Finance Industry Vulnerable To Terrorism, Experts Say

Firms still working on recovery plans as attack threats loom

Amid recent warnings from Washington that more terrorist attacks are inevitable, some experts say the financial services industry is ill-prepared to handle a second disaster because it's still mired in disaster recovery following the Sept. 11 attacks.

Peter Vinella, CEO of Miami-based Neoris FS, an IT and management consulting firm, said many of his clients whose data centers were destroyed in the attacks on the World Trade Center are still working from their disaster recovery sites, leaving them with no operational or data backup capabilities.

But Damon Kovelsky, an analyst at Meridien Research Inc. in Newton, Mass., said he believes there are fewer data centers in Manhattan today than before Sept. 11. Most companies have since made concerted efforts to geographically disperse their facilities.

"If someone flies another 747 into downtown Manhattan, in certain aspects, there would be less of an impact," Kovelsky said.

Financial services firms are less vulnerable to an attack because many brokerages and banks have relocated their IT operations to New Jersey, Kovelsky said, adding that "no one is going to attack Jersey City."

Paul Honey, first vice president of global contingency planning at Merrill Lynch & Co., said many firms had set up their disaster recovery sites to handle no more than a few weeks of use. Merrill Lynch, whose headquarters are across the street from the World Trade Center, lost its primary site for about six weeks. It had set up secondary sites under a six-week contingency plan, he said.

Merrill Lynch moved about 90% of its IT staff, roughly 8,300 employees, to alternative sites, where some workers stayed for as long as three months. However, the bulk of its IT staff returned to headquarters within six weeks.

Cantor Fitzgerald LP, which lost 733 employees and its primary data center on Sept. 11, insisted that it was prepared for a disaster then and is even better prepared now because its data centers are more dispersed.

"The reality is that in order to have [a disaster recovery plan]\ work in a catastrophic scenario, you have to have used it before," said Matt Claus, chief technology officer at eSpeed Inc., a business-to-business online marketplace and the IT services arm of New York-based Cantor Fitzgerald.

Since Sept. 11, Merrill Lynch has performed a gap analysis of what it needs to respond to another disaster.

"We're building resiliency into our day-to-day operations, looking at our real-estate footprints, business models and technical standards. These are typically things that don't get solved overnight and take a while to implement," Honey said. "But every day we get further away from Sept. 11, we get a little more resilient."


Protecting the Financial Marketplace

Here are some potential regulatory requirements that could buttress the industry’s ability to react to disasters:


long-term disaster recovery plans and capabilities, both within individual firms and across markets.


security around the internal operations and disaster recovery capabilities of each firm.


intra- and interfirm processes, with less reliance on manual processes and paper.


real-time monitoring of trading activity, to discover market manipulation.


real-time recording of over-the-counter transactions.


of dedicated and highly secure interbank communications networks, with a dedicated wireless backup.


industry network and applications protocols that enforce security on the access and transaction levels.


trade confirmation and settlement.

Source: Neoris FS, Miami

Copyright © 2002 IDG Communications, Inc.

Shop Tech Products at Amazon