A pair of top U.S. regulators called for increased attention to cyber risks to the financial system Tuesday in the wake of the hack of the Securities and Exchange Commission's corporate filing system.
Continue Reading Below
Federal Reserve Governor Jerome Powell and Commodity Futures Trading Commission Chairman J. Christopher Giancarlo both cited cybersecurity as a fundamental risk point for the financial sector during a discussion at George Washington University Law School. In a broad conversation on financial regulation, they both also expressed confidence that they would make progress modifying the Volcker rule trading ban and other financial rules.
"There can never be any sense of comfort that we've got this nailed," Mr. Powell said of regulators' efforts to improve cybersecurity.
Mr. Giancarlo said the SEC hack raises questions about how much proprietary data should be held by market regulators. Since the 2016 hack was disclosed in September, companies have raised concerns about giving over closely held data such as trading source code to government regulators.
The concerns threaten to trip up implementation of the SEC's consolidated audit trail rule, which would keep track of every trade and order in U.S. stock and option markets, as well as efforts by the CFTC to expand regulators' access to the computer code that drives automated trading strategies and bring more high-frequency traders under their oversight.
"I'm very concerned that we don't house gratuitous market information that makes ourselves a target for commercial espionage and commercial hackers," Mr. Giancarlo said.
Mr. Powell said another priority for the Fed is focusing on the fallout of a data breach at credit reporting firm Equifax Inc. "It's obviously a terrible breach," he said. For banks "It does raise the risk of consumer fraud, and so we'll be focusing on that."
Mr. Powell separately said he believes the time will come when the Fed will release the largest U.S. banks from the so-called "qualitative" part of the stress tests, which has tripped up many banks in the past. The Fed has already released banks with less than $250 billion in assets from that part of the tests.
"It's time" to release the biggest banks from the qualitative test, Mr. Powell said, before correcting himself to say "It's almost time." He said when that time comes, the Fed will still examine banks' risk management as part of its regular supervision.
Messrs. Powell and Giancarlo both said they are confident that U.S. regulators can come to an agreement on changing the Volcker rule ban on certain types of bank trading. "We are going to be able to get to a five-agency rule on Volcker that is significantly less burdensome, that is faithful to the intent of Congress," Mr. Powell said. "But I'm not going to tell you that it's going to be quick or easy."
Mr. Powell also reiterated that the Fed is working on changes to the leverage ratio, a key bank capital requirement. He said the current requirement for the biggest banks is overly strict and discourages banks from participating in relatively safe activities such as "money markets and other safe asset markets (as well as) central clearing."
Mr. Powell said he strongly supported Fed Chairwoman Janet Yellen's vote last week to remove American International Group Inc. from federal oversight. But he warned against removing the government's authority to pull in firms like AIG for stricter rules in the future, saying regulators may need that power in a crisis.
Mr. Powell also said the Fed intends to move forward with a rule governing banks' long-term funding strategies, known as the net stable funding ratio. The Treasury Department in June recommended delaying that rule until it could be "appropriately calibrated and assessed."
That statement was "nothing like the hard stop that people are interpreting it as," Mr. Powell said.
He added: "I expect we will move forward with a proposal on that," suggesting the Fed may rewrite its proposal for the rule. The Fed published a draft of the rule in May 2016.
Write to Ryan Tracy at email@example.com and Gabriel T. Rubin at firstname.lastname@example.org