The Bank of New York
Donald R. Monks
October 21, 2002
Ms Jennifer J. Johnson, Secretary
Re: Docket No. R-1128 "Draft Interagency White Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System"
Dear Ms. Johnson:
The Bank of New York is pleased to respond to the request for comment on the draft White Paper. Allow us to begin by complimenting all of the Agencies involved in drafting this important document, which we believe will significantly advance planning for and response to future disasters. The implementation by market participants of the guidelines set forth in the White Paper will, in our opinion, ensure a rapid recovery of the financial markets from any future regional disruption
At the end of the White Paper, the Agencies solicited comments on a number of important issues. We welcome this opportunity to share our thoughts, and have taken the questions you have raised in order. However, before we discuss the specific questions posed, we wish to emphasize three points that we feel are key to this discussion:
FACE="TimesNewRoman,Bold">V. Request for Comments
The agencies invite comments on the appropriate scope and application of the sound practices and implementation timetable discussed above, as well as other issues relevant to strengthening the resilience of the financial system in the face of wide-scale regional disasters. In particular the agencies invite comment in the following areas:
Scope of application.
Have the agencies excluded any critical markets?
No. However, we believe that the definition of the "corporate securities" critical market requires further clarification. In this context, what activities and securities are meant by the phrases "corporate securities" and "securities operations?" Does the White Paper intend to apply to U.S. equities only, or does it include non-U.S. securities and securities held in custody overseas? Does it cover derivatives? Does it include end-of-day pricing of mutual funds?
Have the agencies sufficiently defined the term "core clearing and settlement organizations" for such organizations to identify themselves? Have the agencies provided sufficient guidance for firms to determine whether they play "significant roles in critical financial markets?"
We have noted proposed definitions of these terms that are based on market share, and we suggest that these definitions be adopted.
Are there other measures or additional facts or circumstances that should be used to determine whether a firm plays a significant role or acts as a core clearing organization? Should the agencies establish an average daily dollar volume (e.g., $20 billion, $50 billion, $150 billion or some larger amount) or a market share test (e.g., 3, 5, 7, 10 percent market share or some larger amount) as a benchmark for either or both of these categories?
We believe that a market share cut-off would be an appropriate measure of a particular institution's significance in each of the six "critical markets." Dollar value as an indicator of significance has two of disadvantages.
We suggest that the agencies designate any institution with 20% share of a critical market as a "core clearing" organization, and any institution with 5% market share as having a "significant role". (We further recommend that these numbers be considered as approximate guidelines, so as not to exclude an institution with a market share of 4.93%, for example.) We believe that market infrastructure organizations, regulators, and market participants have available to them more than adequate data to accurately determine market share.
Should such benchmarks differ by market or activity?
No. Market share is an accurate measure of an institution's significance within a market, regardless of the size of the market. If, however, the Agencies decide to specify significance by dollar amount, we believe that you may have to vary the measure by market.
In some market segments, there are geographic concentrations of primary and back-up facilities of firms with relatively small market shares. Should sound practices take into consideration the geographic concentration of the back-up sites of firms that as a group could play a significant role in critical markets?
No. Smaller players in a market are unlikely to know the contingency arrangements of their counterparts, and so would not know whether such a concentration existed. Further, it is not reasonable to require out-of-region recovery capability of a minor market participant.
We do, however, recommend that the final White Paper address how regulators and firms - large and small - outsourcing their contingency operations to third party service providers will insure that no provider of contingency services over-commits to a number of firms within the same region.
One of the reasons core clearing organizations are expected to recover and resume is that there are no effective substitutes that can assume their critical activities; is this also true for some or all firms that play significant roles in critical markets?
No. The question, in our opinion, is not whether there is an effective substitute, but rather what will the impact of the lack of a substitute be upon the critical market in question. If the Agencies adopt the market share guideline that we have suggested, the clients of the impacted institution may suffer significant disruption, and certainly the institution itself would, but the critical market would be able to continue its operations.
Should any firms that play significant roles in critical markets be required to meet an intra-day standard for recovery and resumption because of the size of their market share or volume, or the significance of the services they perform for other firms (e.g. as a correspondent bank or clearing broker) in clearing and settling material amounts of transactions and large-value payments?
No. If the market share is not sufficient to classify a participant as "core clearing", then the White Paper's criteria for a four-hour "recovery" should prove sufficient. In our opinion, a "core clearing" designation would require approximately 20% of market share.
Does the paper's definition of a "wide-scale, regional disruption" provide sufficient guidance for planning for wide-scale, regional disruptions?
The Bank of New York believes that the White Paper provides adequate general guidance. However, discussion and debate within the industry suggests that many institutions do not share our view, and would like to have additional guidance. The Agencies may wish to consider involving outside experts with specific competency in this discussion.
Is there a need to provide some sense of duration of a wide-scale, regional disruption? If so, what should it be?
We recommend that core clearing organizations and other organizations with a significant role plan for disruptions of at least 30 days duration. If, as was the case with the 9/11 attack, the disruption should endure longer than 30 days, one month should give organizations adequate time to respond.
Recovery and Resumption of Critical Activities.
Have the agencies identified the critical activities needed to recover and resume operation in critical markets?
Is there a need to define the term "material" in this context? If so, what should be used?
No. The range of potential scenarios is so broad that a precise definition is not possible, and the intent of "material" seems clear.
Sound practice seems to require firms that play significant roles in critical markets to establish recovery targets of four hours after an event for their critical activities. Is this a realistic and achievable recovery-time objective for firms that play significant roles in critical markets? If not, what would be?
Four hours is both realistic and achievable, and represents an appropriate recovery goal for firms with a "significant role".
Similarly, sound practice seems to require core clearing and settlement organizations to establish recovery and resumption targets of two hours for critical activities. Is this a realistic and achievable resumption-time objective for core clearing and settlement organizations?
Given the current state of recovery technology and the fact that staff for many of the core clearing organizations in the six critical markets are located in urban areas more likely to be targeted for terrorist attack, a two-hour recovery time is extremely aggressive. We do, however, agree upon the need for a rapid recovery and resumption of core infrastructure underpinning the markets, and accept two hours as a recovery and resumption "target", but do not believe it should be a firm requirement at this time.
Should recovery- and resumption-time objectives differ according to critical markets?
No. The Agencies have correctly designated the "critical" financial markets. This question seems to imply that some may be more critical than others. We believe that a market is either critical or it is not, and that the same criteria should apply to all critical markets.
Have the agencies sufficiently described expectations regarding out-of-region back-up resources?
No. Please see our discussion in the next question.
Should some minimum distance from primary sites be specified for back-up facilities for core clearing and settlement organizations and firms that play significant roles in critical markets (e.g., 200 - 300 miles between primary and back-up sites)? What factors should be used to identify such a minimum distance?
The Bank of New York believes that it is difficult to establish hard and fast rules regarding separation of facilities, because there exist several variables, the most important of which are the risks themselves and the type of facilities in question.
The risks - both their likelihood and their severity - are very dependent upon geography. We have always known that some regions of the U.S. are more prone to natural disasters, such as earthquakes, severe storms, and flooding. We believe that it is reasonable to expect that future terrorist attacks, should they occur, are only likely in high-profile major cities or at sites with special importance or vulnerabilities, such as nuclear power plants. It is easy to imagine events in New York City (terrorist attack) or Miami (severe hurricane) that could have widespread disruptive effects out to 50 miles or more. It is difficult to imagine an event in Nashville, central New York State, or Phoenix that would have a footprint that large.
It is also important to consider the type of facilities being considered. We believe that a recovery data center should be out-of-region. We also believe that essential operations supporting the critical markets in which the Bank is a "significant" participant should be split in an "active-active" model, with at least one of the active sites being geographically distant from its sister site(s). As a general rule, absent evident risk or observable hazard, we believe that 200 miles should be considered as more than adequate separation between primary and recovery data centers and "active-active" split operations. We note, however, that there will be situations where a 50 mile separation in a very low risk region will be safer than 200 miles where one of the sites is in a high risk area.
However, there is third case - contingency sites for operations. Should an operations site be rendered unusable by natural or manmade disaster, we submit that there are two compelling reasons that the contingency site to which the staff recover must be "in-region". In the event of an emergency, displaced employees need to be able to quickly move to their contingency site and resume operations. The events of 9/11 taught us that in a regional disaster, especially one caused by a terrorist act, air transport may be unavailable for days, and geographic obstacles such as rivers may become impassible if the authorities order the closing of bridges and tunnels. It is entirely possible that displaced staff may simply be unable to reach an out-of-region site for a significant period of time. Further, there is a human element to this equation. In the case of a regional disaster, employees will have natural concerns about the safety of their families and their homes, and may not be willing to relocate hundreds of miles away to staff a distant processing site when they are needed most at home. None of this is to suggest that distance is not desirable, and "in-region" in this context is not meant to imply "close." Contingency sites should be miles, not city blocks or hundreds of yards from the primary operations sites that they support. However, this means that the contingency site will have to be within something approximating "normal commuting distance" of the primary site. We recognize the risks inherent in this approach, but feel that it is the solution that best addresses the most likely risks. We emphasize strongly that for essential operations supporting critical markets we will have at least one established out-of-region active site, so that even in a worst-case scenario, where displaced workers are unable to occupy their in-region contingency site, processing will continue, albeit with reduced capacity.
Should the agencies specify other requirements (e.g., back-up sites not be dependent on the same labor pools or infrastructure components, including power grid, water supply and transportation systems)?
It is appropriate for the Agencies to specify other requirements, however we would make several observations in this regard:
Are there alternative arrangements (i.e., within a region) that would provide sufficient resilience in a wide-scale, regional disruption? What are they?
While such alternative, in-region arrangements may be feasible, and we are open to the suggestions of others in this regard, we cannot ourselves think of any in-region arrangement that would survive, for example, a regional evacuation.
Are there other arrangements that core clearing and settlement organizations should consider, such as common communication protocols, that would provide greater assurance that critical activities will be recovered and resumed?
We recommend that core clearing and settlement firms, in coordination with the other significant market participants that they serve, should be required to formally assess their telecommunications infrastructure and to harden their resiliency on a regular basis. Utilities, such as Fedwire, CHIPS, DTC, SWIFT, etc. should work in concert with their major users to achieve telecom reliability solutions.
Timetable for Implementation.
To ensure that enhanced business continuity plans are sufficiently coordinated among participants in critical markets, should specific implementation timeframes be considered?
Is it reasonable to expect firms that play significant roles in critical financial markets to achieve sound practices within the next few years?
Should the agencies specify an outside date (e.g. 2007) for achieving sound practices to accommodate those firms that may require more time to adopt sound practices in a cost-effective manner? Would such distant dates communicate a sufficient sense of urgency for addressing the risk of a wide-scale, regional disruption?
We believe that the targets contained within the White Paper - plan completion within six months of final guidance, implementation to begin within one year of final guidance - are reasonable. And we would support the specification of an outside date for completion of plan implementation. Given the complexity of the issues involved, and the significant investment that may be required, we believe that 2007 is a realistic date for completion of plan implementation.
We thank the Agencies for giving us an opportunity to add our voice to this vital discussion, and hope that you will call on The Bank of New York if there is anything we can do to further our mutual objective - the continuity of critical markets. We would be happy to discuss any of our comments in more detail.
CC: Office of the Comptroller of the Currency
Jonathan G. Katz, Secretary