Banking and Finance Sector-Specific Plan - U.S. Department of ...

More documents

Recommendations

Info

The Banking and Finance Sector has three primary goals to achieve this vision statement. As with all endeavors focused primarily on security, the goals form a triad of prevention, detection, and correction of harm with the following objectives for the sector: 1.To maintain its strong position of resilience, risk management, and redundant systems, in the face of a myriad of intentional, unintentional, manmade, and natural threats; 2.To address and manage the risks posed by the dependence of the sector on the Communications, Information Technology, Energy, and Transportation sectors; and 3.To work with the law enforcement community, the private sector, and our international counterparts to increase the amount of available resources dedicated to tracking and catching criminals responsible for crimes against the sector, including cyber attacks and other electronic crimes. The agencies are mindful of the risk that an unanticipated event, such as a terrorist attack, could occur in a manner that we have not seen before and for which we may not be completely prepared. Moreover, we live with the continuing threat of turbulent weather, which could severely damage the critical infrastructure and facilities of financial services firms. In addition, the financial services industry cannot fully protect against infrastructure disruptions of telecommunications, and it can provide only limited resilience against disruptions in other elements of the critical infrastructure, such as power, transportation, and water. 16 1.4 Value Proposition The public and private sectors have equally compelling value propositions to support their voluntary participation in sectorwide resilience efforts, including this SSP. For financial regulators, working collaboratively with the private sector furthers the important mission to promote the orderly and efficient operation of the financial services sector. While financial regulators enforce extensive regulation and conduct regular examinations of the institutions, voluntary collaboration with the private sector has proved to be an effective method to garner industry-wide participation in the identification of emerging and dynamic risks and preparation of response capabilities. Through information sharing, testing, and exercises, regulators are able to better understand sector-wide vulnerabilities and resilience. These efforts provide a means for addressing dynamic risks through voluntary collaboration rather than solely through regulation. For private sector institutions and organizations, participation in voluntary collaborative efforts provides value in several ways. Working alongside the public sector provides unique insights into regulators’ concerns, perspectives, and priorities. Through relationship building, information sharing, testing, and exercises, financial institutions are able to discuss matters outside of the normal regulatory framework. Most importantly, financial institutions and financial services organizations participate in these voluntary efforts because of the concrete value they provide to their companies and, in turn, their customers. Customers must have confidence in their financial institution’s ability to maintain orderly operations and to be highly resilient. Participating in these voluntary sector-wide efforts provides institutions with a better understanding of vulnerabilities within the sector as well as risks posed by its dependence on other sectors. Insights gained through voluntary collaboration assist financial institutions’ efforts to tailor responses to manage their specific risk as well as sector-wide risk. In turn, the financial institutions are better able to meet their customers’ demand for a high degree of resilience and reliability. 16 www.federalreserve.gov/boarddocs/rptcongress/soundpractices/soundpractices200604.pdf. 0 Banking and Finance Sector-Specific Plan
2. Identify Assets, Systems, Networks, and Functions Essential to conducting a risk assessment of the Banking and Finance Sector is the awareness that the products of the financial services industry are not overwhelmingly physical in nature. Thus, identifying and assessing assets in the sector is focused largely on identifying critical processes based on the organization of the sector as described in chapter 1, and the institutions that either own and operate or participate in these processes, rather than focusing on physical assets. Figure 2-1: Vulnerability Assessment Methodology Many institutions play important roles in the financial system. Identifying institutions that have systemically critical operational roles is relevant to make certain of their rapid recovery from a disruption of their critical functions, regardless of the cause. Identifying those institutions also is necessary for imposing appropriate business continuity planning and recovery standards and ensuring their compliance with those standards. After careful consideration, the Treasury Department and the FBIIC agencies have identified a small number of systemically critical institutions whose operations form the backbone of the financial Identify Assets, Systems, Networks, and Functions
Page 1: Banking and Finance Critical Infras
Page 4 and 5: ii Banking and Finance Sector-Speci
Page 6 and 7: iv 2.2.5 Collecting Asset Data 25 2
Page 9 and 10: Executive Summary The Banking and F
Page 11 and 12: 3. Assess Risks Risk assessments ar
Page 13: Introduction According to Homeland
Page 16 and 17: and technological systems. These ex
Page 18 and 19: in various organized markets, from
Page 20 and 21: Figure 1-1: FBIIC Members FBIIC Mem
Page 22 and 23: • The NCUA regulates Federally ch
Page 24 and 25: • Identify voluntary efforts wher
Page 26 and 27: Continuity in the Financial Service
Page 30 and 31: system. All of the systemically cri
Page 32 and 33: linked to payments occurring in sys
Page 35 and 36: 3. Assess Risks Both the public and
Page 37 and 38: the FBIIC agencies identify financi
Page 39 and 40: 4. Prioritize Infrastructure In the
Page 41 and 42: 5. Develop and Implement Protective
Page 43 and 44: - The Treasury Department acquired
Page 45 and 46: work of the SSA and various public
Page 47: • In 2003, BITS and SIA drafted C
Page 50 and 51: 6.1.1 Developing Sector-Specific Me
Page 52 and 53: updates on the sector metrics in su
Page 54 and 55: 6 Implementation Action Milestone S
Page 56 and 57: • Understanding and Avoiding of t
Page 59 and 60: 8. Manage and Coordinate SSA Respon
Page 61: information. This information-shari
Page 64 and 65: NFA National Futures Association NI
Page 66 and 67: Federal Deposit Insurance Corporati
Page 68 and 69: Office of Comptroller of the Curren
Page 70 and 71: Department of the Treasury U.S. Cod
Page 72 and 73: State Banking Law/Statute Maryland
Page 74 and 75: National Association of Insurance C
Page 76 and 77: Code & Regulations State URL §§ 5
Page 78 and 79:
Code & Regulations State URL §§ 3
Page 80 and 81:
State Statute Nebraska NE ST §§ 8
Page 82 and 83:
Date Title URL 08-05 Information Te
Page 84 and 85:
Date Title URL 08-01 Examination Pr
Page 86 and 87:
Federal Financial Institution Exami
Page 88 and 89:
Date Title URL 03-31 FFIEC Retail P
Page 90 and 91:
Date Title URL 12-05 Interagency Gu
Page 92 and 93:
National Credit Union Administratio
Page 94 and 95:
Date Title URL 09-01 NCUA Letter to
Page 96 and 97:
Date Title URL 05-04 Risk Managemen
Page 98 and 99:
Summary of Regulatory Guidance on E
Page 100 and 101:
Date Title URL 04-03 Interagency Gu
Page 103 and 104:
Appendix 3: FSSCC Research and Deve
Page 105 and 106:
1. Common operating picture archite
Page 107 and 108:
members are very active. One of the
Page 109 and 110:
K Financial information tracing is
Page 111:
SCC R&D Challenges vs. NIPP R&D The
show all

Banking and Finance Sector-Specific Plan - U.S. Department of ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?