The Federal Reserve Bank of New York (“FRBNY”) analyzed the potential impact of a cyberattack transmitted through a payment system against a (i) single large bank, (ii) group of smaller banks and (iii) common service provider.
In a report entitled “Cyber Risk and U.S. Financial System: A Pre-Mortem Analysis,” the FRBNY warned that an attack on a bank’s ability to send payments “would likely be amplified to affect the liquidity of many other banks in the system.” According to the FRBNY, the U.S. financial system would be impaired by such an attack on (i) any one of the five most active U.S. banks, (ii) several small to midsize banks that are associated through a shared vulnerability or (iii) a bank with a small number of total assets but a heavy payment flow.
Additionally, the FRBNY:
– compared cyber risk against the “broader theoretical literature on bank runs,” such as cyber and other shocks modeled in the theoretical literature;
– investigated the quantitative impact that a cyberattack can have on the financial system by studying the impairments of a cyberattack on a set of banks’ payment activities in Fedwire Funds Service;
– conducted a baseline scenario to highlight the high concentration of payments between large institutions within the wholesale payment network, and the great imbalance in liquidity that follows if a large institution does not remit payments to its counterparties; and
– considered scenarios involving multiple institutions that would be directly affected due to technological or other commonalities.
Presumably, the bad guys know how to do this anyways, and the issues raised will focus the good guys on the risks.
In its Risk Monitoring and Examination Priorities Letter (the “2020 Letter”), FINRA identified several areas of focus for 2020, including:
– Sales Practice and Supervision. FINRA will assess firms’ compliance with Regulation Best Interest (“Reg. BI”) and Form CRS. In addition, FINRA will focus on (i) communications to retail investors regarding private placements, (ii) use of different electronic communication channels (e.g., texting and social media), (iii) cash management and bank sweep programs, (iv) sales of IPO shares and (v) trading authorizations.
– Market Integrity. FINRA will monitor firms for compliance with current Order Audit Trail System (“OATS”) requirements, and implementation of Consolidated Audit Trail (“CAT”) reporting requirements. In addition, FINRA will address firms’ compliance with (i) direct market access requirements under Exchange Act Rule 15c3-5, (ii) best execution requirements under FINRA Rule 5310, and (iii) the requirements of Rule 603 (the “Vendor Display Rule”) and Rule 606 (“Disclosure of order routing information”) of Regulation NMS.
– Financial Management. FINRA will focus on (i) clearance and custody of digital asset transactions, (ii) liquidity management, (iii) compliance with net capital requirements in connection with underwriting commitments and (iv) the steps firms are taking to transition away from LIBOR.
– Firm Operations. FINRA will focus on (i) cybersecurity, (ii) technology governance programs and (iii) supervisory controls relating to customer confirmation and AML requirements.
Several of the financial management areas of focus are as to issues where there is not actually a rule in place; e.g., liquidity management and transition from LIBOR. That does not make them any less significant. Firms may want to consider how they institute operational procedures to deal with regulatory expectations where there is not a specific rule that drives the firm’s conduct.
The Wall Street Journal reports this morning on the reauthorization of the Export-Import Bank of the United States (EXIM) for seven years.
– The move represents a positive step forward to enhance economic growth, financial stability, and national security.
– Exim’s educational opportunities and finance unleash meaningful network effects. Once small and medium sized companies overcome obstacles to exporting, new markets open.
– Conservative critics are justifiably worried about heavy-handed “industrial policy.” Yet, Exim activities fall far short of a well-intention public sector misallocating resources.
Congratulations to Chairman Kimberly Reed and Exim for the hard work and reforms needed to safeguard US financial and strategic interests!