GAO: Wall Street Vulnerable

Last August, the three institutions that stand guard over the nation’s financial health?the Fed, the Office of the Comptroller of the Currency and the SEC?suggested steps to fortify the U.S financial system against disasters such as the Sept. 11 attacks.

One idea, which proposes that Wall Street companies locate their main and backup data centers some distance apart?say 200 to 300 miles?was dismissed as an economic boondoggle. With current technology, putting data centers more than 60 miles apart creates latency problems. In comments submitted to the SEC, SunGard Data Systems said 90 percent of companies affected would have to replace their IT infrastructures. Sen. Charles Schumer (D-N.Y.), a member of the Senate Banking, Housing and Urban Affairs Committee, subsequently pronounced the proposal dead. Yet a recent report by the General Accounting Office makes a case that the economic devastation any future disaster could cause?whether it’s a terrorist attack or a hurricane?warrants the expense.

The GAO report reviewed the business continuity plans of 15 major trading or financial clearinghouse organizations. Investigators found that despite some improvements, most companies were still at risk of being wiped out in a disaster. Nine of them couldn’t ensure that they could function if the staff at their primary data center was incapacitated. Ten either have their backup facilities within 10 miles of their main data sites or they have no backup facilities at all.

The report also questions the SEC’s ability to enforce better security. Compliance with minimum data security and business continuity requirements established by the SEC’s underfunded Automation Review Policy (ARP) program is voluntary. The GAO concludes that procedures such as the ones outlined by the Fed and others should become requirements.

Putting more distance between data centers would be a key element of any regulatory scheme (and would presumably energize vendors to address technical obstacles). Sarah Diamond, a senior vice president with BearingPoint (formerly KPMG Consulting), says companies are warming to the idea, particularly if they could be allowed to outsource the backup data centers offshore. The SEC hints it might use some of the money authorized under the Sarbanes-Oxley Act to give the ARP some muscle. But unless the subject gets more than lip service, it may take another disaster before the financial services industry is willing to swallow its medicine.

-Ben Worthen

FCC Rule Could Increase Broadband and Telephone Bills

Companies relying on DSL lines for broadband service may see prices increase during the next three years after a February Federal Communications Commission vote governing local phone and broadband network service. In addition, CIOs doing business with several phone companies nationwide could see the price of local service rise, all because the regional Bells would no longer be required to share their lines at a discount with competitors.