I am here today because, unfortunately, terrorists continue to target the United States, its people, and its economy. In addition, we know that terrorists continue to target the financial infrastructure. The recent bombing, just before Thanksgiving, of a bank in Istanbul is a painful reminder of that fact. With over two hundred banks, credit unions, thrifts, securities firms, commodity futures merchants and insurance companies as well as a Federal Reserve Bank, Minneapolis is a significant hub of the financial infrastructure of the United States. You are the stewards of that financial infrastructure. I know you take the protection of this infrastructure very seriously. I thank you for your efforts.  

The purpose of this conference is to share with you some of the policies and programs that may help you in this important task. In partnership with the FDIC, the Department of the Treasury and our colleagues in the public and private sectors are holding conference like this in twenty-four cities across the United States. During the conferences, we will reach thousands of professionals like you, stewards of our financial infrastructure. We hope you will take advantage of the policies and programs that you learn about today - policies and programs that can further strengthen the critical financial infrastructure of the United States.

Importance of Protecting Our Financial Infrastructure 

The resiliency of the financial infrastructure is an issue that is very important to the Department of the Treasury. At the Treasury, we are responsible for developing and promoting policies that create jobs and improve the economy. We are also concerned with developing and promoting policies that enhance the resilience of the economy, policies that minimize the economic damage and speed economic recovery from a terrorist attack. Indeed, the President named Treasury as the lead agency to enhance the resilience of the critical financial infrastructure. 

These two responsibilities are closely related. As Secretary Snow has said, the financial system is the engine of our economy. In a very real sense, therefore, the resilience of the American economy depends on the resilience of the American financial system. 

Fortunately, we are starting from a very strong base. The American economy is resilient. Over the past few years, we have seen that resilience first hand, as the American economy withstood a significant fall in equity prices, an economic recession, the terrorist attacks of September 11, corporate governance scandals, and the power outage of August 14-15. There are many reasons for the resilience of the American economy. Good policies - like the President’s Jobs and Growth Initiative - played an important part. So has the resilience of the American people. One of the reasons are economy is so resilient is that our people are so tough, so determined to protect our way of life.  

Like the economy as a whole, the American financial system is resilient. For example, the financial system performed extraordinarily well during the power outage last August. With one exception, the bond and major equities and futures markets were open the next day at their regular trading hours. Major market participants were also well prepared, having invested in contingency plans, procedures, and equipment such as backup power generators. The U.S. financial sector withstood this historic power outage without any reported loss or corruption of any customer data. This resilience mitigates the economic risks of terrorist attacks and other disruptions, both to the financial system itself and to the American economy as a whole. 

Although we are starting from a strong base, the fact remains that terrorists continue to target the U.S. economy and U.S. financial institutions. Therefore, we must continue our vigilant efforts to protect our critical financial infrastructure.  

Guiding Principles

Four principles guide our efforts to enhance the resilience of our financial infrastructure. These principles guided our actions as the financial system recovered from the attacks of September 11th. They guided our actions during the power outage of August 14-15. They guide our day to day actions as we prepare for the next disruption.  

The first principle is to remember that the financial system is really about people. People, not buildings or computers, produce financial services. And it is people who benefit from financial services.  

We depend on people to run the financial system. We need these people - tellers, technicians, loan officers, technologists - to see the system through times of stress. Indeed, it was the commitment of these professionals to their institutions, customers, and colleagues that helped the financial system recover from the attacks of September 11th and weather the power outage of August 14-15.  

Just as we depend on people to run the financial system, people depend on the financial system to run. Every American depends on financial services to get their paycheck, buy their groceries, purchase a house, finance their children’s education, or save for retirement. We must ensure that people continue to have confidence that the financial system will meet their needs. 

The second principle is the importance of maintaining confidence. Confidence in the ability of financial institutions to clear checks, execute transactions, and satisfy insurance obligations helps the system weather significant disruption from evolving threats. By relying on a sound financial system, Americans can make business decisions for the future and conduct necessary business in the present.  

The third principle is to ensure that the financial system remains accessible and open for business when the safety of the employees permits. During times of disaster, investors depend on markets to price the impact of the disruption on assets. The longer markets are closed, the longer investors must go without knowing what the impact will be. This uncertainty can itself be harmful to the economy, compounding the impact of any disruption. The sooner we can eliminate this uncertainty, the more we can mitigate the impact and speed recovery.  

 Fourth, we want to promote responsible decision-making and problem-solving within the private sector. In general, financial institutions should make the appropriate decisions without waiting for guidance from Washington. After all, it is the private sector that owns and operates the majority of the financial systems. You in the private sector have the subject matter expertise in your own systems. It is the private sector that best knows how to help these systems recover from a disruption.

Organization 

With these principles in mind, we have organized ourselves into two main groups. One is the Financial and Banking Information Infrastructure Committee (FBIIC). The FBIIC is sponsored by the President’s Working Group on Financial Markets and consists of many state and federal regulators. The FDIC, which organized this conference today, is a member. So too are the Board of Governors of the Federal Reserve System, the Securities and Exchange Commission, the Commodity Futures Trading Commission, the National Association of Insurance Commissioners, the Conference of State Banking Supervisors, and many other important regulators. Treasury chairs the FBIIC. 

The other important group is the Financial Services Sector Coordinating Council (FSSCC). The FSSCC consists of virtually every important financial services association in the United States.  

The structure of these organizations advances the principles I just spoke about. As the President stated in his National Strategy for the Physical Protection of Critical Infrastructures and Key Assets, “it is important to remember that protection of our critical infrastructures and key assets is a shared responsibility. Accordingly, the success of our protective efforts will require close cooperation between government and the private sector at all levels.” These two organizations facilitate that close cooperation and encourage private sector responsibility to protect the critical financial infrastructure without adding unnecessary layers of bureaucracy.

Policies 

The four principles - protecting people, maintaining confidence, maintaining access to financial institutions, and promoting de-centralized decision-making and responsibility - shape our policies to enhance the resilience of the U.S. economy. For example, they highlight the importance of developing accurate and timely information about threats and sharing that information with the private sector. As we share more and better information about threats, people in the private sector who own and operate our financial infrastructure can better estimate the risks they bear and can more effectively reduce the probability of a disruption through strategic investments. 

Furthermore, as more institutions invest in better security measures, the incentive for other firms to invest will also increase as they realize they might be left behind the competition. This tipping or cascading effect on businesses provides a very efficient and effective means of encouraging optimal investment in our corporate resilience. It also reduces the need for the government to impose costly, inflexible, and potentially ineffective command-and-control security regulations on the private sector.  

Programs

I wish to highlight a few of the programs that we have developed. These programs provide you with specific, tangible services that can help make your institutions and your colleagues safer.  

Recently, the FBIIC and the FSSCC launched the next generation Financial Services Information Sharing and Analysis Center (FS/ISAC). Since 1999, the FS/ISAC has been a leader in information sharing for the financial sector, allowing members to receive and submit anonymous reports on security threats and solutions. This next generation FS/ISAC includes both cyber and physical threat information; serves the entire sector; and deploys a secure, confidential technology platform where companies can exchange information in real time as they identify vulnerabilities, address the vulnerabilities, and respond to attempts to exploit the vulnerabilities.  

Given the benefits of increased information sharing on the general public, Treasury is pleased to support the next-generation FS/ISAC. I hope that all of you will consider joining the FS/ISAC as members. You can learn more about how your financial institution can benefit from the FS/ISAC at www.fsisac.com. 

Another important program is the Government Emergency Telecommunications Service (GETS) program. This program, which is run by the National Communications Service, provides critical members of the private sector priority access to the telecommunication system. In times of emergency when the telephone system experiences heavy traffic, GETS users can complete their calls faster so that they may discuss and coordinate emergency decisions. The importance of this emergency tool is apparent. Therefore, it is no surprise that since the attacks of September 11, the GETS program has expanded more than six-fold within the financial sector. If you are interested in participating in this program, please contact your primary regulator. Each of the participating regulators serves as the administrative sponsor for the GETS program. If you are already a GETS user, please remember to test your cards on a quarterly basis.  

A third important program that the Treasury created is the Protective Response Planning Program. This program brings together federal and local government officials, members of law enforcement and individuals from important financial institutions to develop and coordinate emergency responses to major disruptions at these specific institutions. Having personally participated in one such exercise for a very important institution, I can attest to its value. Watching the diverse array of law enforcement authorities - from the local police chief, to the county sheriff, the state police superintendent, the FBI, the United States Secret Service, and still others - coordinate their emergency response plans, in some cases for the first time, demonstrated how powerful a collaborative effort could be. The Protective Response Planning Program is open to the most critical financial institutions. If you are interested, please contact me. 

Thank you for your time today. Thank you for attending this important conference.