Operational risk

Cyber Instability

When terrorists attacked the World Trade Center on September 11, 2001, they also attacked the U.S. financial system. In addition to destroying critical financial infrastructure, the collapse of the twin towers closed the New York Stock Exchange and disrupted the payments system that links U.S. intermediaries, threatening to shut down banks, ATM machines and credit card operations across the country. Only extraordinary intervention by the Federal Reserve kept the system afloat (see, for example, Rosengren).

We have long argued that financial stability is a vital common resource (see here). As ECB Board member Cœuré suggests in the opening quote, the same applies to financial cybersecurity—the protection of financial information and communications technologies (ICT) and their associated networks from failures and attacks. The events of 9/11 and their aftermath dramatically highlighted the link between stability and cybersecurity. Moreover, because our financial system is so deeply reliant on ICT and on large, global networks, these two objectives are more closely linked than ever before: ensuring one means guarding the other.  

In this post, we highlight the pervasiveness of cyberthreats as a source of operational risk in finance. Consistent with the Presidential Policy Directive 21 and a recent Presidential Executive Order aimed at strengthening cybersecurity, the U.S. government has designated financial services infrastructure as critical to national and economic security (see here). Nevertheless, numerous challenges—ranging from the availability of reliable data to the ever-changing nature of the attacks themselves—make the goal of safeguarding financial ICT networks very difficult. To be effective, cybersecurity efforts require mechanisms for preventing successful attacks, limiting their impact, and promoting quick, reliable recovery. Reducing vulnerability and contagion while boosting cyberresilience is a very tall order….

Read More

Operational Risk and Financial Stability

Recent disasters—both natural and man-made—prompt us to reflect on the relationship between operational risk and financial stability. Severe weather in sensitive locations, such as Hurricane Irma in Florida, raises questions about the resilience of the financial infrastructure. The extraordinary breach at Equifax highlights the public goods aspect of data protection, with potential implications for the availability of household credit.

At this stage, it’s important to pose the right questions about these operational shocks and, over time, to draw the right lessons. We expect that systemic financial intermediaries’ risk managers, members of their boards, their regulators, and their ultimate legislative overseers are currently in the midst of an intensive review of exposures (and that of the financial system as a whole) to these risks.

So, what is operational risk (OR)? The Basel Committee for Banking Supervision (BCBS) defines OR as “the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events”....

Read More