OFR_2016_Financial-Stability-Report

Recommendations

Info

Figure 46. U.S. Financial Regulatory Guidance on Cybersecurity Regulatory Body Relevant Cybersecurity Guidance Institution Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool Banks member agencies (Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, Federal Reserve Board of and IT Examination Handbook Governors, National Credit Union Administration, Office of the Comptroller of the Currency, FFIEC State Liaison Committee) Bank holding companies Federal savings associations Credit unions Securities and Exchange Commission Regulation SCI Registered clearing agencies Stock and option exchanges Municipal Securities Rulemaking Board High-volume alternative trading systems Securities information processors Financial Industry Regulatory Authority State insurance regulators via National Association of Insurance Commissioners (NAIC) Federal Housing Finance Agency Commodity Futures Trading Commission Regulation S-P Financial Condition Examiners Handbook and Market Regulation Handbook Advisory Bulletin 2014-05, Cyber Risk Management Guidance Policy Guidance PG-01-002, Safety and Soundness Standards for Information System Safeguards Testing Requirements System Safeguards Testing Requirements for Derivatives Clearing Organizations Broker-dealers Investment companies Investment advisers Insurers Government-sponsored enterprises Federal Home Loan Banks Government-sponsored enterprises Designated contract markets Swap execution facilities Swap data repositories Derivatives clearing organizations National Futures Association Interpretive Notice 9070 Futures commission merchants Commodity trading advisors Commodity pool operators Introducing brokers Financial Industry Regulatory Authority Report on Cybersecurity Practices Broker-dealers Note: Several proposed rules are related to financial institution cybersecurity: the SEC’s Adviser Business Continuity and Transition Plans Rule (June 2016); the Federal Reserve, Office of the Comptroller of the Currency, and Federal Deposit Insurance Corporation joint proposed rule for Enhanced Cyber Risk Management Standards (October 2016); and NAIC’s Data Security Model Law (March 2016). Source: OFR analysis 46 2016 | OFR Financial Stability Report
also are working with insurers that have experienced breaches. They have drafted a model law for states that would set higher standards for data protection. This model law is out for public comment until September 2016. Similarly, the Commodity Futures Trading Commission (CFTC) issued draft rules in December 2015 proposing five types of cybersecurity testing requirements for derivatives clearing organizations, designated contract markets, swap execution facilities, and swap data repositories. The CFTC rules were finalized in September 2016. In June 2016, the Committee on Payments and Market Infrastructures and the board of the International Organization of Securities Commissions (CPMI-IOSCO) proposed international guidelines on cyber resilience. The guidelines stress the need for financial market infrastructures to preempt cyber incidents, respond rapidly and effectively, and achieve faster and safer target recovery objectives (see BIS and IOSCO, 2016a). As members of CPMI-IOSCO, the Federal Reserve, the SEC, and the CFTC were involved in developing the guidance. U.S. regulators have yet to adopt rules to apply these standards. Conclusion: Need to Continue to Enhance Security, Improve Resilience, and Increase Capacity to Recover To date, the emphasis across the U.S. government has been on sharing information about cybersecurity threats. Recent innovations such as the Cybersecurity Assessment Tool and Regulation SCI can help regulators measure how well financial institutions can defend their IT systems. IT defense can help ensure business continuity and recovery after cybersecurity incidents. Progress has been made in these tasks, particularly in working to ensure continuity of key systems at the institution level. Regulators could build on their progress with a broader approach to resilience that focuses on key links among financial institutions. As noted, the OFR sees three financial stability risks that cyber incidents pose: lack of substitutability, loss of confidence, and data integrity. Regulators may gain from more collaboration to develop a common lexicon and a shared riskbased approach, reflecting the universal nature of cybersecurity threats and the connections among sectors, as well as collaborating to update standards and guidance. There also may be lessons to learn from other industries such as technology, energy, and communications. Finally, regulators should take into account how regulatory boundaries may affect their view of parts of financial networks, especially third-party vendors, overseas counterparties, or service providers. Regulators could build on their progress with a broader approach to resilience that focuses on key links among financial institutions. Key Threats to Financial Stability 47
Page 1: OFFICE OF FINANCIAL RESEARCH 2016 F
Page 5: Contents Executive Summary ........
Page 8 and 9: Chapter 2 provides deeper analysis
Page 10 and 11: of sharp decreases in U.S. equity a
Page 13 and 14: 1 Financial Stability Assessment Ov
Page 15 and 16: Figure 3. Real GDP Growth (year-ove
Page 17 and 18: Figure 8. Ten-Year U.S. Treasury Yi
Page 19 and 20: Monitoring Shadow Banking Risks The
Page 21 and 22: An earlier OFR paper proposed an ac
Page 23 and 24: Figure 17. Size, Liquidity, and Con
Page 25: Figure 19. Top Systemic Risk Scores
Page 28 and 29: The analysis pointed to seven key t
Page 30 and 31: could. In early 2016, investor conc
Page 32 and 33: earnings or share issuance. But red
Page 34 and 35: Fund Monitor, the OFR assessed expo
Page 36 and 37: 2.2 Risks in U.S. Nonfinancial Corp
Page 38 and 39: Figure 31. U.S. Nonfinancial Corpor
Page 40 and 41: Figure 36. U.S. Corporate Bond Defa
Page 42 and 43: Commercial Real Estate Prices Have
Page 44 and 45: 2.3 Cybersecurity Incidents Affecti
Page 46 and 47: Hackers Breach Bangladesh’s Centr
Page 48 and 49: Figure 42. Banks that Include an Op
Page 50 and 51: The industry is working with the pu
Page 54 and 55: 48 2016 | OFR Financial Stability R
Page 56 and 57: eleased the results of an unprecede
Page 58 and 59: Figure 49. CCP Default Waterfall ($
Page 60 and 61: Figure 50: CCP Ratios and Amounts f
Page 62 and 63: cause more-prudent CCPs to appear m
Page 64 and 65: 2.5 Pressure on U.S. Life Insurance
Page 66 and 67: The experience of Japan’s life in
Page 68 and 69: 2015). These benefits are effective
Page 70 and 71: Figure 55. Life Insurance Securitie
Page 72 and 73: Drivers of Insurers’ Systemic Ris
Page 74 and 75: 2.6 Systemic Footprints of Largest
Page 76 and 77: Interest Rates and Derivatives Expo
Page 78 and 79: Figure 63. Components of U.S. G-SIB
Page 80 and 81: Figure 66. Five-Year Changes to G-S
Page 82 and 83: 2.7 Deficiencies in Data and Data M
Page 84 and 85: Figure 68. Examples of Key Post-Cri
Page 86 and 87: Broader Adoption of Data Standards
Page 88 and 89: Better Regulatory Sharing Needed Th
Page 90 and 91: The U.S. Census Bureau surveys publ
Page 92 and 93: The group will also consider how th
Page 94 and 95: and contracts would be crucial. The
Page 96 and 97: Figure 72. Scaling of Data Validati
Page 99 and 100: Glossary 10-Year, 10-Year Forward R
Page 101 and 102: Conditional Value-at-Risk (CoVaR) C
Page 103 and 104:
Fire Sale Form N-MFP Form PF Fundin
Page 105 and 106:
Liquidity Risk Liquidity Transforma
Page 107 and 108:
Pension Funded Ratio Pension Risk T
Page 109 and 110:
Stress Test Supplemental Leverage R
Page 111 and 112:
Bibliography Adrian, Tobias, and Ma
Page 113 and 114:
Board of Governors of the Federal R
Page 115 and 116:
www.richmondfed.org/~/media/richmon
Page 117 and 118:
Her Majesty’s Government and Mars
Page 119 and 120:
Paul, Ruma. “Bangladesh hopes to
Page 121:
Zetter, Kim. “That Insane, 18M Ba
show all

OFR_2016_Financial-Stability-Report

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?