OFR_2016_Financial-Stability-Report

Recommendations

Info

Figure 42. Banks that Include an Operational Risk or Cybersecurity Scenario in Dodd-Frank Act Stress Tests (number ) Use of operational risk and cybersecurity scenarios is growing 35 30 25 20 15 10 5 0 Banks with an operational or cybersecurity risk scenario Banks without an operational or cybersecurity risk scenario 2013 2014 2015 Note: Based on mid-cycle Dodd-Frank Act stress tests. Source: OFR analysis Figure 43. Mentions of “Cyber” in Large U.S. Financial Firms’ Form 10-Ks (number) Cyber risk is rising for systemically important U.S. financial firms and government-sponsored enterprises 250 200 150 100 50 0 2013 2014 2015 Financial Firms Increasingly See Cybersecurity Incidents as a Key Risk The threat of cyber incidents is widely recognized. Twothirds of global regulators and market experts surveyed in 2015 ranked the threat as a top financial stability risk. It placed second among all potential threats in the survey (see Worner, 2015). Similarly, half of bank chief risk officers and board members responding to a 2016 survey placed cybersecurity risk among the top issues requiring their attention (EY and IIF, 2016). Increasingly, banks voluntarily include cyber risks and operational risks in the scenarios they submit to regulators as part of stress testing. Banks prepare these scenarios as part of mid-cycle stress tests required under the Dodd-Frank Act (see Figure 42). A number of U.S. financial firms reported cybersecurity as a key risk in 2015 10-K filings reviewed by the OFR. The analysis covered U.S. global systemically important banks, global systemically important insurers, central counterparties, and government-sponsored enterprises. Cybersecurity references in 2015 Form 10-Ks were nearly double those in 2013 10-Ks (see Figure 43). These filings typically note that cyber incidents can come from a variety of bad actors, including organized crime, foreign governments, and insiders. They also note that cybersecurity incidents can arise when clients, third-party service providers, retail partners, or counterparties are targeted. Incidents can spread cyber risks to business partners of the firm. Financial firms are integrating cybersecurity preparedness into their risk management. They are investing in information security to address cybersecurity risks. About 40 percent of financial services firms in North America with more than $1 billion in revenue budgeted $10 million or more for information security, according to a 2016 survey (see PricewaterhouseCoopers, 2016). That is more than most other industries (see Figure 44). Note: Form 10-Ks for firms in the sample grew on average 2.5 percent in page count from 2013 to 2015. Sources: Securities and Exchange Commission Form 10-K, OFR analysis 42 2016 | OFR Financial Stability Report
Figure 44. North American Firms that Budget $10 Million or More for Information Security, by Industry (percent) Large financial firms make significant investments in information security compared with many other industries Technology Consulting / professional services Telecommunications Financial services Consumer products & retail Agriculture Industrial manufacturing Engineering / construction Entertainment & media Energy / utilities / mining Aerospace & defense Health industries Hospitality / travel & leisure Government services Education / nonprofit Transportation & logistics 0 20 40 60 Note: Survey results as of June 12, 2015. Responses from firms with more than $1 billion in gross revenue. Source: PricewaterhouseCoopers (2016) Many firms are using the National Institute of Standards and Technology (NIST) Cybersecurity Framework as a starting point for managing cybersecurity risk (see Fitzgibbons, 2016). The Framework is voluntary, but, according to the same 2016 survey, more than half of large financial firms have one or more of the following safeguards that align with elements of the NIST framework: n n n n n Overall security strategy. Security standards and baselines for third-party service providers. A Chief Information Security Officer in charge of IT security. Formal collaboration with others in the industry. Active board participation in the firm’s overall cybersecurity strategy. Key Threats to Financial Stability 43
Page 1: OFFICE OF FINANCIAL RESEARCH 2016 F
Page 5: Contents Executive Summary ........
Page 8 and 9: Chapter 2 provides deeper analysis
Page 10 and 11: of sharp decreases in U.S. equity a
Page 13 and 14: 1 Financial Stability Assessment Ov
Page 15 and 16: Figure 3. Real GDP Growth (year-ove
Page 17 and 18: Figure 8. Ten-Year U.S. Treasury Yi
Page 19 and 20: Monitoring Shadow Banking Risks The
Page 21 and 22: An earlier OFR paper proposed an ac
Page 23 and 24: Figure 17. Size, Liquidity, and Con
Page 25: Figure 19. Top Systemic Risk Scores
Page 28 and 29: The analysis pointed to seven key t
Page 30 and 31: could. In early 2016, investor conc
Page 32 and 33: earnings or share issuance. But red
Page 34 and 35: Fund Monitor, the OFR assessed expo
Page 36 and 37: 2.2 Risks in U.S. Nonfinancial Corp
Page 38 and 39: Figure 31. U.S. Nonfinancial Corpor
Page 40 and 41: Figure 36. U.S. Corporate Bond Defa
Page 42 and 43: Commercial Real Estate Prices Have
Page 44 and 45: 2.3 Cybersecurity Incidents Affecti
Page 46 and 47: Hackers Breach Bangladesh’s Centr
Page 50 and 51: The industry is working with the pu
Page 52 and 53: Figure 46. U.S. Financial Regulator
Page 54 and 55: 48 2016 | OFR Financial Stability R
Page 56 and 57: eleased the results of an unprecede
Page 58 and 59: Figure 49. CCP Default Waterfall ($
Page 60 and 61: Figure 50: CCP Ratios and Amounts f
Page 62 and 63: cause more-prudent CCPs to appear m
Page 64 and 65: 2.5 Pressure on U.S. Life Insurance
Page 66 and 67: The experience of Japan’s life in
Page 68 and 69: 2015). These benefits are effective
Page 70 and 71: Figure 55. Life Insurance Securitie
Page 72 and 73: Drivers of Insurers’ Systemic Ris
Page 74 and 75: 2.6 Systemic Footprints of Largest
Page 76 and 77: Interest Rates and Derivatives Expo
Page 78 and 79: Figure 63. Components of U.S. G-SIB
Page 80 and 81: Figure 66. Five-Year Changes to G-S
Page 82 and 83: 2.7 Deficiencies in Data and Data M
Page 84 and 85: Figure 68. Examples of Key Post-Cri
Page 86 and 87: Broader Adoption of Data Standards
Page 88 and 89: Better Regulatory Sharing Needed Th
Page 90 and 91: The U.S. Census Bureau surveys publ
Page 92 and 93: The group will also consider how th
Page 94 and 95: and contracts would be crucial. The
Page 96 and 97: Figure 72. Scaling of Data Validati
Page 99 and 100:
Glossary 10-Year, 10-Year Forward R
Page 101 and 102:
Conditional Value-at-Risk (CoVaR) C
Page 103 and 104:
Fire Sale Form N-MFP Form PF Fundin
Page 105 and 106:
Liquidity Risk Liquidity Transforma
Page 107 and 108:
Pension Funded Ratio Pension Risk T
Page 109 and 110:
Stress Test Supplemental Leverage R
Page 111 and 112:
Bibliography Adrian, Tobias, and Ma
Page 113 and 114:
Board of Governors of the Federal R
Page 115 and 116:
www.richmondfed.org/~/media/richmon
Page 117 and 118:
Her Majesty’s Government and Mars
Page 119 and 120:
Paul, Ruma. “Bangladesh hopes to
Page 121:
Zetter, Kim. “That Insane, 18M Ba
show all

OFR_2016_Financial-Stability-Report

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?