[House Hearing, 108 Congress]
[From the U.S. Government Publishing Office]



 
                    RECOVERY AND RENEWAL: PROTECTING
                      THE CAPITAL MARKETS AGAINST
                          TERRORISM POST 9/11

=======================================================================

                                HEARING

                               BEFORE THE

                            SUBCOMMITTEE ON
                    CAPITAL MARKETS, INSURANCE, AND
                    GOVERNMENT SPONSORED ENTERPRISES

                                 OF THE

                              COMMITTEE ON
                           FINANCIAL SERVICES

                     U.S. HOUSE OF REPRESENTATIVES

                      ONE HUNDRED EIGHTH CONGRESS

                             FIRST SESSION

                               __________

                           FEBRUARY 12, 2003

                               __________

       Printed for the use of the Committee on Financial Services

                            Serial No. 108-2


                        U.S. GOVERNMENT PRINTING OFFICE
                               WASHINGTON : 2003
86-850 PDF

For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpr.gov  Phone: toll free (866) 512-1800; (202) 512-1800  
Fax: (202) 512-2250 Mail: Stop SSOP, Washington, DC 20402-0001





                 HOUSE COMMITTEE ON FINANCIAL SERVICES

                    MICHAEL G. OXLEY, Ohio, Chairman

JAMES A. LEACH, Iowa                 BARNEY FRANK, Massachusetts
DOUG BEREUTER, Nebraska              PAUL E. KANJORSKI, Pennsylvania
RICHARD H. BAKER, Louisiana          MAXINE WATERS, California
SPENCER BACHUS, Alabama              CAROLYN B. MALONEY, New York
MICHAEL N. CASTLE, Delaware          LUIS V. GUTIERREZ, Illinois
PETER T. KING, New York              NYDIA M. VELAZQUEZ, New York
EDWARD R. ROYCE, California          MELVIN L. WATT, North Carolina
FRANK D. LUCAS, Oklahoma             GARY L. ACKERMAN, New York
ROBERT W. NEY, Ohio                  DARLENE HOOLEY, Oregon
SUE W. KELLY, New York, Vice         JULIA CARSON, Indiana
    Chairman                         BRAD SHERMAN, California
RON PAUL, Texas                      GREGORY W. MEEKS, New York
PAUL E. GILLMOR, Ohio                BARBARA LEE, California
JIM RYUN, Kansas                     JAY INSLEE, Washington
STEVEN C. LaTOURETTE, Ohio           DENNIS MOORE, Kansas
DONALD A. MANZULLO, Illinois         CHARLES A. GONZALEZ, Texas
WALTER B. JONES, Jr., North          MICHAEL E. CAPUANO, Massachusetts
    Carolina                         HAROLD E. FORD, Jr., Tennessee
DOUG OSE, California                 RUBEN HINOJOSA, Texas
JUDY BIGGERT, Illinois               KEN LUCAS, Kentucky
MARK GREEN, Wisconsin                JOSEPH CROWLEY, New York
PATRICK J. TOOMEY, Pennsylvania      WM. LACY CLAY, Missouri
CHRISTOPHER SHAYS, Connecticut       STEVE ISRAEL, New York
JOHN B. SHADEGG, Arizona             MIKE ROSS, Arkansas
VITO FOSELLA, New York               CAROLYN McCARTHY, New York
GARY G. MILLER, California           JOE BACA, California
MELISSA A. HART, Pennsylvania        JIM MATHESON, Utah
SHELLEY MOORE CAPITO, West Virginia  STEPHEN F. LYNCH, Massachusetts
PATRICK J. TIBERI, Ohio              BRAD MILLER, North Carolina
MARK R. KENNEDY, Minnesota           RAHM EMANUEL, Illinois
TOM FEENEY, Florida                  DAVID SCOTT, Georgia
JEB HENSARLING, Texas                ARTUR DAVIS, Alabama
SCOTT GARRETT, New Jersey             
TIM MURPHY, Pennsylvania             BERNARD SANDERS, Vermont
GINNY BROWN-WAITE, Florida
J. GRESHAM BARRETT, South Carolina
KATHERINE HARRIS, Florida
RICK RENZI, Arizona

                 Robert U. Foster, III, Staff Director
            Subcommittee on Capital Markets, Insurance, and 
                    Government Sponsored Enterprises

                 RICHARD H. BAKER, Louisiana, Chairman

DOUG OSE, California, Vice Chairman  PAUL E. KANJORSKI, Pennsylvania
CHRISTOPHER SHAYS, Connecticut       GARY L. ACKERMAN, New York
PAUL E. GILLMOR, Ohio                DARLENE HOOLEY, Oregon
SPENCER BACHUS, Alabama              BRAD SHERMAN, California
MICHAEL N. CASTLE, Delaware          GREGORY W. MEEKS, New York
PETER T. KING, New York              JAY INSLEE, Washington
FRANK D. LUCAS, Oklahoma             DENNIS MOORE, Kansas
EDWARD R. ROYCE, California          CHARLES A. GONZALEZ, Texas
DONALD A. MANZULLO, Illinois         MICHAEL E. CAPUANO, Massachusetts
SUE W. KELLY, New York               HAROLD E. FORD, Jr., Tennessee
ROBERT W. NEY, Ohio                  RUBEN HINOJOSA, Texas
JOHN B. SHADEGG, Arizona             KEN LUCAS, Kentucky
JIM RYUN, Kansas                     JOSEPH CROWLEY, New York
VITO FOSSELLA, New York              STEVE ISRAEL, New York
JUDY BIGGERT, Illinois               MIKE ROSS, Arkansas
MARK GREEN, Wisconsin                WM. LACY CLAY, Missouri
GARY G. MILLER, California           CAROLYN McCARTHY, New York
PATRICK J. TOOMEY, Pennsylvania      JOE BACA, California
SHELLEY MOORE CAPITO, West Virginia  JIM MATHESON, Utah
MELISSA A. HART, Pennsylvania        STEPHEN F. LYNCH, Massachusetts
MARK R. KENNEDY, Minnesota           BRAD MILLER, North Carolina
PATRICK J. TIBERI, Ohio              RAHM EMANUEL, Illinois
GINNY BROWN-WAITE, Florida           DAVID SCOTT, Georgia
KATHERINE HARRIS, Florida
RICK RENZI, Arizona
                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on:
    February 12, 2003............................................     1
Appendix:
    February 12, 2003............................................    33

                               WITNESSES
                      Wednesday, February 12, 2003

Britz, Robert G., President and Co-Chief Operating Officer, New 
  York Stock Exchange............................................    24
Colby, Robert L. D., Deputy Director, Division of Market 
  Regulation, Securities and Exchange Commission.................     4
D'Agostino, Davi M., Director, Financial Markets and Community 
  Investment, U.S. General Accounting Office.....................     2
Green, Micah S., President, The Bond Market Association..........    28
Ketchum, Richard, President, NASDAQ Stock Market.................    22
Kittell, Donald D., Executive Vice President, Securities Industry 
  Association....................................................    26

                                APPENDIX

Prepared statements:
    Clay, Hon. Wm. Lacy..........................................    34
    Israel, Hon. Steve...........................................    35
    Kanjorski, Hon. Paul E.......................................    36
    Maloney, Hon. Carolyn B......................................    38
    Royce, Hon. Ed...............................................    39
    Britz, Robert G..............................................    40
    Colby, Robert L. D...........................................    48
    D'Agostino, Davi M. (with attachments).......................    56
    Green, Micah S...............................................   185
    Ketchum, Richard G...........................................   278
    Kittell, Donald D............................................   290

              Additional Material Submitted for the Record

NYSE response to questions posed by Hon. Richard Baker...........   298


                    RECOVERY AND RENEWAL: PROTECTING



                      THE CAPITAL MARKETS AGAINST



                          TERRORISM POST-9/11

                              ----------                              


                      Wednesday, February 12, 2003

             U.S. House of Representatives,
         Subcommittee on Capital Markets, Insurance
              and Government Sponsored Enterprises,
                           Committee on Financial Services,
                                                   Washington, D.C.
    The subcommittee met, pursuant to call, at 3 p.m., in Room 
2128, Rayburn House Office Building, Hon. Richard H. Baker 
[chairman of the subcommittee] presiding.
    Present: Representatives Baker, Ose, Manzullo, Hart, Brown-
Waite, Harris, Renzi, Kanjorski, Sherman, Inslee, Moore, 
Israel, Capuano, Lucas of Kentucky, Clay, McCarthy, Matheson, 
Miller of North Carolina, Emanuel, Scott, and Maloney.
    Chairman Baker. I would like to call this meeting of the 
Capital Markets Subcommittee to order. It is my understanding 
that Mr. Kanjorski is on his way and will join us momentarily. 
I would first like to say--as I speak, here comes Mr. 
Kanjorski.
    This is our first meeting of the new session, and we will 
have a very busy agenda over the coming weeks and months. March 
and April are particularly going to be time-consuming for 
Members. But I think we have a lot of important work to do. 
Today is certainly exemplary of the types of issues with which 
the committee will be engaged.
    We will be in receipt today of a report from the General 
Accounting Office relative to their assessments of market 
participants' capabilities to help preclude or, in the adverse 
consequence, respond to another economic terrorist assault on 
American soil. And from the initial reading of the report and 
comments of those who will participate today, although all 
answers have not been found, it does appear that successful 
improvements have been in the making. And we look forward to 
having the committee's assistance in helping the regulators and 
market participants achieve the level of security needed to 
ensure that no one can bring our economic system to its knees, 
an extraordinarily important matter, and I am certain that the 
committee will return to it on many occasions as circumstances 
require.
    But I extend my welcome to the Members and certainly to the 
Ranking Member Mr. Kanjorski, I look forward to working with 
you again this session. And the gentleman is recognized for any 
opening statement he might make.
    Mr. Kanjorski. Thank you, Mr. Chairman. I think I will move 
that my full remarks be made part of the record.
    Mr. Chairman, first of all, I prize the relationship for 
the last 8 years that you and I have had as chairman and 
Ranking Member of this subcommittee, and really take great 
pleasure in the fact that we were able to rise to the occasion 
in providing terrorism reinsurance and restoring investor 
confidence in corporate America to some degree in the last 
Congress.
    Today we are here to examine the physical problems that may 
exist in a future terrorist attack on the United States and 
what actions and efforts we should take and what legislation 
will be necessary to accomplish that end. Also, as I suggested 
in my amendment to our policy consideration of the committee, 
we not only should take into consideration the physical effects 
of a terrorist attack on our economy and our markets, but also 
what economic disasters could befall the United States, and to 
start looking at some of the necessary actions to prevent that 
or to provide the legal authority for appropriate action. And 
some of the witnesses that are here today representing the 
various and sundry areas would be instrumental in examining 
that, because, in my estimation, I believe that terrorism can 
cause unreasonable and untold loss of life in America, it can 
cause tremendous physical damage in America, but cannot 
threaten the national security of America. On the other hand, 
economic destruction or events could bring down the American 
economy and, in fact, America in its entirety.
    So I think that not only do we have the opportunity to look 
at the physical effects on the markets and what we can do to 
shore them up, but also anticipating what economic occurrences 
may occur over the next several years that could really 
threaten the economy of the United States. And I look forward 
to working very closely with you in that end, and I move that 
my remarks be made part of the record.
    [The prepared statement of Hon. Paul E. Kanjorski can be 
found on page 36 in the appendix.]
    Chairman Baker. Without objection, in their entirety.
    Does any other Member wish to make any opening statement at 
this time? If not, then I would proceed to our first panel of 
witnesses, and welcome Ms. Davi D'Agostino, who is the Director 
of the Financial Markets and Community investment Division of 
the U.S. General Accounting Office.
    I think all Members have been provided a copy of your 
report. Please feel free to summarize and give us any 
perspectives you think would be helpful to the committee. 
Welcome.

 STATEMENT OF DAVI M. D'AGOSTINO, DIRECTOR, FINANCIAL MARKETS 
    AND COMMUNITY INVESTMENT, U.S. GENERAL ACCOUNTING OFFICE

    Ms. D'Agostino. Thank you very much, Mr. Chairman. With 
your permission, I would like to submit my full written 
statement for the record, and I would summarize my remarks 
orally.
    Chairman Baker. Without objection. And all witnesses' 
testimony will be made part of the official record. Thank you.
    Ms. D'Agostino. Thank you very much.
    Mr. Chairman, members of the subcommittee, I am pleased to 
be here today before you to discuss GAO's work on the readiness 
of the U.S. Financial markets to respond to potential terrorist 
attacks. The markets are vitally important to our Nation's 
financial system and to our economy. The devastating attacks on 
the World Trade Center on September 11th revealed that our 
markets could be vulnerable to such events.
    Today I will talk about, one, how the markets recovered 
from these attacks; two, the limitations that existed in 
participants' readiness to recover; and, three, steps that 
regulators have taken to assure that U.S. markets are better 
prepared for such attacks and what more needs to be done.
    First, because the attacks occurred in the heart of Wall 
Street, over 70 percent of the nearly 2,800 people who lost 
their lives worked at financial firms such as broker/dealers 
and banks. The attacks damaged or destroyed over 400 buildings, 
and electricity and telephone services were also severely 
disrupted. Facing enormous obstacles, the utilities, exchanges, 
and firms worked around the clock and used creative solutions 
to reopen the markets within days of the attacks. Our report 
has numerous examples of the amazing efforts behind the market 
restoration. Still, by that Friday, September 14th, broker/
dealers that normally provide 40 percent of market liquidity 
were not fully ready to trade, and the industry and regulators 
chose to test the newly established telecommunications over the 
weekend. On September 17th, the markets reopened, trading 
record volumes. In retrospect, the markets probably would not 
have been able to open so quickly if certain organizations had 
been directly hit.
    Second, the attacks also revealed limitations in the 
disaster planning of many market participants. In some cases 
firms did not have backup facilities, and others had located 
their backups too close to their primary sites. Some firms also 
found that the backup telephone lines they bought from 
different providers were routed down the same pipes or through 
the same switches as their primary lines. Our reviews of 15 
important exchanges, clearing organizations, ECNs, and payment 
system processors from February through June 2002 showed that 
they had taken many steps to prevent disruptions to their 
operations from physical or electronic attacks. Most had also 
invested in backup facilities or other measures to be able to 
recover from such attacks, but many of these 15 organizations 
still faced increased risk to their operations.
    For example, most organizations did not have complete plans 
to continue operations if the staff at their primary sites were 
incapacitated. Some of these organizations also faced increased 
risk of disruption from widescale disasters because their 
backup facilities were nearby.
    Third, the financial regulators have taken some important 
steps to improve the resiliency of the financial markets to 
recover from future disasters, but these efforts are not 
complete. Banking and securities regulators issued a white 
paper that proposed recovery practices for crucial clearing and 
settling functions, but they have not made a similar proposal 
for trading activities. To better assure that trading can also 
recover in a smooth and timely manner following a disaster, we 
recommended that SEC take a leadership role and work with the 
industry to develop goals and strategies to resume trading. 
Such strategies could be based on likely disaster scenarios and 
should identify the organizations that are able to trade in the 
event that others cannot. SEC also needs to work with the 
industry to identify sound recovery practices for organizations 
to adopt--to better assure they can trade after another 
disaster.
    There will be a need to balance the business decisions and 
risk management trade-offs that individual market participants 
make with the need for a sound, viable plan for assuring the 
U.S. markets can resume important trading activities when 
appropriate. The 9/11 attacks showed that the market's ability 
to reopen depends on the readiness of key broker/dealers. The 
plans SEC develops will have to assure that sufficient firms 
are available to trade, and that customers' accounts at firms 
unable to operate can be transferred to others who can.
    We also recommended that SEC improve its program to oversee 
operations risks at exchanges, clearing organizations, and 
ECNs. These improvements included making its voluntary program 
rule-based, and using a portion of any future budget increases 
to expand and retain its experienced staff and technical 
resources.
    Mr. Chairman, this concludes my prepared remarks, and I 
would be happy to answer questions at any time.
    Chairman Baker. Thank you very much.
    [The prepared statement of Davi M. D'Agostino can be found 
on page 56 in the appendix.]
    Chairman Baker. Our next witness is Mr. Robert Colby, 
Deputy Director, Division of Market Regulation, from the 
Securities and Exchange Commission. Welcome, Mr. Colby.

 STATEMENT OF ROBERT L.D. COLBY, DEPUTY DIRECTOR, DIVISION OF 
     MARKET REGULATION, SECURITIES AND EXCHANGE COMMISSION

    Mr. Colby. Thank you. Chairman Baker, Ranking Member 
Kanjorski, and members of the subcommittee, I appreciate the 
opportunity to testify before you today regarding the efforts 
since the September 11th terrorist attacks to better protect 
U.S. financial markets and institutions, and to address issues 
raised in the report released today by the General Accounting 
Office.
    As the GAO recognizes in its reports, participants in the 
United States financial markets made heroic efforts to recover 
from the devastation of the September 11th attacks, with the 
result that all markets reopened successfully within a week 
after those tragic events. Nevertheless, the Commission and 
other regulators in the industry have engaged in wide-ranging 
and intensive efforts to consider the lessons learned from the 
events of September 11th and strengthen the resiliency of the 
financial sector so that we are better prepared going forward.
    Immediately after the September 11th attacks, the 
securities industry recognized the need to develop more 
rigorous business continuity plans that addressed problems of 
wider geographic scope and longer duration. Market participants 
have taken a number of significant steps to improve their 
resiliency, including establishing more robust and 
geographically disbursed backup facilities for operations in 
data recovery, improving crisis management procedures, and 
seeking telecommunications diversity.
    The Commission and other financial regulators have also 
been devoting substantial resources to projects designed to 
strengthen the resilience of the financial sector. For example, 
the Commission, working with the Federal Reserve Board and the 
Office of the Comptroller of the Currency, are in an effort to 
identify sound practices for business continuity planning for 
key market participants.
    This past August we published for comment a draft white 
paper that focused on a small but critical group of 
participants in the U.S. clearance and settlement system. The 
goal of this project is to minimize the immediate systemic 
effects of a widescale disruption by assuring that the key 
payment settlement systems can resume operation promptly 
following a widescale disaster, and major participants in those 
systems can recover sufficiently to complete pending 
transactions. The agencies expect to issue the final white 
paper next month after an additional amount of consultation 
with the industry, and then incorporate the sound practices 
into their respective forms of supervisory guidance.
    In addition, Commission staff has been reviewing on an 
ongoing basis the efforts of the organized markets to 
strengthen their resiliency in the post-September 11th 
environment. These markets have taken a variety of steps to 
improve their physical security, information system protections 
and business continuity capabilities, and Commission staff 
continue to work with them to further increase the robustness 
of their individual plans. In addition, we have been exploring 
with the markets the possibility of mutual backup arrangements.
    As to the resilience of securities firms, the New York 
Stock Exchange and the NASD have proposed rules that would 
require all broker/dealers to have business continuity plans 
that address a number of important areas. We have also been 
working with the relevant industry associations, the SIA and 
the Bond Market Association, on their members' business 
continuity disaster recovery efforts.
    To date, the Commission's intensive efforts have focused on 
measuring and ensuring the resilience of the U.S. clearance and 
settlement system because, in our view, that infrastructure is 
the single most important element of the securities markets. As 
a practical matter, securities transactions cannot be completed 
in the absence of a functioning clearance and settlement 
system. Accordingly, the Commission has given priority to 
initiatives that assure the prompt implementation of vigorous 
business continuity plans by critical participants in the 
clearance and settlement system.
    The GAO report recommends that the Commission do more to 
assure the resumption of trading by securities markets and 
broker/dealers following a major disaster. We share the GAO's 
views regarding the importance of emergency preparedness of the 
financial markets, and generally agree with the report's 
principle: that the financial market should be prepared to 
resume trading in a timely, fair, and orderly fashion following 
a catastrophe. But we believe that different, in some cases 
more complex, policy considerations apply to the resumption of 
trading than to the resumption of clearance and settlement 
activities. Because trading activities is relatively fungible 
across markets and market participants, we are of the view that 
individual markets and securities firms are less critical to 
the securities markets than the key clearance and settlement 
utilities. Were any single securities market to become 
incapacitated, for example, we believe that trading could be 
shifted to one or more of the remaining markets. We recognize 
that sufficient advanced preparation is required for such an 
arrangement to work smoothly and promptly, and, as I indicated 
earlier, Commission staff is in the midst of just such an 
effort.
    As to the resumption of trading by securities firms, in our 
view, strong business incentives exist for broker/dealers to 
develop robust business continuity plans for their trading 
operations. Trading operations, of course, are in--at least in 
good markets, are a source of significant revenue for 
securities firms, and few would risk a situation where their 
competitors are in a position to trade and they are not.
    I also note that as a provision of liquidity to the market 
by securities firm is voluntary; they cannot be compelled to 
resume trading activities.
    Finally, there are critical policy considerations relating 
to the reopening of trading markets following a major disaster 
that could suggest not compelling the speediest reopening. 
Difficult judgments may be required to strike the appropriate 
balance between the desire to resume trading as soon as 
possible and the practical necessity of waiting long enough to 
minimize the risks that, when trading resumes, it will be of 
inferior quality or interrupted by further problems.
    For example, in the aftermath of the September 11th events, 
many praised the decision to wait until Monday, September 17th, 
to reopen the equity markets as it allowed market participants 
the preceding weekend to test connectivity in systems and 
thereby better assure the smooth resumption of trading.
    Despite these policy concerns, we nevertheless agree with 
the GAO that more needs to be done to prepare the securities 
markets for the resumption of trading in the event of a crisis. 
Specifically, the Commission intends to consider whether it 
should identify a time frame against which markets should plan 
to resume trading following a widescale regional disaster. We 
also will continue to work with the New York Stock Exchange, 
NASDAQ, and other organized securities markets to develop and 
test mutual backup arrangements for various scenarios, and we 
will pursue efforts to increase the resilience of important 
shared information systems such as the consolidated market data 
stream generated for equity and options markets. Any timing 
goal established for the resumption of trading markets could 
serve as a useful resumption benchmark for securities firms as 
well.
    In addition, the Commission will consider developing 
standards in conjunction with the self-regulatory organizations 
to help assure that broker/dealers are able to provide 
customers prompt access to their funds and securities even in 
the face of widescale regional disturbance.
    The GAO report also recommends that the Commission improve 
its oversight of operations risk by issuing a rule to require 
exchanges and clearing organizations to engage in practices 
consistent with the Commission's automation review policy, or 
ARP program, and by expanding the resources dedicated to that 
program. The Commission recognizes the critical role that 
technology plays in the securities industry and specifically 
the importance of having in place adequate safeguards and 
controls over information resources to ensure reliable and 
timely trading services to investors.
    The events of September 11th underscored the financial 
markets' critical and increasing dependence on the integrity of 
their systems' infrastructure. In light of the GAO's 
recommendations, we will consider alternative mechanisms to 
improve the effectiveness of the Commission's automation 
oversight, including the appropriateness of rulemaking. We will 
also assess the additional resources that may be necessary to 
accomplish the objectives of the ARP program and the GAO 
report.
    Thank you for the opportunity to testify, and I would be 
happy to answer any questions.
    Chairman Baker. Thank you, Mr. Colby.
    [The prepared statement of Robert L.D. Colby can be found 
on page 48 in the appendix.]
    Chairman Baker. Ms. D'Agostino, it appears from the basic 
recommendations, there were principally two things I found of 
interest. One was the resource limitation on ARP staffing and 
their ability to only review perhaps 7 of 32 particular 
agencies on an annual basis, which means 4-1/2 years before you 
would make the full cycle. So resource allocation for the 
technical folks we need to make that system work is essential.
    But number two, and I think Mr. Colby's closing comments 
spoke to it briefly, is the advisability of having rulemaking 
as opposed to voluntary participation as a result of the ARP 
program findings.
    It would appear to me that most of what I have read from 
the industry perspective is that we should be careful not to 
mandate something, a particular standard or a particular time 
line or particular steps to be taken, because each shop is 
different, each conducts its business in a slightly different 
manner. But would it not be consistent with the report that we 
at least by rule adopt goals; that first, after whatever event 
may occur--and that obviously is the difficult thing to 
predict--that efforts should be made for an immediate 
operability, but subject to some period of time to test? I 
think the lessons of September 11 was the Monday, September 
17th success. Had it opened and stumbled, I think the 
repercussions would have been significant. Can't we get to a--
could we not construct a goal, an operational plan that would 
not so constrain individual companies or participant, but yet 
set a standard in place that would be mandatory?
    Ms. D'Agostino. Actually the ARP program and the ARP policy 
is sort of like a goal. It does not have very specific 
technical standards to which an organization must live up, and 
it is not with a huge amount of specificity that programs are 
reviewed. It is more of a performance-based-type policy and 
program that they operate with now, and that would be 
consistent with what we are recommending.
    We acknowledge, I think, in our conclusions in our report 
the need for flexibility and for technology to continue to 
evolve and to have the opportunity to avoid--well, to ensure 
avoidance of a one-size-fits-all or a cookie cutter approach 
where everybody has to do the same thing, because of course 
there are many technology paths just as there are for physical 
security solutions and other issues.
    Chairman Baker. But you do believe that the ARP findings or 
recommendations should be in the form of a mandatory 
requirement as opposed to voluntary participation?
    Ms. D'Agostino. Actually they are mandatory on the ECNs 
now. SEC did pass a rule that makes compliance with the ARP by 
the ECNs required. So if we made that an across-the-board 
requirement for all organizations subject to ARP, it would 
simply even it out.
    Chairman Baker. Right.
    Mr. Colby, listening to our exchange, do you have a concern 
or caution about mandatory ARP compliance or not?
    Mr. Colby. Let me drop back and explain why the ARP program 
is the way it is. It was developed a number of years ago, and 
it is a little different for the Commission, because it was a 
program of looking at the computer resources and the process of 
examining, assessing, evaluating computer resources is 
something that has been developing as automation has grown. So 
we did it on a voluntary basis in part because we didn't want 
to freeze into place something that was still in an evolving 
state, and it stayed voluntary because on the whole, given our 
influence over the self-regulatory organizations that it 
applies to, it has worked quite effectively.
    Now, within the ARP process, it assesses, processes, and 
controls the system development mechanisms. There is room for 
differing of opinions. So our people might come in and say, we 
think that there is this weakness in your process, and the SROs 
may come back and say, well, we disagree.
    I think the sort of rule that the GAO is talking about is 
one that mandates the process, in compliance with the process, 
as opposed to any particular result that would come out of that 
evaluation.
    Chairman Baker. But the compliance for the ECNs which is 
mandatory was principally centered, as I understand it, on the 
reality that they were not open outcry systems, they were a 
communications-based marketplace. And as I view the markets 
today, we are clearly moving rapidly to emulate that structure. 
And it would seemed to me that verification by someone that the 
communication skills and abilities, whatever the platforms may 
be, can have functionality even after the aftermath of one of 
these events would be advisable.
    Mr. Colby. We absolutely agree. The ARP rules that applied 
to ECNs were applied in part because of their structure, but in 
part because they are not in the same regulatory state as the 
self-regulatory organizations which we examine, review their 
rules, and have a lot of interaction. But the ECNs are 
typically private organizations, for-profit organizations, and 
so in that sense it seems it needed to be mandatory.
    It also is a process-based approach, and so I think what 
they are recommending could be transferred over to the self-
regulatory organizations.
    Chairman Baker. I have exhausted my time, but just one more 
quick question about the funding levels for the ARP program.
    Mr. Colby. Funding levels.
    Chairman Baker. Yes. Where are we? What has the Congress 
done in relation to that issue? And where is the agency with 
regard to requests for this year?
    Mr. Colby. As you know very well, we have had a funding 
problem over the years, and the ARP program is one of the 
things that has been constrained by those funds. Another 
practical problem that constrains that process is--and this 
committee by moving to address it--that hiring the sort of 
people that go into the ARP process is quite difficult, partly 
because the government process for hiring is sort of skilled 
automation experts that we need is protracted, and partly 
because with the dot.com boom, these people were just not 
available.
    Chairman Baker. Well, your ringing endorsement of the 
Oxley-Baker bill has been duly noted. Thank you.
    Mr. Colby. And that is what I intended.
    Chairman Baker. Thank you very much.
    Mr. Kanjorski.
    Mr. Kanjorski. Thank you very much, Mr. Chairman.
    Most of your concentration has been on physical damage and 
a physical terrorist attack and what the implications of that 
are in the marketplace; is that correct?
    Mr. Colby. Our program both looks at physical and at 
information vulnerabilities.
    Mr. Kanjorski. But as a result of physical damage.
    Mr. Colby. Not necessarily. It also looks at the security 
measures that are taken with respect to cyberthreats and the 
like. Cyberthreats are quite difficult, of course, to predict 
and respond to, but it does intend to look at that, and it has 
been a focus of the ARP process.
    Mr. Kanjorski. If the attack on September 11th had, in 
fact, not taken place against the World Trade Center buildings 
in New York but in the Sears building in Chicago, has anyone 
done a study as to what the disruption of the market, if any, 
and the economic effect of the terrorist attack on the market, 
if any, would have been relative to what did happen?
    Mr. Colby. There is a very high concentration of critical 
financial markets in the Chicago area, and it is something that 
we have been focused on. Our agency, of course, is only the 
securities markets.
    Mr. Kanjorski. I guess I'm not directing myself, because 
that again goes to the question of physical damage. I am trying 
to say, has anybody said what the physical damage in the delay 
of opening the markets and functioning in a physical way in the 
market as compared to the economic impact of a terrorist attack 
was on the economy of the United States? In other words, I 
would like to know in that September period after--September 
through October after the attack when we had the tremendous 
downturn in the market, was that a result of the economy, or 
was that just a result of fear in the marketplace and the 
failure and the time required to open the markets and get back 
to an orderly operation?
    Mr. Colby. I think it is indisputable that the immediate 
drop--there was a 3 percent drop on the day after the markets 
opened, was clearly a result of concern about what the 
terrorist attack meant. I don't think that the rest of the fall 
in the markets can be attributed to that directly. We have 
participated, but not been chiefly responsible, in economic 
studies done by what is now the Homeland Security Department 
about the economic consequences of a terrorist attack in trying 
to assess how the September 11th and how a possible future 
attack might affect the economy.
    Mr. Kanjorski. And have you participated in those, or 
should you participate?
    Mr. Colby. We have participated to provide our expertise, 
to try to give them a sense of what the impact on the markets 
would be. And then--
    Mr. Kanjorski. If you can answer: The CIA Director today 
testified that the untested potential exists for an ICBM to--
with an atomic warhead to hit the cities on the west coast of 
the United States. Making the assumption that two 20-kiloton 
bombs were to hit either San Diego, Los Angeles, San Francisco, 
Portland, or Seattle, what would be the ramifications to the 
economy of the United States? And are we looking at that in 
terms of--are we just being functional and physical here in 
looking at how to handle the marketplace as opposed to what we 
have to think about the disruption of the economy?
    Mr. Colby. This level of response is the functional and 
physical. There are elements of the government that are looking 
at the broader consequences. It is being conducted in the 
context of the Homeland Security Department, and there is an 
entire community of which we are one small member whose title 
is The Economic Consequences of An Attack, and they are trying 
to both scope out what those sort of consequences would be and 
also what sort of steps might be necessary to respond to them.
    Mr. Kanjorski. So this committee should start thinking in 
terms of not only the physical consequences of terrorism, but 
the economic consequences of terrorism and other economic 
circumstances unrelated to terrorism as to what kind of 
structures and processes should be put in place in an 
anticipatory way in order to keep the economy sufficiently 
existing so that we don't really lose the war.
    Mr. Colby. The physical and functional is just the 
beginning of the process of trying to address what the 
consequence of a terrorist attack would be.
    Chairman Baker. Thank you, Mr. Kanjorski.
    I want to recognize the gentleman from California and 
welcome him to his new capacity as vice chair of the capital 
market subcommittee. Mr. Ose.
    Mr. Ose. Thank you, Mr. Chairman. Your wish is my command.
    Mr. Colby, my questions really relate to the alternative 
means by which liquidity and transparency can be provided to 
the marketplace in the event of a catastrophe. If I understand 
the testimony of yourself and Ms. D'Agostino and the others who 
are going to follow, there is a certain level of redundancy 
between, say, New York, the Pacific, and the American and the 
NASDAQ and some of the other ECNs to the extent that New York 
Stock Exchange is prepared to trade the top 250 volumewise 
companies traded on NASDAQ. And I imagine there are similar 
relationships elsewhere. It is my--I am aware that the NASDAQ 
folks have come forward seeking to have--I am trying to 
remember the language that they used, but to have the SEC 
designate NASDAQ as an approved marketplace for any number of 
reasons, one of which might be to facilitate liquidity and 
transparency in the event of a catastrophe.
    Now, I have been working on this for 2 or 3 years. I am 
still interested in it. I am going to keep sending letters. I 
would like to know what the status is on the application that 
was filed in November of 2001 by the advocates for NASDAQ in 
terms of their application.
    Mr. Colby. NASDAQ's exchange application is still being 
processed. There were both practical, legal, and policy 
concerns. The most fundamental policy concern emanated from a 
concern of what an exchange should be. One of the first things 
we expect to do with our new chairman when he is confirmed is 
to move this application forward.
    May I drop back and address the first part of your 
question, which is that we believe--and I hope that NASDAQ will 
confirm--that from an operational standpoint, that they are 
just as prepared to address the sort of concerns about 
redundancy in their current status as they would be as an 
exchange. And so while there are very good reasons to be 
forwarding the exchange application, I am hopeful, and I think 
Rick Ketchum could confirm it, that the question of backing up 
the New York Stock Exchange and other markets is not one of the 
things that turns on an exchange application registration.
    Mr. Ose. So what are the conditions that have yet to be 
resolved on this? I mean, 2 or 3 years is a long time.
    Mr. Colby. Two or three years is a long time. This is a 
monumental enterprise. The rules and rule changes that they 
submitted would fill half of this table.
    Mr. Ose. Do all the rule changes still need to be vetted, 
or have you narrowed it down to a few?
    Mr. Colby. We have narrowed it down to a few major and a 
larger number of minor changes, but the minor are more minor. 
The sort of things that are still at issue besides the question 
of how much, what the nature of the market has to be, is a 
question of what is the scope of the registered exchange? What 
sort of representation must members be provided in the 
governance of the exchange? Because there is a statutory 
requirement for fair representation of members, and that has to 
be reconciled to a corporate, for-profit, ownership structure. 
Those are the primary issues.
    The minor issues involve such things as what sort of short 
sale rules should apply, whether the exchange requirements 
about separation of member trading should apply to this sort of 
an exchange when it applies to all other sorts of exchanges. 
And there is a list of smaller issues, but those are the key 
ones.
    Mr. Ose. It is my understanding that the governance issue 
had been resolved. And if I read, I think it was Mr. Ketchum's 
next testimony, they are, if I read this correctly, prepared to 
abide by the short sale rules that exist in NYSE today.
    So, my time has expired, Mr. Chairman, but I would be 
following up in writing because I intend to get this thing 
resolved. No is an answer. But if it is no, let us get to it. 
All right?
    Mr. Colby. We agree. We hope to be moving it forward.
    Mr. Ose. Thank you, Mr. Chairman.
    Chairman Baker. Thank you, Mr. Ose.
    Chairman Baker. Mrs. McCarthy?
    Mrs. McCarthy. Thank you. This is my first day on this 
committee, so I don't know whether my questions are going to be 
that intelligent. But just listening to--well, you both have 
been talking about, and then obviously with the heightened 
security on Friday, are we better off today than we were on 
September 11th? And how are we going to handle it? And just 
listening to the debate, and I know government runs very 
slowly, but just God forbid something did happen, and we are 
still waiting almost a year and three-quarters on waiting for 
some rules to come through so we can be ready to go the 
following day, hopefully, if we had an attack. Where are we 
today if something happened by the end of this weekend?
    Mr. Colby. We are much better off today than we were on 
September 11th, and I can give you some specific examples of 
things that have changed. There is still work to be done, and I 
think what you see is the GAO's pointing out that there is work 
to be done, but let us not minimize the work that has been 
done.
    All the major markets have dropped back and looked at their 
resiliency and what they can be doing to continue trading in 
the case of a problem with their main trading site. The New 
York Stock Exchange will detail for you their plans for a 
backup trading site. NASDAQ has long had two separate 
locations. There are efforts well under way in the clearance 
and settlement system in order to create more diversity. The 
main processing sites have been relocated. And there--each of 
the major securities firms, and I believe it is true for banks, 
though that is not our responsibility, have been spending the 
time since September 11th completely revising their business 
continuity plans to take into account the new realities, and 
many of them have already put in place more resilient operation 
centers. There are vastly improved coordination mechanisms 
between--within the firm. Don Kittell will talk about the SIA's 
efforts with respect to command centers and business continuity 
planning.
    And so I think--I don't know if you would agree, Davi--that 
we have come a very long way, but there is room to go farther.
    Mrs. McCarthy. Because my only concern is, and this will be 
my final question, that when we had a heightened security on 
Friday, then the market, I believe, dropped quite a few points 
on Monday and Tuesday, if I am correct. My concern is obviously 
the security firms, they can only do as well as the confidence 
of the people that are buying their stocks. So obviously they 
are going to do everything possible to make sure that people 
feel confident. And I haven't seen anything, you know, out 
there to the general public on talking about how well we have 
done and how well we came back.
    I was down on Wall Street a few days after September 11th, 
and to me it was amazing how everybody worked together. To me 
it was amazing how everybody just came together to get this up, 
because we certainly--as horrible experience it was, and I lost 
an awful lot of people from Camp Fitzgerald in my district, but 
the bottom line is, we can't let the terrorist win, because 
whether they are going to attack us or not, the majority of 
people do believe it is going to be New York or D.C. Whether it 
is true or not, that is what people believe in. And we have to 
do--I personally think we have to do a better job on just 
getting it out to the normal consumer that we are ready, and it 
is not going to affect us the way it did on September 11th.
    Thank you for your testimony.
    Chairman Baker. Thank you, Mrs. McCarthy.
    I didn't announce earlier, but it is a general 
understanding that the recognition of Members for questions 
will proceed based on seniority by time of arrival. So the 
short message is if you are here on time when the meeting 
starts, you have got a good chance of getting recognized early.
    Mrs. Maloney. Point of personal privilege?
    Chairman Baker. Certainly.
    Mrs. Maloney. I am not a member of the committee, but may I 
ask unanimous consent to place into the record a statement? I 
have a conflict with another meeting, and I wanted to thank my 
constituents, Rick Ketchum from NASDAQ and Robert Britz from 
New York Stock Exchange, for appearing today and for all of 
their work in combating terrorism and getting our financial 
markets ready.
    Chairman Baker. Without objection, and certainly appreciate 
their efforts.
    Mrs. Maloney. Thank you, Mr. Chairman, and thank you for 
having this hearing.
    Chairman Baker. Certainly.
    Ms. Hart.
    Ms. Hart. Thank you, Mr. Chairman. I missed, unfortunately, 
a big piece of the GAO testimony, so I am going to ask Ms. 
D'Agostino a question that she may have answered already, so 
bear with me.
    I understand the concern, I was on the committee when we 
went through September 11th and all the aftermath, the concern 
that everybody had about everybody being able to get back to 
work and everything going again. As far as recommendations that 
the GAO has made, do you rank the actual physical proximity of 
the alternative place where they would work if they can't be 
where they are supposed to be of any high importance at all, 
the physical proximity of sort of the alternative? You 
mentioned something in the testimony about the--sort of always 
having an alternative place to be. Is that relevant, or is that 
something that is important?
    Ms. D'Agostino. I think we would say that it is very 
important to have backup facilities, particularly if you are a 
critical organization and no alternatives exist for your 
services and functions. And again, we do not--GAO hasn't 
developed a position on the right number of miles between a 
primary and backup facility. I mean, we haven't even considered 
that. But clearly from our lessons learned from the 9/11 
experience, having a backup facility to handle your operations 
or to take you far enough away from a widescale incident is a 
good idea. So I think that is about where we stand on it. But 
we think it is important to have backup facilities.
    Ms. Hart. Okay. You are not going to micromanage where and 
how and all those sorts of things, or you have no suggestions 
that are really specific in that way?
    Ms. D'Agostino. Not about mileage, but about functionality, 
yes, it is a good idea to have a backup facility that can 
perform your critical operations in full.
    Ms. Hart. There was an--I was just reading the 
testimonies--a mention of 60 percent wasn't enough; 60 percent 
of your operations wasn't enough.
    Ms. D'Agostino. I believe 60 percent of the market 
liquidity was ready to trade represented by broker/dealers.
    Ms. Hart. Okay.
    Ms. D'Agostino. Forty percent was not ready to trade on 
Friday, the 14th of September. That 40 percent was not fully 
ready.
    Ms. Hart. So would you expect them all to be fully ready? 
Should they all be able to be fully ready with an alternative 
facility?
    Ms. D'Agostino. I think that is a question for the SEC and 
the industry to work out in its strategy and plan for restoring 
market operations or trading operations after a disaster.
    Ms. Hart. Since the SEC is here, what do you think about 
that?
    Mr. Colby. Well, I don't think you can plan or try to 
compel everyone to be able to come back, because you don't know 
what the consequences could be. And, frankly, we don't need to 
because we have multiple competing providers of services. There 
are two positive consequences from that. The first is that many 
clients can just move. If one broker is not operational, they 
use another broker. And because of that, the brokers have very 
strong incentive not to have their customers leave them, so 
they have strong business incentives that align with the 
government objectives in order to be able to continue 
operating. And it is most true with respect to the securities 
firms. It is also true with respect to securities markets, 
because there are very few products, publicly-traded products, 
in this country that are traded only in one location, which 
gives a built-in resilience to the system.
    Ms. Hart. Are you hopeful then that as this issue is 
being--continues to be examined, that most organizations 
involved will certainly, as a matter of their own survival, 
make the best plan they possibly can and expend whatever 
resources they have at their fingertips to be able to do that? 
It is going to be a huge cost to them.
    Mr. Colby. It will be a huge cost, and I think we have to 
keep those costs in mind particularly in an environment where 
there is not just one central utility that is providing the 
service, but a number of competing entities.
    It is said that the shelf life of a securities firm must be 
measured in weeks. If they are not operational and their 
competitors are, their business is gone very quickly, and it 
may never return. And so securities firms have an incentive to 
operate--which is not to say we don't need to set guidelines 
and objectives and standards, but I think the incentives are 
aligned.
    Ms. Hart. Thank you, Mr. Chairman.
    Chairman Baker. Thank you, Ms. Hart.
    Mr. Emanuel?
    Mr. Emanuel. Thank you, Mr. Chairman.
    As somebody representing Chicago, and as a former board 
member of the Chicago Mercantile Exchange, as I listen to your 
testimony and read the report, more and more what you seem to 
have talked about was the physical location. And given that 
more and more trading is going electronic, away from the open 
outcry--talking about my area--we have the options exchange and 
the clearinghouse most specifically that has been a 
concentration. I kind of recognize the problem of dealing with 
cyberterrorism. But given where the markets are going every day 
increasingly--I do think you have to worry about physical 
location, backup facilities, dealing with the clearinghouse--my 
bigger concern is the electronic piece of this market, where 
the market really is going tomorrow, and less about the 
physical locations.
    I am not--given that we have the Board of Trade, the 
options, and the Merc and the stock exchange in Chicago, I do 
care about the physical locations, but if you just look at the 
trading future of where they are going, where handhelds are now 
on the floor, I am more and more interested about the 
electronic piece of this business and not the physical location 
of it.
    I may have to go into a witness protection plan now that 
Chicago hears I could care less about the physical. I don't 
care less about it, but what I care about is what is going on 
electronically and what you are doing to protect that. And as 
you said, it is the most difficult part of what we have to do, 
and yet if you look at where trading is today and how it is 
moving tomorrow, it is almost purely electronic, and you could 
do that by each of the exchanges and go through them and talk 
about what their futures are like. And having sat on the Merc 
board, that was the preoccupation of the board for a long time, 
and that is where the exchange is going now.
    Mr. Colby. You are right in pointing out that the physical 
threats are less significant if you have an electronic market, 
because as long as you have dispersion between your operating 
centers, the market can continue. In fact, some of the markets 
that have physical floors, have as their backup plans an 
electronic market. So they recognize that, though that is not 
where they want to go to, but if they have to maintain their 
operations, they can do it electronically, which then puts a 
premium on cybersecurity. And this is something that it is very 
much a focus. It is a focus for the government, from the 
President's Committee on Infrastructure Protection right on 
through down to our level. And there have been a lot of 
measures taken by the various markets and clearance and 
settlement systems to try to assess and protect their 
information security.
    Mr. Emanuel. Well, I want to drive this point home, because 
as I look at this report, obviously you have the shadow of 
September 11th that hangs on it, but the truth is I don't want 
to protect for September 11th alone. They are not going to just 
do a repetition of September 11th. We have to actually prepare 
for the next attack that is going to be, in my view, a lot 
different than September 11th. And we have to deal with where 
our exchanges are going, where our trades are going.
    And my one last comment as well as question is given that a 
lot of these functions today--the clearinghouse in Chicago is 
really a consolidation for the different exchanges. That 
consolidation actually makes it at one level economically 
efficient and another level a far greater target for--and 
easier to disrupt for a terrorist organization. And I don't 
even know if that--that is more of a statement than a question. 
So, given the trends of what is going on in the industry, I 
want us to be thinking about the future not so much about 
laying in place the protections about what happened in the past 
and only the past. Thank you.
    Chairman Baker. Thank you, Mr. Emanuel.
    Ms. Brown-Waite.
    Ms. Brown-Waite. Thank you, Mr. Chairman. I apologize for 
not being here sooner; I had some constituents from my 
district.
    This question may have already been answered, but have the 
agencies actually reviewed the inter-agency white paper that 
set a goal that may be so costly and unreasonable that it would 
be unachievable? Have you done an economic analysis of what 
this recommendation would mean to the industry? And I think I 
would ask this to Mr. Colby.
    Mr. Colby. We have tried to do an economic analysis. We 
received comments on the one that was initially put out. We are 
in the process of revising it. We plan a process of consulting 
with the firms to try to assess what the impact of the revised 
statement would be in order to try to take into account the 
cost impacts.
    Ms. Brown-Waite. But do you actually have an estimate of 
what the cost impacts are?
    Mr. Colby. We have a sense from the people, the firms that 
would be affected, of what the costs were. These are, of 
course, proprietary expenses. We have not made them public, but 
we have been pursuing with them what the costs would be.
    Frankly, a lot of the cost depends on the implementation 
schedule, because if it is something that can be worked into 
their computer planning and automation development, it is much 
less expensive than if it has to be done immediately.
    Ms. Brown-Waite. Thank you, Mr. Chairman. I yield the rest 
of my time.
    Chairman Baker. Thank you very much.
    Mr. Scott?
    Mr. Scott. Yes. Thank you, Mr. Chairman.
    In the wake of 9/11, of course, we have put together the 
Department of Homeland Security. I would be interested in 
knowing both of your opinions.
    What do you see the role that the new Homeland Security 
Department will play in ensuring that we have continuity in the 
event of another terrorist attack and in preparation, 
particularly as it relates to business continuity and investor 
confidence?
    Mr. Colby. The topic of business continuity and investor 
confidence is one that is important to the homeland security. 
To date, they have been interacting with the group that was set 
up before the Homeland Security Department called the Financial 
and Banking Information Infrastructure Committee, chaired by 
the Treasury Department, of which we, the bank regulators and a 
number of other agencies, are part.
    They have been working through this group in order to try 
to coordinate policies and improve the development. But from 
our interaction with them, it is very clear that this is a 
matter that is of concern to that Department.
    Mr. Scott. Are you satisfied with what the Department of 
Homeland Security is doing or projected to be doing to ensure 
that our markets will continue to operate? Is there anything 
else you would recommend?
    Mr. Colby. My sense is that they are taking this very 
seriously, and it is going to be one of the important items on 
their agenda.
    Mr. Scott. Okay. Thank you Mr. Chairman.
    Chairman Baker. Thank you, Mr. Scott.
    Ms. Harris.
    Ms. Harris. Thank you, Mr. Chairman.
    With a follow-up to Ms. Brown-Waite's question concerning 
technology, is there an overall assessment concerning 
cyberterrorism and how this would affect the financial markets?
    And then secondly, how would you characterize the state of 
preparedness with regard to future terrorist attacks and how 
they will affect our financial markets?
    Mr. Colby. I did not hear the last question, I'm sorry.
    Ms. Harris. How would you characterize the state of 
preparedness of our financial markets with respect to future 
terrorist attacks?
    Mr. Colby. Cybersecurity is, obviously, more amorphous than 
physical threats because with physical threats you can assess a 
particular location or building and say, what happens if that 
was damaged?
    Threats can come in a variety of different shapes and 
forms, but there are very active efforts on the part of the 
financial institutions and the self-reporting organizations 
that are dependent on information--and the securities markets 
are, at base, an information business--to protect themselves 
from the threats that could disable their operations or create 
polluted information flows within the system.
    So our sense is--and we are not alone in looking at this, 
but a number of consultants and advisers have looked at it--it 
is something that you need to stay focused all the time, but 
the efforts that have been dedicated to it have been very 
extensive and effective.
    The overall state of preparedness has come a long way. We 
are in much better shape than we were on September 11, but 
there is more to be done. I think that both the agencies that 
are in charge of it, the self-regulatory organizations that 
operate trading markets and oversee members, and the financial 
firms themselves, are all very focused on preparedness at the 
very highest levels of their institutions. It went from being 
one more cost item to being a critical matter for each of these 
institutions.
    Chairman Baker. Thank you, Ms. Harris.
    Mr. Inslee?
    Mr. Inslee. Thank you.
    I wanted to ask about your findings on the automated review 
group, the ARP. You seemed to suggest that--and I missed your 
oral testimony, I am just reading here, I am sorry--but you 
seem to suggest that there were inadequate resources to really 
complete some fundamental reviews. I think you noted that there 
were only 7 out of 32, if I read your testimony right, that 
have been completed, which to me was a pretty glaring failure 
given the risk to these markets.
    Is that--from your review, is that simply a result of lack 
of resources and appropriations to the SEC? Is there some other 
inhibition? What is the reason for that failure?
    Ms. D'Agostino. The resources--the automation program could 
use more resources and more experience levels. The problem is--
and this is true pretty much throughout the government, it is 
not unique to the SEC; even GAO has some challenges in this 
area of human capital--getting good technical people and being 
able to pay them enough to retain them.
    In saying that, I don't mean to belittle our 
recommendation. It is not just an SEC problem, but it is an 
important program, we think, from the standpoint of the 
markets. It is the only oversight program going that does what 
it does. It has been particularly challenged in terms of being 
able to handle high turnover rates, low staffing levels, 
sometimes as low as three to four people. They are now up to 
10, I believe, to handle 32 market organizations.
    As I think our report mentioned, Federal standards 
recommend reviewing high-risk organizations once every year or 
two. This puts the SEC program in a kind of straits.
    Mr. Inslee. This is one of the reasons we were concerned 
when the administration tried to cut the SEC budget, at least 
below what it was promised. We hope at the end of this budget 
cycle that sanity is restored and we get resources for getting 
this done. Thank you for letting us know about that.
    Ms. D'Agostino. Thank you.
    Chairman Baker. Mr. Renzi?
    Mr. Renzi. Thank you, Mr. Chairman.
    Thank you, Ms. D'Agostino and Mr. Colby. I appreciate your 
time and the detail and the professionalism of your report.
    I come from the wildlands of Flagstaff, Arizona, and 
recently I had an opportunity to sit in on a contingency where 
a regional attack was simulated at the Northern Arizona 
University dome. We had the firemen and we had the police out 
there, and we had helicopter crews come in. It was a regional 
attack.
    I learned that the rail runs through Flagstaff and the 
major highways run through Flagstaff, and a big gas oil line 
runs through Flagstaff. I also learned that a communications 
hub is in that area, one that goes all the way to communicate 
to the east coast.
    I said to myself, if we had a regional attack and it 
knocked out the ability of L.A. to trade in New York, and we 
set up this bicoastal confrontation between the L.A. investors 
not being able to invest if the market stayed open--or would it 
close? What would happen if all of a sudden we had this East-
West conflict based upon regional attacks, particularly in the 
West, if you don't mind?
    Ms. D'Agostino. From a telecommunications standpoint?
    Mr. Renzi. Telecommunications, and a communications hub.
    Ms. D'Agostino. The telecommunications infrastructure 
network involves more than single paths for communications to 
go through, and many different options for switching. So it is 
not clear that--
    Mr. Renzi. That one would be knocked out--
    Ms. D'Agostino. You would have to really know where 
everything is.
    Mr. Renzi. When you look at the manufacturing industry and 
you look at upstream suppliers--I am sure you look at upstream 
suppliers or vendors who provide you with integral portions of 
what it takes for you to do business--have you looked from a 
contingency standpoint at all those integral nodes; not only 
communications, then, since we are able to go on a different 
path, but all the upstream providers that are integral to your 
operation from a contingency standpoint, like a manufacturer 
operation would look upstream?
    Ms. D'Agostino. GAO has not done such a review, to my 
knowledge.
    Mr. Colby. You as the securities markets are supported by a 
lot of suppliers that provide various services. Some of them 
are regulated, some are not.
    We have been looking at the regulated ones within the 
limitations of our resources, and we have been talking to the 
securities firms about themselves checking about the resilience 
of their providers, their service providers, because they rely 
on vendors of various types. So since September 11 there has 
been an extensive amount of back-checking about resilience.
    Mr. Renzi. Right. Any great organization has an Achilles' 
heel. That is what I am going for here. I am just a small 
businessman from Arizona is all, but my instincts tell me that 
if we look at the stock market and we look at other avenues to 
attack the stock markets, which is in the direct crosshairs of 
the terrorists, that next time they are going to be smart 
enough to attack somewhere that directly affects the stock 
market without attacking New York. So in your course of 
discussions and development on this, I would urge you to maybe 
take a look upstream. Thank you.
    Chairman Baker. Thank you, sir.
    Mr. Israel?
    Mr. Israel. Thank you, Mr. Chairman. I apologize for being 
late. The Committee on Armed Services has a hearing in conflict 
with this, so I have been shuffling back and forth.
    Several weeks ago I visited with a local company in my 
district called Applied Visions. They are working with the 
Defense Advanced Research Projects Agency to develop software 
that would protect financial institutions and others against a 
cyberattack, and helps people assess the likelihood of a 
cyberattack.
    One of the things that I learned at that meeting was that 
some financial institutions in the New York area, I believe the 
New York Stock Exchange and others, have created a kind of 
voluntary association, a kind of collective self-defense pact 
against cyberterrorism. They work together to monitor potential 
attacks, and then they alert each other if they believe an 
attack is imminent against any of those that are included in 
that group.
    The problem is that if they are aware of a potential attack 
against a financial institution outside of that group, there is 
not much that they can do about it. They do not necessarily 
share that data. So here you have a group that has the 
potential of protecting a large number of financial 
institutions against a cyberattack, but does not have the 
wherewithal or the ability or willingness to alert the broader 
community.
    I was wondering whether in your research you were aware of 
that group, and whether you can make specific suggestions on 
how it can be broadened to provide the greatest extent of 
protection to the largest number of financial institutions, 
rather than a select few.
    Mr. Colby. That is not the only group operating, 
fortunately. There are other channels to get the information 
out. There are a variety of information dissemination groups, 
ISACs they are called. There is one in the securities world 
operated by SIAC.
    Also, on the government level there is a process developed 
through this FBIIC channel so when a regulator learns of 
something that affects a regulated entity, they communicate it 
up so that at a much higher level you can look and see, if 
there is a pattern here. Once the pattern is identified, the 
threat can be communicated back down to all people that might 
be potentially threatened.
    Mr. Israel. Are they required to communicate that threat?
    Mr. Colby. There is not a specific rule that requires it, 
but in practice it is expected and it does happen, because 
there is a interconnection between the securities firms and 
their self-regulators; maybe not quite daily, but a very close 
interaction beyond that; so this sort of communication is 
expected to be communicated into the channels and made--and it 
has happened. It has happened where the firm will say, look, we 
have just had a problem. The regulators then say a firm has 
just had a problem. We think it is internal, but we then 
canvass and check and see if anyone else is having the problems 
in order to identify whether it is a generalized problem or 
infectious, or an internal glitch.
    Mr. Israel. One final question. Do either of you believe 
that the current systems that are available to assess threat 
are effective, or do we need to improve the software or improve 
other systems so that we are better equipped to assess a 
potential cyberattack against financial institutions?
    Ms. D'Agostino. I know there are a number of software 
options out there. I know some very large multinational 
corporations have even developed their own threat and risk 
assessment and risk management software.
    The important thing is the inputs into the decision-making 
models that the software represents. That would involve some 
good intelligence information about the threats and who is 
targeting you and what kinds of possible scenarios. It is 
development of reasonable and, I guess, viable scenarios for 
you to play out, then, through the software.
    So just as important as software solutions are getting that 
good data and those viable scenarios to input through those 
models and get you some reasonable outputs to assess then, and 
to make decisions on your security solutions.
    Mr. Israel. Very good. Thank you. I yield back, Mr. 
Chairman.
    Chairman Baker. Thank you, Mr. Israel.
    I want to express to each of you and the agencies you 
represent my appreciation for your appearance and your work.
    Mr. Manzullo. Mr. Chairman.
    Chairman Baker. Sorry. You are recognized. I apologize.
    Mr. Manzullo. Thank you.
    Thank you for coming. I am sorry I was not here for the 
testimony.
    Ms. D'Agostino, as I read the testimony, on page 4 it is 
absolutely startling that companies that are professionals in 
back-ups and redundancy systems for the purpose of security and 
storage of equipment in many cases never took the time to track 
the path or switches, so that a company's main path or switch 
would also be the same path or switch of the company hired for 
the redundant system.
    That is pretty dumb. I don't understand how a security 
company could hold itself out as being an expert--and I see 
some guys back there nodding their heads, "Yes, maybe we got 
ripped off." ask for your money back.
    But even under a situation where there had been, for 
example, a fire in the building and not an act of terrorism, 
this statement is absolutely startling. I am not one big into 
licensing for professionals, but in your investigation, the 
people that install these redundant systems for backup of 
material, et cetera, are they held to a particular licensing 
standard or a degree of education? Is there some kind of a 
professional path, or do they just have a nice white business 
card with a nice emblem and their name is printed in gold?
    Ms. D'Agostino. We don't really have any information. We 
didn't do any work on that. I think in some cases, as was 
relayed to us, the backup or alternate providers of 
telecommunications actually did have at one time separate lines 
and paths; but then later after the contract, sometime later 
and without notifying the client, moved the paths into the same 
lines as Verizon.
    Mr. Manzullo. That would be a breach of contract, as far as 
I am concerned.
    Ms. D'Agostino. We--
    Mr. Manzullo. That is none of your--but that is extremely 
serious, because the companies hired to do this are--boy, I 
woke you government employees up there, didn't I? Everybody is 
nodding and saying yes.
    I don't have a very technical background and don't 
understand a lot of these terms that are used in 
communications, but I just--what I see here is a good-faith 
effort on the part of these houses to back up their system. You 
don't anticipate an emergency such as September 11, but they do 
anticipate somebody getting into their system and screwing up 
their lines. They do anticipate, you know, a flood or water 
getting into the basement, or a lightning strike, or a surge, 
or a fire on their premises.
    Here in good faith they hire these firms, and initially, as 
you said, there are separate lines. Then the lines get merged 
by the security firms. I consider that to be a very serious 
breach, and there has to be a tremendous amount of 
responsibility that is placed upon those companies before 
setting up a system like that.
    You don't have to respond to that. This is more of a 
comment.
    Mr. Colby. I would just say this is something that came as 
a surprise to many, including the firms that believed that they 
had built redundancy. Apparently, as Davi said, they contracted 
for different systems. They were told by the contract providers 
what the routes were. The routes were different when they 
contracted for them, but apparently there was a freedom under 
the contracts to subcontract, and sometimes in the course of 
the subcontracting, they got routed through paths that were not 
diverse--but now steps have been taken to help address this. 
One includes development by the Securities Information 
Automation Corporation of its own network. Bob Britz, who is 
testifying later, is a co-president of that organization and 
may be able to give you more information on that.
    But realizing in hindsight this was a problem, there have 
been proactive steps taken to create diverse alternatives to 
the existing telecommunications--
    Mr. Manzullo. But it would be hindsight by the houses. They 
are not charged with that type of knowledge, and certainly how 
could it be hindsight by the people putting in the security 
systems when it does not take but a second grade education to 
figure out that you have a separate path? I am a pilot, I am 
not current in my license, but in large aircraft you always 
have a redundancy system so if something breaks down, you can 
go onto something else without depending upon those lines.
    Maybe I am being hard on these companies, but perhaps I am 
not. If you contract for security, and you get two lines, and 
then somebody brings those two lines into one to save some 
money, I just think that is a very serious breach of ethics. 
Thank you.
    Chairman Baker. Thank you, Mr. Manzullo.
    I do appreciate your appearance here today, the work you 
have done, but also wish to make it clear that from the 
committee perspective we understand this is an ongoing and 
continual responsibility.
    In the scope of your services if you identify things that 
the Congress should respond to, whether it be legislative 
authority, and certainly matters relating to necessary funds to 
conduct these activities, the committee would like to 
continually be informed of those needs so we may be 
appropriately responsive. We certainly don't want to do 
anything that contributes to exacerbating a very difficult 
circumstance when this eventually may reoccur. Thank you very 
much for both being here.
    At this time, I would ask that panelists from the second 
panel come up to the table. Good afternoon and welcome. I 
certainly appreciate each of your appearances here this 
afternoon.
    In order to move us along, I would begin by introducing our 
first witness, Mr. Richard Ketchum, President of the NASDAQ. We 
certainly welcome your participation here this afternoon.

STATEMENT OF RICHARD G. KETCHUM, PRESIDENT, NASDAQ STOCK MARKET

    Mr. Ketchum. Thank you, Mr. Chairman. Thank you, members of 
the subcommittee. I want to congratulate you on having this 
hearing. It is clearly timely, and I think the oversight this 
committee provides on this critical issue is very, very 
important. I appreciate this opportunity to describe the steps 
that NASDAQ has taken to ensure our business continuity in the 
event of another catastrophic event.
    Any analysis of industry preparedness must first review the 
market's response to the 9/11 attacks. Because our main and 
backup technology centers are located outside Manhattan, it is 
important to note at the outset that at no time following the 
disaster that occurred on September 11 were NASDAQ's systems 
inoperative. At the time of the 9/11 attacks, trading was 
suspended, but NASDAQ systems and network continued to operate, 
and indeed provided an opportunity for testing for the firms 
that operate in our marketplace. Therefore, our primary concern 
regarding reopening the markets after 9/11 related to our 
ability to connect with the firms that are active in NASDAQ and 
bring liquidity and ordered flow to our marketplace.
    Following the 9/11 attack, we worked closely with the SEC, 
Treasury, Federal Reserve, the NASD and the New York Stock 
Exchange, as well as key member firms, to resume trading as 
soon as possible. That cooperation was an important factor in 
reopening the markets and restoring investor confidence. I am 
very proud of the efforts of so many talented people at NASDAQ 
who worked tirelessly with so many others in the financial 
services community to bring our markets back on that Monday, 9/
17, safely and without incident.
    While the events of September 11 did not fundamentally 
change NASDAQ's understanding of the potential range of threats 
to the financial services sector, they amplified awareness of 
the potential reach that could be exerted by such threats. 
NASDAQ has implemented a fully developed business continuity 
disaster recovery plan that will allow the continued trading of 
NASDAQ securities in the event that one of the NASDAQ data 
facilities is rendered inoperative.
    In short, we believe that disasters are managed not only by 
hardening potential points of failure, but also by building 
redundancies wherever possible into the entire trading network, 
and by regular testing of those backup capabilities.
    Geographic diversification of redundant facilities is a 
core component of NASDAQ's business continuity strategy. Our 
redundant data facilities are located hundreds of miles from 
one another in differing geologic and climatic zones, so that 
the same natural event has a low likelihood of impacting both 
sides. NASDAQ also decreases its vulnerability by operating 
from separate utilities and local telecommunications services.
    While we are confident that our system's designs and 
contingency plans contain appropriate levels of redundancy, 
NASDAQ appropriately works with member firms to support them in 
enhancing their backup capabilities as well. In that 
connection, NASDAQ, working with the NASD, has submitted a 
ruling filing, as has the New York Stock Exchange, that would 
require broker/dealers trading in NASDAQ securities to engage 
in appropriate business continuity planning. As a result of 
each of these ongoing efforts, I am sure that our equities 
markets are more resilient than they were on September 11, 
2001.
    We have also worked closely with the GAO as it evaluated 
NASDAQ's preparedness and developed its findings and 
recommendations. We generally share their view on the need to 
develop goals, strategies, and sound practices to improve the 
resiliency of trading functions and enhance the SEC's funding 
for technology and staff.
    We are also working with the SEC and the New York Stock 
Exchange to develop a plan under which NASDAQ and the New York 
Stock Exchange can trade each other's securities in the event 
of a disaster that rendered either market inoperable.
    It is important to emphasize that these plans are only a 
final layer of protection for the U.S. Securities markets. The 
first line of defense for stock markets will always be their 
own backup systems, and the continued operation of each market 
has to be the first priority.
    In conclusion, following September 11, the U.S. Financial 
industry demonstrated its resilience and resolve to maintain 
the most liquid and stable markets in the face of terrible 
challenges. Truly, NASDAQ's trading network has demonstrated 
its unique value as part of that infrastructure. However, our 
work is not done. NASDAQ, the government, and the financial 
services industry will need to continue to work in concert to 
ensure that trading can resume following a catastrophic event.
    Thank you again for providing me this opportunity to 
describe the steps NASDAQ has taken, and I would, of course, be 
happy to answer any questions from the committee.
    Chairman Baker. Thank you, Mr. Ketchum.
    [The prepared statement of Richard G. Ketchum can be found 
on page 278 in the appendix.]
    Chairman Baker. Our next witness is Mr. Robert Britz, 
president and chief operating officer, New York Stock Exchange.

STATEMENT OF ROBERT G. BRITZ, PRESIDENT AND CO-CHIEF OPERATING 
                OFFICER, NEW YORK STOCK EXCHANGE

    Mr. Britz. Thank you, Mr. Chairman. I appreciate the 
opportunity to be here before you and before the distinguished 
members of this committee.
    As the president of the Exchange, I lead the Exchange's 
Equities Group, which is responsible for the day-to-day 
operation of our trading floor, our data processing sites, our 
technical infrastructure, software development, and our 
information business. I also head the Exchange's International 
Group, which is responsible for maintaining relationships with 
international non-U.S. Companies, as well as securing new non-
U.S. Listings.
    In addition to that, I am chairman and CEO of the 
Securities Information Automation Corporation, or SIAC, which 
has been referred to once or twice already today.
    On behalf of the NYSE and our chairman, Dick Grasso, I 
thank the subcommittee for providing this forum to discuss 
business continuity and contingency planning in conjunction 
with the release this afternoon of the report of the GAO on 
that issue.
    The report released by the GAO today is the result of more 
than 17 months of work that included reviewing business 
continuity plans and the physical and information security 
measures of the NYSE and SIAC. GAO conducted a dozen visits and 
follow-up telephone calls with us. We would like to thank the 
GAO staff for their professionalism throughout this important 
review.
    The NYSE has developed forward-looking business continuity 
strategies that harden our physical and information technology 
infrastructure and improve our ability to withstand or recover 
from a disaster.
    Our approach consists of three components: to prevent an 
attack or natural catastrophe, to withstand them, and to 
recover from them. In close cooperation with Federal, State, 
and local law enforcement, the Exchange has expanded its 
physical security perimeter. We have also taken measures to 
increase the screening of all people, package delivery, and 
mail that enters the NYSE or our data centers, and we have 
instituted a more restrictive policy on visitors and 
deliveries.
    The NYSE employs a rigorous information technology 
structure to ensure the reliability of all information we 
receive, process, and disseminate to the world every day. We 
employ external perimeters, firewalls, intrusion detection, and 
international access controls, and we conduct penetration 
testing using so-called friendly hackers.
    SIAC chairs the Financial Services Information-Sharing 
Analysis Center, which was referred to earlier, and that works 
with government agencies to identify and assess potential 
threats. All of our facilities have emergency generator backup 
and store water on site to enable continued operations after 
the loss of power or water. If we lose natural gas service, we 
can operate on fuel oil.
    Our primary trading floor is actually five distinct trading 
floors located in four different buildings. Trading can be 
moved from one location to another as may be necessary, a so-
called compaction exercise.
    Our plans include redundant, active data centers served by 
different power grids and multiple telecom central offices, 
with each site sharing the daily processing load generated by 
trading about 1.4 billion shares a day. All of our facilities 
have backup power generators and UPS. We have a backup trading 
floor that was instituted post-9/11, developed at a cost of 
approximately $25 million. This alternative venue would support 
the trading of all NYSE-listed securities in a very 
conventional market structure model on a next-day basis after 
an event that disabled the primary trading floor.
    The NYSE and SIAC have launched Secure Financial 
Transaction Infrastructure, SFTI. That has been referenced once 
or twice already today. It is a primary extranet servicing the 
financial industry. It provides diverse, fully redundant 
routing to the SIAC data centers for member firms, national 
market participants that are connected to the NYSE, to the 
American Stock Exchange, the National Market System, and DTCC's 
IT infrastructure as well.
    Following September 11, 2001, U.S. equity trading was 
interrupted because many broker/dealers lost their connectivity 
to the markets due to the damage suffered by a major central 
telecommunications switching facility at Ground Zero. SFTI 
addresses this by enabling member firms to connect to the 
NYSE's data centers via private fiberoptic connections to 
multiple access centers, so-called carrier hotels, throughout 
the New York metropolitan area, as well as in Boston and 
Chicago.
    SFTI possesses no single point of failure. All of SFTI's 
equipment, connections, power supplies, network links, and 
access centers are redundant, and its architecture features 
independent, self-healing fiberoptic rings. If a SFTI fiber 
pathway is compromised, financial data traffic is simply 
rerouted.
    The NYSE is ready to trade the top NASDAQ stocks, 
approximately 250, which account for, we believe, 80 percent of 
the average daily volume in the unlisted market. All NYSE 
systems have been modified and can support the four character 
symbols used by such unlisted stocks so that there is no need 
for modification of the broker/dealer systems. Because the 
NYSE's capacity is today about five times our average daily 
volume, the incremental volume associated with trading these 
NASDAQ stocks can well be absorbed.
    The NYSE is committed to ensuring that the U.S. capital 
markets remain the envy of the world, and to insulate them from 
interruption by attack or natural catastrophe by protecting 
them from threats, by creating an infrastructure that can 
withstand attack or catastrophe, and by developing contingency 
plans that enable quick recovery.
    In the event a terrorist attack or catastrophe achieves 
penetration and takes out our real-time infrastructure, the 
NYSE is able to resume trading in a timely, fair, and orderly 
fashion that will ensure that every single one of America's 85 
million investors has access to our member firms and to us.
    Mr. Chairman, I want to thank you for the opportunity to 
present this testimony, and I would be happy to answer any 
questions you or the committee members may have.
    Chairman Baker. Thank you, Mr. Britz.
    [The prepared statement of Robert G. Britz can be found on 
page 40 in the appendix.]
    Chairman Baker. Our next participant is Mr. Donald Kittell, 
executive vice president, Securities Industry Association.

   STATEMENT OF DONALD D. KITTELL, EXECUTIVE VICE PRESIDENT, 
                SECURITIES INDUSTRY ASSOCIATION

    Mr. Kittell. Thank you, sir. Thank you, Mr. Chairman and 
Ranking Member Kanjorski, and members of the committee. I 
appreciate the opportunity to describe for you the significant 
progress that securities firms have made in response to 9/11.
    The most significant outcome of 9/11, in my mind, was the 
realization that we are under attack. 9/11 did not occur in our 
own backyard, it occurred in our own front yard. What has been 
the impact of that realization? We now know that the danger is 
real. We assume that additional attacks will happen. We are 
sensitive to the expanded range of potential scenarios 
impacting both physical and cybersecurity that exist. We agree 
with the comments of the earlier discussion about 
cybersecurity.
    We have established industry command centers which are 
linked with other centers in municipal, State, and Federal 
Government, homeland security, as well as other industry 
sectors. We are engaged in a long-term strategy to disperse 
industry infrastructure. We are making significant investments 
in effective backup facilities which are currently being 
tested. We have recognized that disaster recovery is the 
responsibility of the entire enterprise of a firm and not just 
its information technology or operations groups. We recognize 
that we are dependent on external critical service providers, 
such as telecom, transportation, power, and municipal services 
such as police and fire.
    We cannot say that we can defend against any and all 
attacks; we can say that we understand the threat and have 
taken significant steps towards prevention and recovery.
    I would like to highlight three aspects of the industry's 
efforts. First, the financial services sector is sharing 
resources through the Financial Services Sector Coordinating 
Council. This group represents over 20 trade associations and 
industry organizations, many of whom did not speak to each 
other prior to 9/11, but are now sharing continuity planning 
resources.
    An example of the effectiveness of this group is the 
coordination of efforts across the sector with financial 
services regulators, so we have 15 financial services 
regulators with a single point of contact to 20 or more 
industry associations.
    A third example is the coordination of the Financial 
Services Information Sharing and Analysis Center, which Bob 
Britz just talked about, which addresses cybersecurity attacks, 
which gives us the ability to communicate with each other in a 
rapid fashion.
    The second important aspect I would highlight is the 
positive relationship between the private sector and the 
financial services sector. This relationship was remarkably 
effective in the immediate response to 9/11, and it continues 
to be so in the industry's efforts to strengthen resiliency 
over the last year and a half.
    An example of that is the dialogue on the Financial and 
Banking Information Infrastructure Committee, or FBIIC, that 
Bob Colby referred to earlier; the financial services 
regulators, chaired by the U.S. Treasury and the FSSC that I 
referred to earlier representing the private sector.
    The second example is the white paper dialogue between the 
regulators and the industry on clearance and settlement 
infrastructure, which was discussed earlier. There were 
actually two papers on clearance and settlement, both which 
raised significant questions and industry participants referred 
to with thoughtful comments. There is continuing dialogue on 
this. I think Mr. Colby said the next version of the second 
white paper would be out within a month, and we look forward to 
continuing that dialogue with the regulators.
    The third important aspect that I would highlight is the 
positive contribution of the GAO. We worked with the GAO, 
notably on Y2K 2 years ago. We found their input to be 
extremely constructive. We have had the opportunity to review a 
draft of the report released today, and although I have not had 
the opportunity to review this with our member firms, I do want 
to make the following comments.
    First, we agree with the GAO findings that business 
continuity plans need to be improved over the pre-9/11 status. 
I also note that the period of the GAO study was, I believe, 
February to June of 2002, and a great deal has happened since 
that time.
    We also agree with the specific areas for improvement 
highlighted in the GAO report, such things as improved backup 
facilities, greater geographic dispersion, and so on.
    Secondly, SIA agrees that the clearance and settlement 
facilities are critical to an effective resiliency plan. We 
forwarded our comments on the white paper, and we are very 
pleased with the results so far of the organizations involved 
in clearance and settlement.
    We also agree with GAO that the trading facilities are also 
critical to an effective resiliency plan. There is no better 
example than the effort to open the market following 9/11.
    We also agree with the SEC's comments that the regulatory 
environment around the trading function is different than the 
regulatory environment around clearance and settlement. 
However, we are very confident that those issues can be 
resolved, and that the firms certainly do not believe that 
there should be any less emphasis on trading facilities than on 
clearance and settlement.
    Finally, SIA supports additional funding for the SEC as a 
general matter, but particularly including its oversight of 
business continuity.
    The securities industry has built on its commitment to 
operational recovery, its experience on Y2K, and other 
industrywide projects to effectively address the threats posed 
by terrorist attacks. The efforts of individual organizations, 
the coordination of activities across all the sectors in the 
financial services sector, the positive relationship with the 
regulators, with the oversight of the Congress and the GAO, is 
a strong combination for an effective response to terrorism.
    We have accomplished a great deal in the last year and a 
half. We understand there is more to be done. We are committed 
to the task ahead.
    Thank you.
    Chairman Baker. Thank you very much, sir.
    [The prepared statement of Donald D. Kittell can be found 
on page 290 in the appendix.]
    Chairman Baker. Our next witness is Mr. Micah Green, 
president of the Bond Market Association. Welcome, Mr. Green.

    STATEMENT OF MICAH S. GREEN, PRESIDENT, THE BOND MARKET 
                          ASSOCIATION

    Mr. Green. Thank you, Mr. Chairman and Mr. Kanjorski.
    Mr. Chairman, I want to thank you for the opportunity for 
us to give our testimony, and really congratulate you for the 
leadership you have shown on this issue, and for the work of 
the SEC and other regulators in working with the industry to 
try to move on this important issue.
    I will touch briefly on the business continuity issue, but 
want to spend most of my oral remarks telling you about the 
bond markets and how they responded at the time of 9/11, 
beyond, and then looking to proposals that could affect the 
future.
    Briefly on business continuity plans, I would frankly 
associate myself with the remarks of Mr. Kittell. We have 
worked very closely with the SIA to provide the bond market 
perspective on the issue of business continuity, and we have 
been participating in the coordinating councils.
    We, too, have set up a management council within our 
organizations working with our members to create redundancy, 
and frankly working within the association to create the 
ability to communicate with our membership, because what we 
learned at that time is that communicating within the breadth 
of the industry was almost as important as the industry itself 
communicating with its customer base. So I would really stand 
by what our colleagues at SIA said about business continuity 
planning.
    But let me relate it to the bond markets, because the bond 
markets are very different in the way they operate versus the 
equity market.
    Unlike the centralized, exchange-traded New York Stock 
Exchange and other equity markets, the bond markets are 
inherently a decentralized, over-the-counter market, which 
means it is a dealer-to-dealer marketplace. People buy and sell 
bonds when they want to buy them, where they want to buy them. 
There are hours of trading, but frankly, it is a 24-hour 
marketplace.
    The New York marketplace right now is starting to wind 
down. The Japan and other Asian marketplaces are starting to 
crank up. About 11 hours from now, the London and other 
European markets will crank up. It is a never-ending cycle.
    In fact, an interesting thing to remember in 9/11, much of 
the trading that occurs in the bond markets, particularly in 
the repurchase agreement market, which is the funding mechanism 
for many of the trades, actually occurs before 9 o'clock in the 
morning. So when that first plane hit the World Trade tower at 
8:46 a.m. And hit the largest inter-dealer/broker of all, 
Cantor Fitzgerald, there were hundreds of billions of dollars 
of transactions that had already occurred that day.
    In fact, daily volume in the bond markets is over $600 
billion a day. There are almost $20 trillion of bonds 
outstanding, and it is a very actively traded market. So when 
those planes hit, it was not just about getting the markets 
back open; it was also about figuring out what took place that 
went down with those towers, so the effect on the clearance and 
settlement process. And figuring out how to get the bond 
markets back open was as much about trying to reconcile what 
had occurred so those trades could be completed and those 
trades could be closed.
    Interestingly, while the stock markets were able to open up 
through these heroic events on Monday, September 17, the bond 
markets, because of their decentralized character, were able to 
get back up and running on an orderly basis at 8 a.m. on 
Thursday morning, September 13. Interestingly, though, bonds 
never stopped trading. There were trades done in the afternoon 
of 9/11. The Fed, the Federal Reserve, in its exercising of 
monetary policy, came to the marketplace to provide liquidity 
to the marketplace in the government securities market on 9-12.
    So, as you see, the bond markets can operate differently. 
Because of their role in the financial system, keeping markets 
open is crucially important.
    It is a good segue into a proposal that is now pending 
coming out of the Municipal Securities Rulemaking Board in 
their post-9/11 efforts. They have recommended to grant them 
the authority--the Municipal Securities Rulemaking Board, a 
self-regulatory organization governing just the municipal 
securities market--to grant them the authority in the case of 
an emergency to, by regulation, halt trading in those markets.
    The reaction of our association has been one of strong 
opposition to that, because we believe, frankly, in the time of 
an emergency is when you want markets open. You want capital to 
flow as smoothly and as easily as possible, so we oppose it 
philosophically.
    We do understand, though, that policymakers such as 
yourselves or the SEC or other regulators may want some degree 
of authority if the worst, the unthinkable, God forbid, ever 
happens again, much worse than 9/11. So the Bond Market 
Association, while we have a philosophical opposition to a 
self-regulatory organization, or frankly, any authority, saying 
decentralized debt markets should be halted by law, we realize 
you may have an interest in having some Federal authority.
    We could live with a governmental authority, not a self-
regulatory authority but a governmental authority, at the 
highest possible level to deal with emergencies--we can't tell 
you what authority that is because of the unique nature of the 
regulatory scheme covering the bond markets generally, 
frankly--working with the President's Working Group, which 
includes the SEC, the Treasury, the Fed, including the Chicago 
markets, so that there is a coordinated response, and that 
authority should be narrowly defined so that it is absolutely 
under a severe catastrophe. It is not about a breakdown of any 
computer system or a breakdown of any trading system, but it 
really has to be a catastrophe, because in times of stress, we 
need markets open. In times of stress, we need capital to flow. 
Because of the unique, decentralized nature of the bond 
markets, they are able to more naturally operate in those 
circumstances. We believe they should be open as much as 
possible.
    That would really conclude my oral remarks. I would be 
happy to answer any questions you would have.
    Chairman Baker. Thank you, Mr. Green.
    [The prepared statement of Micah S. Green can be found on 
page 185 in the appendix.]
    Chairman Baker. I would ask the counsel and members, my 
side has pretty much decided. I have just a few questions that 
I would pose for the record for a written response. Mr. 
Kanjorski may have a comment or two.
    In order to use our time efficiently, I would conclude our 
hearing, because we have a series of three votes which would 
keep us for a bit.
    Does anyone have any objection?
    Mr. Kanjorski?
    Mr. Kanjorski. No, Mr. Chairman.
    Chairman Baker. If I may, let me just pose a few questions.
    Also, the record will remain open for Members to, in 
writing, submit further inquiries at their leisure. That 
certainly would be preserved.
    Chairman Baker. Mr. Scott, do you have any comment?
    Mr. Scott. Just one question, sir.
    Chairman Baker. One second, and we will try to get to you.
    I noted in the GAO report, Mr. Britz, that there is a 
comment that the SEC has asked the New York Stock Exchange and 
NASDAQ to take steps to ensure their information systems can 
conduct transactions and securities that the other 
organizations trade. However, under this strategy the NYSE does 
not plan to trade all NASDAQ securities, and neither exchange 
has fully tested its own or its members' abilities to trade the 
other exchange's deals.
    Given our time constraints, I don't expect a discussion on 
it at the moment, but if you can address that section of that 
report and tell us what is planned; or perhaps since the date 
of the report has that been addressed.
    Secondly, I would like each of your opinions concerning the 
GAO's observation that the SEC did not make mandatory the ARP 
program rules, but expected the changes that they recommended 
and the clearing organizations to comply with the various 
information technology and operations practices voluntarily.
    I would like to get back from you a statement if there is a 
problem with mandatory compliance, the reasons therefore; or if 
there isn't, is there some general review by your respective 
bodies as to when or if the SEC should adopt such mandatory 
compliance?
    And then thirdly, the presentation of the white paper 
expected in a month, I don't know if we will have another 
hearing on the matter, but certainly we would like to have 
industry communication to us about the outcomes of 
modifications made and agreements reached as a result of the 
next white paper.
    Chairman Baker. Mr. Kanjorski.
    Mr. Kanjorski. Mr. Chairman, I want to congratulate the 
panel for a great report to us.
    The only thing, Mr. Britz, I recently visited the 
chairman's office in October. I am worried about the electronic 
controls on the thermostat.
    Chairman Baker. Mr. Scott.
    Mr. Scott. One of the things--one of the conclusions that 
was reached in a report released today was the length of time 
that our markets could stay down, that we could absorb certain 
lengths of times. I want to say with that how proud I think all 
America was that we were able to get back up and running so 
quickly after that devastating hit. But it did go on to say 
that there is a certain amount of time before the economy will 
be affected.
    Do we have any idea of how long that delay would be before 
the economy is really affected in terms of days, that it would 
be negatively affected?
    Mr. Britz. I am not an economist, Congressman, so I would 
be very loath to say it is 2 days, 4 days, or 6 days. I will 
say, coming out of 9/11, we were down from the 11th until the 
17th. If we were to have the same kind of circumstance occur 
again, I am very confident that our markets would be up in a 
day or two; or let me put it this way, technically they would 
be able to be up in a day or two. There may be policy 
considerations as to why that is not a good idea.
    From an infrastructure point of view, I think we have put 
in place the kind of backup and contingency planning and 
infrastructure that would not give rise to the 4- or 5-day kind 
of outage that we had on September 11, 2001.
    Mr. Green. I would just add that if the system of payments 
is affected, Congressman--and, for example, if the Federal 
Reserve cannot come to market to add liquidity because the 
marketplace is closed, that has an immediate effect on the 
macroeconomy. But in the microeconomy, an investor who wants to 
sell security because they need cash to pay a kid's tuition 
bill, that affects them immediately when they need that money, 
so you need to open markets as quickly as possible.
    Chairman Baker. Thank you each for your participation. 
There will be further follow-up questions in the offing, but we 
do request your continued information flow to the committee to 
help us understand our circumstance. Thank you.
    [Whereupon, at 4:53 p.m., the subcommittee was adjourned.]
                            A P P E N D I X



                           February 12, 2003
[GRAPHIC] [TIFF OMITTED] T6850.001

[GRAPHIC] [TIFF OMITTED] T6850.002

[GRAPHIC] [TIFF OMITTED] T6850.003

[GRAPHIC] [TIFF OMITTED] T6850.004

[GRAPHIC] [TIFF OMITTED] T6850.005

[GRAPHIC] [TIFF OMITTED] T6850.006

[GRAPHIC] [TIFF OMITTED] T6850.007

[GRAPHIC] [TIFF OMITTED] T6850.008

[GRAPHIC] [TIFF OMITTED] T6850.009

[GRAPHIC] [TIFF OMITTED] T6850.010

[GRAPHIC] [TIFF OMITTED] T6850.011

[GRAPHIC] [TIFF OMITTED] T6850.012

[GRAPHIC] [TIFF OMITTED] T6850.013

[GRAPHIC] [TIFF OMITTED] T6850.014

[GRAPHIC] [TIFF OMITTED] T6850.015

[GRAPHIC] [TIFF OMITTED] T6850.016

[GRAPHIC] [TIFF OMITTED] T6850.017

[GRAPHIC] [TIFF OMITTED] T6850.018

[GRAPHIC] [TIFF OMITTED] T6850.019

[GRAPHIC] [TIFF OMITTED] T6850.020

[GRAPHIC] [TIFF OMITTED] T6850.021

[GRAPHIC] [TIFF OMITTED] T6850.022

[GRAPHIC] [TIFF OMITTED] T6850.023

[GRAPHIC] [TIFF OMITTED] T6850.024

[GRAPHIC] [TIFF OMITTED] T6850.025

[GRAPHIC] [TIFF OMITTED] T6850.026

[GRAPHIC] [TIFF OMITTED] T6850.027

[GRAPHIC] [TIFF OMITTED] T6850.028

[GRAPHIC] [TIFF OMITTED] T6850.029

[GRAPHIC] [TIFF OMITTED] T6850.030

[GRAPHIC] [TIFF OMITTED] T6850.031

[GRAPHIC] [TIFF OMITTED] T6850.032

[GRAPHIC] [TIFF OMITTED] T6850.033

[GRAPHIC] [TIFF OMITTED] T6850.034

[GRAPHIC] [TIFF OMITTED] T6850.035

[GRAPHIC] [TIFF OMITTED] T6850.036

[GRAPHIC] [TIFF OMITTED] T6850.037

[GRAPHIC] [TIFF OMITTED] T6850.038

[GRAPHIC] [TIFF OMITTED] T6850.039

[GRAPHIC] [TIFF OMITTED] T6850.040

[GRAPHIC] [TIFF OMITTED] T6850.041

[GRAPHIC] [TIFF OMITTED] T6850.042

[GRAPHIC] [TIFF OMITTED] T6850.043

[GRAPHIC] [TIFF OMITTED] T6850.044

[GRAPHIC] [TIFF OMITTED] T6850.045

[GRAPHIC] [TIFF OMITTED] T6850.046

[GRAPHIC] [TIFF OMITTED] T6850.047

[GRAPHIC] [TIFF OMITTED] T6850.048

[GRAPHIC] [TIFF OMITTED] T6850.049

[GRAPHIC] [TIFF OMITTED] T6850.050

[GRAPHIC] [TIFF OMITTED] T6850.051

[GRAPHIC] [TIFF OMITTED] T6850.052

[GRAPHIC] [TIFF OMITTED] T6850.053

[GRAPHIC] [TIFF OMITTED] T6850.054

[GRAPHIC] [TIFF OMITTED] T6850.055

[GRAPHIC] [TIFF OMITTED] T6850.056

[GRAPHIC] [TIFF OMITTED] T6850.057

[GRAPHIC] [TIFF OMITTED] T6850.058

[GRAPHIC] [TIFF OMITTED] T6850.059

[GRAPHIC] [TIFF OMITTED] T6850.060

[GRAPHIC] [TIFF OMITTED] T6850.061

[GRAPHIC] [TIFF OMITTED] T6850.062

[GRAPHIC] [TIFF OMITTED] T6850.063

[GRAPHIC] [TIFF OMITTED] T6850.064

[GRAPHIC] [TIFF OMITTED] T6850.065

[GRAPHIC] [TIFF OMITTED] T6850.066

[GRAPHIC] [TIFF OMITTED] T6850.067

[GRAPHIC] [TIFF OMITTED] T6850.068

[GRAPHIC] [TIFF OMITTED] T6850.069

[GRAPHIC] [TIFF OMITTED] T6850.070

[GRAPHIC] [TIFF OMITTED] T6850.071

[GRAPHIC] [TIFF OMITTED] T6850.072

[GRAPHIC] [TIFF OMITTED] T6850.073

[GRAPHIC] [TIFF OMITTED] T6850.074

[GRAPHIC] [TIFF OMITTED] T6850.075

[GRAPHIC] [TIFF OMITTED] T6850.076

[GRAPHIC] [TIFF OMITTED] T6850.077

[GRAPHIC] [TIFF OMITTED] T6850.078

[GRAPHIC] [TIFF OMITTED] T6850.079

[GRAPHIC] [TIFF OMITTED] T6850.080

[GRAPHIC] [TIFF OMITTED] T6850.081

[GRAPHIC] [TIFF OMITTED] T6850.082

[GRAPHIC] [TIFF OMITTED] T6850.083

[GRAPHIC] [TIFF OMITTED] T6850.084

[GRAPHIC] [TIFF OMITTED] T6850.085

[GRAPHIC] [TIFF OMITTED] T6850.086

[GRAPHIC] [TIFF OMITTED] T6850.087

[GRAPHIC] [TIFF OMITTED] T6850.088

[GRAPHIC] [TIFF OMITTED] T6850.089

[GRAPHIC] [TIFF OMITTED] T6850.090

[GRAPHIC] [TIFF OMITTED] T6850.091

[GRAPHIC] [TIFF OMITTED] T6850.092

[GRAPHIC] [TIFF OMITTED] T6850.093

[GRAPHIC] [TIFF OMITTED] T6850.094

[GRAPHIC] [TIFF OMITTED] T6850.095

[GRAPHIC] [TIFF OMITTED] T6850.096

[GRAPHIC] [TIFF OMITTED] T6850.097

[GRAPHIC] [TIFF OMITTED] T6850.098

[GRAPHIC] [TIFF OMITTED] T6850.099

[GRAPHIC] [TIFF OMITTED] T6850.100

[GRAPHIC] [TIFF OMITTED] T6850.101

[GRAPHIC] [TIFF OMITTED] T6850.102

[GRAPHIC] [TIFF OMITTED] T6850.103

[GRAPHIC] [TIFF OMITTED] T6850.104

[GRAPHIC] [TIFF OMITTED] T6850.105

[GRAPHIC] [TIFF OMITTED] T6850.106

[GRAPHIC] [TIFF OMITTED] T6850.107

[GRAPHIC] [TIFF OMITTED] T6850.108

[GRAPHIC] [TIFF OMITTED] T6850.109

[GRAPHIC] [TIFF OMITTED] T6850.110

[GRAPHIC] [TIFF OMITTED] T6850.111

[GRAPHIC] [TIFF OMITTED] T6850.112

[GRAPHIC] [TIFF OMITTED] T6850.113

[GRAPHIC] [TIFF OMITTED] T6850.114

[GRAPHIC] [TIFF OMITTED] T6850.115

[GRAPHIC] [TIFF OMITTED] T6850.116

[GRAPHIC] [TIFF OMITTED] T6850.117

[GRAPHIC] [TIFF OMITTED] T6850.118

[GRAPHIC] [TIFF OMITTED] T6850.119

[GRAPHIC] [TIFF OMITTED] T6850.120

[GRAPHIC] [TIFF OMITTED] T6850.121

[GRAPHIC] [TIFF OMITTED] T6850.122

[GRAPHIC] [TIFF OMITTED] T6850.123

[GRAPHIC] [TIFF OMITTED] T6850.124

[GRAPHIC] [TIFF OMITTED] T6850.125

[GRAPHIC] [TIFF OMITTED] T6850.126

[GRAPHIC] [TIFF OMITTED] T6850.127

[GRAPHIC] [TIFF OMITTED] T6850.128

[GRAPHIC] [TIFF OMITTED] T6850.129

[GRAPHIC] [TIFF OMITTED] T6850.130

[GRAPHIC] [TIFF OMITTED] T6850.131

[GRAPHIC] [TIFF OMITTED] T6850.132

[GRAPHIC] [TIFF OMITTED] T6850.133

[GRAPHIC] [TIFF OMITTED] T6850.134

[GRAPHIC] [TIFF OMITTED] T6850.135

[GRAPHIC] [TIFF OMITTED] T6850.136

[GRAPHIC] [TIFF OMITTED] T6850.137

[GRAPHIC] [TIFF OMITTED] T6850.138

[GRAPHIC] [TIFF OMITTED] T6850.139

[GRAPHIC] [TIFF OMITTED] T6850.140

[GRAPHIC] [TIFF OMITTED] T6850.141

[GRAPHIC] [TIFF OMITTED] T6850.142

[GRAPHIC] [TIFF OMITTED] T6850.143

[GRAPHIC] [TIFF OMITTED] T6850.144

[GRAPHIC] [TIFF OMITTED] T6850.145

[GRAPHIC] [TIFF OMITTED] T6850.146

[GRAPHIC] [TIFF OMITTED] T6850.147

[GRAPHIC] [TIFF OMITTED] T6850.148

[GRAPHIC] [TIFF OMITTED] T6850.149

[GRAPHIC] [TIFF OMITTED] T6850.150

[GRAPHIC] [TIFF OMITTED] T6850.151

[GRAPHIC] [TIFF OMITTED] T6850.152

[GRAPHIC] [TIFF OMITTED] T6850.153

[GRAPHIC] [TIFF OMITTED] T6850.154

[GRAPHIC] [TIFF OMITTED] T6850.155

[GRAPHIC] [TIFF OMITTED] T6850.156

[GRAPHIC] [TIFF OMITTED] T6850.157

[GRAPHIC] [TIFF OMITTED] T6850.158

[GRAPHIC] [TIFF OMITTED] T6850.159

[GRAPHIC] [TIFF OMITTED] T6850.160

[GRAPHIC] [TIFF OMITTED] T6850.161

[GRAPHIC] [TIFF OMITTED] T6850.162

[GRAPHIC] [TIFF OMITTED] T6850.163

[GRAPHIC] [TIFF OMITTED] T6850.164

[GRAPHIC] [TIFF OMITTED] T6850.165

[GRAPHIC] [TIFF OMITTED] T6850.166

[GRAPHIC] [TIFF OMITTED] T6850.167

[GRAPHIC] [TIFF OMITTED] T6850.168

[GRAPHIC] [TIFF OMITTED] T6850.169

[GRAPHIC] [TIFF OMITTED] T6850.170

[GRAPHIC] [TIFF OMITTED] T6850.171

[GRAPHIC] [TIFF OMITTED] T6850.172

[GRAPHIC] [TIFF OMITTED] T6850.173

[GRAPHIC] [TIFF OMITTED] T6850.174

[GRAPHIC] [TIFF OMITTED] T6850.175

[GRAPHIC] [TIFF OMITTED] T6850.176

[GRAPHIC] [TIFF OMITTED] T6850.177

[GRAPHIC] [TIFF OMITTED] T6850.178

[GRAPHIC] [TIFF OMITTED] T6850.179

[GRAPHIC] [TIFF OMITTED] T6850.180

[GRAPHIC] [TIFF OMITTED] T6850.181

[GRAPHIC] [TIFF OMITTED] T6850.182

[GRAPHIC] [TIFF OMITTED] T6850.183

[GRAPHIC] [TIFF OMITTED] T6850.184

[GRAPHIC] [TIFF OMITTED] T6850.185

[GRAPHIC] [TIFF OMITTED] T6850.186

[GRAPHIC] [TIFF OMITTED] T6850.187

[GRAPHIC] [TIFF OMITTED] T6850.188

[GRAPHIC] [TIFF OMITTED] T6850.189

[GRAPHIC] [TIFF OMITTED] T6850.190

[GRAPHIC] [TIFF OMITTED] T6850.191

[GRAPHIC] [TIFF OMITTED] T6850.192

[GRAPHIC] [TIFF OMITTED] T6850.193

[GRAPHIC] [TIFF OMITTED] T6850.194

[GRAPHIC] [TIFF OMITTED] T6850.195

[GRAPHIC] [TIFF OMITTED] T6850.196

[GRAPHIC] [TIFF OMITTED] T6850.197

[GRAPHIC] [TIFF OMITTED] T6850.198

[GRAPHIC] [TIFF OMITTED] T6850.199

[GRAPHIC] [TIFF OMITTED] T6850.200

[GRAPHIC] [TIFF OMITTED] T6850.201

[GRAPHIC] [TIFF OMITTED] T6850.202

[GRAPHIC] [TIFF OMITTED] T6850.203

[GRAPHIC] [TIFF OMITTED] T6850.204

[GRAPHIC] [TIFF OMITTED] T6850.205

[GRAPHIC] [TIFF OMITTED] T6850.206

[GRAPHIC] [TIFF OMITTED] T6850.207

[GRAPHIC] [TIFF OMITTED] T6850.208

[GRAPHIC] [TIFF OMITTED] T6850.209

[GRAPHIC] [TIFF OMITTED] T6850.210

[GRAPHIC] [TIFF OMITTED] T6850.211

[GRAPHIC] [TIFF OMITTED] T6850.212

[GRAPHIC] [TIFF OMITTED] T6850.213

[GRAPHIC] [TIFF OMITTED] T6850.214

[GRAPHIC] [TIFF OMITTED] T6850.215

[GRAPHIC] [TIFF OMITTED] T6850.216

[GRAPHIC] [TIFF OMITTED] T6850.217

[GRAPHIC] [TIFF OMITTED] T6850.218

[GRAPHIC] [TIFF OMITTED] T6850.219

[GRAPHIC] [TIFF OMITTED] T6850.220

[GRAPHIC] [TIFF OMITTED] T6850.221

[GRAPHIC] [TIFF OMITTED] T6850.222

[GRAPHIC] [TIFF OMITTED] T6850.223

[GRAPHIC] [TIFF OMITTED] T6850.224

[GRAPHIC] [TIFF OMITTED] T6850.225

[GRAPHIC] [TIFF OMITTED] T6850.226

[GRAPHIC] [TIFF OMITTED] T6850.227

[GRAPHIC] [TIFF OMITTED] T6850.228

[GRAPHIC] [TIFF OMITTED] T6850.229

[GRAPHIC] [TIFF OMITTED] T6850.230

[GRAPHIC] [TIFF OMITTED] T6850.231

[GRAPHIC] [TIFF OMITTED] T6850.232

[GRAPHIC] [TIFF OMITTED] T6850.233

[GRAPHIC] [TIFF OMITTED] T6850.234

[GRAPHIC] [TIFF OMITTED] T6850.235

[GRAPHIC] [TIFF OMITTED] T6850.236

[GRAPHIC] [TIFF OMITTED] T6850.237

[GRAPHIC] [TIFF OMITTED] T6850.238

[GRAPHIC] [TIFF OMITTED] T6850.239

[GRAPHIC] [TIFF OMITTED] T6850.240

[GRAPHIC] [TIFF OMITTED] T6850.241

[GRAPHIC] [TIFF OMITTED] T6850.242

[GRAPHIC] [TIFF OMITTED] T6850.243

[GRAPHIC] [TIFF OMITTED] T6850.244

[GRAPHIC] [TIFF OMITTED] T6850.245

[GRAPHIC] [TIFF OMITTED] T6850.246

[GRAPHIC] [TIFF OMITTED] T6850.247

[GRAPHIC] [TIFF OMITTED] T6850.248

[GRAPHIC] [TIFF OMITTED] T6850.249

[GRAPHIC] [TIFF OMITTED] T6850.250

[GRAPHIC] [TIFF OMITTED] T6850.251

[GRAPHIC] [TIFF OMITTED] T6850.252

[GRAPHIC] [TIFF OMITTED] T6850.253

[GRAPHIC] [TIFF OMITTED] T6850.254

[GRAPHIC] [TIFF OMITTED] T6850.255

[GRAPHIC] [TIFF OMITTED] T6850.256

[GRAPHIC] [TIFF OMITTED] T6850.257

[GRAPHIC] [TIFF OMITTED] T6850.258

[GRAPHIC] [TIFF OMITTED] T6850.259

[GRAPHIC] [TIFF OMITTED] T6850.260

[GRAPHIC] [TIFF OMITTED] T6850.261

[GRAPHIC] [TIFF OMITTED] T6850.262

[GRAPHIC] [TIFF OMITTED] T6850.263

[GRAPHIC] [TIFF OMITTED] T6850.264

[GRAPHIC] [TIFF OMITTED] T6850.265

[GRAPHIC] [TIFF OMITTED] T6850.266

[GRAPHIC] [TIFF OMITTED] T6850.267

[GRAPHIC] [TIFF OMITTED] T6850.268

[GRAPHIC] [TIFF OMITTED] T6850.269

[GRAPHIC] [TIFF OMITTED] T6850.270

[GRAPHIC] [TIFF OMITTED] T6850.271

