Summary

The September 11, 2001, terrorist attacks exposed the vulnerability of U.S. financial markets to wide-scale disasters. Because the markets are vital to the nation's economy, GAO's testimony discusses (1) how the financial markets were directly affected by the attacks and how market participants and infrastructure providers worked to restore trading; (2) the steps taken by 15 important financial market organizations to address physical security, electronic security, and business continuity planning since the attacks; and (3) the steps the financial regulators have taken to ensure that the markets are better prepared for future disasters.

The September 11, 2001, terrorist attacks severely disrupted U.S. financial markets as the result of the loss of life, damage to buildings, loss of telecommunications and power, and restrictions on access to the affected area. However, financial market participants were able to recover relatively quickly from the terrorist attacks because of market participants' and infrastructure providers' heroic efforts and because the securities exchanges and clearing organizations largely escaped direct damage. The attacks revealed limitations in the business continuity capabilities of some key financial market participants that would need to be addressed to improve the ability of U.S. markets to withstand such events in the future. GAO's review of 15 stock exchanges, clearing organizations, electronic communication networks, and payments system providers between February and June 2002 showed that all were taking steps to implement physical and electronic security measures and had developed business continuity plans. However, some organizations still had limitations in one or more of these areas that increased the risk that their operations could be disrupted by future disasters. Although the financial regulators have begun efforts to improve the resiliency of clearance and settlement functions within the financial markets, they have not fully developed goals, strategies, or sound practices to improve the resiliency of trading activities. In addition, the Securities and Exchange Commission's (SEC) technology and operations risk oversight, which is increasingly important, has been hampered by program, staff, and resource issues. GAO's report made recommendations designed to better prepare the markets to deal with future disasters and to enhance SEC's technology and operations risk oversight capabilities.