Monday, March 11, 2019 - International Association of Risk ... · Jerome H Powell, Chairman of the...

P a g e | 1

____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

Monday, March 11, 2019 Top 10 risk and compliance related news stories and world events that (for

better or for worse) shaped the week's agenda, and what is next

Dear members and friends, I have just read the concluding remarks of Gabriel Bernardino’s keynote speech, at the 3rd Annual FinTech and Regulation Conference on “Taking innovation to the next level” in Brussels. Bernardino is the Chairman of the European Insurance and Occupational Pensions Authority (EIOPA). He said: “As cyber-insurance markets mature, we should start to discuss if cyber insurance should also be mandatory. This would provide a further level of security for companies and consumers in the digital world.” I checked my files, and I saw that the above remarks come just one year after the OECD Conference on Unleashing the Potential of the Cyber Insurance Market (Paris, 22-23 February 2018), and the OECD’s Bill Below and Leigh Wolfrom that looked at some of the challenges to insuring cyber risk: “The evolving nature of cybercrime means risk models may have to look beyond historical data. With new forms of malware and other technologies targeting ubiquitous operating systems, common applications, cloud services and hardware platforms, a single criminal act can potentially scale to global dimensions. Last year’s WannaCry ransomware attack may be a harbinger of things to come. Propagating through legacy Windows systems, Wannacry infected over 200,000 computers in 150 countries. Indeed, the potential for accumulation risks may discourage some insurers and reinsurers from entering the cyber insurance market at all. The bottom line: uncertainty and correlated risks lead to higher prices and limited coverage levels.”

P a g e | 2


To read the excellent paper you may visit: https://www.oecd.org/daf/fin/insurance/Enhancing-the-Role-of-Insurance-in-Cyber-Risk-Management.pdf

I also remembered another excellent paper from the university of St. Gallen, “Insurability of Cyber risk: An empirical analysis”, by Christian Biener, Martin Eling, Jan Hendrik Wirfs, that can be found at: https://www.ivw.unisg.ch/~/media/internet/content/dateien/instituteundcenters/ivw/wps/wp151.pdf

We read: “There is a great need for more research on cyber insurance. Lack of data is a problem, however. For example, according to ENISA, there is a lack of empirical evidence as to the strength and maturity of the cyber insurance market.

Modelling cyber risk holds a great deal of promise, especially if data become available against which to test the models.

Another interesting topic for future research would be discovering approaches that can alleviate the substantial information asymmetry present with cyber risk. Both hidden actions and hidden information will play a role in developing the market further, but exactly how is worth discovering.”

Welcome to the Top 10 list. Best regards,

George Lekatis President of the IARCP 1200 G Street NW Suite 800, Washington DC 20005, USA Tel: (202) 449-9750 Email: [email protected] Web: www.risk-compliance-association.com HQ: 1220 N. Market Street Suite 804, Wilmington DE 19801, USA Tel: (302) 342-8828

https://www.oecd.org/daf/fin/insurance/Enhancing-the-Role-of-Insurance-in-Cyber-Risk-Management.pdf

https://www.oecd.org/daf/fin/insurance/Enhancing-the-Role-of-Insurance-in-Cyber-Risk-Management.pdf

https://www.ivw.unisg.ch/~/media/internet/content/dateien/instituteundcenters/ivw/wps/wp151.pdf

https://www.ivw.unisg.ch/~/media/internet/content/dateien/instituteundcenters/ivw/wps/wp151.pdf

mailto:[email protected]

http://www.risk-compliance-association.com/

P a g e | 3


Number 1 (Page 7)

Recent economic developments and longer-term challenges Jerome H Powell, Chairman of the Board of Governors of the Federal Reserve System, at the Citizens Budget Commission 87th Annual Awards Dinner, New York City.

“I imagine that future New Yorkers attending this dinner in 50 years may not look back on the near-term outlook in February 2018 as very interesting or important. So, tonight, after a brief review of the here and now, I will focus on an issue that is likely to be of more lasting importance: the need for policies that will support and encourage participation in the labor force, promote longer-term growth in our rapidly evolving economy, and spread the benefits of prosperity as widely as possible.”

Number 2 (Page 12)

ENISA makes recommendations on EU-wide election cybersecurity In the context of the upcoming elections for the European Parliament, ENISA has published an opinion paper on the cybersecurity of elections and provides concrete and forward-looking recommendations to improve the cybersecurity of electoral processes in the EU.

ENISA explores cyber-enabled threats, which have the potential to undermine the EU democratic process. Of particular significance is the possibility of interference in elections by cyber means, due to the widespread use of digital technology to support electoral processes in activities such as confidential communications of politicians and political parties, political campaigns, the electoral register, the counting of votes, and the dissemination of the results.

P a g e | 4


Number 3 (Page 15)

Basel Committee discusses policy and supervisory initiatives and approves implementation reports

The Basel Committee on Banking Supervision met in Basel on 27-28 February to discuss a range of policy and supervisory issues, and to take stock of its members' implementation of post-crisis reforms.

Number 4 (Page 17)

Cyber Security and Cyber Risk: A universal Challenge Keynote speech by Gabriel Bernardino, Chairman, European Insurance and Occupational Pensions Authority (EIOPA), at the 3rd Annual FinTech and Regulation Conference on “Taking innovation to the next level” in Brussels.

“Cyber security and cyber risk both topics are very high on the agenda of any organisation and its management. Therefore, I will share my reflections how I see the situation, what EIOPA is doing and what should be done to cope with the challenge at a global level.”

Number 5 (Page 24)

CCP resilience, recovery and resolution: completing the journey towards resilient derivatives markets Deutsche Bundesbank, European Central Bank and the Federal Reserve Bank of Chicago Conference on CCP Risk Management, Frankfurt Remarks by Dietrich Domanski, Secretary General, Financial Stability Board

P a g e | 5


“Almost ten years ago, at the Pittsburgh Summit in September 2009, G20 Leaders declared that all standardised over-the-counter (OTC) derivative contracts should be traded on exchanges or electronic trading platforms, where appropriate, and cleared through central counterparties.”

Number 6 (Page 27)

RAND Releases Report Commissioned by DHS on Building an Effective and Practical National Approach to Terrorism Prevention

The Homeland Security Operational Analysis Center (HSOAC), operated for the Department of Homeland Security by the RAND Corporation, has released a new report on how to build an effective and practical national approach to terrorism prevention. The report, commissioned by the Department of Homeland Security, examines past terrorism prevention efforts and makes recommendations for future programs.

Number 7 (Page 29)

Written testimony of CISA Director Christopher Krebs for a House Committee on Homeland Security hearing titled “Defending Our Democracy: Building Partnerships to Protect America’s Elections”

“DHS has worked to establish trust-based partnerships with state and local officials who administer our elections, and I look forward to sharing with you an update on our work during the 2018 midterm election cycle. Leading up to the 2018 midterms, DHS worked hand in hand with federal partners, state and local election officials, and private sector vendors to

P a g e | 6


provide them with information and capabilities to enable them to better defend their infrastructure. This partnership led to a successful model that we aim to continue and improve upon in the 2020 election cycle. Since 2016, DHS’s Cybersecurity and Infrastructure Security Agency (CISA) has led a voluntary partnership of Federal Government and election officials who regularly share cybersecurity risk information.”

Number 8 (Page 38)

ESMA to recognise the UK Central Securities Depository in the event of a no deal Brexit

The European Securities and Markets Authority (ESMA) has announced that, in the event of a no-deal Brexit, the Central Securities Depository (CSD) established in the United Kingdom (UK) – Euroclear UK and Ireland Limited – will be recognised as a third country CSD to provide its services in the European Union (EU).

Number 9 (Page 40)

PCAOB News

Number 10 (Page 42)

Entangling Photons of Different Colors NIST researchers develop a novel chip-based device for quantum communication.

Some of the most advanced communication systems now under development rely on the properties of quantum science to store and transport information. However, researchers designing quantum communication systems that rely on light, rather than electric current, to transmit information face a quandary: The optical components that store and process quantum information typically require visible-light photons (particles of light) to operate.

P a g e | 7


Number 1

Recent economic developments and longer-term challenges Jerome H Powell, Chairman of the Board of Governors of the Federal Reserve System, at the Citizens Budget Commission 87th Annual Awards Dinner, New York City.

It is a pleasure to speak here this evening at the 87th Awards Dinner. Tonight I will start with the near-term outlook for the U.S. economy. Then I will turn to a topic that is inspired by the Citizens Budget Commission's mission statement, which focuses on the "well-being of future New Yorkers." I imagine that future New Yorkers attending this dinner in 50 years may not look back on the near-term outlook in February 2018 as very interesting or important. So, tonight, after a brief review of the here and now, I will focus on an issue that is likely to be of more lasting importance: the need for policies that will support and encourage participation in the labor force, promote longer-term growth in our rapidly evolving economy, and spread the benefits of prosperity as widely as possible.

The State of the Economy and Near-Term Prospects Beginning with the here and now, Congress has charged the Federal Reserve with achieving maximum employment and stable prices, two objectives that together are called the dual mandate. I am pleased to say that, judged against these goals, the economy is in a good place. The current economic expansion has been under way for almost 10 years. This long period of growth has pushed the unemployment rate down near historic lows.

P a g e | 8


The employment gains have been broad based across all racial and ethnic groups and all levels of educational attainment as well as among the disabled. And while the unemployment rate for African Americans and Hispanics remains above the rates for whites and Asians, the disparities have narrowed appreciably as the economic expansion has continued. Nearly all job market indicators are better than a few years ago, and many are at their most favorable levels in decades. After lagging earlier in the expansion, wages and overall compensation--pay plus benefits--are now growing faster than a few years ago (figure 3). It is especially encouraging that the labor force participation rate of people in their prime working years, ages 25 to 54, has been rising for the past three years.

P a g e | 9


P a g e | 10


More plentiful jobs and rising wages are drawing more people into the workforce and encouraging others who might have left to stay. In addition, business-sector productivity growth, which had been disappointing during the expansion, moved up in the first three quarters of 2018. Rising productivity allows wages to increase without adding to inflation pressures. Sustained productivity growth is a necessary ingredient for longer-run improvements in living standards. The price stability side of our mandate is also in a good place. After remaining below our target for several years, inflation by our preferred measure averaged roughly 2 percent last year (figure 4).

Inflation has softened a bit since then, largely reflecting the recent drop in oil prices. Futures markets and other indicators suggest that oil prices are unlikely to fall further, and if this proves correct, oil’s drag on overall inflation will subside. Consistent with that view, core inflation, which excludes volatile food and energy prices and often provides a better signal of where inflation is heading, is currently running just a touch below our 2 percent objective.

P a g e | 11


Signs of upward pressure on inflation appear muted despite the strong labor market. While the data I have discussed so far give a favorable picture of the economy, it is also important to acknowledge that not everyone has shared in the benefits of the expansion to the same extent, and that too many households still struggle to make ends meet. In addition, over the past few months we have seen some crosscurrents and conflicting signals about the near-term outlook. For instance, growth has slowed in some major economies, particularly China and Europe. Uncertainty is elevated around some unresolved government policy issues, including Brexit and ongoing trade negotiations. And financial conditions have tightened since last fall. While most of the incoming domestic economic data have been solid, some surveys of business and consumer sentiment have moved lower. Unexpectedly weak retail sales data for December also give reason for caution. To read more: https://www.bis.org/review/r190301a.pdf

https://www.bis.org/review/r190301a.pdf

P a g e | 12


Number 2

ENISA makes recommendations on EU-wide election cybersecurity In the context of the upcoming elections for the European Parliament, ENISA has published an opinion paper on the cybersecurity of elections and provides concrete and forward-looking recommendations to improve the cybersecurity of electoral processes in the EU.

ENISA explores cyber-enabled threats, which have the potential to undermine the EU democratic process. Of particular significance is the possibility of interference in elections by cyber means, due to the widespread use of digital technology to support electoral processes in activities such as confidential communications of politicians and political parties, political campaigns, the electoral register, the counting of votes, and the dissemination of the results. Udo Helmbrecht, Executive Director of ENISA: “As some EU Member States have either postponed or discontinued the use of electronic voting, the risk associated with the voting process can be considered to be somewhat reduced. Nonetheless, the public political campaigning process is susceptible to cyber interference. We have witnessed in the past election campaigning processes being compromised due to data leaks. ENISA encourages the EU Member States and key stakeholders such as political parties to partake in more cyber exercises aimed at testing election cybersecurity in order to improve preparedness, understanding, and responding to possible election-related cyber threats and attack scenarios. These stakeholders should have incident response plans in place, in the event that they become a victim of data leaks.“ An evolving threat is the motivation behind the actors interfering with the due process of elections by cyber means. The motivation for the actors can be manifold, for example for financial gain, fame and reputation, or to provoke chaos and anarchy, undermine trust in democracy, and subvert political opposition.

P a g e | 13


Through this paper, ENISA puts forward a set of recommendations aimed at improving the cybersecurity of elections across the EU and supporting the Member States in their efforts.

The most important recommendations that ENISA makes are: - Member States should consider introducing national legislation to

tackle the challenges associated with online disinformation while protecting to the maximum extent possible the fundamental rights of EU citizens;

- Member States should continue to actively work together with the aim

to identify and take down botnets; - Consideration should be given to regulation of Digital Service Providers,

social media, online platforms and messaging service providers at an EU level to ensure a harmonised approach across the EU to tackling online disinformation aimed at undermining the democratic process;

- The above players are also advised to deploy technology that will

identify unusual traffic patterns that could be associated with the spread of disinformation or cyberattacks on election processes;

- A legal obligation should be considered to classify election systems,

processes and infrastructures as critical infrastructure so that the necessary cybersecurity measures are put in place;

P a g e | 14


- A legal obligation should be put in place requiring political organisations to deploy a high level of cybersecurity in their systems, processes and infrastructures;

- Official channels/technologies for the dissemination of the results

should be identified, as well as back-up channels/technologies that validate the results with the count centres. Where websites are being used, DDoS mitigation techniques should be in place.

To read the paper: https://www.enisa.europa.eu/publications/enisa-position-papers-and-opinions/election-cybersecurity-challenges-and-opportunities

https://www.enisa.europa.eu/publications/enisa-position-papers-and-opinions/election-cybersecurity-challenges-and-opportunities

https://www.enisa.europa.eu/publications/enisa-position-papers-and-opinions/election-cybersecurity-challenges-and-opportunities

P a g e | 15


Number 3

Basel Committee discusses policy and supervisory initiatives and approves implementation reports

The Basel Committee on Banking Supervision met in Basel on 27-28 February to discuss a range of policy and supervisory issues, and to take stock of its members' implementation of post-crisis reforms. At its meeting, the Committee: - took note of the implementation status of margin requirements for

non-centrally cleared derivatives. The Committee will publish in March a joint statement with the International Organization of Securities Commissions to clarify certain implementation aspects of the margin requirements framework;

- reiterated its support for reforms of interest rate benchmarks and

approved a work plan to look at the interactions with supervisory requirements;

- agreed to publish high-level supervisory expectations related to

crypto-assets in light of the high degree of risks associated with such exposures. These expectations will be published in March;

- discussed the use of different practices among jurisdictions to

proportionately apply the Basel Committee's global minimum prudential standards, and agreed to publish a summary of these practices in March;

- reviewed the assessment reports on the implementation of the Net

Stable Funding Ratio and large exposures standards in Brazil and India. Publication of these reports is expected in the coming months; and

- reviewed the follow-up reports and actions by member jurisdictions on

the implementation of certain Basel III standards. These will be published in March.

The Committee also discussed its work programme for evaluating the impact of its post-crisis reforms.

P a g e | 16


The programme includes planned evaluations related to cross-cutting policy issues, the countercyclical capital buffer framework and the global systemically important banks framework. Committee members also discussed issues related to sovereign risk. The next meeting of the Basel Committee is tentatively scheduled for 19-20 June 2019.

P a g e | 17


Number 4

Cyber Security and Cyber Risk: A universal Challenge Keynote speech by Gabriel Bernardino, Chairman, European Insurance and Occupational Pensions Authority (EIOPA), at the 3rd Annual FinTech and Regulation Conference on “Taking innovation to the next level” in Brussels.

Good afternoon to everybody, In the conference programme, the topic of my speech reads “Innovation in the European Insurance Industry”. Technological innovation is disruptive in particular for the insurance industry. However, at the same time, it drives growth through new business models, which require the new skills, proper governance and oversight. Cyber security and cyber risk both topics are very high on the agenda of any organisation and its management. Therefore, I will share my reflections how I see the situation, what EIOPA is doing and what should be done to cope with the challenge at a global level. Cyber security and cyber risk posing significant risks to people, businesses and the insurance industry in particular. The digital transformation of how we work, live and do business has created huge opportunities for innovation and efficiency. However, our increased dependency on digital technologies also carries information security and privacy risks. These risks affect the insurance sector on two levels: - First, the security of the insurance business itself, and - Second, its role in covering and managing cyber risk. Technology and innovation are fundamental to the development of new business models in the insurance industry.

P a g e | 18


The growing use of huge volumes of personal information makes insurance companies a prime target for cyber-attacks, which according to international data, are growing rapidly, both in number and in sophistication. A new European data privacy regulation came into force and it is the world’s most advanced legislation of its kind. It sets an extremely high standard for all organisations that handle personal information, imposing substantial penalties when requirements are not met and information is compromised. All insurance market stakeholders must therefore be aware of the additional responsibilities stemming from this regulation and must do their utmost to implement processes to ensure that the information they hold is well protected. Appropriate insurance can make a valuable contribution to managing cyber risk currently faced by businesses and organisations. A well developed cyber insurance market can help: - To raise awareness of businesses to the risks and losses that can result

from cyber-attacks

- To share knowledge of good cyber risk management practices

- To encourage risk reduction investment - by establishing risk-based premiums - To facilitate responses to and recovery from cyber-attacks Coverage of cyber risk by insurers is still in its infancy. Most of the market is concentrated in the United States. Growth in this market, however, has been significant. With current forecasts suggesting that, premiums may reach USD 20 billion in 2025. An aspect generally regarded as essential for the further development of cyber risk insurance in the United States is mandatory notification of regulators and data subjects of incidents in which financial information or personal health data are stolen. These situations may also give rise to heavy penalties.

P a g e | 19


With the entry into force of the data protection regulation in the European Union, it is now mandatory to notify data protection supervisors where there is a risk to the rights and freedoms of the individual. It is mandatory to notify the individuals affected if the risk to them is considered as high. There is also the possibility of fines, if data breaches are deemed to be intentional or as a result of negligence. The future demand for coverage of this kind will depend, to a large extent, on both the frequency of high profile cyber incidents and legislative developments in relation to personal data protection. In this context, the implementation of the data protection regulation in the European Union may lead to significant growth in cyber risk insurance, with estimates suggesting that there may be parity between the EU and US markets in coming years. An OECD study shows that the most common type of coverage is compensation for incident response costs and privacy breaches, data and software losses and business interruption. Cyber risk insurance also normally provides policyholders with access to experts who can assist them in responding to incidents. This can include access to investigators who assess the extent of unauthorised intrusions, and the provision of legal advice on how to ‘go public’ about the incident and possible public relations strategies to minimise the reputational impact. Some of the most important corporate needs, such as coverage for reputational damage or intellectual property theft, are rarely included in cyber risk insurance. Research highlights two principal barriers to the broader development of insurance of this type: - Firstly, the lack of consistent historic information on the frequency and

severity of cyber incidents, and

- Secondly, the constant evolution of cyber attacks. These factors hinder the development of sound actuarial risk and cost

P a g e | 20


assessment techniques, leading the most prudent insurance and reinsurance companies to set exclusions and limits to control their risk exposure. In terms of supervision, this is a sound and prudent approach. An additional concern for the supervisory authorities relates to the potential for accumulated losses arising from an incident that affects a significant number of policyholders. Examples generally cited are the exploitation of weaknesses in mass-use software and an attack on one of the leading cloud computing services. Cyber attacks against financial institutions have increased in frequency, complexity and sophistication, with potentially systemic impact. The motivation for such attacks, which have tended to focus on financial gain, is moving towards critical infrastructure disruption, which can undermine confidence in the financial system and financial stability itself. Given the ongoing geopolitical turbulence, coupled with rapidly changing technological innovation, many observers believe that a large-scale cyber-attack is just a matter of time. Expert opinion in this regard is that the attack with the greatest systemic potential will involve critical data manipulation. There are three reasons for this, all relating to difficulties: - In detection: One cyber security enterprise estimates that it takes an

average of 146 days for a company to detect an intrusion

- In response, particularly in highly interconnected systems such as payment processes

- In recovery, since analyses and diagnoses of data manipulation

situations can be extremely complicated and lengthy Therefore, this is a potential systemic risk, requiring thorough assessment and mitigation. In my opinion, the nature and scope of cyber risk suggests that a global strategy must be developed to prevent and manage these risks.

P a g e | 21


Such a strategy must consider the important role the insurance sector can play in risk management. One of the major challenges concerns the definition of a consistent, harmonised taxonomy that enables information on cyber incidents and the associated losses to be compiled. This challenge can only be met through the joint efforts of public and private organisations, preferably at global level. Let me now explain EIOPA’s activities in this field. EIOPA has been monitoring developments in the cyber insurance market for some time. Last year, we published a report called ‘Understanding cyber insurance’ based on a structured dialogue with insurance companies across Europe. Through this dialogue, we identified a number of issues relevant to the cyber insurance market in Europe such as: - There is a clear need for a deeper understanding of cyber risk, on both

the supply and demand side, for the European cyber insurance industry to develop further. This relates not only to the assessment and treatment of risks in new cyber insurance propositions, but also to an understanding of a client’s own needs.

- In terms of products and services, coverage is mainly focused on commercial business. However, interest in cyber insurance for individuals is growing as digital technology becomes more and more part of people’s lives.

- The cyber insurance industry expects a gradual increase in demand for

insurance, mainly driven by new regulation, the increase in cyber risk related incidents, increased awareness of risks and the increased frequency and severity of cyber attacks.

- Qualitative models are used more frequently than quantitative models

to estimate pricing, risk exposure and risk accumulation. A lack of data is a significant obstacle and this limitation might not always allow for the proper estimation and pricing of risks.

- Non-affirmative exposures are a key concern regarding the proper estimation of accumulation of risks.

P a g e | 22


- The lack of specialised underwriters, data and quantitative tools are key obstacles to the development of the industry and the provision of proper coverage to the economy.

- Regulation may be welcomed by the industry in a moderate fashion, as it could help to address some of the identified challenges.

We have taken our work and these findings into account in the development of our supervisory convergence plan for 2018 – 2019. In this plan, cyber risk is identified as a priority under the supervision of emerging risks. As part of our activities in this field, EIOPA will develop guidelines regarding Information & Communication Technologies (ICT), security and governance, including cyber resilience and will further develop supervisory practices that seek to assess information system resilience, cyber risk vulnerability and the insurance industry’s use of big data. EIOPA will also look into an efficient way of carrying out stress tests on the resilience of the insurance sector to cyber-attacks. It is clear that cyber insurance affects countries across the world, not just in Europe. Issues related to cyber security and cyber risk are, therefore, one of the three priorities of the European Union – United States Insurance Project, in which EIOPA plays a leading role. To conclude, cyber security and cyber risk are at the forefront of the concerns of economic operators and public authorities. The insurance sector has an important role to play in establishing good risk management practices and the associated coverage. The innovation and efficiency brought with the use of new technologies and high volumes of information will only become a reality if we find collective solutions to deal appropriately with cyber risk. As cyber-insurance markets mature, we should start to discuss if cyber insurance should also be mandatory. This would provide a further level of security for companies and consumers in the digital world.

P a g e | 23


This is a universal challenge! Everyone has to contribute to meet this challenge! Thank you very much for your attention. I stand ready to answer your questions.

P a g e | 24


Number 5

CCP resilience, recovery and resolution: completing the journey towards resilient derivatives markets Deutsche Bundesbank, European Central Bank and the Federal Reserve Bank of Chicago Conference on CCP Risk Management, Frankfurt Remarks by Dietrich Domanski, Secretary General, Financial Stability Board

Ladies and gentlemen, it is good to be here today. The Deutsche Bundesbank, European Central Bank and the Federal Reserve Bank of Chicago have shown real leadership in convening this conference. Today’s agenda shows that we have come a long way in reforming derivatives markets. Almost ten years ago, at the Pittsburgh Summit in September 2009, G20 Leaders declared that all standardised over-the-counter (OTC) derivative contracts should be traded on exchanges or electronic trading platforms, where appropriate, and cleared through central counterparties. The declaration made central clearing an essential element of the reforms to reduce the complex and opaque web of exposures that existed between derivatives counterparties. Since then, we have put in place a framework to fundamentally reform derivatives markets. This includes measures related to central clearing, but also policies to enhance the transparency and resilience of markets for non-centrally cleared derivatives, through trade reporting and margin requirements. Yet derivatives markets reform is only one key area of post-crisis regulatory efforts. There is also significant progress in making the banking system more resilient; implementation of too-big-to-fail reforms is advancing, including

P a g e | 25


via the establishment of effective resolution regimes for banks; and those aspects of non-bank financial intermediation that contributed to the financial crisis have declined significantly and generally no longer pose financial stability risks. But, as today’s conference shows, important issues still lie ahead. What I would like to do in my remarks is to put CCP-related reforms into perspective – by looking back at what we have accomplished, and discuss what remains to be done from the perspective of the FSB; and by relating CCP-related policy measures to progress in other areas.

What we have accomplished? CCPs have become central to the global financial system Let me begin with a few simple numbers that illustrate how central CCPs have become for the financial system. In 2009, the clearing level was around 24% for interest rate derivatives and just 5% for credit derivatives. By June 2018 these levels had risen to approximately 62% for interest rate derivatives and 37% for credit derivatives. Today, 90% of new OTC single currency interest rate derivatives are now centrally cleared in the US. This impressive shift has been accompanied by the enhancement of legislative or regulatory frameworks to promote central clearing. Such frameworks, including comprehensive standards for determining when OTC derivatives should be required to be centrally cleared, are now in place in 18 FSB jurisdictions. Our latest annual report shows a continued broadening of the range of asset classes that are centrally cleared. Policy measures to promote central clearing are working. Last year, the FSB, Basel Committee on Banking Supervision (BCBS), Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO) published the results of its evaluation of the incentives to centrally clear OTC derivatives.

P a g e | 26


The report found that the reforms – particularly capital requirements, clearing mandates and margin requirements for non-centrally cleared derivatives – are achieving the goal of promoting central clearing, especially for the most systemic market participants. However, the report also found that beyond the systemic core of the derivatives network of CCPs, dealers/clearing service providers and larger, more active clients, the incentives are less strong. Significant work has been devoted to CCP resilience, recovery and resolvability The shift to central clearing has made CCPs both larger and more systemic. Cognizant of their even more central role in the financial system, authorities have made significant efforts to ensure that CCPs are safe and sound. The CPMI-IOSCO Principles for Financial Market Infrastructures (PFMI) are a milestone in this regard. In July 2017, the FSB working with CPMI, IOSCO and the BCBS completed a workplan on CCP resilience, recovery and resolvability. The three reports coming out of the workplan provide guidance on a broad range of issues: • CPMI and IOSCO set out further guidance on the PFMI regarding resilience of CCPs, in particular on governance, credit and liquidity stress testing, coverage, margin, and a CCP’s contributions of its financial resources to losses. • CPMI and IOSCO also updated their 2014 guidance on recovery for financial market infrastructures to provide clarifications in a number of areas including the operationalisation of recovery plans and non-default related losses. • And the FSB published guidance on how to implement its Key Attributes in resolution arrangements for CCPs. To read more: http://www.fsb.org/wp-content/uploads/S270219.pdf

http://www.fsb.org/wp-content/uploads/S270219.pdf

P a g e | 27


Number 6

RAND Releases Report Commissioned by DHS on Building an Effective and Practical National Approach to Terrorism Prevention

The Homeland Security Operational Analysis Center (HSOAC), operated for the Department of Homeland Security by the RAND Corporation, has released a new report on how to build an effective and practical national approach to terrorism prevention. The report, commissioned by the Department of Homeland Security, examines past terrorism prevention efforts and makes recommendations for future programs. “As threats from terrorism evolve, our understanding of prevention also has to evolve,” said Assistant Secretary for Threat Prevention and Security Elizabeth Neumann. “In addition to the DHS internal review of prevention efforts, the Department asked the RAND Corporation for a third party assessment. I am pleased to share with the American people the highlights of their findings and to discuss steps we are taking as a Department to further enhance the security of our homeland.” The report highlights various areas of terrorism prevention, including: - Successful community education efforts by DHS; - Countering terrorist narratives through public-private partnerships; - Robust systems inside government for suspicious-activity reporting,

and the need for a uniform mechanism for making interventions for referral by the public;

- How spending on terrorism prevention in the U.S. compares with some

of our partners; - The role of state, local, nongovernmental and private organizations in

leading prevention efforts, with support from the federal government; and,

P a g e | 28


- The importance of addressing domestic as well as international terrorism in prevention programs.

Assistant Secretary Neumann has announced the release of the report at an event hosted by The Heritage Foundation. To watch her remarks: https://www.heritage.org/terrorism/event/building-effective-approach-terrorism-prevention The full report: https://www.rand.org/pubs/research_reports/RR2647.html

https://www.heritage.org/terrorism/event/building-effective-approach-terrorism-prevention

https://www.heritage.org/terrorism/event/building-effective-approach-terrorism-prevention

https://www.rand.org/pubs/research_reports/RR2647.html

P a g e | 29


Number 7

Written testimony of CISA Director Christopher Krebs for a House Committee on Homeland Security hearing titled “Defending Our Democracy: Building Partnerships to Protect America’s Elections”

Chairman Thompson, Ranking Member Rogers, and members of the Committee, thank you for the opportunity to testify regarding the U.S. Department of Homeland Security’s (DHS) progress in reducing and mitigating risks to our Nation’s election infrastructure. DHS has worked to establish trust-based partnerships with state and local officials who administer our elections, and I look forward to sharing with you an update on our work during the 2018 midterm election cycle. Leading up to the 2018 midterms, DHS worked hand in hand with federal partners, state and local election officials, and private sector vendors to provide them with information and capabilities to enable them to better defend their infrastructure. This partnership led to a successful model that we aim to continue and improve upon in the 2020 election cycle. Since 2016, DHS’s Cybersecurity and Infrastructure Security Agency (CISA) has led a voluntary partnership of Federal Government and election officials who regularly share cybersecurity risk information. CISA has engaged directly with election officials—coordinating requests for assistance, risk mitigation, information sharing, and incident response. To ensure a coordinated approach, CISA convened stakeholders from across the Federal Government through the Election Task Force. The Department and the Election Assistance Commission (EAC) have convened federal government and election officials regularly to share cybersecurity risk information and to determine an effective means of assistance.

P a g e | 30


Since 2016, the Election Infrastructure Subsector (EIS) Government Coordinating Council (GCC) has worked to establish goals and objectives, to develop plans for the EIS partnership, and to lay the groundwork for developing an EIS Sector-Specific Plan. Participation in the council is entirely voluntary and does not change the fundamental role of state and local jurisdictions in overseeing elections. DHS and the EAC have also worked with election vendors to launch an industry-led Sector Coordinating Council (SCC), a self-organized, self-run, and self-governed council with leadership designated by sector membership. The SCC serves as the industry’s principal entity for coordinating with the Federal Government on critical infrastructure security activities related to sector-specific strategies. This collaboration is conducted under DHS’s authority to provide a forum in which federal and private sector entities can jointly engage in a broad spectrum of activities to coordinate critical infrastructure security and resilience efforts which is used in each of the critical infrastructure sectors established under Presidential Policy Directive 21, Critical Infrastructure Security and Resilience. The SCC has helped DHS further its understanding of the systems, processes, and relationships particular to operation of the EIS. Within the context of today’s hearing, I will address our efforts in 2018 to help enhance the security of elections that are administered by jurisdictions around the country, along with our election related priorities through 2020. While there was activity targeting our election infrastructure leading up to the midterms, this activity is similar to what we have seen previously and occurs on the Internet every day. This activity has not been attributed to nation-state actors and along with the Department of Justice (DOJ), we concluded that there is no evidence to date that any identified activities of a foreign government or foreign agent had a material impact on the integrity or security of election infrastructure or political or campaign infrastructure used in the 2018 midterm elections

Assessing the Threat The Department regularly coordinates with the Intelligence Community and law enforcement partners on potential threats to the Homeland.

P a g e | 31


Among non-federal partners, DHS has engaged with state and local officials, as well as relevant private sector entities, to assess the scale and scope of malicious cyber activity potentially targeting the U.S. election infrastructure. Election infrastructure includes the information and communications technology, capabilities, physical assets, and technologies that enable the registration and validation of voters; the casting, transmission, tabulation, and reporting of votes; and the certification, auditing, and verification of elections. In addition to working directly with state and local officials over the past two years, we have partnered with trusted third parties to analyze relevant cyber data, including the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC), the National Association of Secretaries of State, and the National Association of State Election Directors. DHS field personnel deployed around the country furthered information sharing and enhanced outreach.

Enhancing Security During the 2018 midterms, CISA provided a coordinated response from DHS and its federal partners to plan for, prepare for, and mitigate risk to election infrastructure. Working with election infrastructure stakeholders was essential to ensuring a more secure election. CISA and our stakeholders increased awareness of potential vulnerabilities and provided capabilities to enhance the security of U.S. election infrastructure as well as that of our democratic allies. Election officials across the country have a long-standing history of working both individually and collectively to reduce risks and ensure the integrity of their elections. In partnering with these officials through both new and ongoing engagements, CISA will continue to work to provide value-added—yet voluntary—services to support their efforts to secure elections in the 2020 election cycle.

Improving Coordination with State, Local, Tribal, Territorial and Private Sector Partners

P a g e | 32


Increasingly, the nation’s election infrastructure leverages information technology for efficiency and convenience, but also exposes systems to cybersecurity risks, just like in any other enterprise environment. Just like with other sectors, CISA helps stakeholders in federal departments and agencies, state, local, tribal, and territorial (SLTT) governments, and the private sector to manage these cybersecurity risks. Consistent with our long-standing partnerships with state and local governments, we have been working with election officials to share information about cybersecurity risks, and to provide voluntary resources and technical assistance. CISA works with the EI-ISAC to provide threat and vulnerability information to state and local officials. Through funding by CISA, the Center for Internet Security created and continues to operate the EI-ISAC. The EI-ISAC has representatives co-located with CISA’s National Cybersecurity and Communications Integration Center (NCCIC) to enable regular collaboration and access to information and services for election officials.

Providing Technical Assistance and Sharing Information Knowing what to do when a security incident happens—whether physical or cyber—before it happens, is critical. CISA supports election officials with incident response planning including participating in exercises and reviewing incident response playbooks. Crisis communications is a core component of these efforts, ensuring officials are able to communicate transparently and authoritatively when an incident unfolds. In some cases, we do this directly with state and local jurisdictions. In others, we partner with outside organizations. We recognize that securing our nation’s systems is a shared responsibility, and we are leveraging partnerships to advance that mission. CISA actively promotes a range of services including: Cyber hygiene service for Internet-facing systems: Through this automated, remote scan, CISA provides a report identifying vulnerabilities and mitigation recommendations to improve the cybersecurity of systems connected to the Internet, such as online voter registration systems,

P a g e | 33


election night reporting systems, and other Internet-connected election management systems. Risk and vulnerability assessments: We have prioritized state and local election systems upon request, and increased the availability of risk and vulnerability assessments. These in-depth, on-site evaluations include a system-wide understanding of vulnerabilities, focused on both internal and external systems. We provide a full report of vulnerabilities and recommended mitigations following the testing. Incident response assistance: We encourage election officials to report suspected malicious cyber activity to NCCIC. Upon request, the NCCIC can provide assistance in identifying and remediating a cyber incident. Information reported to the NCCIC is also critical to the Federal Government’s ability to broadly assess malicious attempts to infiltrate election systems. This technical information will also be shared with other state officials so they have the ability to defend their own systems from similar malicious activity. Information sharing: CISA maintains numerous platforms and services to share relevant information on cyber incidents. Election officials may also receive information directly from the NCCIC. The NCCIC also works with the EI-ISAC, allowing election officials to connect with the EI-ISAC or their State Chief Information Officer to rapidly receive information they can use to protect their systems. Best practices, cyber threat information, and technical indicators, some of which had been previously classified, have been shared with election officials in thousands of state and local jurisdictions. In all cases, the information sharing and use of such cybersecurity threat indicators, or information related to cybersecurity risks and incidents complies with applicable lawful restrictions on its collection and use and with DHS policies protective of privacy and civil liberties. Classified information sharing: To most effectively share information with all of our partners—not just those with security clearances—DHS works with the intelligence community to rapidly declassify relevant intelligence or provide as much intelligence as possible at the lowest classification level possible. While DHS prioritizes declassifying information to the extent possible, DHS also provides classified information to cleared stakeholders, as appropriate. DHS has been working with state chief election officials and additional election staff in each state to provide them with security clearances.

P a g e | 34


Field-based cybersecurity advisors and protective security advisors: CISA has more than 130 cybersecurity and protective security personnel available to provide actionable information and connect election officials to a range of tools and resources to improve the cybersecurity preparedness of election systems; and to secure the physical site security of voting machine storage and polling places. These advisors are also available to assist with planning and incident management for both cyber and physical incidents. Physical and protective security tools, training, and resources: CISA provides guidance and tools to improve the security of polling sites and other physical election infrastructure. This guidance can be found at www.dhs.gov/hometown-security. This guidance helps to train administrative and volunteer staff on identifying and reporting suspicious activities, active shooter scenarios, and what to do if they suspect an improvised explosive device.

Election Security Efforts Leading up to the 2018 Midterms In the weeks leading up to the 2018 midterm elections, DHS officials supported a high degree of preparedness nationwide. DHS provided free technical cybersecurity assistance, continuous information sharing, and expertise to election offices and campaigns. EI-ISAC threat alerts were shared with all 50 states, over 1,400 local and territorial election offices, 6 election associations, and 12 election venders. In August 2018, DHS hosted a “Tabletop the Vote” exercise, a three-day, first-of-its-kind exercise to assist our federal partners, state and local election officials, and private sector vendors in identifying best practices and areas for improvement in cyber incident planning, preparedness, identification, response, and recovery. Through tabletop simulation of a realistic incident scenario, exercise participants discussed and explored potential impacts to voter confidence, voting operations, and the integrity of elections. Partners for this exercise included 44 states and the District of Columbia; EAC; Department of Defense, including the Office of the Secretary of Defense, U.S. Cyber Command, and the National Security Agency; DOJ; Federal Bureau of Investigation; Office of the Director of National Intelligence; and National Institute of Standards and Technology (NIST). Through the “Last Mile Initiative,” DHS worked closely with state and local governments to outline critical cybersecurity actions that should be implemented at the county level. For political campaigns, DHS

P a g e | 35


disseminated a cybersecurity best practices checklist to help candidates and their teams better secure their devices and systems. On Election Day, DHS deployed field staff across the country to maintain situational awareness and connect election officials to appropriate incident response professionals, if needed. In many cases, these field staff were co-located with election officials in their own security operations centers. DHS also hosted the National Cybersecurity Situational Awareness Room, an online portal for state and local election officials and vendors that facilitates rapid sharing of information. It gives election officials virtual access to the 24/7 operational watch floor of the CISA NCCIC. This setup allowed DHS to monitor potential threats across multiple states at once and respond in a rapid fashion. Our goal has been for the American people to enter the voting booth with the confidence that their vote counts and is counted correctly. I am proud to say that our efforts over the past two years have resulted in the most secure election in modern history.

No Evidence of Election Interference The Secretary of Homeland Security and the Acting Attorney General have concluded that there is no evidence to date that any identified activities of a foreign government or foreign agent had a material impact on the integrity or security of election infrastructure or political or campaign infrastructure used in the 2018 midterm elections for the United States Congress. The activity we did see was consistent with what we shared in the weeks leading up to the election. Russia, and other foreign countries, including China and Iran, conducted influence activities and messaging campaigns targeted at the United States to promote their strategic interests.

Election Security Efforts Moving Forward Ensuring the security of our electoral process remains a vital national interest and one of our highest priorities at DHS. In the run up to the 2020 election season, DHS will continue to prioritize elections by broadening the reach and depth of information sharing and assistance that we are providing to state and local election officials, and continuing to share information on threats and mitigation tactics. DHS goals for the 2020 election cycle include improving the efficiency and effectiveness of election audits, continued incentivizing the patching of

P a g e | 36


election systems, and working with the National Institute of Standards and Technology (NIST) and the states to develop cybersecurity profiles utilizing the NIST Cybersecurity Framework for Improving Critical Infrastructure. We will also continue to engage any political entity that wants our help. DHS offers these entities the same tools and resources that we offer to state and local election officials, including trainings, cyber hygiene support, information sharing, and other resources. DHS has made tremendous strides and has been committed to working collaboratively with those on the front lines of administering our elections to secure election infrastructure from risks. Just last week, DHS officials provided updates to the secretaries of state, state election directors, and members of the GCC and SCC on the full package of election security resources that are available from the Federal government, along with a roadmap on how to improve coordination across these entities. DHS also worked with our Intelligence Community partners to provide a classified one day read-in for these individuals regarding the current threats facing our election infrastructure. We will remain transparent as well as agile in combating and securing our physical and cyber infrastructure. However, we recognize that there is a significant technology deficit across SLTT governments, and state and local election systems, in particular. It will take significant and continual investment to ensure that election systems across the nation are upgraded and secure, with vulnerable systems retired. These efforts require a whole of government approach. The President and this Administration are committed to addressing these risks. Our voting infrastructure is diverse, subject to local control, and has many checks and balances. As the threat environment evolves, DHS will continue to work with federal agencies, state and local partners, and private sector entities to enhance our understanding of the threat; and to make essential physical and cybersecurity tools and resources available to the public and private sectors to increase security and resiliency. Thank you for the opportunity to appear before the Committee today, and I look forward to your questions.

P a g e | 37


Note

Christopher Krebs serves as the first director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). Mr. Krebs was originally sworn in on June 15, 2018 as the Under Secretary for the predecessor of CISA, the National Protection and Programs Directorate (NPPD). Mr. Krebs was nominated for that position by President Trump in February 2018. Before serving as CISA Director, Mr. Krebs was appointed in August 2017 as the Assistant Secretary for Infrastructure Protection. In the absence of a permanent NPPD Under Secretary at the time, Mr. Krebs took on the role of serving as the Senior Official Performing the Duties of the Under Secretary for NPPD until he was subsequently nominated as the Under Secretary and confirmed by the Senate the following year. Mr. Krebs joined DHS in March 2017, first serving as Senior Counselor to the Secretary, where he advised DHS leadership on a range of cybersecurity, critical infrastructure, and national resilience issues. Prior to coming to DHS, he was a member of Microsoft’s U.S. Government Affairs team as the Director for Cybersecurity Policy, where he led Microsoft’s U.S. policy work on cybersecurity and technology issues. Before Microsoft, Mr. Krebs advised industry and Federal, State, and local government customers on a range of cybersecurity and risk management issues. This is his second tour working at DHS, previously serving as the Senior Advisor to the Assistant Secretary for Infrastructure Protection and playing a formative role in a number of national and international risk management programs. As Director, Mr. Krebs oversees CISA’s efforts to defend civilian networks, secure federal facilities, manage systemic risk to National critical functions, and work with stakeholders to raise the security baseline of the Nation’s cyber and physical infrastructure. Mr. Krebs holds a bachelor’s degree in environmental sciences from the University of Virginia and a J.D. from the Antonin Scalia Law School at George Mason University.

P a g e | 38


Number 8

ESMA to recognise the UK Central Securities Depository in the event of a no deal Brexit

The European Securities and Markets Authority (ESMA) has announced that, in the event of a no-deal Brexit, the Central Securities Depository (CSD) established in the United Kingdom (UK) – Euroclear UK and Ireland Limited – will be recognised as a third country CSD to provide its services in the European Union (EU). ESMA has adopted this recognition decision in order to allow the UK CSD to serve Irish securities and to avoid any negative impact on the Irish securities market. ESMA has previously communicated that its Board of Supervisors supports continued access to the UK CSD. Having assessed the application and the information submitted by the UK CSD, and consulted the relevant authorities in accordance with the Central Securities Depositories Regulation (CSDR), ESMA considers that the conditions for recognition under Articles 25 of CSDR are met by the UK CSD in case of a no-deal Brexit. Therefore, it has adopted a decision to recognise the UK CSD as a third-country CSD under the CSDR. The recognition decision would take effect on the date following Brexit date, under a no-deal Brexit scenario.

Notes 1. On 19 December 2018, ESMA published a public statement stating that it was ready to review UK CCPs’ and the UK CSD’s recognition applications for a no-deal Brexit scenario if the four recognition conditions under Article 25 of EMIR and Article 25 of CSDR were met, respectively. 2. On 18 February 2019, ESMA published a press release stating that it would recognise three central counterparties (CCPs) established in the UK – LCH Limited, ICE Clear Europe Limited and LME Clear Limited –to provide their services in the EU in the event of a no-deal Brexit.

P a g e | 39


3. ESMA’s mission is to enhance investor protection and promote stable and orderly financial markets. It achieves these objectives through four activities: i. assessing risks to investors, markets and financial stability; ii. completing a single rulebook for EU financial markets; iii. promoting supervisory convergence; and iv. directly supervising specific financial entities. 4. ESMA achieves its mission within the European System of Financial Supervision (ESFS) through active cooperation with the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA), the European Systemic Risk Board, and with national authorities with competencies in securities markets (NCAs).

P a g e | 40


Number 9

PCAOB News

The Public Company Accounting Oversight Board announced it has named Eric Hagopian as its first Chief Data Officer. In this role, Mr. Hagopian will advance the PCAOB’s data management strategy and enhance the organizational approach to data management and analytics. "In 2018, the Board began to develop a formal organization-wide strategy related to our own use of data, which included the creation of a Chief Data Officer,” said PCAOB Chairman William D. Duhnke. “The Board is pleased to welcome Eric to the PCAOB, and we look forward to utilizing his deep experience in data governance, management, and analytics to enhance the effectiveness of our oversight activities.” Prior to joining the PCAOB, Mr. Hagopian served as the Director of Data Governance at CareFirst BlueCross BlueShield, where he was responsible for developing a data governance framework. Before joining CareFirst, Mr. Hagopian was a Chief Technologist for the Booze Allen Hamilton Strategic Innovation Group and he also spent several years as the Chief Data Officer for the U.S. Department of Homeland Security Immigration and Customs Enforcement. Throughout his career, Mr. Hagopian has served in a variety of technical and data analytics roles at a number of companies. Mr. Hagopian earned his master’s degree in applied information technology at the Volgenau School of Engineering at George Mason University and also holds a bachelor of science degree in mechanical engineering from Syracuse University’s L.C. Smith College of Engineering.

The Public Company Accounting Oversight Board also announced it has created a new Office of Enterprise Risk Management to implement the Board’s strategic objective of implementing an Enterprise Risk Management (ERM) program for the organization. The Office of Enterprise Risk Management will be led by Sue Lee who has been named the organization’s first Chief Risk Officer. Ms. Lee leads the PCAOB’s work to establish an ERM program and oversees the organization’s risk management, compliance, ethics, and security programs.

P a g e | 41


ERM is a framework used to identify potential events that may affect an organization, manage the associated risks and opportunities, and provide reasonable assurance that an organization’s mission, vision, and strategic objectives will be achieved. "In connection with our strategic planning process last year, the Board undertook an organizational assessment that revealed the need to transform our approach to risk management," said PCAOB Chairman William D. Duhnke. “The Board is fortunate to have Sue’s vast experience, leadership, and expertise as we work toward achieving one of our key strategic objectives.” Prior to joining the PCAOB, Ms. Lee was Senior Vice President, General Counsel, and Corporate Secretary of Entegris, Inc., a publicly traded chemicals and materials company. In this role, she managed the company’s legal, compliance, privacy, corporate governance, enterprise risk, and government affairs functions. Before joining Entegris, Ms. Lee was the Vice President, General Counsel, and Corporate Secretary for CYREN, Ltd., a publicly traded cybersecurity company. Ms. Lee has also served in various legal, compliance, and risk advisory roles at Fortune 500 companies, including Viacom and Genzyme, and was an attorney in New York City at the law firm Cleary Gottlieb Steen & Hamilton. She earned her bachelor’s and law degrees at Harvard University, where she graduated magna cum laude.

P a g e | 42


Number 10

Entangling Photons of Different Colors NIST researchers develop a novel chip-based device for quantum communication.

Some of the most advanced communication systems now under development rely on the properties of quantum science to store and transport information. However, researchers designing quantum communication systems that rely on light, rather than electric current, to transmit information face a quandary: The optical components that store and process quantum information typically require visible-light photons (particles of light) to operate. However, only near-infrared photons—with wavelengths about 10 times longer—can transport that information over kilometers of optical fibers. Now, researchers at the National Institute of Standards and Technology (NIST) have developed a novel way to solve this problem. For the first time, the team created quantum-correlated pairs made up of one visible and one near-infrared photon using chip-based optical components that can be mass-produced. These photon pairs combine the best of both worlds: The visible-light partners can interact with trapped atoms, ions, or other systems that serve as quantum versions of computer memory while the near-infrared members of each couple are free to propagate over long distances through the optical fiber.

The achievement promises to boost the ability of light-based circuits to securely transmit information to faraway locations. NIST researchers Xiyuan Lu, Kartik Srinivasan and their colleagues at the University of Maryland NanoCenter in College Park, demonstrated the quantum correlation, known as entanglement, using a specific pair of visible-light and near-infrared photons.

P a g e | 43


However, the researchers’ design methods can be easily applied to create many other visible-light/near-infrared pairs tailored to match specific systems of interest. Moreover, the miniature optical components that created the entanglements are manufactured in large numbers. Lu, Srinivasan and their colleagues recently described their work in Nature Physics. One of the more counterintuitive properties of quantum mechanics, quantum entanglement occurs when two or more photons or other particles are prepared in a way that makes them so intrinsically connected that they behave as one unit. A measurement that determines the quantum state of one of the entangled particles automatically determines the state of the other, even if the two particles lie on opposite sides of the universe. Entanglement lies at the heart of many quantum information schemes, including quantum computing and encryption. In many situations, the two photons that are entangled have similar wavelengths, or colors. But the NIST researchers deliberately set out to create odd couples—entanglement between photons whose colors are very different. “We wanted to link together visible-light photons, which are good for storing information in atomic systems, and telecommunication photons, which are in the near-infrared and good at traveling through optical fibers with low signal loss,” said Srinivasan. To make photons suitable for interacting with most quantum information storage systems, the team also needed the light to be sharply peaked at a particular wavelength rather than having a broader, more diffuse distribution. To create the entangled pairs, the team constructed a specially tailored optical “whispering gallery”—a nano-sized silicon nitride resonator that steers light around a tiny racetrack, similar to the way sound waves travel unimpeded around a curved wall such as the dome in St. Paul’s Cathedral in London. In such curved structures, known as acoustic whispering galleries, a person standing near one part of the wall easily hears a faint sound originating at any other part of the wall.

P a g e | 44


When a selected wavelength of laser light was directed into the resonator, entangled pairs of visible-light and near-infrared photons emerged. (The specific type of entanglement employed in the experiment, known as time-energy entanglement, links the energy of the photon pairs with the time at which they are generated.) “We figured out how to engineer these whispering gallery resonators to produce large numbers of the pairs we wanted, with very little background noise and other extraneous light,” Lu said. The researchers confirmed that entanglement persisted even after the telecommunication photons traveled through several kilometers of optical fiber. In the future, by combining two of the entangled pairs with two quantum memories, the entanglement inherent in the photon pairs can be transferred to the quantum memories. This technique, known as entanglement swapping, allows the memories to be entangled with each other over a much longer distance than would normally be possible. “Our contribution was to figure out how to make a quantum light source with the right properties that could enable such long-distance entanglement,” Srinivasan said.

P a g e | 45


Disclaimer The Association tries to enhance public access to information about risk and compliance management. Our goal is to keep this information timely and accurate. If errors are brought to our attention, we will try to correct them. This information: - is of a general nature only and is not intended to address the specific circumstances of any individual or entity; - should not be relied on in the context of enforcement or similar regulatory action; - is not necessarily comprehensive, complete, or up to date; - is sometimes linked to external sites over which the Association has no control and for which the Association assumes no responsibility; - is not professional or legal advice (if you need specific advice, you should always consult a suitably qualified professional); - is in no way constitutive of an interpretative document; - does not prejudge the position that the relevant authorities might decide to take on the same matters if developments, including Court rulings, were to lead it to revise some of the views expressed here; - does not prejudge the interpretation that the Courts might place on the matters at issue. Please note that it cannot be guaranteed that these information and documents exactly reproduce officially adopted texts. It is our goal to minimize disruption caused by technical errors. However, some data or information may have been created or structured in files or formats that are not error-free and we cannot guarantee that our service will not be interrupted or otherwise affected by such problems. The Association accepts no responsibility regarding such problems incurred because of using this site or any linked external sites.

P a g e | 46


International Association of Risk and Compliance Professionals

You can explore what we offer to our members: 1. Membership – Become a standard, premium or lifetime member. You may visit: www.risk-compliance-association.com/How_to_become_member.htm Become a lifetime member of the association, and to continue your journey without interruption and without renewal worries. You will get a lifetime of benefits as well. You can check the benefits at: www.risk-compliance-association.com/Lifetime_Membership.htm 2. Weekly Updates - Subscribe to receive every Monday, the Top 10 risk and compliance management related news stories and world events that (for better or for worse) shaped the week's agenda, and what is next: http://forms.aweber.com/form/02/1254213302.htm 3. Training and Certification - The Certified Risk and Compliance Management Professional (CRCMP) training and certification program has become one of the most recognized programs in risk management and compliance. There are CRCMPs in 32 countries around the world. Companies and organizations like Accenture, American Express, USAA etc. consider the CRCMP a preferred certificate. You can find more about the demand for CRCMPs at: www.risk-compliance-association.com/CRCMP_Jobs_Careers.pdf For the distance learning programs, you may visit: www.risk-compliance-association.com/Distance_Learning_and_Certification.htm For instructor-led training, you may contact us. We can tailor all programs to meet specific requirements. We tailor presentations, awareness and training programs for supervisors, boards of directors, service providers and consultants.

http://www.risk-compliance-association.com/How_to_become_member.htm

http://www.risk-compliance-association.com/Lifetime_Membership.htm

http://forms.aweber.com/form/02/1254213302.htm

http://www.risk-compliance-association.com/CRCMP_Jobs_Careers.pdf

http://www.risk-compliance-association.com/Distance_Learning_and_Certification.htm

http://www.risk-compliance-association.com/Distance_Learning_and_Certification.htm

P a g e | 47


Some CRCMP jobs:

4. IARCP Authorized Certified Trainer (IARCP-ACT) Program - Become a Certified Risk and Compliance Management Professional Trainer (CRCMPT) or Certified Information Systems Risk and Compliance Professional Trainer (CISRCPT). This is an additional advantage on your resume, serving as a third-party endorsement to your knowledge and experience. Certificates are important when being considered for a promotion or other career opportunities. You give the necessary assurance that you have the knowledge and skills to accept more responsibility. To learn more, you may visit: www.risk-compliance-association.com/IARCP_ACT.html

http://www.risk-compliance-association.com/IARCP_ACT.html

http://www.risk-compliance-association.com/IARCP_ACT.html

P a g e | 48


5. Approved Training and Certification Centers (IARCP-ATCCs) - In response to the increasing demand for CRCMP training, the International Association of Risk and Compliance Professionals is developing a world-wide network of Approved Training and Certification Centers (IARCP-ATCCs). This will give the opportunity to risk and compliance managers, officers, and consultants to have access to instructor-led CRCMP and CISRCP training at convenient locations that meet international standards. ATCCs use IARCP approved course materials and have access to IARCP Authorized Certified Trainers (IARCP-ACTs). To learn more: www.risk-compliance-association.com/Approved_Centers.html

http://www.risk-compliance-association.com/Approved_Centers.html

http://www.risk-compliance-association.com/Approved_Centers.html

Monday, March 11, 2019 - International Association of Risk ... · Jerome H Powell, Chairman of the...

Documents

Transcript of Monday, March 11, 2019 - International Association of Risk ... · Jerome H Powell, Chairman of the...