Skip to main content

Michael Bodson Joins Financial Regulators and CEOs to Discuss Cybersecurity in the Financial Services Sector

Michael Bodson, President and CEO of The Depository Trust & Clearing Corporation

Michael Bodson, President and CEO of The Depository Trust & Clearing Corporation (DTCC), recently joined with financial services executives, financial regulators and officials of the Obama Administration to discuss the growing threat of cybersecurity and its impact on financial stability.

The meeting, which was co-hosted by Treasury Secretary Jacob J. Lew and Assistant to the President for Homeland Security and Counterterrorism Lisa Monaco, comes at a time when cyber attacks have jumped to the second-most reported economic crime, according to PricewaterhouseCooper’s Global Economic Crime Survey. The study also found that financial institutions are prime targets of cyber criminals.

“Given the interconnectedness of the financial services industry, a cyber attack on one firm can have a far reaching impact across the financial services landscape,” Bodson said. “This meeting builds upon the work we’ve done with federal officials over the past several years to strengthen the industry’s resilience to prevent or mitigate the impact of an attack. We look forward to continuing these conversations with policymakers and further increasing the level of partnership and collaboration within the industry and with key leaders in the federal government.”

A Broad Agenda

During the meeting, Secretary Lew and Monaco led a discussion that focused on three topics of importance:

  • The need to coordinate potential response activities during a significant cyber incident;
  • Maintaining resilience in the sector’s core functionality; and
  • Ensuring the trust and confidence in individual firms and the sector as a whole during operational stress.

Over the past two years, the federal government and financial firms, including DTCC, have conducted public-private tabletop exercises to identify opportunities to enhance the industry’s cyber resilience and to begin taking concrete steps in response to those lessons. In addition to these activities, DTCC conducts its own internal tabletop exercises to test crisis management, team knowledge and resourcefulness in the face of catastrophic events.

“These regular exercises offer us the opportunity to validate how our command teams would respond in the event of a crisis,” said Stephen Scharf, DTCC Chief Security Officer. “As with real events, these various exercises are extremely important in helping us identify weaknesses or areas for improvement.”

Michael Bodson Joins Financial Regulators and CEOs to Discuss Cybersecurity in the Financial Services SectorCoordinating Response Efforts

During the meeting with Secretary Lew, the group also discussed procedures for coordinating cybersecurity incident response efforts among financial companies, executive branch agencies and financial regulators, consistent with Presidential Policy Directive 41, which was announced in July and governs the Federal government’s response to significant cyber incidents.

Administration officials reiterated their commitment to improving cybersecurity in the financial sector through enhanced public-private collaboration at the most senior levels and carrying this work through the Presidential transition. The Financial Services Sector Coordinating Council, a non-profit organization dedicated to partnering the financial sector with the government, detailed the establishment of a CEO cybersecurity council to regularly meet with government counterparts.

During the meeting, Bodson stressed the importance of a coordinated approach to cyber regulation that will guide development of a substantive and resilient cybersecurity regimen.

Given that the security of the financial system goes beyond sovereign borders, the group also discussed the G7 finance ministers and central bank governors’ endorsement last week of Fundamental Elements of Cybersecurity for the Financial Sector, a concise set of necessary features for enhanced cybersecurity for public and private entities in the financial sector.