[House Hearing, 112 Congress]
[From the U.S. Government Publishing Office]





                  OVERSIGHT OF THE OFFICE OF FINANCIAL
                  RESEARCH AND THE FINANCIAL STABILITY
                           OVERSIGHT COUNCIL

=======================================================================

                                HEARING

                               BEFORE THE

                            SUBCOMMITTEE ON
                      OVERSIGHT AND INVESTIGATIONS

                                 OF THE

                    COMMITTEE ON FINANCIAL SERVICES

                     U.S. HOUSE OF REPRESENTATIVES

                      ONE HUNDRED TWELFTH CONGRESS

                             FIRST SESSION

                               __________

                             JULY 14, 2011

                               __________

       Printed for the use of the Committee on Financial Services

                           Serial No. 112-48












                                _____

                  U.S. GOVERNMENT PRINTING OFFICE
 67-943 PDF               WASHINGTON : 2012
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing 
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC 
area (202) 512-1800 Fax: (202) 512-2104  Mail: Stop IDCC, Washington, DC 
20402-0001



                 HOUSE COMMITTEE ON FINANCIAL SERVICES

                   SPENCER BACHUS, Alabama, Chairman

JEB HENSARLING, Texas, Vice          BARNEY FRANK, Massachusetts, 
    Chairman                             Ranking Member
PETER T. KING, New York              MAXINE WATERS, California
EDWARD R. ROYCE, California          CAROLYN B. MALONEY, New York
FRANK D. LUCAS, Oklahoma             LUIS V. GUTIERREZ, Illinois
RON PAUL, Texas                      NYDIA M. VELAZQUEZ, New York
DONALD A. MANZULLO, Illinois         MELVIN L. WATT, North Carolina
WALTER B. JONES, North Carolina      GARY L. ACKERMAN, New York
JUDY BIGGERT, Illinois               BRAD SHERMAN, California
GARY G. MILLER, California           GREGORY W. MEEKS, New York
SHELLEY MOORE CAPITO, West Virginia  MICHAEL E. CAPUANO, Massachusetts
SCOTT GARRETT, New Jersey            RUBEN HINOJOSA, Texas
RANDY NEUGEBAUER, Texas              WM. LACY CLAY, Missouri
PATRICK T. McHENRY, North Carolina   CAROLYN McCARTHY, New York
JOHN CAMPBELL, California            JOE BACA, California
MICHELE BACHMANN, Minnesota          STEPHEN F. LYNCH, Massachusetts
THADDEUS G. McCOTTER, Michigan       BRAD MILLER, North Carolina
KEVIN McCARTHY, California           DAVID SCOTT, Georgia
STEVAN PEARCE, New Mexico            AL GREEN, Texas
BILL POSEY, Florida                  EMANUEL CLEAVER, Missouri
MICHAEL G. FITZPATRICK,              GWEN MOORE, Wisconsin
    Pennsylvania                     KEITH ELLISON, Minnesota
LYNN A. WESTMORELAND, Georgia        ED PERLMUTTER, Colorado
BLAINE LUETKEMEYER, Missouri         JOE DONNELLY, Indiana
BILL HUIZENGA, Michigan              ANDRE CARSON, Indiana
SEAN P. DUFFY, Wisconsin             JAMES A. HIMES, Connecticut
NAN A. S. HAYWORTH, New York         GARY C. PETERS, Michigan
JAMES B. RENACCI, Ohio               JOHN C. CARNEY, Jr., Delaware
ROBERT HURT, Virginia
ROBERT J. DOLD, Illinois
DAVID SCHWEIKERT, Arizona
MICHAEL G. GRIMM, New York
FRANCISCO ``QUICO'' CANSECO, Texas
STEVE STIVERS, Ohio
STEPHEN LEE FINCHER, Tennessee

                   Larry C. Lavender, Chief of Staff
              Subcommittee on Oversight and Investigations

                   RANDY NEUGEBAUER, Texas, Chairman

MICHAEL G. FITZPATRICK,              MICHAEL E. CAPUANO, Massachusetts, 
    Pennsylvania, Vice Chairman          Ranking Member
PETER T. KING, New York              STEPHEN F. LYNCH, Massachusetts
MICHELE BACHMANN, Minnesota          MAXINE WATERS, California
STEVAN PEARCE, New Mexico            JOE BACA, California
BILL POSEY, Florida                  BRAD MILLER, North Carolina
NAN A. S. HAYWORTH, New York         KEITH ELLISON, Minnesota
JAMES B. RENACCI, Ohio               JAMES A. HIMES, Connecticut
FRANCISCO ``QUICO'' CANSECO, Texas   JOHN C. CARNEY, Jr., Delaware
STEPHEN LEE FINCHER, Tennessee










                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on:
    July 14, 2011................................................     1
Appendix:
    July 14, 2011................................................    45

                               WITNESSES
                        Thursday, July 14, 2011

Berner, Hon. Richard, Counselor to the Secretary of the Treasury, 
  U.S. Department of the Treasury................................     5
Krishna, Dilip, Vice President of Financial Services, Teradata 
  Corporation....................................................    24
Liechty, John, Ph.D., Professor of Marketing and Statistics, and 
  Director of the Center for the Study of Global Financial 
  Stability, Smeal College of Business, The Pennsylvania State 
  University.....................................................    30
Paller, Alan, Director of Research, The SANS Institute...........    26
Taleb, Nassim N., Ph.D., Distinguished Professor of Risk 
  Engineering, New York University Polytechnic Institute.........    28

                                APPENDIX

Prepared statements:
    Neugebauer, Hon. Randy.......................................    47
    Berner, Hon. Richard.........................................    48
    Krishna, Dilip...............................................    58
    Liechty, John................................................    66
    Paller, Alan.................................................    74
    Taleb, Nassim N..............................................    82

              Additional Material Submitted for the Record

Neugebauer, Hon. Randy:
    Written responses to questions submitted to Hon. Richard 
      Berner.....................................................   102
    Written statement of the United States Government 
      Accountability Office......................................   113
    Written statement of the U.S. Chamber of Commerce............   133
Capuano, Hon. Michael:
    CBO Amend to H.R. 4173.......................................   138
    CBO Estimate of H.R. 4173....................................   139
    Letter to Hon. Gene Dodaro, Comptroller General, GAO, dated 
      July 13, 2011..............................................   149
    Letter to Chairman Neugebauer, dated July 13, 2011...........   151
Liechty, John:
    Letter to Senator Christopher J. Dodd, Chairman, Senate 
      Committee on Banking, Housing and Urban Affairs from six 
      Nobel Laureates, dated February 11, 2010...................   153

 
                  OVERSIGHT OF THE OFFICE OF FINANCIAL
                  RESEARCH AND THE FINANCIAL STABILITY
                           OVERSIGHT COUNCIL

                              ----------                              


                        Thursday, July 14, 2011

             U.S. House of Representatives,
                          Subcommittee on Oversight
                                and Investigations,
                           Committee on Financial Services,
                                                   Washington, D.C.
    The subcommittee met, pursuant to notice, at 3:25 p.m., in 
room 2128, Rayburn House Office Building, Hon. Randy Neugebauer 
[chairman of the subcommittee] presiding.
    Members present: Representatives Neugebauer, Fitzpatrick, 
Posey, Hayworth, Renacci, Canseco, Fincher; Capuano, Baca, and 
Carney.
    Ex officio present: Representative Bachus.
    Also present: Representatives Grimm, Hensarling; and 
Maloney.
    Chairman Neugebauer. Today, we are going to have a hearing 
on the oversight of the Office of Financial Research (OFR), 
which is a newly created entity from the Dodd-Frank Act. It is 
affiliated with the Financial Stability Oversight Council 
(FSOC). And I am sure that our witnesses will articulate a 
little bit more of that relationship.
    One of the things that I think we have tried to do in this 
committee is we are trying to figure out what the puzzle is 
going to look like when it is completed. One of the things I 
have said about Dodd-Frank, with nearly 300 different 
rulemaking opportunities, is that we are trying to--as we are 
issuing all of these rules, and we are standing up all of these 
entities, we are really putting together one of those large 
puzzles, those 250- to 300-piece puzzles.
    I think the bad news is that we don't know what the puzzle 
is actually going to look like when it is completed. And so one 
of the things that we have tried to do in our committee is to 
bring some sunlight on some of these parts of Dodd-Frank as we 
are approaching the first anniversary of that entity next week, 
but also to make sure that we begin to try to understand what 
the puzzle is going to look like.
    One of the things that is kind of interesting about OFR is 
that it really kind of looks like the twin of the Consumer 
Financial Protection Bureau (CFPB). They have a lot of 
similarities. One is that they are overseen by one Director.
    They are tucked into the Federal Reserve (Fed) and have 
limited oversight capacity from Congress. And they have some 
very broad powers. Some of those powers will be discussed as we 
get into the hearing.
    I think one of the things that I find a little bit 
troubling is, first, we have all of these entities that really 
give one individual a lot of power. And second, that there is 
no real opportunity, in many cases, for oversight. And in many 
cases, also, there is no real appeals process for the actions 
and the rulings of this individual.
    Obviously, this other issue that is going to be discussed 
today is then what is the cost and the benefit of standing up 
such an entity. So I look forward to the hearing today, and 
hopefully we will shine a little bit of light and learn a 
little bit more about the OFR.
    With that, I yield to the ranking member of the 
subcommittee, Mr. Capuano.
    Mr. Capuano. Thank you, Mr. Chairman.
    Mr. Berner, I would like to welcome you to the committee. I 
think that there are some serious questions here. I fully 
expect you will have appropriate answers for them. I know that 
some of these things you may not have any answers for, because 
we are in the new world.
    I am looking forward to hearing from you. I think that 
there are a lot of questions that we will all have. I have no 
doubt that you will have some of the same questions yourself.
    That is the way we are going to go.
    So I am looking forward to your testimony, and thank you 
for coming.
    Chairman Neugebauer. And now, the vice-chairman of the 
subcommittee, Mr. Fitzpatrick.
    Mr. Fitzpatrick. Thank you, Mr. Chairman.
    If there is one thing consistent about the Dodd-Frank 
legislation, it is that what looks good on paper often makes 
for bad policy and practice in reality.
    The mission of the Office of Financial Research makes it 
sound like a rather benign entity. Its mission, to act as the 
research arm for the Financial Stability Oversight Council, is 
sensible enough.
    However, as this subcommittee has examined the OFR, a 
couple of troubling issues have emerged.
    Any time an agency is given such free reign to collect and 
store information on the private sector, it deserves extra 
scrutiny. The government has a role to play in protecting 
investors and consumers, but good intentions cannot be the 
catch-all excuse for government overreach.
    If we expect the private sector to pull us out of this 
recession, then we cannot, at the same time, grind them under 
the boot of the government. We can and must strike a balance 
between proper oversight and excessive regulation.
    Today's hearing is an important part of striking that 
balance. Protecting the taxpayers means not only examining 
financial institutions, but examining the examiners. After all, 
money is coming out of the economy to pay the salaries and 
expenses of these new agencies. And the public deserves to know 
that this is money well spent.
    I look forward to the testimony, and I yield back.
    Chairman Neugebauer. Now, the gentlewoman from New York, 
Mrs. Maloney.
    Mrs. Maloney. Thank you, Chairman Neugebauer and Ranking 
Member Capuano. I am very pleased that you are having this 
oversight hearing. I believe this is an important part of Dodd-
Frank.
    During the hearings that we had during the financial 
crisis, I asked a number of the heads of these organizations, 
some of whom failed, some of whom took TARP money in order to 
continue to exist, what one reform did they think was the most 
important.
    And they said, collecting data. This was the private sector 
that let us know, in real-time, at the end of the day what the 
exposures were internationally and nationally on financial 
products.
    They felt that that was the most important reform that we 
could make. So I think it is important. I look forward to the 
testimony, and I thank you for having the hearing.
    Chairman Neugebauer. Thank you.
    And now the vice-chairman of the full committee, the 
gentleman from Texas, Mr. Hensarling.
    Mr. Hensarling. Thank you, Mr. Chairman. I certainly 
appreciate you calling this hearing.
    I had the opportunity to serve on the conference committee 
for Dodd-Frank. And of all the provisions in the 2,300-page 
behemoth bill, perhaps none was more overlooked and 
underappreciated than the creation of the so-called Office of 
Financial Research.
    I offered an amendment during the conference to strike its 
existence. I am very concerned about its existence. We will now 
have an entire new agency based on the premise that if we have 
sufficient numbers of unelected, unaccountable bureaucrats, who 
have unlimited information about our personal buying habits, 
coupled with an unlimited budget, that somehow they can prevent 
any type of economic downturn within our society.
    I think the premise is false. Frankly, I think it is 
dangerous. I think that this office represents a hacker's dream 
and a civil libertarian's nightmare. And I do not see a 
compelling reason for its existence.
    Essentially, the Federal Government will be able to track 
what Americans buy, who they buy it from, and when they buy it, 
with their subpoena power.
    Staffing--there are no limits to the number of employees 
that the Director may hire, since the Director has the 
authority to set salaries without regard to the general 
schedule, and no limit to how much the Director can pay these 
employees.
    The new agency will not be subjected to the Congressional 
budget or to the appropriations process, or the Executive 
Branch oversight or its budget. And the agency can levy 
whatever assessments it deems necessary to fund itself.
    So, Mr. Chairman, if ever there was an agency that was 
crying out for a hearing, it is this one. And I congratulate 
you for calling this hearing. I yield back the balance of my 
time.
    Chairman Neugebauer. I thank the gentleman. And now the 
other gentleman from Texas, Mr. Canseco.
    Mr. Canseco. Thank you, Mr. Chairman.
    The 2008 financial crisis was caused in large part by 
accommodation of misguided government policies and the failure 
of the financial regulators to step in and use their authority, 
which was more than sufficient. It was more than sufficient to 
halt the incredible risk that was building up within the 
financial industry.
    And despite this government failure, which led to an 
economic meltdown that we are still trying to climb out of, the 
authors of Dodd-Frank gave government a dramatically increased 
role in our financial markets, an example of which is the 
Office of Financial Research.
    The OFR is, at its core, a testament to the belief that 
government can make anything right or accomplish any goal if 
only it is given more authority. Throughout history, mankind 
has proven itself incapable time and again of being able to 
consistently and accurately predict crises, especially when 
they relate to financial markets. And there is no aspect of 
this agency that would change that.
    Aside from OFR's misguided mission, I have great concern 
over the structure of the agency, which operates with very 
little oversight and accountability. And I thank the chairman 
for holding this important hearing.
    I yield back.
    Chairman Neugebauer. Thank you.
    Mr. Fincher?
    Mr. Fincher. Thank you, Mr. Chairman.
    And I thank the witnesses for coming today.
    In today's technologically advanced world, more and more 
Americans are making financial transactions over the Internet, 
entrusting that their personal information is safe and secure.
    As we have heard over recent months though, that is not 
always the case. With the recent cyber attacks on Citigroup, 
the IMF, and even the Senate and the CIA, I am concerned about 
some of the information-collecting duties of the Office of 
Financial Research under the Dodd-Frank Act.
    It seems as though the government is trying to reach even 
further into our personal lives than ever before in the name of 
financial security.
    While we are all in favor of taking precautions to prevent 
another financial meltdown in this country, I am not completely 
convinced that more government is the answer to this problem, 
and that our personal information will be secure as a result.
    The last thing people need in this country, when 
unemployment is at 9.2 percent, is for their financial 
information to be at risk.
    So I look forward today to hearing your testimony and 
explanation of some of these things. Thank you.
    I yield back.
    Chairman Neugebauer. I thank the gentleman.
    Mr. Grimm?
    Mr. Grimm. Thank you, Mr. Chairman.
    First of all, thank you for holding this hearing.
    And also thank you, Mr. Berner, for agreeing to testify 
today.
    As a former Special Agent of the FBI, I am keenly aware of 
the danger that computer hacking and cyber crimes poses to the 
U.S. financial institutions on a daily basis. As recently as 
May, a massive cyber attack hit a large U.S. bank where over 
360,000 credit card numbers were stolen.
    Even with advanced IT departments and very, very qualified 
staff, banks are unable to prevent every attempted breach of 
their computer systems.
    The Office of Financial Research is going to have a digital 
repository of large amounts of data for a majority of U.S. 
financial institutions. I am extremely concerned that a 
repository of this nature would be a treasure trove for 
everyone from an ordinary hacker who is seeking to steal and 
quickly--whatever--to a sophisticated terrorist organization.
    So I am very interested in hearing your testimony today.
    And with that, I yield back. Thank you.
    Chairman Neugebauer. I thank the Members.
    Our first panelist is the Honorable Richard Berner, the 
Counselor to the Secretary of the Treasury.
    Mr. Berner, thank you for being here. I enjoyed your visit 
the other day in our office and I look forward to your 
testimony.
    You are recognized for 5 minutes.

  STATEMENT OF THE HONORABLE RICHARD BERNER, COUNSELOR TO THE 
   SECRETARY OF THE TREASURY, U.S. DEPARTMENT OF THE TREASURY

    Mr. Berner. Thank you, Mr. Chairman, Ranking Member 
Capuano, and members of the subcommittee. Thank you for 
inviting me here today.
    I recently joined the Treasury Department as Counselor to 
the Secretary, as you noted. The Secretary has asked me to help 
him set up the Office of Financial Research. And in that 
capacity, I am pleased to come here today to testify on the 
mission of the OFR, on the progress we have made in launching 
it, and on the initiatives we have under way to achieve our 
objectives.
    First, some background. As some of you noted, the financial 
crisis made it clear that the regulation and oversight of the 
financial system was deficient in many respects. We 
underestimated the way shock spread across the financial system 
with severe consequences to the economy.
    Likewise, the crisis also revealed the deficiencies in data 
and analysis. We lack timely and accurate information needed to 
monitor threats to financial stability and to develop the tools 
needed to mitigate them.
    The Dodd-Frank Act addresses many of these shortcomings. It 
created the Financial Stability Oversight Council to identify 
and respond to threats to financial stability in the economy 
and to promote market discipline. It also created the OFR to 
function as a shared provider of data and analysis for the FSOC 
and its member agencies.
    The OFR is working to satisfy its statutory mandates and 
mission: first, to collect data on behalf of the Council and to 
provide them to the Council and member agencies; second, to 
standardize the types and format of data collected and 
reported; third, to perform applied and essential long-term 
research; and finally, to develop tools for risk measurement 
and monitoring.
    As Dodd-Frank requires, the OFR will leverage existing 
resources to avoid duplication.
    I am pleased to report that we are making significant 
progress towards these goals. Today, I will first discuss OFR's 
work on improving financial data. Next, I will discuss the 
Office's research strategy. And I will conclude with an update 
on staffing and on information security.
    The OFR's promise is to collect and make available more and 
better financial data, while reducing the regulatory reporting 
burden. That is a tall order, but we believe that three aspects 
of the OFR's approach will make that promise a reality.
    First, the OFR will fill in information gaps, not 
duplicate.
    Second, by collaborating with Federal financial regulators, 
the OFR can create economies of scale, lower operating costs, 
and eliminate redundant reporting requirements.
    Finally, and most important, the OFR will promote standards 
for financial data. Standardization will improve the quality 
and transparency of financial data. For example, standards will 
provide a more transparent picture of firms' activities, 
improving market discipline. They will improve the ability of 
regulators and firms to manage counterparty risk, assure the 
integrity of business practices, and lower processing costs.
    The Legal Entity Identification initiative, or LEI, will 
standardize data and uniquely identify parties to financial 
transactions. It is moving forward, and quickly, with support 
from both the industry and from global regulators. The OFR is 
working with financial regulators around the world to define 
consistent requirements for the LEI.
    The private sector and standards organizations have also 
contributed. A global coalition of them has developed a 
recommendation for potential solution providers. That work is 
driving the initiative forward.
    The Dodd-Frank Act lays out principles and gives 
appropriate authority to the OFR for data collection. We will 
be thoughtful in interpreting those principles. And we will 
exercise that authority responsively.
    Let me be clear: The OFR will not collect data for 
collection's sake. The OFR will collaborate with FSOC member 
agencies to collect data they need for analysis and policy 
decisions. That collaboration will decide how to fill data gaps 
sufficiently.
    That work is already under way and staff are cataloging 
data used and collected by financial regulators.
    The OFR will pursue its research agenda, as statute and the 
FSOC require. It will produce and sponsor financial research 
aimed at developing the tools we need to assess threats to 
financial stability.
    The search for an OFR Director is ongoing. Meanwhile, a 
high level of talent is coming into the OFR. We are hiring 
professionals with deep industry experience in data management, 
technology risk, and risk management to establish the data 
center. We are also making progress in building the OFR's 
research team.
    Finally, preserving the security and integrity of OFR's 
data is a critical objective. The OFR will adopt best-practice 
information and security measures. We are pursuing them in 
three ways. First, the OFR is developing policies on post-
employment restrictions to prevent misuse of valuable data.
    Second, the OFR is developing robust governance policies 
and systems of controls, restricting use of data and 
information systems.
    And third, the OFR is establishing information systems that 
protect data from unauthorized outside access and limit OFR's 
employees' access to sensitive information content consistent 
with their responsibilities.
    Mr. Chairman and members of the subcommittee, the Dodd-
Frank Act created the OFR to help the FSOC promote financial 
stability and limit the effects on the Nation's economy of 
financial crises. Better data and analysis can't prevent 
financial shocks, but we believe our efforts will help reduce 
their frequency and magnitude.
    Those efforts will also help us improve the quality and 
scope of financial data, and promote and produce research that 
helps policymakers identify and address threats to financial 
stability.
    Thank you for your attention. And I will be happy to answer 
your questions.
    [The prepared statement of Mr. Berner can be found on page 
48 of the appendix.]
    Chairman Neugebauer. Thank you very much. And I appreciate 
again your being here.
    Are there statutory limits on OFR's ability to--how much 
you can levy these financial institutions once you get to that 
point? I know the first 2 years is funded by the Fed. But after 
that point, the statute calls for the OFR to assess, as you 
guess, some sums if necessary. But as you read the legislation, 
is there a limit to what those assessments could be?
    Mr. Berner. Mr. Chairman, thanks for your question. That is 
something that I think is of concern to us to make sure that 
those assessments are not a burden on the financial services 
industry.
    Chairman Neugebauer. But there is not a limit. Is that 
correct?
    Mr. Berner. Mr. Chairman, I am not aware that there is a 
limit under the statute. But we plan to exercise our 
responsibility to make sure that principle I just laid out is 
really stuck to.
    Chairman Neugebauer. So as I understand it by reading the 
legislation, there is no statutory limit on your budget either. 
In other words, you could make that agency as large as someone 
wanted to make it and make whatever assessments are required to 
support that organization. Is that true?
    Mr. Berner. Mr. Chairman, let me try to answer your 
question this way. The--
    Chairman Neugebauer. No, it is kind of a yes-or-no 
question. Are there statutory limits?
    Mr. Berner. Mr. Chairman, let me put it to you this way. 
The statute requires that the OFR's budget, what the OFR will 
spend appear in the budget itself, and that the OFR is subject 
to oversight, both by you and the Congress, and we plan to 
report to you and the Congress, to make sure you know what we 
are spending and what we are spending it on.
    And in addition, the OFR is subject to oversight by the 
Government Accountability Office, and by the Treasury's 
Inspector General Office.
    Chairman Neugebauer. But I just want to be clear, to get 
back to the original question, I appreciate that additional 
information, but there are no statutory limits on your budget?
    Mr. Berner. Mr. Chairman, I think the answer is--
    Chairman Neugebauer. Yes or no. Which one do you think it 
is? How do you interpret it?
    Mr. Berner. I am not aware that there is a statutory limit 
in the statute itself.
    Chairman Neugebauer. And also, I think under the OFR, you 
are allowed to actually start setting out RFPs for ongoing risk 
financial research. And so basically, are there any limits to 
the amount of research that you could be funding or the amount 
of outsourcing to the universities that could happen there? Is 
there any limit to the funding of those either?
    Mr. Berner. Mr. Chairman, let me tell you that we are in 
the process of developing our budget for Fiscal Year 2012 and 
for Fiscal Year 2013, and that budget will restrict the amount 
that we spend in the OFR on outsourcing for research or in 
providing research that is produced internally.
    Chairman Neugebauer. Yes. I appreciate that. And you know 
what, I think the point I am trying to make here is that this 
OFR and agency has very broad powers, very broad authority, 
with really very few checks and balances.
    Basically, you are going to determine your own budget. It 
is not a budget that has to be approved by Congress.
    You can levy assessments to whatever level is deemed 
necessary, and you can do this ongoing research.
    And the final question too is there is, as I understand, 
really no limit to what information that you could require from 
a company. In other words, basically the laws says that you can 
ask for the information, and if the company refuses to give it 
to you, you can actually subpoena that company. Is that your 
interpretation?
    Mr. Berner. Mr. Chairman, I think what the OFR is designed 
to do is to, as I mentioned in my testimony, fill in the gaps 
between the data that we already have among the FSOC and its 
member agencies. So our goal is to collect data only where we 
think it is missing, and as we need it to fulfill our mandate 
of looking for threats to financial stability across the 
financial system.
    We are not interested in duplicating information. We are 
not interested in collecting data for the sake of collection. 
And we are not interested in creating a big database just to 
have a big database.
    Chairman Neugebauer. Certainly, that might be your 
perspective. But obviously, we don't have an acting Director. 
It is just another position that the President has not filled. 
So you are actually in the same capacity, I guess, as Ms. 
Warren, in that you are standing up for an entity that actually 
doesn't have an acting Director. Is that correct?
    Mr. Berner. I am acting on behalf of the Secretary to set 
up the OFR.
    Chairman Neugebauer. But you have not been nominated by the 
President for this position?
    Mr. Berner. I have not been nominated. No. And the 
President must nominate somebody to fill that position.
    Chairman Neugebauer. I see my time is up, so I will yield 
to the ranking member.
    Mr. Capuano. Thank you, Mr. Chairman.
    Thank you, Mr. Berner.
    Mr. Berner, would you have any objection to working with 
this committee or the rest of the Congress in trying to tighten 
up any of the statutory issues that might come up today?
    Mr. Berner. Thank you for your question. I think that is a 
really important one, because we want to make sure that the 
Congress and this committee, in particular, understands that we 
want to be accountable to the Congress. We want to be 
completely transparent in what we do.
    We want to provide all the information that you require in 
order to look at our activities. And we want to meet with your 
staff and make sure that they fully understand all the issues 
that we are dealing with, so that we have a full and accurate--
    Mr. Capuano. If Congress gets concerned at some future time 
that your assessments are too high, and we decide we want to 
put some kind of statutory limit on it, you would work with us 
to try to accomplish that, if necessary?
    Mr. Berner. Congressman, we want to make sure that the 
things that we do, including the assessments we levy on the 
firms to fund the OFR after the funding from the Federal 
Reserve expires are reasonable and are sensible, and only what 
we need to do our job.
    Mr. Capuano. Are you the only Federal Government agency 
that has subpoena power?
    Mr. Berner. I am not aware of the subpoena power of other 
agencies, Congressman, but I know that the OFR does have 
subpoena powers in certain circumstances.
    Mr. Capuano. But you are not the only Federal agency with 
subpoena power, are you?
    Mr. Berner. No, that is absolutely correct.
    Mr. Capuano. That is what I thought.
    I think that some of the--a couple of my questions have 
already been answered. Some of them were in the introductory 
comments. Data security, I think, is a reasonable commentary to 
make.
    And again, I will withhold my judgment until we see what 
you get and see what information you have. But, I would hope 
and presume that has to be on the top of your list, as far as 
concerns as you move forward. Is that a fair statement?
    Mr. Berner. It is a fair statement, Congressman. It is at 
the top of our list. We want to make sure that any data that we 
have or, for that matter, that the FSOC has is absolutely 
secure. And we are well aware of the threats and risks out 
there, as some of you have discussed, we want to make sure--
    Mr. Capuano. Are you working with any private companies 
that have had their data breached to learn from their lessons?
    Mr. Berner. Absolutely. We are trying to learn from their 
lessons and from breaches that have occurred, to some extent, 
in government as well. And somebody mentioned the IMF breach. 
We want to make sure that we can learn from all those 
experiences, and make sure that it doesn't happen again.
    I want to assure you that at the Treasury Department, we 
handle a large volume of confidential and sensitive data. We 
have not had any breaches. That is no guarantee, of course--
    Mr. Capuano. Right.
    Mr. Berner. --that couldn't happen in the future. But we 
put that at the top of our priority list.
    Mr. Capuano. And the other issue that was raised to me 
anyway was the fact that some sort of--I guess, I would like to 
ask the question, can you guarantee without question, 
absolutely, that the OFR will be absolutely positively able to 
see the next economic threat?
    Mr. Berner. No, Congressman, I can't guarantee that.
    Mr. Capuano. Gee, I am shocked. Is there anything in the 
law or anything that you are aware of that will prohibit, 
prevent or hinder any of the other regulatory agencies from 
doing their job?
    Mr. Berner. There is nothing in the law--the Dodd-Frank 
Act, as you know, Congressman, was set up to enable us to do 
our job better. And that is the point.
    And I would say that now what we need to do is to fully 
implement the Act in ways consistent with your goals and 
objectives, the goals and objectives we all share of having a 
safer and more resilient financial system.
    Mr. Capuano. So nothing has happened in the Dodd-Frank Act 
or anything that you are aware of, or anything in your agency, 
that would hinder the Fed or the SEC or the CFTB or any of the 
other agencies that have any oversight or any responsibility 
for the economy? Nothing would hinder them from possibly being 
able to see the next threat even without your assistance. Is 
that a fair statement?
    Mr. Berner. I think it is fair to say, Congressman, that we 
are all trying to work together to make sure that, as best we 
can, we can anticipate those threats. We are not going to be 
perfect, but anticipate those threats.
    And for the FSOC members, among them the Fed and the other 
agencies you mentioned, to try to put in place regulations that 
will strengthen our financial system and that will limit the 
impact on the economy of any financial shock when it occurs.
    Mr. Capuano. The reason I ask is because I think it is a 
fair statement. No one wants to take away anybody else's 
ability or hinder anyone from seeing the next threat. I would 
argue that the Fed might be able to do it. The OCC might be 
able to do it.
    Who knows? And the truth is, who cares, as long as somebody 
sees the next economic threat coming along or at least we 
increase the likelihood.
    And I would suggest the OFR doesn't guarantee anything, but 
it simply increases the likelihood that we might be able to see 
the next economic threat coming.
    And with that, I see my time is running out. I yield back.
    Chairman Neugebauer. I thank the gentleman. And I would 
just point out that was a very good question about security. I 
noticed today that 24,000 Pentagon files were stolen in a cyber 
breach.
    I ask unanimous consent to enter into the record the 
testimony of the U.S. Chamber of Commerce--they were not able 
to attend.
    Without objection, it is so ordered.
    Now, I will recognize the chairman of the full committee, 
Mr. Bachus.
    Chairman Bachus. Thank you, Counselor Berner, for your 
presence here today. I just want to go through a thought 
process with you.
    Obviously, the OCC, the FDIC, the Federal Reserve, the 
MCUA, they all collect data. The State banking regulators 
collect data. The CFTC, the SEC, the State security regulators, 
if you determine that you need data, certain information, will 
you first go to those agencies and see if they have that 
information?
    Mr. Berner. Thank you, Mr. Chairman. That is a great 
question because I think it speaks to the philosophy that we 
have about data collection.
    First, we want to take stock of the information we have 
across all of the members of the FSOC, which include the 
agencies that you just mentioned.
    We are not in the business of duplicating data collection. 
We want to make sure that we make the best use of the data that 
we have and to make that we can share in a way that is 
responsible among the member agencies. Only then, will we go 
and look to fill the gaps in the data that we think are 
missing.
    Chairman Bachus. Okay.
    Mr. Berner. One of the things in the financial crisis that 
was really important is the way we missed interconnectedness or 
the way that various parts of the financial system reacted and 
the interplay among those parts in the financial system. That 
is where we are going to try to look for the missing gaps and 
fill in those gaps first.
    Chairman Bachus. All right. So a sort of a precondition 
will be that information didn't already exist--
    Mr. Berner. That is correct.
    Chairman Bachus. --or it is not collected by another 
agency.
    Mr. Berner. Yes, sir.
    Chairman Bachus. The relationship you have with FSOC, are 
they going to gather information independently or are you the 
agency which gathers information if they request, or how do you 
see that relationship?
    Mr. Berner. Mr. Chairman, that is a very good question. I 
think the answer is, we don't quite know yet. It is going to be 
dependent on the information and questions.
    So, for example, in exercising their supervisory 
responsibilities, I have no doubt that the supervisory agencies 
will continue to collect information from the relevant 
institutions. And for markets, there are new data being 
collected for markets in a variety of ways that we all want to 
take advantage of.
    And who actually collects the data will be a decision that 
we will make jointly, to make sure that we do it in the best 
way and the most efficient way, and in the most secure way 
possible, while minimizing the cost to the taxpayer.
    Chairman Bachus. That Council is actually made up of 
different agencies?
    Mr. Berner. Right.
    Chairman Bachus. But does that agency itself independently 
have the power to collect data?
    Mr. Berner. You mean the FSOC--
    Chairman Bachus. FSOC.
    Mr. Berner. --Council itself? Or the Council itself, I 
think derives its power from the statute. The council itself 
has decision-making powers and potentially can collect data.
    But the OFR was set up specifically to assist the FSOC in 
collecting data and performing research, so that they could 
turn their attention to the important decisions that they have 
to make across the financial system.
    Chairman Bachus. I see. Let us just suppose, which will 
come one day, you look across the agencies, you look elsewhere 
and you think that data is not available. And let us say FSOC 
says to you, we would like to have this data. Will there be any 
rulemaking process where you will actually say, we propose to 
collect this data in this form?
    And then those companies which are sources of that 
information will be able to come in and have a 30-day or 60-day 
or 90-day period to say, we think it ought to be limited to 
that. Would there be any of that?
    Mr. Berner. Great question, Mr. Chairman. There will be a 
lot of that, in fact. And one good example of that is the way 
that we put out a proposed rulemaking on the Legal Entity 
Identification system.
    We want to make sure that what we do is consistent and 
actually helps industry in doing their job. The interesting 
thing that we found is that there is very strong support for 
data standardization in the industry, precisely because it is 
going to help them collect their own data for their own 
management purposes.
    They can use those same data to report to the financial 
regulators. So it actually improves the transparency and 
quality of the data and reduces its cost.
    Chairman Bachus. You will receive an appropriation, is that 
correct? Or do you raise all your own funds? I know you have a 
$74 million--
    Mr. Berner. Mr. Chairman, as the chairman of the 
subcommittee pointed out, for the first 2 years, we are funded 
by the Federal Reserve. Subsequent to that, we will devise a 
process whereby our funding will come from the most important 
institutions in the financial system.
    Chairman Bachus. Yes, that was really what I was driving 
at. I don't know whether a community bank is going to be 
saddled with it. You would probably want the largest, most 
systematically important institutions to bear the burden.
    Mr. Berner. That is correct.
    Chairman Bachus. Thank you very much.
    Mr. Berner. Thank you.
    Chairman Neugebauer. I thank the chairman.
    And now, the gentleman from Delaware, Mr. Carney.
    Mr. Carney. Thank you, Mr. Chairman. Thank you for holding 
this hearing today.
    Because I am a freshman, I wasn't around when this 
legislation, Dodd-Frank, was passed. So I don't have a full 
understanding of how it was anticipated this agency would work.
    Could you explain that a little bit for me? You are a 
research entity that is part of the FSOC? The FSOC is comprised 
of other agencies that were mentioned. I assume they have 
research departments themselves.
    How do you see yourselves working with those other research 
departments in the other agencies that are part of the FSOC?
    Mr. Berner. That is an excellent question, Congressman. The 
answer is that we are collaborating very closely with other 
FSOC member agencies and with the research staffs. And that--
    Mr. Carney. Do they all have research--
    Mr. Berner. Many of them do. Not all of them do. And their 
research staffs and the focus of their research is obviously 
dependent on the responsibilities that they have as agencies. 
So the Federal Reserve is focused on things related to monetary 
policy, but has recently set up their own Office of Financial 
Stability. And it sounds like there is some overlap.
    Mr. Carney. Yes, right.
    Mr. Berner. They have a small staff. And they will tell you 
that they have a small staff. They are working closely with us 
to make sure that in the work we do, we communicate with each 
other. And there is certainly some overlap because there are 
always many opinions about--
    Mr. Carney. So what is your focus is going to be opposite 
the rest? Systemic kinds of risks or--
    Mr. Berner. Our focus, Congressman, is to look at risks 
across the financial--
    Mr. Carney. Across--
    Mr. Berner. Right.
    Mr. Carney. So they are looking in one particular stove 
pipe and you are going to try--
    Mr. Berner. They may be. So the SEC or the CFTC, for 
example, might be looking at specific risks related to their 
responsibilities. We would be working with them to look at how 
those risks or developments really affect what is going on 
across the financial--
    Mr. Carney. And you mentioned in answers to other members' 
questions that the information that you would be seeking would 
be to fill in gaps where information did not exist. Could you 
give me an idea what those gaps might look like or what that 
information might look like?
    Mr. Berner. Sure.
    Mr. Carney. Because all these other agencies have a lot of 
information themselves, I assume, with the same kind of 
concerns that have been raised by Members today?
    Mr. Berner. They absolutely do. And it is an excellent 
question. So it is worth repeating, because I think the answer 
is, we don't know where all the gaps exist. If we did, then we 
would have a much better idea of the kinds of data that we need 
to collect.
    In an effort to find out where the gaps are, we are working 
with the other FSOC member agencies to take stock of the data 
that are out there among all those members. That--
    Mr. Carney. So is this data that you would pull down from 
banks or financial institutions? There is the concern, and I 
have the same concern, about shielding personal information 
from a hacker. We heard--
    Mr. Berner. Right.
    Mr. Carney. --in some of the opening statements the concern 
about a hacker's paradise.
    Mr. Berner. The OFR is not going to be--
    Mr. Carney. Those are concerns that these existing agencies 
have right now.
    Mr. Berner. Sure.
    Mr. Carney. Right.
    Mr. Berner. The OFR is not going to be collecting personal 
information. That is not our focus. Our focus is to look at 
data that we collect from financial institutions about their 
transactions, their positions, their exposures, in order to try 
to assess risk across the financial system. We are collecting 
data from markets, from the new swap data repositories, for 
example.
    Mr. Carney. So it is not consumer personal information; it 
is more business information.
    Mr. Berner. Financial transactions.
    Mr. Carney. Right.
    Mr. Berner. Exactly.
    Mr. Carney. So when you talk about the protection of that 
information, we are really talking about institutional concerns 
more so than individual consumer concerns?
    Mr. Berner. Primarily, that is the concern. You asked for 
an example of the kinds of data we might collect. The exposure 
of one financial institution to another is something that 
supervisors currently do collect, but it is incomplete.
    We and the other agencies responsible for looking at those 
issues are looking at ways we want to make that information 
more complete. That is an example of the gaps that exist in 
information today.
    Mr. Carney. We have had representatives from some of the 
regulators and those agencies come here before the full 
committee to talk about some of the tensions among those 
agencies. Do you anticipate some turf problems with the offices 
of research in those agencies as well? Or do you see less of a 
problem there?
    Mr. Berner. I must say, Congressman, it is a very good 
question. But what I have learned in the short time that I have 
been at the Treasury is that people are very willing to 
cooperate. And what is really important is that we build a 
level of trust among all the people involved, so that they 
don't perceive people as intruding on their jobs or their 
responsibilities. Rather, that we all have a lot of work to do 
and we are just collaborating to solve problems.
    And that extends both to data collection and to research.
    Mr. Carney. Thank you. I see my time has expired. Thanks 
very much.
    Chairman Neugebauer. I thank the gentleman.
    Mr. Grimm?
    Mr. Grimm. Thank you, Mr. Chairman. I will make my 
questions brief.
    First of all, as someone who investigated a myriad of 
crimes, specifically financial crimes for years, I can tell you 
that when you are going after something that is unknown, like 
gaps that are uncertain, it is like finding a needle in the 
haystack. So I think you have more than your work cut out 
there. And I am not so sure that is the best structure that I 
would recommend.
    But I am more concerned about financial data, the positions 
of major institutions, whether they are long, short, what they 
are holding, I think that is extremely valuable information, 
not only from the basic wrongdoer domestically, but throughout 
the world. That would be information that could, if in the 
wrong hands, cripple our markets and certainly hurt our 
country.
    A few years back, the FBI, while I was an agent, spent over 
$170 million on an IT project, which was called Virtual Case 
File (VCF). And it was to upgrade our system, basically track 
criminal cases, and so on. It wasn't very sophisticated. But 
after all that money spent and years of time, it was never 
implemented. They were never able to get it to work.
    Before I left the Bureau, they started the second project. 
It was called Sentinel. And Sentinel was over $400 million 
spent and years of time. And as far as I know, that still 
hasn't been implemented. You are talking well over 10 years, 
$570 million-plus spent and the FBI hasn't been able to get it 
right to date, to get a system, an IT system that is fully 
protected to the level that they feel comfortable.
    So, I guess, now, the GAO has estimated that by this time 
next year, $108 million will have been spent implementing the 
database at the OFR. And it looks to me like these IT projects, 
whether it is VCF or Sentinel, and now OFR, they don't have a 
good track record.
    I just would like you to explain why you think OFR is going 
to be different? Why do you think they can be successful where 
the FBI hasn't been?
    Mr. Berner. Congressman, it is a great question, because, 
like you, I am most concerned that we safeguard not just our 
data but also taxpayers' funds. And so that is really 
important.
    I think what is different about this, if there is something 
that is different, is that we have the collaboration and 
cooperation of the industry. Because the industry perceives 
what we are trying to do as something that will actually be a 
benefit for them, both in terms of the way they report data to 
the regulators, which is required under statute and under a 
regulation, and which is something that they want to continue 
to do.
    And they want to collect the same data.
    Mr. Grimm. If I could though, I think you are making a 
different point. I am speaking more of the IT itself. How do 
you protect it? Assuming everyone is cooperating and they give 
you the data, and you have this database with some very 
important information. How do you--they are going to be 
spending over $100 million to create a system that keeps it 
safe, so that people can't hack in, that there are safeguards 
so that those working there can't take information out.
    All of that is part of it. But my experience in the 
government, which is limited to the FBI, but I think it is a 
good example, is that after $500 million spent and over 10 
years, they have yet to implement a system that works.
    What makes the OFR different, regardless of how cooperative 
everyone in the world is being? Everyone has been cooperating 
with the FBI, too.
    Mr. Berner. Congressman, it is certainly a valid concern. 
And what I was trying to say before was the industry has a big 
stake in making sure that the data they provide to us remain 
secure as well. And they have a lot at stake in making that 
happen.
    And so we are working together with the industry to make 
sure that in the transmission process, in the collection 
process, and the storage process itself, the data will be 
secure and their confidentiality is protected.
    Mr. Grimm. Okay. At this time, I will yield back.
    Chairman Neugebauer. I thank the gentleman.
    And now, the gentlewoman from New York, Mrs. Maloney.
    Mrs. Maloney. Thank you, Mr. Chairman and Mr. Ranking 
Member.
    During Dodd-Frank, the goal was outlined in this 
legislation to determine what data gets collected, how it is 
analyzed and stored, and how it is ultimately presented to 
regulators. And you mentioned you were working on the data 
element. Could you get to us in writing, because it is highly 
technical and would take a long time, what data elements you 
believe you are going to need for this project? I know it is a 
work in progress, but where you stand and where are these 
elements. Are they already at the Federal Reserve or the FDIC 
or whatever?
    And then another item you mentioned is who collects the 
data. I recall that during Dodd-Frank, we specifically placed 
restrictions on the industry from collecting and storing the 
data on itself and then analyzing its own data and the market 
trends.
    Is that still the position of Treasury in the Oversight 
Council, that there be an arms' length relationship with firms 
or entities that should be preserved, in other words, 
maintaining strict requirements to prevent either real or 
perceived conflicts of interest?
    Mr. Berner. Congresswoman, you have two involved questions. 
And you, I think, appropriately ask me to provide you in 
writing with the details on the data elements that we are going 
to be collecting. And I would love to do that.
    We will get you all the information you need on the 
implementation, what I called the LEI before, and how that will 
help us collect better data at lower cost.
    As far as the conflict-of-interest question, we want to 
make sure that the OFR and the data that it collects fulfills 
its mandate. And part of that mandate is to collaborate fully 
with other FSOC member agencies. So I think that kind of 
collaboration is going to be essential to our success.
    Mrs. Maloney. Where do you plan on storing this data? Do 
you plan to put it in existing Federal data centers, like in 
the IRS or at the Federal Reserve? Are you planning to have a 
new, separate data storage facility?
    Mr. Berner. Congresswoman, it is a great question. And the 
answer is, we don't fully know yet. We are in the process of 
setting up our data centers using existing facilities.
    As you I am sure know, some facilities have been 
decommissioned. We are taking advantage of those facilities 
even before we collect any data. And we are using that 
experience to make sure that we test and put through their 
paces the policies and the protocols that we need to safeguard 
data even before we collect any sensitive data.
    We will use existing facilities and collaborate with other 
agencies, to the extent that is possible, to make sure that we 
are not duplicating efforts elsewhere among the members of the 
FSOC.
    Mrs. Maloney. And I noticed we have two leaders in academia 
on the next panel. What role has the academic community played 
up to this point in determining how the OFR would be created 
and how data would be collected and interpreted?
    Do you have any contracts with institutions? If so, which 
institutions of higher learning? What role is academia playing 
in the determination of how this is done?
    Mr. Berner. That is a very important question, 
Congresswoman. I am glad you asked it.
    Experts from academia and from the industry and from 
elsewhere in the government are all playing important roles in 
helping providing guidance for us in the way that we go about 
fulfilling our mission.
    Specifically, we have contracts now with two academics, one 
from MIT, and one from the University of Florida. Those 
contracts are in the public domain. They are out there to help 
us develop the systemic risk monitoring tools, to monitor 
threats to financial stability.
    That is one project we are working on. And we can get full 
information on those contracts to you and what we are working 
on, to make sure that we fulfill our mandate.
    Mrs. Maloney. Are you contracting with the private sector 
in any way to help implement this or is this done in-house by 
Treasury?
    Mr. Berner. Congresswoman, we are taking a look at all the 
avenues available to us in fulfilling our mandate. So if we can 
find private solutions, we are looking for them.
    When we talk about the LEI, for example, that is a public/
private initiative to make sure that the industry provides 
input, that they provide comment, that they can have a role in 
guiding the way that we collect data and the way that we 
standardize data, to make sure that they were doing it in a way 
that they find most useful.
    Mrs. Maloney. And since we are now in a global market, do 
you see this just for American institutions or do you see it as 
gathering information, so at the close of day, you will know 
the exposure globally and the threat globally to financial 
stability?
    Mr. Berner. I am glad you asked that question too, 
Congresswoman, because we do live in global markets and we are 
dealing with global institutions. And those threats, as I think 
recent events illustrate, can arise anywhere in the world.
    So we are collaborating with global regulators. And we are 
looking to collaborate with them both in terms of research and 
in collecting data, again so we don't duplicate efforts in 
which they are already engaged, but so that we learn what they 
are doing and so that we can share data.
    The LEI is, again, a good example of that global 
collaboration. And it is one that is extremely important for 
its success.
    Mrs. Maloney. During our many hearings, I spoke to the 
heads of firms that have failed, and some that almost failed. 
And uniformly, when asked, what do you think would be the 
single most important thing to prevent this from happening in 
the future, they said a centralized database that could see 
exposure, risk, leverage, in a place where you could follow it.
    It is a huge challenge, but it could have great benefits. I 
wish you well. Thank you.
    Mr. Berner. Thank you.
    Chairman Neugebauer. I thank the gentlewoman and now the 
gentleman, Mr. Fitzpatrick.
    Mr. Fitzpatrick. Thank you, Mr. Chairman.
    Counselor Berner, thank you for your time today.
    The Office of Financial Research will be requesting 
sensitive and confidential data from financial companies. And 
the security of the data, of course, will have to be considered 
even before OFR makes its first request. So can you tell the 
committee what processes are currently in place, or in place as 
of today, to govern who will have access to that information?
    Mr. Berner. Congressman, it is a terrific question, because 
it is central to the way that we want to go about collecting 
data.
    If you think about the fact that the OFR is going to be an 
agency that helps the FSOC member agencies in fulfilling their 
mandate, each of them, to the extent they have supervisory 
responsibilities, already collect data from their respective 
institutions.
    And so we are not going to take away what they are doing. 
We are going to complement what they do. And the way we are 
going to complement that is to make sure that we have protocols 
and procedures in place so that people will have access to data 
appropriate with their responsibilities and with what they need 
to know.
    Those protocols and policies are in the process of 
development. We want to make sure we do that in a way that is 
consistent with safeguarding the data and yet, making sure that 
we can all look across the financial system to assess where 
risks might be arising to financial stability.
    Mr. Fitzpatrick. So the procedures and processes are not 
currently in place. They are being written at present?
    Mr. Berner. The procedures and processes are being 
developed in collaboration with other FSOC member agencies.
    Mr. Fitzpatrick. Will there be penalties for unauthorized 
disclosure of any of that confidential information? The OFR is 
going to have powers, including subpoena powers and other 
requesting powers, to compel the production of these documents. 
Will there be penalties in place for the unauthorized 
disclosure of those documents?
    Mr. Berner. Congressman, it is my understanding that there 
already are penalties in place for disclosing, in an 
unauthorized way, any sensitive information. And so, that will 
become--if events like that do occur, and we certainly are 
going to make sure and try our best to prevent that, but if 
they do occur, then that will be a matter for the authorities 
to deal with.
    Mr. Fitzpatrick. Can you guarantee the confidentiality of 
the information?
    Mr. Berner. I am here to tell you today, Congressman, that 
we are going to make data security and guaranteeing or assuring 
confidentiality our top priority. And I want to make sure that 
we do everything we can to communicate to you and to your staff 
all of the policies and procedures we are putting in place, so 
that you can understand what we are doing, and make sure that 
we are doing it in the right way.
    Mr. Fitzpatrick. So the procedures, they are currently 
being written within the OFR. Are there plans by the office to 
publish for public comment, for instance, the criterion for the 
information request?
    Mr. Berner. If there are data requests in the way we are 
collecting data, just as we have done with the LEI, then we 
will put those things out for comment by the public.
    Mr. Fitzpatrick. Sir, you acknowledged in the testimony 
here today that there is no limit on data collection except in 
your words, you said, ``excluding the collection of data for 
data's sake.'' There is no limit on assessments, no limit on 
funding for research.
    The only limit you articulated so far today was the generic 
pledge to be reasonable. It would be more comforting to hear a 
specific strategy plan with specific goals and metrics. So when 
might we see that plan?
    Mr. Berner. It is a good question, Congressman. We are in 
the process of developing that. And we want to make sure that 
you have every opportunity to review it with us.
    We are in the process of reviewing that for Fiscal Year 
2012. And we want to make sure that we go over that with you or 
your staff so you have an opportunity to discuss it with us.
    Mr. Fitzpatrick. So for Fiscal Year 2012, perhaps by the 
fall of this year, we will see the specific plan of the Office?
    Mr. Berner. Perhaps by then. That seems like a reasonable 
date.
    Mr. Fitzpatrick. Okay. Nothing further.
    Chairman Neugebauer. I thank the gentleman.
    The gentleman from Florida, Mr. Posey.
    Oops. Not here, all right.
    Mr. Renacci?
    Mr. Renacci. Thank you, Mr. Chairman, and thank you, 
Counselor Berner, for being here.
    I also, as my friend, Mr. Carney said, was not here last 
year when this new Office of Financial Research was put 
together. But let us make some assumptions.
    First, let us assume that gathering all this data is good. 
But my next assumption would be, let us put you on this side of 
the table instead of that side of the table. If you needed to 
gather all this information, and you knew that there were a 
number of other agencies out there that had all this 
information, wouldn't it be easier to pick one of the other 
agencies?
    Because you are telling us--one of the things you have said 
is you are going to have to go out and talk to other agencies.
    Wouldn't it be easier to have one of the other agencies 
just have this as one of their missions and have one of those 
other agencies do it, than set up a whole other agency with 
unlimited oversight, unlimited budget, and unlimited reach?
    Mr. Berner. Congressman, the statute set it up to set up 
the OFR--
    Mr. Renacci. No, no, I understand what the statute did. I 
am asking you a question, I am putting you on my side of the 
table now.
    In a time when we are spending too much money, we have 
overriding debt, let us say we need to gather this information. 
Wouldn't it have been better to put this in the hands of one of 
the other agencies that are already there?
    Mr. Berner. Congressman, I am not sure I can speak to that 
hypothetical. All I can say is that didn't happen when those 
agencies were presumably all working together. And I think that 
is one of the reasons that the framers set up the OFR to be an 
agency that would collaborate with the other FSOC member 
agencies to make sure that the data were collected and shared 
in an appropriate way, not to duplicate efforts, but to 
coordinate and collaborate in a way that hadn't been done 
before.
    Mr. Renacci. Again, I understand why you answered the way 
you did. But I think the simple answer is, in a time where we 
don't have the money and we want to get this information, it is 
easier to take the overhead from another organization and just 
make that their mission, instead of putting burdensome 
assessments.
    One of the things you testified to earlier is you want to 
see assessments that are not burdensome. My concern with that 
is any assessment to any financial institution becomes a 
burden, because it takes jobs away from those financial 
institutions.
    So, again, if we are already assessing it with other 
agencies, and now you are going to add another assessment 
through this agency, it becomes burdensome, no matter what it 
is. So what we have to do here in the Federal Government, even 
if we need data like we are talking about--that is what I said.
    I am not even saying we don't need the data. I am saying, 
let us make the assumption we need it. We need to make sure we 
can do it in a more efficient way than setting up another 
entity.
    You also said you want to collect data only where you think 
other agencies are missing that information. So, again, you are 
going to have to go through all these other agencies. Wouldn't 
it be simpler for the other agencies just to get the 
information that they need, that they are missing again, 
without setting up?
    I don't expect you to answer that, because I think we are 
going to go back to the statutory requirements that you are 
under.
    The ranking member said that if their assessments are too 
high, you would be willing to work with Congress.
    I am almost to the point where I would like for your 
organization to start working with Congress now to realize that 
maybe we don't need some of these extra burdensome entities and 
assessments, because this is the time to do it, not once the 
horse is out of the gate.
    One of the problems with the government that I have learned 
is once there, it is very hard to pull it back.
    But you said something else to the ranking member. You said 
that there is nothing that this agency will do to hinder the 
other agencies or guarantee that you will find anything.
    That tells me--and I don't want to put words in your mouth, 
and I don't want to restate what you were thinking when you 
said that. But it says that this agency is just another piece 
of government that doesn't hinder the other agencies, but 
really doesn't guarantee it is going to get anything done 
either.
    Is that what your--where were you at when you said that?
    Mr. Berner. Congressman, I was simply trying to make the 
point, when the ranking member asked his question, that nothing 
that we are going to do is going to hinder what the other 
agencies do. On the contrary, what we are going to do is 
complement their efforts, so that working with them, we will 
come out with a better outcome.
    Mr. Renacci. I know I am running out out of time. So I will 
yield back the remainder of my time.
    Thank you.
    Chairman Neugebauer. I thank the gentleman.
    And now the gentleman from Texas, Mr. Canseco.
    Mr. Canseco. Thank you, Mr. Chairman.
    Mr. Berner, please give me a brief answer, because we are 
sort of limited in time on these things. Do you view the OFR as 
an essential tool in helping the FSOC carry out its duties to 
identify and reduce systemic risk?
    Mr. Berner. Yes, Congressman, I do.
    Mr. Canseco. Thank you. So you believe that for the FSOC to 
function properly, it needs the OFR data to support it?
    Mr. Berner. Yes, it needs it. From whatever source, it 
needs more data than it currently has.
    Mr. Canseco. FSOC has already been engaged in proposed 
rulemaking regulations regarding systemically important 
financial institutions. Is that correct?
    Mr. Berner. That is correct.
    Mr. Canseco. Okay. So are you of the opinion then that the 
proposed rules coming out of the FSOC could be flawed because 
they lack the proper input from the OFR?
    Mr. Berner. Congressman, the OFR is working closely with 
the FSOC member agencies to try to provide them with the 
information, so that they can make decisions intelligently. 
And--
    Mr. Canseco. Is the OFR up and running at this time? Is it 
functioning the way it is supposed to be? Is there an officer 
already in charge?
    Mr. Berner. As you point out, Congressman, there is no 
Director. But the OFR is up and running. The OFR is providing 
information to the FSOC and collaborating with FSOC member 
agencies to make sure that we make the best use of the data 
that we already have.
    We have come a long way in assessing what I said earlier, 
namely trying to understand which data we have available. And 
those data are being used by FSOC member agencies already.
    Mr. Canseco. What criteria is the OFR going to use in 
deciding the information it truly needs from what companies and 
from what companies it intends to get it?
    Mr. Berner. Congressman, it is a great question, because 
the answer is that we are going to try to look across the 
financial system to find out where the threats to it exist. And 
so, the presumption is that it is largely going to arise from 
the most important institutions in the financial system, from 
those institutions that are most connected, and from those 
institutions which satisfy the criteria in the statute for 
being systemically important.
    And so, those are the institutions where we will look 
first.
    But I want to emphasize that this crisis was not just about 
institutions. The financial crisis that we have just been 
through also reflected what was going on in markets. So we 
can't just collect data from institutions. We have to collect 
data from markets and market transactions. And that is a very 
important part of the OFR's functioning.
    And it will be also a very important part of what the FSOC 
does in trying to assess systemic risk or trying to assess 
threats to financial stability.
    Mr. Canseco. Are you planning on publishing these criteria 
for public comment, lifting at least some of the opaqueness 
that currently surrounds the OFR?
    Mr. Berner. Congressman, it is an excellent question, 
because we are committed to being as open and transparent as we 
possibly can be. We don't want to put those things out 
prematurely, before we thoroughly discuss and vet them.
    But when we have a pretty good idea that we are doing 
things in a way that we are satisfied with, we are going to put 
them out and make sure that people understand them.
    Mr. Canseco. Do you know if the OFR is planning on 
conducting robust cost-benefit analysis on its proposed methods 
for collecting this data?
    Mr. Berner. Congressman, we want to make sure, as I 
indicated earlier, that the way we collect the data is cost-
efficient, that it actually reduces the reporting burden for 
industry, and that it provides benefits to both industry and 
regulators, and to make sure that cost-benefit calculation is 
very favorable.
    Mr. Canseco. Mr. Berner, I understand that in the statute 
there is a provision that prohibits the Director of the OFR or 
an employee who had access to the data center from working in 
the financial industry for 1 year after they leave the agency. 
Is that correct?
    Mr. Berner. Yes, that is correct.
    Mr. Canseco. And to your knowledge, does this prohibition 
apply to academics involved in projects funded by the OFR or 
part-time workers or contractors who may not be considered 
employees as defined by the statute?
    Mr. Berner. My understanding, Congressman, is that anyone 
who has access to sensitive data will be prohibited from being 
employed to use those data for commercial advantage. And so 
what is very important here is what we were talking about 
earlier, namely data security. Anybody who is a contractor to 
the OFR doesn't get access to all the data that the OFR or the 
FSOC member agencies will have.
    Mr. Canseco. So, therefore, anyone who is exposed to that 
data or who has any kind of access to that data?
    Mr. Berner. The principle should be that anyone who is 
exposed to sensitive data, and we are going to make sure that 
the exposure is consistent with their responsibilities, will 
have suitable restrictions on them, yes.
    Mr. Canseco. Do you think that 1 year is a suitable 
timeframe or should it be longer or shorter?
    Mr. Berner. One year seems to be a reasonable timeframe, 
given that most data, after a years' time, become less and less 
relevant for any commercial benefit. Obviously, we are going to 
have to take a look at that over time. But to us and given our 
experience, my experience in the financial services industry 
over 3 decades, that seems like a reasonable timeframe.
    Mr. Canseco. Thank you, Mr. Berner.
    Chairman Neugebauer. I thank the gentleman.
    I wrote to GAO, and I asked them to provide testimony for 
the record on the cost of Dodd-Frank implementation. I would 
like to ask that, without objection, it be entered into the 
record.
    Mr. Capuano. Mr. Chairman?
    Chairman Neugebauer. Yes?
    Mr. Capuano. Mr. Chairman, if I may, I have no objection 
with that report, but that report, as you know I have 
expressed, is a little limited. It is one one-sided.
    I would like to also enter into the record a letter that I 
have sent to the GAO and some other documents, showing that 
there is a little bit broader aspect that we would like to push 
through.
    Chairman Neugebauer. Without objection, it is so ordered.
    Mr. Capuano. Thank you, Mr. Chairman.
    Chairman Neugebauer. And now the gentleman from Frog Jump, 
Tennessee, Mr. Fincher.
    Mr. Fincher. Thank you, Mr. Chairman.
    I kind of want to echo the comments made by Mr. Renacci and 
read something from the summary.
    ``Beginning in July of 2012, the OFR is funded by 
assessments on large bank holding companies. The OFR's budget 
is not subject to Congressional appropriations and the OFR can 
levy assessments it deems necessary to fund itself.''
    A couple of questions, is there a cap on salaries within 
the OFR on how much people can make?
    Mr. Berner. It is a good question, Congressman. There is a 
set of salary guidelines. And those are consistent with the pay 
scale of other Federal financial regulators. So, if you will, 
there is a cap on salary.
    Mr. Fincher. What is that cap?
    Mr. Berner. My understanding is that cap--I don't have the 
numbers at my fingertips, but we will be happy to get you those 
data.
    Mr. Fincher. Thank you.
    And what is the definition of ``large bank?'' The chairman 
of the full committee, a few minutes ago, said something to the 
effect of the community banks not having to shoulder funding 
the OFR's budget. What is the definition of ``large bank?'' Can 
you explain that?
    Mr. Berner. Sure. The statute requires that any bank 
holding company with assets more than $50 billion will be 
subject to supervision by the Federal Reserve. But I want to 
point out, Congressman, and this is very important, I am glad 
you raised the question.
    The assessments and the determination of who is supposed to 
be eligible for supervision by the Fed will not be limited to 
bank holding companies. There are a certain number of non-bank 
financial services companies who will also be subject to that 
determination. and that determination has yet to be made.
    Mr. Fincher. Okay. The Dodd-Frank statute says that the OFR 
shall announce regulations in the section, including the type 
and scope of the data to be collected. When will you make known 
these rules?
    Mr. Berner. Congressman, it is an excellent question. We 
are in the process of developing those protocols and 
procedures. And we will make them known as expeditiously and in 
as timely a fashion as we possibly can.
    Mr. Fincher. It really just seems to me, coming from the 
private sector being a freshman, a business person, that we 
keep looking to Washington and more government for the answers. 
And we have multiple agencies to, again, deal with data 
collection.
    And in a place and time in this country's history that 
financially we are in such a bad position, to keep spending the 
amount of money that it seems that we are going to spend in the 
OFR--I know the intent is for the right reason, that we make 
sure that we are protected in the case of problems down the 
road.
    But I hope we are doing the right thing, spending the 
American taxpayers' money. It seems like in an open-ended 
project. So I am very frustrated.
    I understand, again, the intent, but Washington, too many 
times, is not the answer. It is the problem. And the private 
sector, they don't want to have much faith in us. And I just 
hope we are doing the right thing.
    So with that, I appreciate your being here and I yield 
back.
    Chairman Neugebauer. I thank the gentleman. And Mr. Berner, 
we thank you for your testimony. We appreciate your time.
    With that, we will dismiss this panel and receive the 
second panel. Thank you for coming.
    Mr. Berner. Thank you, Mr. Chairman. Thanks for having me.
    And I look forward to further hearings and to further 
communication with you and your staff.
    Chairman Neugebauer. Thank you.
    I will just remind the second panel that your full written 
testimony will be made a part of the record. We will recognize 
each one of you for 5 minutes.
    The first person we will recognize is Mr. Dilip Krishna. 
And you are recognized for 5 minutes.

    STATEMENT OF DILIP KRISHNA, VICE PRESIDENT OF FINANCIAL 
                 SERVICES, TERADATA CORPORATION

    Mr. Krishna. Thank you, Mr. Chairman.
    Chairman Neugebauer and members of the subcommittee, my 
name is Dilip Krishna, and I am here today representing 
Teradata Corporation. Thank you for the invitation to offer 
testimony today.
    Teradata is among the world's largest companies focused 
solely on analytics and data warehousing. Our technology 
provides businesses and governments with the ability to 
leverage detail-level data, enabling them to quickly recognize 
emerging trends and take appropriate corrective action.
    The recent economic crisis has taught us that our financial 
institutions are truly a national asset. Responsibly managed 
financial institutions, of which there are many, are the 
bulwark of our economic system. At the same time, the 
irresponsible behavior of some in the industry has cost the 
American taxpayer dearly.
    Effective oversight of the financial system is critical to 
our Nation's success. At the same time, we want smaller, more 
efficient government that continues to allow the same high 
level of innovation and leadership that has propelled the 
prosperity of our market-based system for over 2 centuries. 
Teradata's experience over 30 years has shown us that 
technology is the catalyst that can create smaller but smarter 
governments generating immensely valuable results while 
lowering costs at the same time.
    Financial oversight critically depends on a deep 
understanding of the situation at all times. Known risks must 
be monitored and unknown risks is covered.
    An efficient, integrated store of information is critical 
to both functions. These competing needs lead to conflicting 
demands on the information store, industrial spent robustness 
versus lab environment flexibility. What is exciting about 
today's information technology capabilities is that both of 
these needs can be satisfied by the same analytic system.
    The role of financial oversight is critical to making our 
systems safer and robust data and analytic capability is an 
important first step.
    The Office of Financial Research mandate is broad and 
vague. Our experiences have shown, however, that a data 
warehouse for financial risk analytics is critical to proper 
oversight. I offer the following comments in regard to 
successfully developing a data warehouse based on the practices 
that Teradata has learned from working with the world's largest 
corporations.
    Most large corporations have developed such repositories 
for their own business purposes. The common principle employed 
by our successful efforts is to think big but start small. 
Starting with a small, well-scoped initial phase, you can lay 
the foundation for an ambitious long-term program. The data 
warehouse can start by creating a standardized reference data 
environment, which would be useful not only to regulators but 
to the financial community as well.
    Risk analysis in the financial sector requires the use of 
details, position, and transaction data on a periodic basis, 
and the data warehouse can also serve this need by integrating 
the information into the repository.
    The key principle here is to avoid making the perfect the 
enemy of the good. While there are many barriers to perfectly 
standardizing data, none of these barriers are formidable 
enough to prevent the data warehouse from using what is already 
available for gross systemic risk computations. In fact, the 
very act of periodically refreshing and integrating this data 
will break in the system and improve its quality over time.
    A data repository such as this would contain much sensitive 
data with the implications not only to financial institutions 
but potentially to private citizens as well. Therefore, data 
security technology must be taken very seriously in the effort. 
The good news is that the technology required is available 
today, and the innovations and technology are rapidly changing 
the landscape of American business.
    Chairman Neugebauer and members of the subcommittee, the 
time has never been better for leveraging information 
technology to create a strong system of financial oversight 
that is also cost-effective. Smarter government leads to 
smaller government and a savings for the Nation's taxpayers.
    The choice is ours. We can embrace proven technology to 
strengthen the financial system, or we can ignore it, raise 
taxpayer money, and possibly face future catastrophe.
    Again, thank you for the opportunity to testify this 
afternoon. I look forward to answering your questions.
    [The prepared statement of Mr. Krishna can be found on page 
58 of the appendix.]
    Chairman Neugebauer. Thank you.
    Our next witness is Mr. Alan Paller. He is the director of 
Research at The SANS Institute.
    Mr. Paller?

   STATEMENT OF ALAN PALLER, DIRECTOR OF RESEARCH, THE SANS 
                           INSTITUTE

    Mr. Paller. Thank you for allowing me to testify today.
    As we sit here today, Federal computers are being broken 
into. They are being taken over--data has been taken from them 
and they are being turned into zombies so they can be used for 
further attacks.
    You, a few minutes ago, talked about Bill Lynn's speech 
earlier today when we learned that 24,000 very critical 
documents that include satellite data and avionics--the data we 
didn't want to lose--were lost in March. So that is happening 
as we speak.
    In a minute, I will tell you about a few more of them but 
first, the reason I know about these things is we run the main 
cybersecurity school where we train the NSA, the FBI, DOD, the 
banks, and the insurance companies in 70 countries. We have 
120,000 alumni.
    We also run the early warning system for the Internet. I 
hear a lot about those attacks, but I use data that is publicly 
available. So what I am going to tell you is an accurate but 
incomplete picture of what is going on.
    I want to answer four quick questions: one, who is doing 
the attack; two, what are they looking for and how effective 
are they; three, how do they work, because it is useful to know 
how they work in evaluating whether something that you are 
doing is at risk; and four, are the financial practices, the 
practices of the banks a lot better than what is going on in 
the government? So let us do those quickly.
    Who is doing it? Primarily, the attacks against the Federal 
Government are by spies, most of them paid for by nation 
states. There is a little bit of organized crime against 
government, but most of the organized crime is going against 
Exxon and Google and the other companies.
    And what are the spies after? Primarily, it is military 
information like what you heard about earlier today. But there 
is also what General Alexander, who heads the Cyber Command, 
likes to call remote sabotage tools. Once they get in, they 
actually burrow deep and leave a tool there that pops up to ask 
for instructions randomly over a period of years, so it is an 
in-place tool that can be used to change the data on computers 
whenever that is needed.
    And then their third goal is financial information and 
trade information that is used in negotiations between 
countries. Other countries that have the interest of their 
companies at heart like to steal information from our companies 
so that when negotiations happen, they know more about our 
playbooks than than we do. So that is what they are after.
    How bad is it? You heard the one today, another comment 
like that came from General Lord who ran cyber at the Air Force 
who said, ``China has downloaded 10 to 20 terabytes of data 
from the NIPRNet. They are looking for your identity so they 
can get into the network. There is a nation state threat going 
on.'' So it is a big loss, not a small loss.
    And the kinds of things they have taken, I mentioned a few 
but they got the--the F-35 strike fighters are our most 
expensive systems, $300 billion. They got a lot of avionics 
information from that, that other countries are already using.
    So it is a massive amount of data. And what is interesting 
about that is they didn't get it from the DOD, they got it from 
the contractors. This attack today was also from the 
contractors. And that is important because a lot of what we do 
in government has been outsourced for IT, and it is the 
contractors who are losing the data.
    And I have one more example. A lot of people think it is 
just DOD, but the Commerce Department got hit very badly. There 
is a division of Commerce that decides which technologies are 
too sensitive to export, called the BIS Division, and that was 
what they got into.
    So there are a lot of attacks, but notice it is usually a 
spying thing. The reason you see attacks against the NASDAQ and 
again the IMF, say, is that financial data is also a target of 
attackers, but we don't have really good data on what they were 
after and what they were going to do with that data.
    I want to add two more things. One is, how do they work? 
And let us say they decide you have critical data that they 
want from you and they get to know your staff director, and 
they spend a lot of money finding out what he is working on. 
And then they fake an email that looks like it came from him to 
the people who do the system administration work for you.
    And because it appears to come from the boss and it has 
critical data in it, it fools them into opening the email. The 
email has an attachment that takes advantage of an error that 
they didn't fix on their computer, bad hygiene. They just 
didn't fix it on their computer. That forces the victim's 
computer to call out to the attacker's computer to get 
instructions.
    Those instructions are what to gather and how to gather it. 
They gather it up and then they burrow deep and stay there so 
they can come back later. That has happened to Presidential 
campaigns, Congressional offices, and lots of Federal agencies.
    When you hear a witness say, ``We haven't had any 
breaches,'' you should translate that into, ``I have not been 
told of the breaches that we have had,'' because saying, ``We 
have not had any breaches'' in a major Federal agency isn't 
credible.
    I want to close with a couple of ideas. One is that banks 
do a better job because of two things: there is a lot of money 
at stake; and there are consequences. I go into detail on that 
in my written testimony.
    And finally, don't decide to act just because there are 
cybersecurity problems. If you choose not to do something that 
is important because there are cybersecurity problems, you have 
to stop doing everything. It might be a better idea to take 
advantage of the fact that this is important, and if you agree 
it is, then do a better job of doing cybersecurity, and I try 
to lay out what that means in my written testimony.
    Thank you for your attention. I am happy to answer 
questions.
    [The prepared statement of Mr. Paller can be found on page 
74 of the appendix.]
    Chairman Neugebauer. Thank you.
    Our next witness is Dr. Nassim Taleb, distinguished 
professor of risk engineering at the New York University 
Polytechnic Institute. Dr. Taleb?

STATEMENT OF NASSIM N. TALEB, PH.D., DISTINGUISHED PROFESSOR OF 
  RISK ENGINEERING, NEW YORK UNIVERSITY POLYTECHNIC INSTITUTE

    Mr. Taleb. Mr. Chairman, Ranking Member Capuano, members of 
the subcommittee, thank you for giving me the chance to express 
myself.
    I have been sitting here listening, and what I heard was 
data, data, data, and just data was a great thing.
    In ``The Black Swan,'' my book that sort of matched the 
testimony, I write that if you give bookmakers 30 pieces of 
data, they will bet with more confidence. And they will predict 
much, much--the predictability will drop over 10 pieces of 
data. Okay?
    There is something called too much data.
    In the 1970s, my coauthor--also did that. If you have very 
sophisticated economic technique, they tend to work on your 
computer very well, much better than simple techniques. But 
guess what, they degrade when it comes to the real world.
    And I am very interested in the real world, not in what 
happens on computers or in research papers.
    I am here primarily as a practitioner of risk, a risk-
taker, a trader, who became later on a scholar because, of 
course, I lost a lot of hair worrying about my trading 
position, 20 years of trading. So I retired and became a 
scholar.
    So I am here partly as a trader, say 75 percent as a trader 
and 25 percent as a scholar. And I have seen all these people 
with great ideas, econometric methods, and so on who work on a 
computer. And, of course, they tend to take a lot more risk, 
which is the reason I faxed Fannie Mae in 2003, and they 
answered, we have 15 Ph.D.s on our staff. And I told them, 
``You can have 15 million--on your staff. It is not going to 
help you manage your risk much better.''
    If you take a lot of risk, you can't predict.
    So what is the problem with what is going in this proposal? 
It looks like a new version of the central planner, what I call 
the omniscient Soviet-style central risk manager. Of course, 
the central planner did not work, as we know, and this has not 
worked.
    Financial risks are not like the risks of cyberspace and 
things like that. They are not that tractable. Financial risks 
belong to a completely different category that you cannot map 
quantitatively, like history, people study techniques. They 
think that the great techniques, that work of statistical 
physics, can apply to finance. So far, these things don't work 
outside their computers.
    So what I am saying is, first, these risks became 
completely unpredictable, so we can have seven or eight more of 
these offices, and they are not going to predict any better. 
The details are, of course, in the appendix I gave you.
    Second, this measure has side effects. Get someone a risk 
measure and he will take more risk. This has been shown in a 
lot of experiments. If I give a German judge a die and make him 
throw the die before sentencing, high number of this to high 
and longer sentencing on short numbers. You give people 
numbers, they take more risk for sense of security and beyond.
    Also, maybe the main point is that what we need is to move 
away from measuring and trying to predict events and measuring 
risk and doing these kind of fancy things that have never 
worked. You have how many people who did analysis of the sort 
the gentleman before this panel was discussing, how many?
    All right, 10,000, 20,000? Did they see the crisis coming? 
No, they all just got caught.
    Did they see the crash of 1987 coming? No, they all got 
caught. So almost all, all right. Definitely a smaller number 
than random escaped. So what we need is less is more.
    A very simple rule of thumb: Less is vastly more. And it is 
very hard to tell people who love data that less is more, that 
less is effectively more in so many domains. What we need are 
just very simple methods of robust defying portfolios.
    The simplest one for me is to remove the agency problem. 
When you fly, when you get on a plane, you prefer the pilot to 
be on board, right? It is a very simple rule of thumb that 
increases your safety. What--like the same was max, a very 
simple small rule of thumb rather than grandiose plans, 
particularly that these have never worked in the past.
    If people look at our track records and then predicting 
these quantitative methods, a horrible record, that was my 
book, ``The Black Swan.'' And now 4 years later, people are 
starting to repeat my argument a little bit too late.
    Thank you.
    [The prepared statement of Dr. Taleb can be found on page 
82 of the appendix.]
    Chairman Neugebauer. Thank you.
    And our final witness, Dr. John Liechty, the director of 
the Center for the Study of Global Financial Stability at Penn 
State University.
    Dr. Liechty?

 STATEMENT OF JOHN LIECHTY, PH.D., PROFESSOR OF MARKETING AND 
STATISTICS, AND DIRECTOR OF THE CENTER FOR THE STUDY OF GLOBAL 
      FINANCIAL STABILITY, SMEAL COLLEGE OF BUSINESS, THE 
                 PENNSYLVANIA STATE UNIVERSITY

    Mr. Liechty. Thank you, Mr. Chairman, Ranking Member 
Capuano, and those members of the subcommittee who have chosen 
to brave it out, tough it out until the end. I appreciate you 
being here.
    I have a couple of things I would like to--
    Chairman Neugebauer. Would you pull your microphone just a 
little closer to you?
    Mr. Liechty. Sorry, is that better? I appreciate you 
coming, if you didn't hear it already.
    There are a couple of things I would like to just 
highlight. I was actually involved in the legislation, in 
thinking of the idea, of advocating to folks on the Hill and 
actually helping negotiate the final version of what came out 
of this legislative process.
    I am a private citizen. I got involved in this because I 
went to an OCC workshop that happened in February of 2009, and 
we had just had the financial crisis and people at the workshop 
were talking about statistics and financial risks. I am a 
statistician. That is my training.
    During the workshop, people were talking about individual 
institutions and trying to keep individual institutions safe. 
It is kind of like we have just gone through a major car wreck, 
a big pile-up on the freeway and people are saying, ``Well, let 
us look at each individual car. Let us make sure the oil 
pressure is fine. Let us make sure the brake systems work, but 
let us not worry about how fast they were going or how close 
together they were with the road conditions that might be 
changing.'' All we are going to do is worry about these 
individual institutions.
    So I looked at that group, and I didn't know a lot about 
the data and what is available. I figured the Fed have the 
data, to be honest. I raised my hand and said, ``I am a 
statistician. Let us start with the data.'' We can take that 
data and begin to try to understand this system. If you think 
about science, science starts off first trying to describe a 
phenomenon, and then trying to explain how the pieces work, 
then trying to predict it. And eventually, if we are really 
good, we start doing engineering to try to control it.
    In my view and assessment, I would fall in with Professor 
Taleb, in that we are at the beginning stages of describing. We 
really don't understand a lot of the dynamics. We have a system 
where we look at what the markets produce in terms of prices. 
That is the equity markets, some of the bond markets, the 
derivative markets. But we don't see very much of what is going 
on underneath, right?
    And so a group of us said this is a compelling national 
need, and I don't want to take my time to read it, but I have a 
letter that was signed by six Nobel Laureates sent to the 
Senate Banking Committee advocating that we need to have better 
data and better analytics for the regulatory community. If it 
is possible, I would like to submit that for the record.
    Chairman Neugebauer. Without objection, it is so ordered.
    Mr. Liechty. Thank you.
    What kind of data can we gather? I agree that we want 
robust methodology, but I disagree that we cannot move forward 
scientifically to the degree that we cannot begin to quantify.
    I think the analogy is better put in terms of thinking 
about the National Weather Service and where we were with 
hurricane modeling 50 or 70 years ago when we didn't have good 
weather data, when we didn't have a sustained scientific effort 
trying to understand how the different particles interact and 
the models that would be taking the data from satellites in 
order to understand and begin to build the science needed to 
see when hurricanes might be forming and when they might be 
making landfall.
    I know there are weaknesses in that analogy, but I think it 
is an interesting place to start in terms of thinking about how 
we are going to attack the problem with financial stability.
    I will describe a couple of effects. Take the hamburger 
effect. This is kind of an example to illustrate the value of 
this type of financial data. When we think about the FDA and 
how we process and keep track of food safety, if somebody gets 
a piece of hamburger that makes him sick, what can we do? We 
can track that all the way back to the farm where that cow was 
produced and grown.
    We can understand what the risks are because we can see the 
disease, the contamination and how far it went, and how it 
flowed through the system, right?
    When we go and look at mortgage-backed securities and their 
derivatives and other asset-backed securities which were being 
used as money equivalent in the repo market in 2008, we do not 
have the ability to trace through the market to go all the way 
back and say where these loans came from.
    What happens in the hamburger marketplace is if somebody 
gets sick and you can't trace back where the core cows are at 
that might be causing the sickness, everybody walks away from 
the hamburger market. And that is what happened to one of the 
major funding sources providing liquidity, short-term funding. 
In the broader marketplace, that is substantial.
    Another example of where we could create benefit from 
better data would be what I will call the long-term capital 
effect. When long-term capital management was on the verge of 
going down, the Fed pulled major financial players into a 
crisis management meeting.
    I heard this story from a friend who was at one of the 
major investment banks involved. Their guy got pulled in, and 
they calculated that they had a $100 million exposure to long-
term capital at that time, which is a body blow but it wasn't a 
death blow.
    Their guy came back from a negotiation and said, ``We are 
in for $180 million to cover the $100 million exposure.'' And 
my friend said, ``Why is that?'' And it is because of the 
network effects. If they say no and we let them go down--we let 
long-term capital go down, we don't know which of our trading 
partners might go down, partners where we have much bigger 
exposures, that could take us down.
    Both of these effects not only helped bring about the 
financial crisis, they helped exacerbate it and make people 
want to run to what they felt was safe--U.S. Treasuries, right? 
They could not trade these products, they didn't know how to 
price them so they didn't really know where the contamination 
was coming from, and they didn't know how to value the trading 
books of their partners because they didn't know how much of 
these mortgage-backed securities that they held. They didn't 
know if somebody else teeters on the edge, how that is going to 
propagate through the system. There is data that is not being 
collected but is essential if we want to have a safe and secure 
financial system.
    I gave up, I assure you, plenty of consulting money to try 
to get this legislation through. I did it for five reasons--
Joseph, Jacob, Sam, Matt, and Tom. Those are my five boys. I 
would like them to have a safe, secure financial system going 
forward.
    With regard to where they could have put the OFR, they 
could have put this in the Fed or the OCC. There are a lot of 
places that could have been given the OFR. In the end, there 
was horse trading in the Senate and it ended up in Treasury. 
Could there have been a little better overhead? Yes, there 
could have been a little better overhead.
    But the thing you have to realize--I am sorry, I have gone 
over here. The thing you have to realize is there are 
substantial industry savings that will far outweigh the cost of 
the OFR. I would be happy to answer any questions. I apologize 
for getting a little excited.
    [The prepared statement of Dr. Liechty can be found on page 
66 of the appendix.]
    Chairman Neugebauer. I thank the gentleman. I recognize 
myself for 5 minutes for questions.
    Mr. Taleb, before the financial crisis occurred, you wrote 
in your book ``Black Swan,'' and I think I quoted here, ``The 
Government-Sponsored institution of Fannie Mae, when I looked 
at its risk, seemed to be sitting on a barrel of dynamite, 
vulnerable to the slightest hiccup. But not to worry, the large 
staff of scientists deemed that these events were unlikely,'' I 
believe you say.
    First of all, can you tell us why you wrote this? And 
secondly if you claim that no one can predict the process, how 
are you able to predict it?
    Mr. Taleb. I have a very--first of all, the risk of Fannie 
Mae, you can see on an abacus. You don't even need to have 
centralized, you can look at it. You can look at their books. 
You can see it on an abacus. You don't need data. I think it 
takes no time to figure out.
    But I have a very simple rule on which I built my entire 
career. If a pilot is overconfident, he will crash a plane. So 
if someone thinks that he has the answer, if he thinks he can 
predict, particularly in a domain like finance that is hardly 
predictable or rather unpredictable, then he will take vastly 
more risks than a regular person and he will crash that plane.
    So all I did was use that simple rule by saying those who 
claim to see the future will blow up, and the word blow up 
means have lose vastly in excess of what you think you can 
have. Fannie Mae was one of my targets and, of course, many 
targets and seems to play out in 2008, and that is the same 
principle.
    And I think that what will happen with this committee, not 
with the committee, with the effects of the OFR is they will 
give people a false sense of confidence. They will tell people 
to take more risk, to make the system more vulnerable and will 
have more blow-ups. And after the blow-up, they are going to 
say, while the government was supervising and they didn't tell 
us that the incident will take place because I know they are 
not going to be able to predict the crisis.
    Believe me, I am certain because these things, like the big 
event that convinced me was the crash of 1987, when I was a 
trader, and I saw people crying.
    There is absolutely no reason for a 23 percent drop, 23 
standard deviation at the time. Something huge should have 
happened every 10 trillion, trillion, trillion years and happen 
for no reason. Then I realized that there are two kinds of 
people, those who focus on robustness and those who try to 
outsmart the system, like most academics like LTC and Variety; 
they think they can predict and calibrate the risk based on 
that.
    There are two kinds of people. Second category, they 
usually blow up.
    Chairman Neugebauer. There was a lot of data already out 
there pre-crisis. And actually, a lot of people were beginning 
to recognize how this thing was getting pretty big. And some of 
these were some of the prudential regulators who were supposed 
to be regulating these entities.
    So there are two points I would like to make here and get 
your comments on; one is, that sometimes people have the data, 
but two things have to happen. One, somebody has to interpret 
the data that you can put all of these information into a 
computer and you can give it, and then someone gives it the 
parameters. But then someone has to put those parameters in 
there and to determine what the thesis of what will be a bad 
event.
    The second piece of that is, is that, the one that 
computers spits out these analogs or algorithms, or whatever 
they are called, that somebody then has to interpret. But the 
third piece of that is that somebody then has to take an 
affirmative action.
    Mr. Liechty, I hear what you are saying but the question 
is, if people don't act on the data that they have, what is the 
value of the data?
    Mr. Liechty. That is an excellent question.
    The point is, I don't think anybody has ever had this data 
before. People began to see that there were pressures in the 
financial market, in the housing market. They began to see that 
there were balance sheet imbalances. There were people who were 
making subprime loans and that could lead us towards--there 
were a number of signals that were leading us towards 
understanding that there was the build-up of an asset bubble.
    But I don't believe even if we had this magic data in order 
to see the entire marketplace and understand how we could go 
forward, that would have been enough. I think this is a new 
science problem that we have to address and that we want to 
address by simply saying, ``Well, nobody can do it. Nobody has 
done it in the past.'' We haven't really put the effort in, 
yet.
    Chairman Neugebauer. Mr. Taleb?
    Mr. Taleb. I would like to disagree. I don't know the 
protocol, but I would like to say the following: I have on my 
laptop 20 million pieces of data, 20 million. I could perform 
all the analytics you want on my laptop here.
    Twenty years ago, we had nothing. We had no laptops even. 
It was Moore's Law working everywhere. The same has applied to 
financial data. We have so much data, it is not even funny.
    Predictability is decreasing and we got more data. So it is 
not like we didn't have this. We have more data than ever in 
history today. And tomorrow, we will have more than today, and 
it is growing exponentially. So I do not agree with this 
argument that we need more data or the problem was lack of 
data.
    Chairman Neugebauer. My time has expired, unfortunately, so 
I recognize the ranking member, Mr. Capuano.
    Mr. Capuano. Thank you, Mr. Chairman.
    Dr. Liechty, can you guarantee me--guarantee me that if OFR 
is up and running, we will not have another economic crisis?
    Mr. Liechty. I cannot guarantee that.
    Mr. Capuano. I didn't think so.
    Mr. Paller, can you guarantee me that if I put you in 
charge of the data on my little BlackBerry here, that no one 
will ever be able to break into it?
    Mr. Paller. Nope.
    Mr. Capuano. Mr. Krishna, could you guarantee me that no 
one could ever break into my BlackBerry, if I gave it to you?
    Mr. Krishna. Absolutely not.
    Mr. Capuano. Mr. Taleb, could you guarantee me if I made 
you the Chairman of the Fed or OFR, or any of the other 
agencies, could you guarantee me that you could foresee the 
next economic crisis?
    Mr. Taleb. To the contrary, I guarantee that I would not 
see the next economic crisis, because it is--
    Mr. Capuano. I think that is a fair guarantee for all of 
us.
    The reason I asked this is because, I guess, the next 
question I have is, there are no guarantees in life. All of 
this is simply an attempt based on the last problems we have 
been through to decrease the likelihood, at least, that we will 
repeat the same mistakes. I don't think anybody would have any 
doubt that there will be other issues, and someone will come up 
with something new tomorrow that we can't foresee.
    That is not what this is about. This is simply about trying 
to decrease the likelihood that there will be another crisis 
which, of course, there will be. But, at least, that the next 
one may not be as deep, or at least won't be the same issues.
    Is there anything wrong with trying to gather more data? 
Even if you don't use it, even if others might use that same 
data to come up with different conclusions, because I totally 
agree with what the chairman says, all the data in the world 
doesn't mean anything unless you can now analyze it. And all 
the data in the world or even 3 pieces of data--if I put 5 
economists in the room, I am going to have 15 different 
opinions on what it does.
    But I would like to know the problem. What is wrong with 
trying, within human capabilities, to gather as much data as 
possible and to try to keep our security on the economic 
system?
    Mr Liechty, is there anything wrong with trying this?
    Mr. Liechty. I don't think there is anything wrong with it. 
I will take the point Mr. Taleb raised about people getting 
risk measurements that they could then say, ``I can take more 
risk.''
    And I would say that we have actually have had people take 
tremendous amounts of risk because we have had, for example, 
rating agencies, which have been giving AAA ratings to 
financial companies which are offering and issuing bonds, these 
special purpose vehicles where the agencies themselves have no 
real sense of what the underlying risks were. They don't 
understand the tail. They don't understand how the behaviors 
might cascade through the system. And I agree that can be very 
dangerous.
    You have new agencies and they collect all of this data, 
but there are very strict rules about what data this agency can 
give out. It is not as if this agency can collect data and then 
turn around and give risk metrics and risk inputs to the market 
participants. It is going to be used in making good decisions 
about macroprudential regulations, about when you have 
concentrations in the marketplace, when you might have 
marketplaces that can't handle certain amounts of flow under 
different stress scenarios. These things lead to liquidity 
failures and freezings of the markets. That, I think, is 
useful.
    I think it also will help encourage the market participants 
to do what they really need to do, which is to start building 
their own systemwide view of the marketplace and begin to build 
their own ways in measuring systemwide risk and pricing and 
trading, and making sure that we don't have instruments that 
have a lot of what you could call tail risk--
    Mr. Capuano. Mr. Taleb, I can see you are anxious. Go right 
ahead.
    Mr. Taleb. I have had to face this question for about half 
of my adult life, and let me give you the typical answer I give 
people.
    If your pilot happens to have lost his maps, and you are 
flying toward the Himalayas and someone says, ``Look, I have a 
map of Saudi Arabia,'' should he use it? No.
    The data can increase not only risk-taking, but can get you 
in trouble. This is what--so just--
    Mr. Capuano. But I need to follow through the illogical 
conclusion. You are not suggesting that we never collect an 
ounce of data on anything because any data raises risk?
    Mr. Taleb. I am not. No, I am not saying that. I am saying 
that data beyond a certain threshold--
    Mr. Capuano. What is the level?
    Mr. Taleb. Sorry?
    Mr. Capuano. How much?
    Mr. Taleb. Beyond a certain minimum--
    Mr. Capuano. Twenty million data?
    Mr. Taleb. We passed that threshold a long time ago, which 
is data--
    Mr. Capuano. So we should give data back?
    Mr. Taleb. No, we have data that if you could supply people 
with the data and analytic--
    Mr. Capuano. How is then?
    Mr. Taleb. --that are going to take a lot more risk.
    Mr. Capuano. How is it then that over the last 3 years that 
I have asked many different panels to tell me how much money 
was in hedge funds, nobody could do it, if there is so much 
data out there? How come nobody today can tell me how much 
money is in sovereign wealth funds? How come nobody can tell me 
today what the leverage points are on those sovereign wealth 
funds? And if there is so much data out there, how come I can't 
get the answers to relatively straightforward questions?
    Mr. Taleb. I am sure that these people don't want to commit 
but you can get a lot of data on sovereign wealth funds and a 
lot of analysis on it.
    Mr. Capuano. I think--
    Mr. Taleb. But my point--
    Mr. Capuano. Yes.
    Mr. Taleb. No, no. My--
    Mr. Capuano. I get data.
    Mr. Taleb. Yes, of course, I am getting more data was 
noise--because of noise, it is going to degrade it. So you are 
going to get several more guesstimates of guesstimates of 
guesstimates.
    The point is that giving sterile information like knowing 
how much there is--and these funds and sovereign funds, may 
lead you to start taking more risk, and that is my point.
    Mr. Capuano. I understand that. And guess what?
    Mr. Taleb. Yes.
    Mr. Capuano. When I look both ways as I cross the street, 
it encourages me to cross the street because I have taken on 
that risk.
    Mr. Taleb. Exactly, because that does not--
    Mr. Capuano. So I shouldn't look both ways before I cross?
    Mr. Taleb. No, because that is not general information.
    Mr. Capuano. I should never cross the street.
    Mr. Taleb. No, that is an analogy. Again, you should not 
cross the street blindfolded. And actually I answered this, and 
I answered from my book, ``The Black Swan.''
    Mr. Capuano. But the data comes in and when I take that 
blindfold off, all of a sudden I see traffic. Oh, my God--
    Mr. Taleb. There is too--
    Mr. Capuano. --there is too much data, I cannot cross the 
street.
    Mr. Taleb. Because that is not sterile.
    Mr. Capuano. There is a line.
    Mr. Taleb. Because that is not sterile information.
    The point is that, in a natural habitat, we are very good 
at selecting information and at making our own filtering in the 
natural habitat. In finance, we haven't been doing finance for 
200 million years. We have been looking--we have had eyes for 
hundreds of millions of years.
    So finance is not a national domain for us. The data is 
different. The statistical property is different.
    Mr. Capuano. I don't suggest that it is easy.
    Mr. Taleb. Yes, I know. But I am saying, that inferring, 
that more data equals, okay?
    Mr. Capuano. No, no, no. Let me--
    Mr. Taleb. It is a big fallacy.
    Mr. Capuano. That is not my suggestion. More data equals 
more security. My comment is that maybe there was a time, but I 
haven't seen a time on any factor that data, i.e., knowledge, 
is a bad thing. It can be used badly. It can be interpreted 
poorly. We can make mistakes with it, but I have never seen a 
time in human history when more information was considered bad 
except in the Dark Ages.
    And I am going to be honest, I understand fully well. Where 
the comment can be made, the data is inappropriately 
translated. That happens all the time, and it will continue to 
happen forever and ever.
    But I have to be honest. You are the first person I have 
ever heard tell me that I should get less information in my 
life--
    Mr. Taleb. I am--
    Mr. Capuano. --and therefore, simplify it because I will 
take no risk. I appreciate the comment and I appreciate your 
position. You have had a lot of success with your own view, but 
I guess--
    Mr. Taleb. Okay.
    Mr. Capuano. --information is good.
    Mr. Taleb. I am not the first person to say there is a 
whole literature called anchoring. If you make people flip a 
wheel of fortune, and they know that this data is random, it 
will automatically impact--
    Mr. Capuano. But I also know that if you keep people 
without any information at all--I get that. Information brings 
risks. I get that.
    Mr. Taleb. No, no. Information--
    Mr. Capuano. And I understand that.
    Mr. Taleb. No, no, that data--if I ask someone his Social 
Security number, their last four digits, and then how many 
dentists are there in the Washington phonebook, the numbers 
will be correlated.
    If I put the question in reverse, the numbers will not be 
correlated. So data has an impact on decision-making and my 
point to that, given particularly when it's stale data, as we 
have in finance.
    Chairman Neugebauer. I thank the gentleman for his 
questions.
    Mr. Fitzpatrick?
    Mr. Fitzpatrick. Thank you, Mr. Chairman.
    Mr. Krishna, you were in the hearing room earlier today 
when Congressman Grimm was talking about two projects of 
information technology in the Department of Justice, both of 
which came in wildly over budget, blew the budget, a higher 
cost than expected. One was never implemented, I think he said, 
and the second project has not yet gone live.
    In your experience, what is the principal reason that IT 
projects never get implemented, and many of them, if not most 
of them, end up costing much more than originally anticipated?
    Mr. Krishna. Thank you, Congressman, for that question. I 
think there is one word that I would use and that is ``scope.''
    IT projects are notorious for going over budget. There are 
statistics that show that as little as 30 percent of all IT 
projects that are begun are actually completed, and we are not 
talking about completed within the budget, absolutely 
completed.
    So the question is, what makes these projects successful? 
And the one-word answer, as I mentioned, is scope. Keeping the 
scope tight, narrow, specific, and then addressing a project 
that goes off and builds to that scope.
    We worked with a lot of financial institutions, building 
these sorts of data repositories, and the ones that are 
successful start off small. They certainly have large visions, 
large mandates out there, but they start off very small and try 
to address a simple need first and then build based on that 
foundation.
    Mr. Fitzpatrick. So as an IT professional, from the IT 
perspective, would you be concerned about an agency of the 
Federal Government that has no limits, either in the statute, 
no limits declared yet, no plan yet prepared from the scoping 
point of view?
    Mr. Krishna. We are certainly concerned about any mandate 
that is too broad and too wide. In fact, when the Dodd-Frank 
conference discussions were occurring, Congressman King and 
Congresswoman Maloney had worked on amendments that would 
tighten the focus of the Office of Financial Research. Teradata 
definitely supported those notions. Unfortunately, they have 
not been adopted.
    We certainly believe that a narrow tight scope for such an 
effort is important, at least, in the first stage.
    Mr. Fitzpatrick. Professor Taleb, you have mentioned in 
your written testimony that the rationale behind the OFR is a 
Soviet-style of thinking, not a direct quote but basically that 
is what you had indicated. Can you expand on that?
    Mr. Taleb. Yes, this idea that top-down, you can see the 
risk top-down is--and the problems with it is the debate is 
very old. The debate was central planner but it is called 
omniscient central planner who can see everything and, of 
course, has the ability to set prices. That is an old debate 
and, of course, that went away and now we are repeating the 
same experiment by thinking we should have a centralized 
omniscient risk manager who can see risks.
    I have discussed what I call ``etrogenie,'' which is a side 
effect. Like any drug has a side effect, I have discussed the 
side effects and it has appeared in conversations before. And I 
think the side effects are so very severe. Of course, we have 
direct costs. Cost overruns are almost certain in technology, 
particularly with government projects.
    But we have side effects that are vastly worse than the 
cost overruns.
    Mr. Fitzpatrick. I am also concerned about the big central 
planning, and as Mr. Paller and Mr. Krishna's comments, the 
very broad scope of what the OFR is tasked to do here.
    Professor Liechty, do you have any concern about the broad 
powers that have been granted to OFR in terms of the ability to 
collect all kinds of information? Do you have any concern about 
that scope?
    Mr. Liechty. It is a very good question. I would take the 
exception to a Soviet-style approach. I don't think you can 
understand a system unless you collect data about the system. 
Before you can monitor, you have to measure. That is the 
fundamental rule. Somebody has to collect that data.
    In the street, they could do that if they wanted to. If 
they are not moving in that direction, that is fine.
    The OFR actually has very limited authorities. We 
specifically said when we were negotiating about the OFR, that 
we did not want the OFR to have any regulatory authorities. 
When I say limited, I mean that it cannot set any capital 
requirements. They cannot make any prescriptions in terms of 
the health of financial companies and how the marketplaces 
work.
    The only thing the OFR has the authority to do is to set 
standards and to request data from a set of companies as 
defined in section two of the Dodd-Frank Act.
    Mr. Fitzpatrick. But, Professor, I think you have indicated 
that tools are not yet in place to do that. I want to just 
quote your written testimony. We discussed the science behind 
predicting a financial crisis. And you said, and this is a 
direct quote--``Is it true that the science and the tools have 
not yet been developed? But that is a call to action not a 
cause for despair.''
    So what assurance can you give us, Professor, that the 
science and the technology will ever catch up to the mission of 
the OFR, and more importantly, what happens if it doesn't?
    Mr. Liechty. Maybe I can reflect back on the National 
Academy workshop, which was organized in November of 2009, and 
I put this in my written testimony also. The basic thrust to 
that was that we have good starting points for the science, we 
have good starting points for the models, but we are not there.
    It is going to be an additive ongoing process, potentially 
multi-decade effort in order to gain the kind of understanding 
that we need.
    If you look back at the impact that--go back to the weather 
analogy and the impact that hurricanes had across America, 
historically, and there is a long history. And you look at the 
response that we have had from the government's perspective to 
try to understand hurricanes, to collect the data, and to do 
the science, it started with Thomas Jefferson and culminated in 
legislation in 1970 when Richard Nixon actually created NOAA.
    The legislative reaction began to get the science in place 
to be able to understand the dynamics of the weather system and 
to be able to forecast, to predict, and to safeguard the 
people. I think the science will get there.
    To be very candid with you, I am not sure how fast it will 
go, but I believe we can do it.
    Chairman Neugebauer. I thank the gentleman. And now, Mr. 
Renacci?
    Mr. Renacci. Thank you, Mr. Chairman.
    Mr. Krishna, you actually started off the testimony with 
probably the line that summarizes this whole thing: Technology 
can lead to smaller and smarter government. We need to get 
smaller and smarter.
    With that, Mr. Liechty, I can tell you that it is 
interesting to have all the information in the world and, in 
some ways, I agree with Mr. Taleb that in my past life, I would 
go into a company and I would have to analyze the risk of 
either acquiring or operating that company.
    You reminded me of a new testimony, as I walked into a room 
one time, like this, filled with information, filled with 
information for the last 10 years and the next year all of 
everything that company has done. And I can tell you, the more 
information that was sitting in the room, the more scared I 
was.
    And guess what I learned from that? I learned that on the 
reverse side, when somebody would come in to one of my clients 
and want to see what the risk was, I would tell them to fill 
the room up with information. Because the problem is, it is not 
about the information you have, it is about access to the right 
information, and that is the problem.
    So you could have rooms full of information, you could have 
all that information but you have to have access. And the 
problem I have even with your hamburger analogy is, you might 
find out that you have bad meat at a farm and you might go down 
there and figure out the process that occurred. But while you 
are trying to fix that, there is another problem going on. So 
you are fixing that problem but there is another problem.
    So it is not only access that has been able to move through 
information and been able to move in the direction to fix 
things. I am not too sure just having this information is the 
answer.
    But what I am sure of, and I am going to ask you the 
question--what I am sure of is that there is a cost to getting 
this information.
    And it is interesting because all of you who have talked 
about information, whether it is a room full or just the right 
access information, the question is--and I am going to lead 
back to what the ranking member said, he made a comment, if you 
have all the information stored--and I may change this a little 
bit, because if you had all the information stored at a central 
location, can you guarantee me that you will reduce the 
likelihood--and I am changing what it was said, the likelihood 
of an economic failure?
    Because if you can't do that, should we give an 
organization unlimited oversight, unlimited budget, and 
unlimited reach?
    Keep in mind, I am all for information. I just want to know 
if we should be setting up a whole other organization with 
unlimited oversight, unlimited budget, and unlimited reach, 
knowing that we possibly cannot even predict the likelihood of 
another economic failure. And I would first start with you, Mr. 
Liechty.
    Mr. Liechty. Okay. Thanks. May I address the cost issue 
just briefly?
    I was unaware of how the financial systems' back offices 
worked when I started this effort. But I very quickly became 
educated about this. They are in disarray. They have very poor 
standards. They spent billions of dollars in backroom 
operations just clearing and settling trades because they have 
a lot of mismatch between identifiers and standards as reported 
from the industry.
    So when we proposed the idea of an Office of Financial 
Research and pulling together standards for reporting 
transaction data, the basic trust is there. Banks, clean up 
your back offices, get everything reported. There is only one 
bank I know in the world that puts every transaction they do in 
an electronic format the data that happens, and that is Goldman 
Sachs.
    Everybody else has things on spreadsheets and different 
systems. They cannot get a comprehensive risk position. So they 
are like the room mentioned where you walk in and you see all 
these boxes, you have no idea, and you say, I am scared.
    You walk into Goldman, they have it all together and they 
can pull it right together for you. We would like to see that 
throughout the industry. We think that would be useful and 
valuable, right? But more importantly, it would reduce their 
operating cost.
    One of the major banks who work with us said it would 
reduce their operating cost by 20 to 30 percent. We are talking 
about multi-billion--
    Mr. Renacci. I am not sure if I will agree with that, but I 
am running out of time. And I want to switch over to Mr. 
Krishna, I have a question for you.
    I heard, I think one of you testified and it might have 
been you, if the information is out there, banks have it. A lot 
of this information is already out there. Wouldn't it be 
easier--again, and you would only hear me in any one of my 
arguments arguing about information on getting it.
    But wouldn't it be easier to challenge one of the 
organizations we already have set up to come up with--and I 
might be simplifying this, a computerized program that can 
access some of this information and get it very easily then set 
up a whole other organization and a whole other big brother 
government organization that goes forward and cost the 
taxpayers more money?
    Mr. Krishna. Congressman, you are right. It would certainly 
be possible for any one of these agencies to collect the data 
and to implement it. There is no particular reason for one or 
the other agency to be chosen, in my opinion.
    The only criteria, and I would think this goes back to your 
earlier comments is if the data is out there but it cannot be 
processed, that is the real problem. So any one of these 
agencies, if they had the processing capability and the 
technology exists, the will to do it is all that is needed. If 
they had that, they could absolutely accomplish the same tasks.
    Mr. Renacci. You would agree, though, there are computer 
programs out there that can take this information, bring it 
together, and access it in a formable way that you can 
understand.
    Mr. Krishna. I would certainly agree with that. In fact, I 
would even direct you to a new piece of legislation that is 
being proposed by Chairman Issa, which deals with the same 
problem in other domains in the Federal space. The same 
approaches can absolutely work regardless of where the action 
is set within the government.
    Mr. Renacci. Again, I like your idea. Technology can lead 
to a smaller and smarter government--let us work toward that. 
Let us eliminate extra government agencies that aren't needed. 
Let us get the information we need. It sounds like we can do it 
somewhere else.
    Thank you.
    Chairman Neugebauer. The gentleman from Texas, Mr. Canseco, 
is recognized for 5 minutes.
    Mr. Canseco. Thank you, Mr. Chairman. And I would like to, 
first of all, associate myself with Chairman Neugebauer's 
statements that he made, as well as those of my colleague, Mr. 
Renacci.
    I served on a bank board for quite a number of years in 
Texas. And well before the 2008 crisis, we knew what was coming 
down the road. I think that it was also known here in 
Washington and in this very room, but politics got in the way. 
They had all of that information but they weren't able to 
really look at it until panic ensued.
    But with that said, I really believe that what we have is a 
lot of information out there in the public sector and a lot of 
it is also within the realm of the government; it is just out 
there.
    And there are many other people who predict it, and it is 
best within the private sector rather than in the public sector 
because the public sector may be provoking panics or provoking 
other things that are not necessary and are better placed 
within the private sector where individual investors or 
individual people within the economy can make the appropriate 
decisions.
    Let me ask a question, Mr. Taleb, in your opinion, does the 
government have a good track record of predicting financial 
crisis?
    Mr. Taleb. No. Let us look at facts. I don't know what 
details you want me to show you but the government agencies, 
say the New York Fed, they have data about New York banks. They 
know the exposures, you can extrapolate. Did they predict the 
crisis? Of course not. They predicted the opposite.
    The Fed, same thing, and then the theory, the great 
moderation. They concocted a theory that we had a huge build-up 
of hidden risk of an events that was obvious. And you don't 
need a lot of data or you can figure it out just from what is 
out there.
    There was a lot of risk and not only that, the government 
didn't see the crisis coming but they have made opposite 
statements; with the New York Federal Reserve, they saw the 
opposite.
    So, can governments predict crisis? No.
    Mr. Canseco. Yes.
    Mr. Taleb. Okay.
    Mr. Canseco. And then you would agree with me that really 
it is nothing more than an opinion until it becomes true and 
then it is a prediction.
    Mr. Taleb. Okay. Has it happened in history to see 
regular--how many regulators have their eyes on the last few 
crisis that they predict no. So I don't know why, suddenly, by 
fiat now we are going to have an agency capable of doing that.
    Mr. Canseco. Thank you.
    Is there any aspect of the OFR that makes you think that 
the government will now be able to predict financial crises 
with precision as supporters of the OFR claim?
    Mr. Taleb. That is the--
    Mr. Canseco. So obviously, the answer is no.
    Mr. Taleb. Suddenly, yes. And so, suddenly, yes, just like 
by fiat tomorrow, starting, say, January 1, 2012, suddenly, 
governments will be able to predict. This is what I am reading 
here is it is a denial of there is something in forecasting. 
Because a lot of people think--about 90 percent of people think 
that they drive better than a median driver. And forecasters 
already think they are better forecasters. The best way to do 
it is to show them their track records.
    If you showed the government the track record of government 
and their own track record in forecasting, I think that would 
mitigate these ambitious plans and bring us back to reality 
and, probably more modest tricks to reduce risk.
    Mr. Canseco. Mr. Taleb, you were asked in an interview with 
Business Week last July, what are the sources of potential 
danger or fragility that you are keeping an eye on, and your 
answer was, the massive one is government debt.
    So to your knowledge, will the potential danger caused by 
the debt we are facing in this country be a focus of the OFR or 
will the agency only focus on risk within the financial 
institutions?
    Mr. Taleb. I think you cannot dissociate, because what 
happened is the private debt has been transferring. We have a 
form of capitalism called the socialization of losses but not, 
of course, privatization of gains.
    So we have this debt bank, debt moving into government 
debt. So, of course, the financial crisis now would be in a 
form of governments having borrowed too much worldwide and we 
have seen that in Europe. And I think that is the big problem, 
and instead of doing all these projections, we should probably 
try to get that under control.
    Someone asked me, how does someone lower his personal risk? 
And I say, 95 percent of your risk is gone. The financial risk 
is gone, if you don't have debt. The rest is peanuts. It is the 
same statement.
    If you lower government deficits, you reduced massive 
amount of risk in the economy. Then the rest will be just 
peanuts.
    Mr. Canseco. Thank you, sir.
    Mr. Liechty, can you give us an example of a regulator that 
was able to predict and therefore prevent a financial crisis 
before it occurred?
    Mr. Liechty. I don't think we are advocating predicting 
financial crises. We are advocating trying to understand the 
system so we can minimize the chance of crisis happening; to 
mitigate the impact of those crises. But to your question, I 
can't.
    But I don't think that is the right answer. I could give 
you a different analogy, if you would like.
    Imagine--okay. I will try my third analogy and see if it 
works.
    Now, imagine that you had people in a shopping mall and you 
were trying to predict the behavior and the flow of people 
within the shopping mall. Why do they go to a shopping mall? 
All kinds of reasons, just kind of like trying to predict the 
price in the marketplace, right? It is very hard. They come in, 
the best you can do, typically, is some kind of statistical 
analysis.
    But if you know the structure of the shopping mall and 
suddenly there is an explosion and a fire in one part and you 
know the position of everybody who is in that shopping mall, 
you would have a very good idea of what they are going to try 
to do in these extreme situations, and you can understand and 
predict when that is going to actually cause problems--exactly 
which person is going to fall, which person is going to get 
hurt, or how they are going to get hurt, and how the systems 
can be brought down, that may be not very hard to predict in 
this scenario.
    But certainly understanding the system like that would help 
in understanding how to manage that kind of a crisis, for 
example, when Lehman Brothers failed, they really had no idea 
of the interconnection to that institution and how its failure 
would propagate over into commercial paper market.
    Mr. Canseco. Let me interrupt you there and ask you this, 
because I think, it is very important what you are saying. 
Right now, would you consider the debt crisis that we have in 
this country as a predictable crisis?
    Mr. Liechty. It is a predictable crisis, I think it is a 
political negotiation that makes me very nervous.
    Mr. Canseco. No. Is it a crisis that this country is in 
debt?
    Mr. Liechty. Is it is a crisis this country is in debt?
    Mr. Canseco. And as deep as--
    Mr. Liechty. --a crisis. Let me--
    Mr. Canseco. No, but is it a crisis?
    Mr. Liechty. A working definition of crisis is when the 
financial markets are disrupted to the point that the 
government has to intervene to keep them going. There can be a 
small crisis. There can be firms who have fought and failed, 
but when we have a systemic event, it is because we don't have 
commercial paper markets because we don't have access to 
mortgages. If the government defaults on their debt--
    Mr. Canseco. Or you don't believe that the government, 
right now, is in a debt crisis?
    Mr. Liechty. I think--
    Mr. Canseco. We are at $14.3 trillion in debt.
    Mr. Liechty. I am not a macroeconomist, I am not--
    Mr. Canseco. Okay.
    Mr. Liechty. I don't feel comfortable or qualified to give 
you--I certainly say if we default on the debt on August 2nd, 
that makes me very nervous.
    Mr. Canseco. But is the fact that this government owes 
$14.3 trillion, is that a crisis for this country?
    Mr. Liechty. It is a very dangerous situation.
    Mr. Canseco. It is. It is a crisis, so it is predictable, 
right?
    Mr. Liechty. I think the crisis that we would like to 
predict is how a default could propagate.
    Mr. Canseco. Right. And therefore, we need to do something 
about it. Is that right?
    Thank you. Mr. Chairman, my time has expired.
    Chairman Neugebauer. The members of the subcommittee would 
like to thank the witnesses from both of the panels for your 
time today. We understand and recognize that your time is very 
valuable. The information, your testimony, has been helpful to 
us as we do our jobs here at the committee and in the Congress, 
so we appreciate that.
    The Chair notes that some members may have additional 
questions for this panel, which they may wish to submit in 
writing. Without objection, the hearing record will remain open 
for 30 days for members to submit written questions to these 
witnesses and to place their responses in the record. The 
meeting is adjourned.
    Thank you.
    [Whereupon, at 5:38 p.m., the hearing was adjourned.



                            A P P E N D I X



                             July 14, 2011






