The Fifth Annual Report issued May 19, 2015, by the Financial Stability Oversight Council (FSOC), established under the Dodd-Frank Wall Street Reform and Consumer Protection Act to oversee risks to the U.S. financial system. Themes discussed in the report included cybersecurity, market structure, reference rates and data collection.

Cybersecurity

The report highlights FSOC’s increasing concerns about cybersecurity and expresses its continued support for comprehensive legislation on cybersecurity issues including the enhancement of cybersecurity information sharing and data breach notifications.

The report provides FSOC’s recommendations in three areas; information sharing, best practices and response and recovery

Information Sharing

FSOC made the following recommendations to enhance cybersecurity information sharing between the private sector and government:

  • The U.S. Treasury should continue to work with U.S. intelligence and law enforcement agencies to enhance the sharing of timely and actionable cyber threat information with regulators and the private sector through the Financial Sector Cyber Intelligence Group and the Financial Sector Information Sharing and Analysis Center (FS-ISAC) especially through the automation of the sharing of technical data where possible.
  • The Federal Financial Institutions Examination Council (FFIEC) should continue to collaborate and coordinate on issues affecting the banking sector.
  • All information sharing efforts should be done in a manner that respects civil liberties and protects the privacy of customers.

Best practices

FSOC made the following recommendations with respect to the continued enhancement of the security and resilience of the U.S.’s critical infrastructure:

  •  The financial services sector should use the National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity (NIST Cybersecurity Framework) in addition to other relevant standards issued by regulators.
  • The financial services sector should integrate better cybersecurity practices into agreements with vendors.
  • Financial regulators should expand and complete efforts to map existing regulatory guidance to reflect and incorporate appropriate elements of the NIST Cybersecurity Framework, to foster consistency in cybersecurity across regulatory regimes.
  • Efforts must be made, including the passing of appropriate legislation, to grant financial regulators the authority to supervise third-party service providers to the financial services sector to enhance the security of such third-party service providers and the services they provide.

 Responses and Recovery

FSOC believes that the private sector and government should maintain robust plans for responding to a significant cyber incident. Towards this end, FSOC recommends:

  •  The establishment of a national plan for cyber incident response for the financial services sector.
  • The national plan should identify and articulate the role of law enforcement and the Department of Homeland Security.
  • The U.S. Treasury should play the role of coordinator of the national plan

Changes in financial market structure and implications for financial stability

FSOC believes that while changes in market structure such as the ability to trade at higher speeds and the diversity of trading venues has increased competition and reduced transaction costs, they caution regulators to be mindful of the introduction of certain vulnerabilities.

In particular, FSOC highlights that the expansion of electronic trading beyond the equities and futures markets should be assessed for potential vulnerabilities:

  •  Risk management and technology systems must be able to quickly detect and mitigate issues arising from error trades or disruptive strategies.
  • Given the fact that markets are now highly complex and interlinked, liquidity provision and pricing may adjust quickly and unexpectedly even in the absence of significant market events.

FSOC highlights the markets structure reforms undertaken by the CFTC and SEC over the past five years such as the enhancement of market wide circuit breakers, rules requiring brokers to implement risk controls, as well as rules that place stricter requirements on the technology used by exchanges, alternative trading systems, clearing houses and securities information processors.

In this area, FSOC recommends that:

  • Its member agencies remain vigilant to the confluence of factors that will drive changes in market structure and how this will impact the functioning of the markets, the provision of liquidity and potential implications for financial stability.
  • Regulators should collaborate to better understand linkages between and across markets, both regulated and unregulated, by improving data collection efforts and data sharing arrangements.
  • Regulators should work to develop enhanced tools to better understand currently unregulated firms that may act like intermediaries and make appropriate recommendations to Congress as to whether such firms should be regulated.

Reforms relating to reference rates

In its 2014 report, FSOC recommended the identification of alternative interest rate benchmarks based on observable transactions and supported by appropriate governance structures. It also recommended the development of a plan for a smooth and orderly transition to these new benchmarks.

In the 2015 report, FSOC notes that significant progress has been made including the formation of the Alternative Reference Rate Committee (ARRC). The ARRC is a group of market participants that is working with U.S. regulators to meet these recommendations. However, FSOC believes that more work is needed.

As such, FSOC recommends that:

Data quality, collection, and sharing

FSOC believes that regulatory efforts to address financial data gaps and promote standards must keep pace with market changes. In this area, FSOC makes the following recommendations:

  • Regulators and market participants should continue to work together to improve the quality, access and comprehensiveness of financial data in the U.S. and across global markets.
  • The SEC should continue to work to address data gaps in the asset management industry.
  • The relevant agencies should improve data collection on the bilateral repo and securities lending markets.
  • State insurance regulators and the National Association of Insurance Commissioners should continue to work to improve the public availability of data, including financial statements relative to captive reinsurance activity.
  • The Federal Insurance Office should continue to monitor and publicly report on the regulatory treatment of issues relating to captive reinsurance.
  • FSOC member agencies should push for the adoption of the global Legal Entity Identifier (LEI) in reporting requirements and rulemakings.
  • The adoption and use of standards in mortgage data and the collection of such data, especially the development of unique loan identifiers and the use of the LEI.
  • Swap Data Repositories (SDRs) and Security-Based Swap Data Repositories (SBSDRs) must have strong and common standards to facilitate counterparty analysis by financial institutions and to aid in the monitoring of financial stability by regulators.
  • The removal of impediments to access by U.S. regulators to data stored at repositories.
  • Member agencies should continue to explore best practices for data sharing and improving reporting efficiency.