect to future
terrorist attacks?
Mr. Colby. Cybersecurity is, obviously, more amorphous than
physical threats because with physical threats you can assess a
particular location or building and say, what happens if that
was damaged?
Threats can come in a variety of different shapes and
forms, but there are very active efforts on the part of the
financial institutions and the self-reporting organizations
that are dependent on information--and the securities markets
are, at base, an information business--to protect themselves
from the threats that could disable their operations or create
polluted information flows within the system.
So our sense is--and we are not alone in looking at this,
but a number of consultants and advisers have looked at it--it
is something that you need to stay focused all the time, but
the efforts that have been dedicated to it have been very
extensive and effective.
The overall state of preparedness has come a long way. We
are in much better shape than we were on September 11, but
there is more to be done. I think that both the agencies that
are in charge of it, the self-regulatory organizations that
operate trading markets and oversee members, and the financial
firms themselves, are all very focused on preparedness at the
very highest levels of their institutions. It went from being
one more cost item to being a critical matter for each of these
institutions.
Chairman Baker. Thank you, Ms. Harris.
Mr. Inslee?
Mr. Inslee. Thank you.
I wanted to ask about your findings on the automated review
group, the ARP. You seemed to suggest that--and I missed your
oral testimony, I am just reading here, I am sorry--but you
seem to suggest that there were inadequate resources to really
complete some fundamental reviews. I think you noted that there
were only 7 out of 32, if I read your testimony right, that
have been completed, which to me was a pretty glaring failure
given the risk to these markets.
Is that--from your review, is that simply a result of lack
of resources and appropriations to the SEC? Is there some other
inhibition? What is the reason for that failure?
Ms. D'Agostino. The resources--the automation program could
use more resources and more experience levels. The problem is--
and this is true pretty much throughout the government, it is
not unique to the SEC; even GAO has some challenges in this
area of human capital--getting good technical people and being
able to pay them enough to retain them.
In saying that, I don't mean to belittle our
recommendation. It is not just an SEC problem, but it is an
important program, we think, from the standpoint of the
markets. It is the only oversight program going that does what
it does. It has been particularly challenged in terms of being
able to handle high turnover rates, low staffing levels,
sometimes as low as three to four people. They are now up to
10, I believe, to handle 32 market organizations.
As I think our report mentioned, Federal standards
recommend reviewing high-risk organizations once every year or
two. This puts the SEC program in a kind of straits.
Mr. Inslee. This is one of the reasons we were concerned
when the administration tried to cut the SEC budget, at least
below what it was promised. We hope at the end of this budget
cycle that sanity is restored and we get resources for getting
this done. Thank you for letting us know about that.
Ms. D'Agostino. Thank you.
Chairman Baker. Mr. Renzi?
Mr. Renzi. Thank you, Mr. Chairman.
Thank you, Ms. D'Agostino and Mr. Colby. I appreciate your
time and the detail and the professionalism of your report.
I come from the wildlands of Flagstaff, Arizona, and
recently I had an opportunity to sit in on a contingency where
a regional attack was simulated at the Northern Arizona
University dome. We had the firemen and we had the police out
there, and we had helicopter crews come in. It was a regional
attack.
I learned that the rail runs through Flagstaff and the
major highways run through Flagstaff, and a big gas oil line
runs through Flagstaff. I also learned that a communications
hub is in that area, one that goes all the way to communicate
to the east coast.
I said to myself, if we had a regional attack and it
knocked out the ability of L.A. to trade in New York, and we
set up this bicoastal confrontation between the L.A. investors
not being able to invest if the market stayed open--or would it
close? What would happen if all of a sudden we had this East-
West conflict based upon regional attacks, particularly in the
West, if you don't mind?
Ms. D'Agostino. From a telecommunications standpoint?
Mr. Renzi. Telecommunications, and a communications hub.
Ms. D'Agostino. The telecommunications infrastructure
network involves more than single paths for communications to
go through, and many different options for switching. So it is
not clear that--
Mr. Renzi. That one would be knocked out--
Ms. D'Agostino. You would have to really know where
everything is.
Mr. Renzi. When you look at the manufacturing industry and
you look at upstream suppliers--I am sure you look at upstream
suppliers or vendors who provide you with integral portions of
what it takes for you to do business--have you looked from a
contingency standpoint at all those integral nodes; not only
communications, then, since we are able to go on a different
path, but all the upstream providers that are integral to your
operation from a contingency standpoint, like a manufacturer
operation would look upstream?
Ms. D'Agostino. GAO has not done such a review, to my
knowledge.
Mr. Colby. You as the securities markets are supported by a
lot of suppliers that provide various services. Some of them
are regulated, some are not.
We have been looking at the regulated ones within the
limitations of our resources, and we have been talking to the
securities firms about themselves checking about the resilience
of their providers, their service providers, because they rely
on vendors of various types. So since September 11 there has
been an extensive amount of back-checking about resilience.
Mr. Renzi. Right. Any great organization has an Achilles'
heel. That is what I am going for here. I am just a small
businessman from Arizona is all, but my instincts tell me that
if we look at the stock market and we look at other avenues to
attack the stock markets, which is in the direct crosshairs of
the terrorists, that next time they are going to be smart
enough to attack somewhere that directly affects the stock
market without attacking New York. So in your course of
discussions and development on this, I would urge you to maybe
take a look upstream. Thank you.
Chairman Baker. Thank you, sir.
Mr. Israel?
Mr. Israel. Thank you, Mr. Chairman. I apologize for being
late. The Committee on Armed Services has a hearing in conflict
with this, so I have been shuffling back and forth.
Several weeks ago I visited with a local company in my
district called Applied Visions. They are working with the
Defense Advanced Research Projects Agency to develop software
that would protect financial institutions and others against a
cyberattack, and helps people assess the likelihood of a
cyberattack.
One of the things that I learned at that meeting was that
some financial institutions in the New York area, I believe the
New York Stock Exchange and others, have created a kind of
voluntary association, a kind of collective self-defense pact
against cyberterrorism. They work together to monitor potential
attacks, and then they alert each other if they believe an
attack is imminent against any of those that are included in
that group.
The problem is that if they are aware of a potential attack
against a financial institution outside of that group, there is
not much that they can do about it. They do not necessarily
share that data. So here you have a group that has the
potential of protecting a large number of financial
institutions against a cyberattack, but does not have the
wherewithal or the ability or willingness to alert the broader
community.
I was wondering whether in your research you were aware of
that group, and whether you can make specific suggestions on
how it can be broadened to provide the greatest extent of
protection to the largest number of financial institutions,
rather than a select few.
Mr. Colby. That is not the only group operating,
fortunately. There are other channels to get the information
out. There are a variety of information dissemination groups,
ISACs they are called. There is one in the securities world
operated by SIAC.
Also, on the government level there is a process developed
through this FBIIC channel so when a regulator learns of
something that affects a regulated entity, they communicate it
up so that at a much higher level you can look and see, if
there is a pattern here. Once the pattern is identified, the
threat can be communicated back down to all people that might
be potentially threatened.
Mr. Israel. Are they required to communicate that threat?
Mr. Colby. There is not a specific rule that requires it,
but in practice it is expected and it does happen, because
there is a interconnection between the securities firms and
their self-regulators; maybe not quite daily, but a very close
interaction beyond that; so this sort of communication is
expected to be communicated into the channels and made--and it
has happened. It has happened where the firm will say, look, we
have just had a problem. The regulators then say a firm has
just had a problem. We think it is internal, but we then
canvass and check and see if anyone else is having the problems
in order to identify whether it is a generalized problem or
infectious, or an internal glitch.
Mr. Israel. One final question. Do either of you believe
that the current systems that are available to assess threat
are effective, or do we need to improve the software or improve
other systems so that we are better equipped to assess a
potential cyberattack against financial institutions?
Ms. D'Agostino. I know there are a number of software
options out there. I know some very large multinational
corporations have even developed their own threat and risk
assessment and risk management software.
The important thing is the inputs into the decision-making
models that the software represents. That would involve some
good intelligence information about the threats and who is
targeting you and what kinds of possible scenarios. It is
development of reasonable and, I guess, viable scenarios for
you to play out, then, through the software.
So just as important as software solutions are getting that
good data and those viable scenarios to input through those
models and get you some reasonable outputs to assess then, and
to make decisions on your security solutions.
Mr. Israel. Very good. Thank you. I yield back, Mr.
Chairman.
Chairman Baker. Thank you, Mr. Israel.
I want to express to each of you and the agencies you
represent my appreciation for your appearance and your work.
Mr. Manzullo. Mr. Chairman.
Chairman Baker. Sorry. You are recognized. I apologize.
Mr. Manzullo. Thank you.
Thank you for coming. I am sorry I was not here for the
testimony.
Ms. D'Agostino, as I read the testimony, on page 4 it is
absolutely startling that companies that are professionals in
back-ups and redundancy systems for the purpose of security and
storage of equipment in many cases never took the time to track
the path or switches, so that a company's main path or switch
would also be the same path or switch of the company hired for
the redundant system.
That is pretty dumb. I don't understand how a security
company could hold itself out as being an expert--and I see
some guys back there nodding their heads, "Yes, maybe we got
ripped off." ask for your money back.
But even under a situation where there had been, for
example, a fire in the building and not an act of terrorism,
this statement is absolutely startling. I am not one big into
licensing for professionals, but in your investigation, the
people that install these redundant systems for backup of
material, et cetera, are they held to a particular licensing
standard or a degree of education? Is there some kind of a
professional path, or do they just have a nice white business
card with a nice emblem and their name is printed in gold?
Ms. D'Agostino. We don't really have any information. We
didn't do any work on that. I think in some cases, as was
relayed to us, the backup or alternate providers of
telecommunications actually did have at one time separate lines
and paths; but then later after the contract, sometime later
and without notifying the client, moved the paths into the same
lines as Verizon.
Mr. Manzullo. That would be a breach of contract, as far as
I am concerned.
Ms. D'Agostino. We--
Mr. Manzullo. That is none of your--but that is extremely
serious, because the companies hired to do this are--boy, I
woke you government employees up there, didn't I? Everybody is
nodding and saying yes.
I don't have a very technical background and don't
understand a lot of these terms that are used in
communications, but I just--what I see here is a good-faith
effort on the part of these houses to back up their system. You
don't anticipate an emergency such as September 11, but they do
anticipate somebody getting into their system and screwing up
their lines. They do anticipate, you know, a flood or water
getting into the basement, or a lightning strike, or a surge,
or a fire on their premises.
Here in good faith they hire these firms, and initially, as
you said, there are separate lines. Then the lines get merged
by the security firms. I consider that to be a very serious
breach, and there has to be a tremendous amount of
responsibility that is placed upon those companies before
setting up a system like that.
You don't have to respond to that. This is more of a
comment.
Mr. Colby. I would just say this is something that came as
a surprise to many, including the firms that believed that they
had built redundancy. Apparently, as Davi said, they contracted
for different systems. They were told by the contract providers
what the routes were. The routes were different when they
contracted for them, but apparently there was a freedom under
the contracts to subcontract, and sometimes in the course of
the subcontracting, they got routed through paths that were not
diverse--but now steps have been taken to help address this.
One includes development by the Securities Information
Automation Corporation of its own network. Bob Britz, who is
testifying later, is a co-president of that organization and
may be able to give you more information on that.
But realizing in hindsight this was a problem, there have
been proactive steps taken to create diverse alternatives to
the existing telecommunications--
Mr. Manzullo. But it would be hindsight by the houses. They
are not charged with that type of knowledge, and certainly how
could it be hindsight by the people putting in the security
systems when it does not take but a second grade education to
figure out that you have a separate path? I am a pilot, I am
not current in my license, but in large aircraft you always
have a redundancy system so if something breaks down, you can
go onto something else without depending upon those lines.
Maybe I am being hard on these companies, but perhaps I am
not. If you contract for security, and you get two lines, and
then somebody brings those two lines into one to save some
money, I just think that is a very serious breach of ethics.
Thank you.
Chairman Baker. Thank you, Mr. Manzullo.
I do appreciate your appearance here today, the work you
have done, but also wish to make it clear that from the
committee perspective we understand this is an ongoing and
continual responsibility.
In the scope of your services if you identify things that
the Congress should respond to, whether it be legislative
authority, and certainly matters relating to necessary funds to
conduct these activities, the committee would like to
continually be informed of those needs so we may be
appropriately responsive. We certainly don't want to do
anything that contributes to exacerbating a very difficult
circumstance when this eventually may reoccur. Thank you very
much for both being here.
At this time, I would ask that panelists from the second
panel come up to the table. Good afternoon and welcome. I
certainly appreciate each of your appearances here this
afternoon.
In order to move us along, I would begin by introducing our
first witness, Mr. Richard Ketchum, President of the NASDAQ. We
certainly welcome your participation here this afternoon.
STATEMENT OF RICHARD G. KETCHUM, PRESIDENT, NASDAQ STOCK MARKET
Mr. Ketchum. Thank you, Mr. Chairman. Thank you, members of
the subcommittee. I want to congratulate you on having this
hearing. It is clearly timely, and I think the oversight this
committee provides on this critical issue is very, very
important. I appreciate this opportunity to describe the steps
that NASDAQ has taken to ensure our business continuity in the
event of another catastrophic event.
Any analysis of industry preparedness must first review the
market's response to the 9/11 attacks. Because our main and
backup technology centers are located outside Manhattan, it is
important to note at the outset that at no time following the
disaster that occurred on September 11 were NASDAQ's systems
inoperative. At the time of the 9/11 attacks, trading was
suspended, but NASDAQ systems and network continued to operate,
and indeed provided an opportunity for testing for the firms
that operate in our marketplace. Therefore, our primary concern
regarding reopening the markets after 9/11 related to our
ability to connect with the firms that are active in NASDAQ and
bring liquidity and ordered flow to our marketplace.
Following the 9/11 attack, we worked closely with the SEC,
Treasury, Federal Reserve, the NASD and the New York Stock
Exchange, as well as key member firms, to resume trading as
soon as possible. That cooperation was an important factor in
reopening the markets and restoring investor confidence. I am
very proud of the efforts of so many talented people at NASDAQ
who worked tirelessly with so many others in the financial
services community to bring our markets back on that Monday, 9/
17, safely and without incident.
While the events of September 11 did not fundamentally
change NASDAQ's understanding of the potential range of threats
to the financial services sector, they amplified awareness of
the potential reach that could be exerted by such threats.
NASDAQ has implemented a fully developed business continuity
disaster recovery plan that will allow the continued trading of
NASDAQ securities in the event that one of the NASDAQ data
facilities is rendered inoperative.
In short, we believe that disasters are managed not only by
hardening potential points of failure, but also by building
redundancies wherever possible into the entire trading network,
and by regular testing of those backup capabilities.
Geographic diversification of redundant facilities is a
core component of NASDAQ's business continuity strategy. Our
redundant data facilities are located hundreds of miles from
one another in differing geologic and climatic zones, so that
the same natural event has a low likelihood of impacting both
sides. NASDAQ also decreases its vulnerability by operating
from separate utilities and local telecommunications services.
While we are confident that our system's designs and
contingency plans contain appropriate levels of redundancy,
NASDAQ appropriately works with member firms to support them in
enhancing their backup capabilities as well. In that
connection, NASDAQ, working with the NASD, has submitted a
ruling filing, as has the New York Stock Exchange, that would
require broker/dealers trading in NASDAQ securities to engage
in appropriate business continuity planning. As a result of
each of these ongoing efforts, I am sure that our equities
markets are more resilient than they were on September 11,
2001.
We have also worked closely with the GAO as it evaluated
NASDAQ's preparedness and developed its findings and
recommendations. We generally share their view on the need to
develop goals, strategies, and sound practices to improve the
resiliency of trading functions and enhance the SEC's funding
for technology and staff.
We are also working with the SEC and the New York Stock
Exchange to develop a plan under which NASDAQ and the New York
Stock Exchange can trade each other's securities in the event
of a disaster that rendered either market inoperable.
It is important to emphasize that these plans are only a
final layer of protection for the U.S. Securities markets. The
first line of defense for stock markets will always be their
own backup systems, and the continued operation of each market
has to be the first priority.
In conclusion, following September 11, the U.S. Financial
industry demonstrated its resilience and resolve to maintain
the most liquid and stable markets in the face of terrible
challenges. Truly, NASDAQ's trading network has demonstrated
its unique value as part of that infrastructure. However, our
work is not done. NASDAQ, the government, and the financial
services industry will need to continue to work in concert to
ensure that trading can resume following a catastrophic event.
Thank you again for providing me this opportunity to
describe the steps NASDAQ has taken, and I would, of course, be
happy to answer any questions from the committee.
Chairman Baker. Thank you, Mr. Ketchum.
[The prepared statement of Richard G. Ketchum can be found
on page 278 in the appendix.]
Chairman Baker. Our next witness is Mr. Robert Britz,
president and chief operating officer, New York Stock Exchange.
STATEMENT OF ROBERT G. BRITZ, PRESIDENT AND CO-CHIEF OPERATING
OFFICER, NEW YORK STOCK EXCHANGE
Mr. Britz. Thank you, Mr. Chairman. I appreciate the
opportunity to be here before you and before the distinguished
members of this committee.
As the president of the Exchange, I lead the Exchange's
Equities Group, which is responsible for the day-to-day
operation of our trading floor, our data processing sites, our
technical infrastructure, software development, and our
information business. I also head the Exchange's International
Group, which is responsible for maintaining relationships with
international non-U.S. Companies, as well as securing new non-
U.S. Listings.
In addition to that, I am chairman and CEO of the
Securities Information Automation Corporation, or SIAC, which
has been referred to once or twice already today.
On behalf of the NYSE and our chairman, Dick Grasso, I
thank the subcommittee for providing this forum to discuss
business continuity and contingency planning in conjunction
with the release this afternoon of the report of the GAO on
that issue.
The report released by the GAO today is the result of more
than 17 months of work that included reviewing business
continuity plans and the physical and information security
measures of the NYSE and SIAC. GAO conducted a dozen visits and
follow-up telephone calls with us. We would like to thank the
GAO staff for their professionalism throughout this important
review.
The NYSE has developed forward-looking business continuity
strategies that harden our physical and information technology
infrastructure and improve our ability to withstand or recover
from a disaster.
Our approach consists of three components: to prevent an
attack or natural catastrophe, to withstand them, and to
recover from them. In close cooperation with Federal, State,
and local law enforcement, the Exchange has expanded its
physical security perimeter. We have also taken measures to
increase the screening of all people, package delivery, and
mail that enters the NYSE or our data centers, and we have
instituted a more restrictive policy on visitors and
deliveries.
The NYSE employs a rigorous information technology
structure to ensure the reliability of all information we
receive, process, and disseminate to the world every day. We
employ external perimeters, firewalls, intrusion detection, and
international access controls, and we conduct penetration
testing using so-called friendly hackers.
SIAC chairs the Financial Services Information-Sharing
Analysis Center, which was referred to earlier, and that works
with government agencies to identify and assess potential
threats. All of our facilities have emergency generator backup
and store water on site to enable continued operations after
the loss of power or water. If we lose natural gas service, we
can operate on fuel oil.
Our primary trading floor is actually five distinct trading
floors located in four different buildings. Trading can be
moved from one location to another as may be necessary, a so-
called compaction exercise.
Our plans include redundant, active data centers served by
different power grids and multiple telecom central offices,
with each site sharing the daily processing load generated by
trading about 1.4 billion shares a day. All of our facilities
have backup power generators and UPS. We have a backup trading
floor that was instituted post-9/11, developed at a cost of
approximately $25 million. This alternative venue would support
the trading of all NYSE-listed securities in a very
conventional market structure model on a next-day basis after
an event that disabled the primary trading floor.
The NYSE and SIAC have launched Secure Financial
Transaction Infrastructure, SFTI. That has been referenced once
or twice already today. It is a primary extranet servicing the
financial industry. It provides diverse, fully redundant
routing to the SIAC data centers for member firms, national
market participants that are connected to the NYSE, to the
American Stock Exchange, the National Market System, and DTCC's
IT infrastructure as well.
Following September 11, 2001, U.S. equity trading was
interrupted because many broker/dealers lost their connectivity
to the markets due to the damage suffered by a major central
telecommunications switching facility at Ground Zero. SFTI
addresses this by enabling member firms to connect to the
NYSE's data centers via private fiberoptic connections to
multiple access centers, so-called carrier hotels, throughout
the New York metropolitan area, as well as in Boston and
Chicago.
SFTI possesses no single point of failure. All of SFTI's
equipment, connections, power supplies, network links, and
access centers are redundant, and its architecture features
independent, self-healing fiberoptic rings. If a SFTI fiber
pathway is compromised, financial data traffic is simply
rerouted.
The NYSE is ready to trade the top NASDAQ stocks,
approximately 250, which account for, we believe, 80 percent of
the average daily volume in the unlisted market. All NYSE
systems have been modified and can support the four character
symbols used by such unlisted stocks so that there is no need
for modification of the broker/dealer systems. Because the
NYSE's capacity is today about five times our average daily
volume, the incremental volume associated with trading these
NASDAQ stocks can well be absorbed.
The NYSE is committed to ensuring that the U.S. capital
markets remain the envy of the world, and to insulate them from
interruption by attack or natural catastrophe by protecting
them from threats, by creating an infrastructure that can
withstand attack or catastrophe, and by developing contingency
plans that enable quick recovery.
In the event a terrorist attack or catastrophe achieves
penetration and takes out our real-time infrastructure, the
NYSE is able to resume trading in a timely, fair, and orderly
fashion that will ensure that every single one of America's 85
million investors has access to our member firms and to us.
Mr. Chairman, I want to thank you for the opportunity to
present this testimony, and I would be happy to answer any
questions you or the committee members may have.
Chairman Baker. Thank you, Mr. Britz.
[The prepared statement of Robert G. Britz can be found on
page 40 in the appendix.]
Chairman Baker. Our next participant is Mr. Donald Kittell,
executive vice president, Securities Industry Association.
STATEMENT OF DONALD D. KITTELL, EXECUTIVE VICE PRESIDENT,
SECURITIES INDUSTRY ASSOCIATION
Mr. Kittell. Thank you, sir. Thank you, Mr. Chairman and
Ranking Member Kanjorski, and members of the committee. I
appreciate the opportunity to describe for you the significant
progress that securities firms have made in response to 9/11.
The most significant outcome of 9/11, in my mind, was the
realization that we are under attack. 9/11 did not occur in our
own backyard, it occurred in our own front yard. What has been
the impact of that realization? We now know that the danger is
real. We assume that additional attacks will happen. We are
sensitive to the expanded range of potential scenarios
impacting both physical and cybersecurity that exist. We agree
with the comments of the earlier discussion about
cybersecurity.
We have established industry command centers which are
linked with other centers in municipal, State, and Federal
Government, homeland security, as well as other industry
sectors. We are engaged in a long-term strategy to disperse
industry infrastructure. We are making significant investments
in effective backup facilities which are currently being
tested. We have recognized that disaster recovery is the
responsibility of the entire enterprise of a firm and not just
its information technology or operations groups. We recognize
that we are dependent on external critical service providers,
such as telecom, transportation, power, and municipal services
such as police and fire.
We cannot say that we can defend against any and all
attacks; we can say that we understand the threat and have
taken significant steps towards prevention and recovery.
I would like to highlight three aspects of the industry's
efforts. First, the financial services sector is sharing
resources through the Financial Services Sector Coordinating
Council. This group represents over 20 trade associations and
industry organizations, many of whom did not speak to each
other prior to 9/11, but are now sharing continuity planning
resources.
An example of the effectiveness of this group is the
coordination of efforts across the sector with financial
services regulators, so we have 15 financial services
regulators with a single point of contact to 20 or more
industry associations.
A third example is the coordination of the Financial
Services Information Sharing and Analysis Center, which Bob
Britz just talked about, which addresses cybersecurity attacks,
which gives us the ability to communicate with each other in a
rapid fashion.
The second important aspect I would highlight is the
positive relationship between the private sector and the
financial services sector. This relationship was remarkably
effective in the immediate response to 9/11, and it continues
to be so in the industry's efforts to strengthen resiliency
over the last year and a half.
An example of that is the dialogue on the Financial and
Banking Information Infrastructure Committee, or FBIIC, that
Bob Colby referred to earlier; the financial services
regulators, chaired by the U.S. Treasury and the FSSC that I
referred to earlier representing the private sector.
The second example is the white paper dialogue between the
regulators and the industry on clearance and settlement
infrastructure, which was discussed earlier. There were
actually two papers on clearance and settlement, both which
raised significant questions and industry participants referred
to with thoughtful comments. There is continuing dialogue on
this. I think Mr. Colby said the next version of the second
white paper would be out within a month, and we look forward to
continuing that dialogue with the regulators.
The third important aspect that I would highlight is the
positive contribution of the GAO. We worked with the GAO,
notably on Y2K 2 years ago. We found their input to be
extremely constructive. We have had the opportunity to review a
draft of the report released today, and although I have not had
the opportunity to review this with our member firms, I do want
to make the following comments.
First, we agree with the GAO findings that business
continuity plans need to be improved over the pre-9/11 status.
I also note that the period of the GAO study was, I believe,
February to June of 2002, and a great deal has happened since
that time.
We also agree with the specific areas for improvement
highlighted in the GAO report, such things as improved backup
facilities, greater geographic dispersion, and so on.
Secondly, SIA agrees that the clearance and settlement
facilities are critical to an effective resiliency plan. We
forwarded our comments on the white paper, and we are very
pleased with the results so far of the organizations involved
in clearance and settlement.
We also agree with GAO that the trading facilities are also
critical to an effective resiliency plan. There is no better
example than the effort to open the market following 9/11.
We also agree with the SEC's comments that the regulatory
environment around the trading function is different than the
regulatory environment around clearance and settlement.
However, we are very confident that those issues can be
resolved, and that the firms certainly do not believe that
there should be any less emphasis on trading facilities than on
clearance and settlement.
Finally, SIA supports additional funding for the SEC as a
general matter, but particularly including its oversight of
business continuity.
The securities industry has built on its commitment to
operational recovery, its experience on Y2K, and other
industrywide projects to effectively address the threats posed
by terrorist attacks. The efforts of individual organizations,
the coordination of activities across all the sectors in the
financial services sector, the positive relationship with the
regulators, with the oversight of the Congress and the GAO, is
a strong combination for an effective response to terrorism.
We have accomplished a great deal in the last year and a
half. We understand there is more to be done. We are committed
to the task ahead.
Thank you.
Chairman Baker. Thank you very much, sir.
[The prepared statement of Donald D. Kittell can be found
on page 290 in the appendix.]
Chairman Baker. Our next witness is Mr. Micah Green,
president of the Bond Market Association. Welcome, Mr. Green.
STATEMENT OF MICAH S. GREEN, PRESIDENT, THE BOND MARKET
ASSOCIATION
Mr. Green. Thank you, Mr. Chairman and Mr. Kanjorski.
Mr. Chairman, I want to thank you for the opportunity for
us to give our testimony, and really congratulate you for the
leadership you have shown on this issue, and for the work of
the SEC and other regulators in working with the industry to
try to move on this important issue.
I will touch briefly on the business continuity issue, but
want to spend most of my oral remarks telling you about the
bond markets and how they responded at the time of 9/11,
beyond, and then looking to proposals that could affect the
future.
Briefly on business continuity plans, I would frankly
associate myself with the remarks of Mr. Kittell. We have
worked very closely with the SIA to provide the bond market
perspective on the issue of business continuity, and we have
been participating in the coordinating councils.
We, too, have set up a management council within our
organizations working with our members to create redundancy,
and frankly working within the association to create the
ability to communicate with our membership, because what we
learned at that time is that communicating within the breadth
of the industry was almost as important as the industry itself
communicating with its customer base. So I would really stand
by what our colleagues at SIA said about business continuity
planning.
But let me relate it to the bond markets, because the bond
markets are very different in the way they operate versus the
equity market.
Unlike the centralized, exchange-traded New York Stock
Exchange and other equity markets, the bond markets are
inherently a decentralized, over-the-counter market, which
means it is a dealer-to-dealer marketplace. People buy and sell
bonds when they want to buy them, where they want to buy them.
There are hours of trading, but frankly, it is a 24-hour
marketplace.
The New York marketplace right now is starting to wind
down. The Japan and other Asian marketplaces are starting to
crank up. About 11 hours from now, the London and other
European markets will crank up. It is a never-ending cycle.
In fact, an interesting thing to remember in 9/11, much of
the trading that occurs in the bond markets, particularly in
the repurchase agreement market, which is the funding mechanism
for many of the trades, actually occurs before 9 o'clock in the
morning. So when that first plane hit the World Trade tower at
8:46 a.m. And hit the largest inter-dealer/broker of all,
Cantor Fitzgerald, there were hundreds of billions of dollars
of transactions that had already occurred that day.
In fact, daily volume in the bond markets is over $600
billion a day. There are almost $20 trillion of bonds
outstanding, and it is a very actively traded market. So when
those planes hit, it was not just about getting the markets
back open; it was also about figuring out what took place that
went down with those towers, so the effect on the clearance and
settlement process. And figuring out how to get the bond
markets back open was as much about trying to reconcile what
had occurred so those trades could be completed and those
trades could be closed.
Interestingly, while the stock markets were able to open up
through these heroic events on Monday, September 17, the bond
markets, because of their decentralized character, were able to
get back up and running on an orderly basis at 8 a.m. on
Thursday morning, September 13. Interestingly, though, bonds
never stopped trading. There were trades done in the afternoon
of 9/11. The Fed, the Federal Reserve, in its exercising of
monetary policy, came to the marketplace to provide liquidity
to the marketplace in the government securities market on 9-12.
So, as you see, the bond markets can operate differently.
Because of their role in the financial system, keeping markets
open is crucially important.
It is a good segue into a proposal that is now pending
coming out of the Municipal Securities Rulemaking Board in
their post-9/11 efforts. They have recommended to grant them
the authority--the Municipal Securities Rulemaking Board, a
self-regulatory organization governing just the municipal
securities market--to grant them the authority in the case of
an emergency to, by regulation, halt trading in those markets.
The reaction of our association has been one of strong
opposition to that, because we believe, frankly, in the time of
an emergency is when you want markets open. You want capital to
flow as smoothly and as easily as possible, so we oppose it
philosophically.
We do understand, though, that policymakers such as
yourselves or the SEC or other regulators may want some degree
of authority if the worst, the unthinkable, God forbid, ever
happens again, much worse than 9/11. So the Bond Market
Association, while we have a philosophical opposition to a
self-regulatory organization, or frankly, any authority, saying
decentralized debt markets should be halted by law, we realize
you may have an interest in having some Federal authority.
We could live with a governmental authority, not a self-
regulatory authority but a governmental authority, at the
highest possible level to deal with emergencies--we can't tell
you what authority that is because of the unique nature of the
regulatory scheme covering the bond markets generally,
frankly--working with the President's Working Group, which
includes the SEC, the Treasury, the Fed, including the Chicago
markets, so that there is a coordinated response, and that
authority should be narrowly defined so that it is absolutely
under a severe catastrophe. It is not about a breakdown of any
computer system or a breakdown of any trading system, but it
really has to be a catastrophe, because in times of stress, we
need markets open. In times of stress, we need capital to flow.
Because of the unique, decentralized nature of the bond
markets, they are able to more naturally operate in those
circumstances. We believe they should be open as much as
possible.
That would really conclude my oral remarks. I would be
happy to answer any questions you would have.
Chairman Baker. Thank you, Mr. Green.
[The prepared statement of Micah S. Green can be found on
page 185 in the appendix.]
Chairman Baker. I would ask the counsel and members, my
side has pretty much decided. I have just a few questions that
I would pose for the record for a written response. Mr.
Kanjorski may have a comment or two.
In order to use our time efficiently, I would conclude our
hearing, because we have a series of three votes which would
keep us for a bit.
Does anyone have any objection?
Mr. Kanjorski?
Mr. Kanjorski. No, Mr. Chairman.
Chairman Baker. If I may, let me just pose a few questions.
Also, the record will remain open for Members to, in
writing, submit further inquiries at their leisure. That
certainly would be preserved.
Chairman Baker. Mr. Scott, do you have any comment?
Mr. Scott. Just one question, sir.
Chairman Baker. One second, and we will try to get to you.
I noted in the GAO report, Mr. Britz, that there is a
comment that the SEC has asked the New York Stock Exchange and
NASDAQ to take steps to ensure their information systems can
conduct transactions and securities that the other
organizations trade. However, under this strategy the NYSE does
not plan to trade all NASDAQ securities, and neither exchange
has fully tested its own or its members' abilities to trade the
other exchange's deals.
Given our time constraints, I don't expect a discussion on
it at the moment, but if you can address that section of that
report and tell us what is planned; or perhaps since the date
of the report has that been addressed.
Secondly, I would like each of your opinions concerning the
GAO's observation that the SEC did not make mandatory the ARP
program rules, but expected the changes that they recommended
and the clearing organizations to comply with the various
information technology and operations practices voluntarily.
I would like to get back from you a statement if there is a
problem with mandatory compliance, the reasons therefore; or if
there isn't, is there some general review by your respective
bodies as to when or if the SEC should adopt such mandatory
compliance?
And then thirdly, the presentation of the white paper
expected in a month, I don't know if we will have another
hearing on the matter, but certainly we would like to have
industry communication to us about the outcomes of
modifications made and agreements reached as a result of the
next white paper.
Chairman Baker. Mr. Kanjorski.
Mr. Kanjorski. Mr. Chairman, I want to congratulate the
panel for a great report to us.
The only thing, Mr. Britz, I recently visited the
chairman's office in October. I am worried about the electronic
controls on the thermostat.
Chairman Baker. Mr. Scott.
Mr. Scott. One of the things--one of the conclusions that
was reached in a report released today was the length of time
that our markets could stay down, that we could absorb certain
lengths of times. I want to say with that how proud I think all
America was that we were able to get back up and running so
quickly after that devastating hit. But it did go on to say
that there is a certain amount of time before the economy will
be affected.
Do we have any idea of how long that delay would be before
the economy is really affected in terms of days, that it would
be negatively affected?
Mr. Britz. I am not an economist, Congressman, so I would
be very loath to say it is 2 days, 4 days, or 6 days. I will
say, coming out of 9/11, we were down from the 11th until the
17th. If we were to have the same kind of circumstance occur
again, I am very confident that our markets would be up in a
day or two; or let me put it this way, technically they would
be able to be up in a day or two. There may be policy
considerations as to why that is not a good idea.
From an infrastructure point of view, I think we have put
in place the kind of backup and contingency planning and
infrastructure that would not give rise to the 4- or 5-day kind
of outage that we had on September 11, 2001.
Mr. Green. I would just add that if the system of payments
is affected, Congressman--and, for example, if the Federal
Reserve cannot come to market to add liquidity because the
marketplace is closed, that has an immediate effect on the
macroeconomy. But in the microeconomy, an investor who wants to
sell security because they need cash to pay a kid's tuition
bill, that affects them immediately when they need that money,
so you need to open markets as quickly as possible.
Chairman Baker. Thank you each for your participation.
There will be further follow-up questions in the offing, but we
do request your continued information flow to the committee to
help us understand our circumstance. Thank you.
[Whereupon, at 4:53 p.m., the subcommittee was adjourned.]
A P P E N D I X
February 12, 2003
[GRAPHIC] [TIFF OMITTED] T6850.001
[GRAPHIC] [TIFF OMITTED] T6850.002
[GRAPHIC] [TIFF OMITTED] T6850.003
[GRAPHIC] [TIFF OMITTED] T6850.004
[GRAPHIC] [TIFF OMITTED] T6850.005
[GRAPHIC] [TIFF OMITTED] T6850.006
[GRAPHIC] [TIFF OMITTED] T6850.007
[GRAPHIC] [TIFF OMITTED] T6850.008
[GRAPHIC] [TIFF OMITTED] T6850.009
[GRAPHIC] [TIFF OMITTED] T6850.010
[GRAPHIC] [TIFF OMITTED] T6850.011
[GRAPHIC] [TIFF OMITTED] T6850.012
[GRAPHIC] [TIFF OMITTED] T6850.013
[GRAPHIC] [TIFF OMITTED] T6850.014
[GRAPHIC] [TIFF OMITTED] T6850.015
[GRAPHIC] [TIFF OMITTED] T6850.016
[GRAPHIC] [TIFF OMITTED] T6850.017
[GRAPHIC] [TIFF OMITTED] T6850.018
[GRAPHIC] [TIFF OMITTED] T6850.019
[GRAPHIC] [TIFF OMITTED] T6850.020
[GRAPHIC] [TIFF OMITTED] T6850.021
[GRAPHIC] [TIFF OMITTED] T6850.022
[GRAPHIC] [TIFF OMITTED] T6850.023
[GRAPHIC] [TIFF OMITTED] T6850.024
[GRAPHIC] [TIFF OMITTED] T6850.025
[GRAPHIC] [TIFF OMITTED] T6850.026
[GRAPHIC] [TIFF OMITTED] T6850.027
[GRAPHIC] [TIFF OMITTED] T6850.028
[GRAPHIC] [TIFF OMITTED] T6850.029
[GRAPHIC] [TIFF OMITTED] T6850.030
[GRAPHIC] [TIFF OMITTED] T6850.031
[GRAPHIC] [TIFF OMITTED] T6850.032
[GRAPHIC] [TIFF OMITTED] T6850.033
[GRAPHIC] [TIFF OMITTED] T6850.034
[GRAPHIC] [TIFF OMITTED] T6850.035
[GRAPHIC] [TIFF OMITTED] T6850.036
[GRAPHIC] [TIFF OMITTED] T6850.037
[GRAPHIC] [TIFF OMITTED] T6850.038
[GRAPHIC] [TIFF OMITTED] T6850.039
[GRAPHIC] [TIFF OMITTED] T6850.040
[GRAPHIC] [TIFF OMITTED] T6850.041
[GRAPHIC] [TIFF OMITTED] T6850.042
[GRAPHIC] [TIFF OMITTED] T6850.043
[GRAPHIC] [TIFF OMITTED] T6850.044
[GRAPHIC] [TIFF OMITTED] T6850.045
[GRAPHIC] [TIFF OMITTED] T6850.046
[GRAPHIC] [TIFF OMITTED] T6850.047
[GRAPHIC] [TIFF OMITTED] T6850.048
[GRAPHIC] [TIFF OMITTED] T6850.049
[GRAPHIC] [TIFF OMITTED] T6850.050
[GRAPHIC] [TIFF OMITTED] T6850.051
[GRAPHIC] [TIFF OMITTED] T6850.052
[GRAPHIC] [TIFF OMITTED] T6850.053
[GRAPHIC] [TIFF OMITTED] T6850.054
[GRAPHIC] [TIFF OMITTED] T6850.055
[GRAPHIC] [TIFF OMITTED] T6850.056
[GRAPHIC] [TIFF OMITTED] T6850.057
[GRAPHIC] [TIFF OMITTED] T6850.058
[GRAPHIC] [TIFF OMITTED] T6850.059
[GRAPHIC] [TIFF OMITTED] T6850.060
[GRAPHIC] [TIFF OMITTED] T6850.061
[GRAPHIC] [TIFF OMITTED] T6850.062
[GRAPHIC] [TIFF OMITTED] T6850.063
[GRAPHIC] [TIFF OMITTED] T6850.064
[GRAPHIC] [TIFF OMITTED] T6850.065
[GRAPHIC] [TIFF OMITTED] T6850.066
[GRAPHIC] [TIFF OMITTED] T6850.067
[GRAPHIC] [TIFF OMITTED] T6850.068
[GRAPHIC] [TIFF OMITTED] T6850.069
[GRAPHIC] [TIFF OMITTED] T6850.070
[GRAPHIC] [TIFF OMITTED] T6850.071
[GRAPHIC] [TIFF OMITTED] T6850.072
[GRAPHIC] [TIFF OMITTED] T6850.073
[GRAPHIC] [TIFF OMITTED] T6850.074
[GRAPHIC] [TIFF OMITTED] T6850.075
[GRAPHIC] [TIFF OMITTED] T6850.076
[GRAPHIC] [TIFF OMITTED] T6850.077
[GRAPHIC] [TIFF OMITTED] T6850.078
[GRAPHIC] [TIFF OMITTED] T6850.079
[GRAPHIC] [TIFF OMITTED] T6850.080
[GRAPHIC] [TIFF OMITTED] T6850.081
[GRAPHIC] [TIFF OMITTED] T6850.082
[GRAPHIC] [TIFF OMITTED] T6850.083
[GRAPHIC] [TIFF OMITTED] T6850.084
[GRAPHIC] [TIFF OMITTED] T6850.085
[GRAPHIC] [TIFF OMITTED] T6850.086
[GRAPHIC] [TIFF OMITTED] T6850.087
[GRAPHIC] [TIFF OMITTED] T6850.088
[GRAPHIC] [TIFF OMITTED] T6850.089
[GRAPHIC] [TIFF OMITTED] T6850.090
[GRAPHIC] [TIFF OMITTED] T6850.091
[GRAPHIC] [TIFF OMITTED] T6850.092
[GRAPHIC] [TIFF OMITTED] T6850.093
[GRAPHIC] [TIFF OMITTED] T6850.094
[GRAPHIC] [TIFF OMITTED] T6850.095
[GRAPHIC] [TIFF OMITTED] T6850.096
[GRAPHIC] [TIFF OMITTED] T6850.097
[GRAPHIC] [TIFF OMITTED] T6850.098
[GRAPHIC] [TIFF OMITTED] T6850.099
[GRAPHIC] [TIFF OMITTED] T6850.100
[GRAPHIC] [TIFF OMITTED] T6850.101
[GRAPHIC] [TIFF OMITTED] T6850.102
[GRAPHIC] [TIFF OMITTED] T6850.103
[GRAPHIC] [TIFF OMITTED] T6850.104
[GRAPHIC] [TIFF OMITTED] T6850.105
[GRAPHIC] [TIFF OMITTED] T6850.106
[GRAPHIC] [TIFF OMITTED] T6850.107
[GRAPHIC] [TIFF OMITTED] T6850.108
[GRAPHIC] [TIFF OMITTED] T6850.109
[GRAPHIC] [TIFF OMITTED] T6850.110
[GRAPHIC] [TIFF OMITTED] T6850.111
[GRAPHIC] [TIFF OMITTED] T6850.112
[GRAPHIC] [TIFF OMITTED] T6850.113
[GRAPHIC] [TIFF OMITTED] T6850.114
[GRAPHIC] [TIFF OMITTED] T6850.115
[GRAPHIC] [TIFF OMITTED] T6850.116
[GRAPHIC] [TIFF OMITTED] T6850.117
[GRAPHIC] [TIFF OMITTED] T6850.118
[GRAPHIC] [TIFF OMITTED] T6850.119
[GRAPHIC] [TIFF OMITTED] T6850.120
[GRAPHIC] [TIFF OMITTED] T6850.121
[GRAPHIC] [TIFF OMITTED] T6850.122
[GRAPHIC] [TIFF OMITTED] T6850.123
[GRAPHIC] [TIFF OMITTED] T6850.124
[GRAPHIC] [TIFF OMITTED] T6850.125
[GRAPHIC] [TIFF OMITTED] T6850.126
[GRAPHIC] [TIFF OMITTED] T6850.127
[GRAPHIC] [TIFF OMITTED] T6850.128
[GRAPHIC] [TIFF OMITTED] T6850.129
[GRAPHIC] [TIFF OMITTED] T6850.130
[GRAPHIC] [TIFF OMITTED] T6850.131
[GRAPHIC] [TIFF OMITTED] T6850.132
[GRAPHIC] [TIFF OMITTED] T6850.133
[GRAPHIC] [TIFF OMITTED] T6850.134
[GRAPHIC] [TIFF OMITTED] T6850.135
[GRAPHIC] [TIFF OMITTED] T6850.136
[GRAPHIC] [TIFF OMITTED] T6850.137
[GRAPHIC] [TIFF OMITTED] T6850.138
[GRAPHIC] [TIFF OMITTED] T6850.139
[GRAPHIC] [TIFF OMITTED] T6850.140
[GRAPHIC] [TIFF OMITTED] T6850.141
[GRAPHIC] [TIFF OMITTED] T6850.142
[GRAPHIC] [TIFF OMITTED] T6850.143
[GRAPHIC] [TIFF OMITTED] T6850.144
[GRAPHIC] [TIFF OMITTED] T6850.145
[GRAPHIC] [TIFF OMITTED] T6850.146
[GRAPHIC] [TIFF OMITTED] T6850.147
[GRAPHIC] [TIFF OMITTED] T6850.148
[GRAPHIC] [TIFF OMITTED] T6850.149
[GRAPHIC] [TIFF OMITTED] T6850.150
[GRAPHIC] [TIFF OMITTED] T6850.151
[GRAPHIC] [TIFF OMITTED] T6850.152
[GRAPHIC] [TIFF OMITTED] T6850.153
[GRAPHIC] [TIFF OMITTED] T6850.154
[GRAPHIC] [TIFF OMITTED] T6850.155
[GRAPHIC] [TIFF OMITTED] T6850.156
[GRAPHIC] [TIFF OMITTED] T6850.157
[GRAPHIC] [TIFF OMITTED] T6850.158
[GRAPHIC] [TIFF OMITTED] T6850.159
[GRAPHIC] [TIFF OMITTED] T6850.160
[GRAPHIC] [TIFF OMITTED] T6850.161
[GRAPHIC] [TIFF OMITTED] T6850.162
[GRAPHIC] [TIFF OMITTED] T6850.163
[GRAPHIC] [TIFF OMITTED] T6850.164
[GRAPHIC] [TIFF OMITTED] T6850.165
[GRAPHIC] [TIFF OMITTED] T6850.166
[GRAPHIC] [TIFF OMITTED] T6850.167
[GRAPHIC] [TIFF OMITTED] T6850.168
[GRAPHIC] [TIFF OMITTED] T6850.169
[GRAPHIC] [TIFF OMITTED] T6850.170
[GRAPHIC] [TIFF OMITTED] T6850.171
[GRAPHIC] [TIFF OMITTED] T6850.172
[GRAPHIC] [TIFF OMITTED] T6850.173
[GRAPHIC] [TIFF OMITTED] T6850.174
[GRAPHIC] [TIFF OMITTED] T6850.175
[GRAPHIC] [TIFF OMITTED] T6850.176
[GRAPHIC] [TIFF OMITTED] T6850.177
[GRAPHIC] [TIFF OMITTED] T6850.178
[GRAPHIC] [TIFF OMITTED] T6850.179
[GRAPHIC] [TIFF OMITTED] T6850.180
[GRAPHIC] [TIFF OMITTED] T6850.181
[GRAPHIC] [TIFF OMITTED] T6850.182
[GRAPHIC] [TIFF OMITTED] T6850.183
[GRAPHIC] [TIFF OMITTED] T6850.184
[GRAPHIC] [TIFF OMITTED] T6850.185
[GRAPHIC] [TIFF OMITTED] T6850.186
[GRAPHIC] [TIFF OMITTED] T6850.187
[GRAPHIC] [TIFF OMITTED] T6850.188
[GRAPHIC] [TIFF OMITTED] T6850.189
[GRAPHIC] [TIFF OMITTED] T6850.190
[GRAPHIC] [TIFF OMITTED] T6850.191
[GRAPHIC] [TIFF OMITTED] T6850.192
[GRAPHIC] [TIFF OMITTED] T6850.193
[GRAPHIC] [TIFF OMITTED] T6850.194
[GRAPHIC] [TIFF OMITTED] T6850.195
[GRAPHIC] [TIFF OMITTED] T6850.196
[GRAPHIC] [TIFF OMITTED] T6850.197
[GRAPHIC] [TIFF OMITTED] T6850.198
[GRAPHIC] [TIFF OMITTED] T6850.199
[GRAPHIC] [TIFF OMITTED] T6850.200
[GRAPHIC] [TIFF OMITTED] T6850.201
[GRAPHIC] [TIFF OMITTED] T6850.202
[GRAPHIC] [TIFF OMITTED] T6850.203
[GRAPHIC] [TIFF OMITTED] T6850.204
[GRAPHIC] [TIFF OMITTED] T6850.205
[GRAPHIC] [TIFF OMITTED] T6850.206
[GRAPHIC] [TIFF OMITTED] T6850.207
[GRAPHIC] [TIFF OMITTED] T6850.208
[GRAPHIC] [TIFF OMITTED] T6850.209
[GRAPHIC] [TIFF OMITTED] T6850.210
[GRAPHIC] [TIFF OMITTED] T6850.211
[GRAPHIC] [TIFF OMITTED] T6850.212
[GRAPHIC] [TIFF OMITTED] T6850.213
[GRAPHIC] [TIFF OMITTED] T6850.214
[GRAPHIC] [TIFF OMITTED] T6850.215
[GRAPHIC] [TIFF OMITTED] T6850.216
[GRAPHIC] [TIFF OMITTED] T6850.217
[GRAPHIC] [TIFF OMITTED] T6850.218
[GRAPHIC] [TIFF OMITTED] T6850.219
[GRAPHIC] [TIFF OMITTED] T6850.220
[GRAPHIC] [TIFF OMITTED] T6850.221
[GRAPHIC] [TIFF OMITTED] T6850.222
[GRAPHIC] [TIFF OMITTED] T6850.223
[GRAPHIC] [TIFF OMITTED] T6850.224
[GRAPHIC] [TIFF OMITTED] T6850.225
[GRAPHIC] [TIFF OMITTED] T6850.226
[GRAPHIC] [TIFF OMITTED] T6850.227
[GRAPHIC] [TIFF OMITTED] T6850.228
[GRAPHIC] [TIFF OMITTED] T6850.229
[GRAPHIC] [TIFF OMITTED] T6850.230
[GRAPHIC] [TIFF OMITTED] T6850.231
[GRAPHIC] [TIFF OMITTED] T6850.232
[GRAPHIC] [TIFF OMITTED] T6850.233
[GRAPHIC] [TIFF OMITTED] T6850.234
[GRAPHIC] [TIFF OMITTED] T6850.235
[GRAPHIC] [TIFF OMITTED] T6850.236
[GRAPHIC] [TIFF OMITTED] T6850.237
[GRAPHIC] [TIFF OMITTED] T6850.238
[GRAPHIC] [TIFF OMITTED] T6850.239
[GRAPHIC] [TIFF OMITTED] T6850.240
[GRAPHIC] [TIFF OMITTED] T6850.241
[GRAPHIC] [TIFF OMITTED] T6850.242
[GRAPHIC] [TIFF OMITTED] T6850.243
[GRAPHIC] [TIFF OMITTED] T6850.244
[GRAPHIC] [TIFF OMITTED] T6850.245
[GRAPHIC] [TIFF OMITTED] T6850.246
[GRAPHIC] [TIFF OMITTED] T6850.247
[GRAPHIC] [TIFF OMITTED] T6850.248
[GRAPHIC] [TIFF OMITTED] T6850.249
[GRAPHIC] [TIFF OMITTED] T6850.250
[GRAPHIC] [TIFF OMITTED] T6850.251
[GRAPHIC] [TIFF OMITTED] T6850.252
[GRAPHIC] [TIFF OMITTED] T6850.253
[GRAPHIC] [TIFF OMITTED] T6850.254
[GRAPHIC] [TIFF OMITTED] T6850.255
[GRAPHIC] [TIFF OMITTED] T6850.256
[GRAPHIC] [TIFF OMITTED] T6850.257
[GRAPHIC] [TIFF OMITTED] T6850.258
[GRAPHIC] [TIFF OMITTED] T6850.259
[GRAPHIC] [TIFF OMITTED] T6850.260
[GRAPHIC] [TIFF OMITTED] T6850.261
[GRAPHIC] [TIFF OMITTED] T6850.262
[GRAPHIC] [TIFF OMITTED] T6850.263
[GRAPHIC] [TIFF OMITTED] T6850.264
[GRAPHIC] [TIFF OMITTED] T6850.265
[GRAPHIC] [TIFF OMITTED] T6850.266
[GRAPHIC] [TIFF OMITTED] T6850.267
[GRAPHIC] [TIFF OMITTED] T6850.268
[GRAPHIC] [TIFF OMITTED] T6850.269
[GRAPHIC] [TIFF OMITTED] T6850.270
[GRAPHIC] [TIFF OMITTED] T6850.271
�