Banking and Finance Sector-Specific Plan - U.S. Department of ...
Banking and Finance Sector-Specific Plan - U.S. Department of ...
Banking and Finance Sector-Specific Plan - U.S. Department of ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
The <strong>Banking</strong> <strong>and</strong> <strong>Finance</strong> <strong>Sector</strong> has three primary goals to achieve this vision statement. As with all endeavors focused primarily<br />
on security, the goals form a triad <strong>of</strong> prevention, detection, <strong>and</strong> correction <strong>of</strong> harm with the following objectives for the<br />
sector:<br />
1.To maintain its strong position <strong>of</strong> resilience, risk management, <strong>and</strong> redundant systems, in the face <strong>of</strong> a myriad <strong>of</strong> intentional,<br />
unintentional, manmade, <strong>and</strong> natural threats;<br />
2.To address <strong>and</strong> manage the risks posed by the dependence <strong>of</strong> the sector on the Communications, Information Technology,<br />
Energy, <strong>and</strong> Transportation sectors; <strong>and</strong><br />
3.To work with the law enforcement community, the private sector, <strong>and</strong> our international counterparts to increase the amount<br />
<strong>of</strong> available resources dedicated to tracking <strong>and</strong> catching criminals responsible for crimes against the sector, including cyber<br />
attacks <strong>and</strong> other electronic crimes.<br />
The agencies are mindful <strong>of</strong> the risk that an unanticipated event, such as a terrorist attack, could occur in a manner that we<br />
have not seen before <strong>and</strong> for which we may not be completely prepared. Moreover, we live with the continuing threat <strong>of</strong><br />
turbulent weather, which could severely damage the critical infrastructure <strong>and</strong> facilities <strong>of</strong> financial services firms. In addition,<br />
the financial services industry cannot fully protect against infrastructure disruptions <strong>of</strong> telecommunications, <strong>and</strong> it can provide<br />
only limited resilience against disruptions in other elements <strong>of</strong> the critical infrastructure, such as power, transportation, <strong>and</strong><br />
water. 16<br />
1.4 Value Proposition<br />
The public <strong>and</strong> private sectors have equally compelling value propositions to support their voluntary participation in sectorwide<br />
resilience efforts, including this SSP.<br />
For financial regulators, working collaboratively with the private sector furthers the important mission to promote the orderly<br />
<strong>and</strong> efficient operation <strong>of</strong> the financial services sector. While financial regulators enforce extensive regulation <strong>and</strong> conduct<br />
regular examinations <strong>of</strong> the institutions, voluntary collaboration with the private sector has proved to be an effective method<br />
to garner industry-wide participation in the identification <strong>of</strong> emerging <strong>and</strong> dynamic risks <strong>and</strong> preparation <strong>of</strong> response capabilities.<br />
Through information sharing, testing, <strong>and</strong> exercises, regulators are able to better underst<strong>and</strong> sector-wide vulnerabilities<br />
<strong>and</strong> resilience. These efforts provide a means for addressing dynamic risks through voluntary collaboration rather than solely<br />
through regulation.<br />
For private sector institutions <strong>and</strong> organizations, participation in voluntary collaborative efforts provides value in several ways.<br />
Working alongside the public sector provides unique insights into regulators’ concerns, perspectives, <strong>and</strong> priorities. Through<br />
relationship building, information sharing, testing, <strong>and</strong> exercises, financial institutions are able to discuss matters outside <strong>of</strong> the<br />
normal regulatory framework. Most importantly, financial institutions <strong>and</strong> financial services organizations participate in these<br />
voluntary efforts because <strong>of</strong> the concrete value they provide to their companies <strong>and</strong>, in turn, their customers. Customers must<br />
have confidence in their financial institution’s ability to maintain orderly operations <strong>and</strong> to be highly resilient. Participating in<br />
these voluntary sector-wide efforts provides institutions with a better underst<strong>and</strong>ing <strong>of</strong> vulnerabilities within the sector as well<br />
as risks posed by its dependence on other sectors. Insights gained through voluntary collaboration assist financial institutions’<br />
efforts to tailor responses to manage their specific risk as well as sector-wide risk. In turn, the financial institutions are better<br />
able to meet their customers’ dem<strong>and</strong> for a high degree <strong>of</strong> resilience <strong>and</strong> reliability.<br />
16 www.federalreserve.gov/boarddocs/rptcongress/soundpractices/soundpractices200604.pdf.<br />
0 <strong>Banking</strong> <strong>and</strong> <strong>Finance</strong> <strong>Sector</strong>-<strong>Specific</strong> <strong>Plan</strong>