Business Continuity

September 8, 2004: Testimony of Robert G. Britz, President and Co-COO, New York Stock Exchange, Inc. on "Protecting our Financial Infrastructure: Preparation and Vigilance," before the Committee on Financial Services U.S. House of Representatives Washington, DC.

Speech Content Links:

Business Components
September 11, 2001
Critical Infrastructure
Contingency Planning
Post 9/11 Business Continuity Initiatives
Physical Security Enhancements
The Contingency Trading Floor
The Secure Financial Transactions Infrastructure (“SFTI”)
The Remote Network Operations Center
Remote National Market System Data Center
Unlisted Equities
NYSE Rule 446
NYSE-SIAC Public-Private Partnerships
The August 14-15, 2003 Blackout
The August 1 Heightened Terror Threat
Introduction Back to top
Chairman Oxley (Committee Chairman Michael G. Oxley (R-OH)) , Ranking Member Frank (Committee Member Barney Frank (D-MA)) and distinguished Members of the Committee, I am Robert G. Britz, President & Co-Chief Operating Officer of the New York Stock Exchange, Inc. (“NYSE” or “Exchange”).  I lead the Exchange’s Equities Group, which is responsible for the day-to-day operation of our Trading Floor and our data processing sites, technical infrastructure and software development and information business.  In addition, I serve as the Chairman of the Securities Industry Automation Corporation (“SIAC”), the NYSE’s technology subsidiary.

On behalf of the NYSE and our Chairman John Reed and Chief Executive Officer John Thain, I thank the Committee for providing this forum to discuss the NYSE’s investment in business continuity and contingency planning since September 11, 2001.

The NYSE lists more than 2,750 companies with a combined market capitalization of approximately $18 trillion.  The NYSE trades an average of approximately 1.5 billion shares each day and the average daily dollar volume is approximately $50 billion.  Ensuring that the world’s largest equities market can open for business every day is one of the NYSE’s highest priorities.
Business Components Back to top
There are seven critical business components required for NYSE trading:

  • The NYSE’s Trading Systems - located in separate, active data centers that are designed to recover and resume trading intra-day after the loss of a data center;
  • The NYSE’s Trading Floors – a primary Trading Floor and a backup Trading Floor.Trading can resume in less than 24 hours after the loss of the primary Trading Floor;
  • NYSE Member Firm connectivity to the NYSE’s technology infrastructure - required for receiving orders, transmitting quotes and reports and receiving post-trade data;
  • Specialist and Member Firm Trading Floor personnel;
  • Market Data Dissemination to the Public - includes SIAC’s ability to transmit this data to market data vendors and the vendors’ ability to provide it to the public;
  • Liquidity Providers – Securities member firm and specialist personnel; and
  • Clearance and Settlement Processes - these systems are hosted and operated by both SIAC and the Depository Trust Clearing Corporation (DTCC).
September 11, 2001 Back to top
The attacks of September 11, 2001, will be ingrained in our national memory forever.   The NYSE was not spared.  Three of our members and hundreds of our member firms’ employees were killed.  Thousands of others were displaced.  The attack on the World Trade Center hit particularly close to home, since the NYSE’s Enforcement Division was housed in the South Tower.  Fortunately, all of the employees in the Enforcement Division escaped safely.

Despite the loss of life and the terrible destruction that took place literally at our doorstep, the NYSE never lost the capability to trade.   With our own emergency generator available for use, and most of our systems located off site and on a separate power grid, we had the capacity to continue to offer investors all the services that they have come to expect from the world’s premier equities market.   If the business of the Exchange was dependent solely on those who directly participate in the auction process on the Trading Floor, we could have resumed trading earlier.

On September 12, 2001, a meeting convened in midtown Manhattan.   In attendance were the leadership of the SEC, the U.S. Department of the Treasury, and senior representatives of the NYSE, Nasdaq and securities firms.  The subject was the reopening of the American capital markets.

While our first priority was to resume trading in a manner that would not hamper the heroic rescue work, there was also the question of the city’s ability to resume public services and remove some of the debris.  A related concern for the NYSE was whether the telecommunication infrastructure that the brokerage firms rely on to deliver orders and receive messages was available to manage the enormous amount of message traffic that would accompany a resumption of connectivity and trading.  The decision to delay reopening the capital markets until Monday, September 17, 2001, also gave the telecommunications providers more time to reestablish connectivity among the various exchanges, marketplaces and firms that participate in trading equities.  The goal was to ensure that the equity markets reopened in an orderly fashion with as many market participants as possible having reestablished their individual ability to trade.

Wall Street and the World Trade Center site are located in close physical proximity.  Every trading day, thousands of employees arrive at the investment houses, banks and other financial intermediaries located in the financial district.  Clearly, in the days following 9/11 it became increasing clear that the securities industry was in no position to resume business as usual.  Most importantly, we could not take the steps necessary to reopen if doing so could impede the rescue efforts underway at Ground Zero just blocks away.

The other issue that we faced was, in essence, a quality assurance problem. We wanted to ensure that we could resume equity trading in a manner consistent with the historical levels of deep liquidity and investor protection that are the hallmarks of the American capital markets.  Stated otherwise, the test was whether we would be in a position to serve American investors with the same level of excellence that they and the world have come to expect of us.

An important part of our resilience is the flexibility and capacity of our technology, which was shown in our ability to host the entire American Stock Exchange (AMEX) equities trading floor in our Trading Floor on a few days notice after 9/11.  The reconfigurable high-speed intranet technology that enables this is also the foundation of the capability that enabled us to create the contingency Trading floor within 90 days of 9/11.

During the six days following the September 11 attacks, the NYSE, in conjunction with SIAC, completed numerous tests necessary to ensure that the NYSE could reopen on Monday, September 17 and we assisted NYSE member firms in their preparations.   We tested close to 1,000 NYSE member firm data communications lines into the NYSE’s Common Message Switch system (CMS).  We made more than 100 system, communication and database changes to permit NYSE member firms to reconnect with the Exchange’s data centers.  We worked with market data vendors to ensure the flow of real-time market data information to the NYSE’s Trading Floor.  On Friday, September 15 and Saturday, September 16, we conducted connectivity tests with NYSE member firms to ensure that they could deliver their orders to the NYSE’s data centers.  We prepared for the trading of American Stock Exchange equities at two posts on the NYSE’s Trading Floor.  In support of the National Market System (NMS) and the Options Price Reporting Authority (OPRA), we verified the connectivity for all participants and vendors by providing continuous and extensive test time to all participating exchanges and recipients.  Finally, the NYSE assisted several exchanges and vendors in reestablishing their connectivity to the NMS and OPRA systems.

The hard work and determination of thousands of individuals from September 11 through September 16 demonstrated to the world that the capital markets would not allow for the cowardly acts of terror perpetrated against the United States to initiate a systemic crisis in our capital markets.   I am particularly proud of the tireless efforts of my partners at the NYSE who made certain that our trading platform was fully operational and able to handle then record volume of nearly 2.4 billion shares on Monday, September 17, 2001.
Critical Infrastructure Back to top
The NYSE has a long history of developing forward-looking business continuity strategies that “harden” or protect our physical and information technology (IT) infrastructure and improve our ability to withstand or recover from a disaster.

All of our facilities have emergency generator backup and store water onsite to enable continued operations after the loss of power or water.   Our IT infrastructure is connected to a private extranet that utilizes geographically redundant fiber routes.  The NYSE and SIAC employ large security forces and invest in automated security systems to protect the infrastructure.  Significant investments have been made in information security personnel and infrastructure to protect our systems from intrusions and attacks while enabling our business partners to connect to the NYSE IT infrastructure in a secure manner.  Our primary Trading Floor is actually five different Trading Floors located in four different buildings.  Trading can be moved from one location to another as may be necessary.
Contingency Planning Back to top
Contingency planning has also played a key role at the NYSE for many years.   Pre-9/11, the NYSE and SIAC performed a comprehensive risk assessment to identify and address a wide array of man-made and natural threats to our critical systems, processes and infrastructure.  Our plans included redundant, active data centers served by different power grids and multiple telecommunications facilities with each site sharing the processing load generated by the trading of about 1.5 billion shares daily.  All of our facilities have back-up power generators and uninterruptible power source (UPS) systems.  All of our facilities are interconnected through a diversely routed, auditable, private fiber optic network that does not pass through any telephone company central office.
Post 9/11 Business Continuity Initiaves Back to top
Since September 11, 2001, the NYSE has made an investment totaling more than $100 million, to prevent and/or recover from an interruption to our market.    The specific business continuity programs include both new initiatives as well as significant enhancements to existing business continuity programs.

In particular, the NYSE has built a contingency Trading Floor, expanded SIAC’s Emergency Command Center, created the Secure Financial Transaction Infrastructure (SFTI), constructed a remote network operations center and recently received approval to establish a remote National Market System (NMS) data center.   The NYSE’s Regulatory Group filed and the SEC approved new business continuity rules for NYSE Member Firms.  In addition, to ensure continuity of trading, the NYSE has also modified our system to accept four character symbols to back-up the Nasdaq.

In addition, we have enhanced NYSE and SIAC disaster recovery planning, physical security and information security, developed and implemented mandatory BCP training program for all NYSE and SIAC employees, enhanced emergency employee communications systems to ensure key personnel can be reached and all personnel have access to relevant and timely information in an event, instituted a temporal dispersion initiative with our data center staff.   We are also adding generator capacity at the NYSE.

Operating the NYSE’s data centers is a critical component of the NYSE’s overall business continuity plan.  All NYSE and SIAC departmental business continuity plans are continuously updated in light of 9/11 and the August 2003 blackout.   We design, counsel and facilitate departmental and group business continuity planning (BCP) exercises.  We have developed and implemented a mandatory BCP training program for all NYSE and SIAC employees.  We have enhanced emergency employee communications systems to ensure that key personnel can be reached and all personnel have access to relevant and timely information in an event.  SIAC has instituted a temporal dispersion initiative so that a significant number of its management and operational personnel are working off-site from the data centers at any time.  In addition SIAC has added additional personnel to its Corporate Contingency Services team.   SIAC has expanded and enhanced its Emergency Command Center with upgraded and new equipment.  This same facility functions as the Emergency Command Center for the SIA during an event such as the August 2003 blackout.  SIAC participates in the New York City Office of Emergency Management's Corporate Emergency Access Program.  This program allows critical employees to gain access to the Manhattan sites in locations restricted to public access due to emergency conditions  - after the areas are deemed safe by local authorities for limited re-entry.   As a result, critical operations can continue until "normal" conditions resume.
Physical Security Enhancements Back to top
The NYSE has strengthened its physical security in and around the primary Trading Floor at the Exchange’s headquarters and at our data centers.   We are committed to protecting the safety of all personnel at the NYSE.   In close cooperation with Federal, state and local law enforcement, the Exchange has expanded its physical security perimeter.  We have also taken measures to increase the screening of all people, package deliveries and mail that enters   the NYSE or our data centers, and we have instituted a more restrictive policy on visitors and deliveries.

Immediately following 9/11, the New York City Police Department and the Mayor’s Office created a security zone, which surrounds the NYSE.     Seven intersections were closed to protect the NYSE and the financial district against the threat of a vehicle delivered explosive.

In partnership with the Lower Manhattan Development Corporation, New York City’s Office of City Planning, the New York City Economic Development Corporation, the Alliance for Downtown New York, the New York Police and Fire Departments, Bank of New York and the New York Stock Exchange, the financial district’s Streetscape and Security Plan is presently being implemented.    This plan permanently secures each of those intersections as we beautify and make more pedestrian-friendly the Wall Street gateway to the financial district.  NYSE Security Officers who have been sworn in as Special Patrolmen staff each of the seven intersections and they will work under the direction of NYPD Counter-Terrorism officers.

The Security Division continues to conduct daily threat assessments in cooperation with the U.S. Department of Homeland Security, the FBI, New York State’s Office of Public Safety, New York City’s Office of Emergency Management and the New York Police Department’s Counter-Terrorism Bureau and Intelligence Division.  Continuous evaluations of the NYSE’s force protection and security procedures are conducted with special emphasis on delivery vehicles that enter the security zone.  All incoming merchandise and mail are subject to canine explosive detection inspection as well as x-ray before they enter the zone and the NYSE.

Protection elements include outer checkpoints where we inspect carry-ins and the photo I.D. badges of employees; CCTV cameras are configured to digitally record all images within the perimeter; and proprietary armed security officers along with contract security officers in combination with an NYPD Hercules team provide force protection to our perimeter on a continuous basis.   All persons who enter the NYSE are subject to security screening, which includes x-ray inspection of their carry-ins and a magnetometer screen of their person.

Security Division personnel continue to receive ongoing training in high-rise building safety, terrorism awareness, and counter-surveillance techniques as well as chemical, biological and radiological threat awareness.

At the NYSE’s data centers, we have doubled the number of security personnel.   Moreover, we have implemented new hiring standards requiring former law enforcement or military backgrounds for the security staff.  We have enhanced training for SIAC security personnel, which includes counter-terrorism and physical force training.  SIAC security personnel are armed and receive regular weapons training.  We have established a 24-hour NYPD paid detail monitoring the perimeter of the data centers.  There is a 24x7 canine bomb detection unit at each of our data centers.   We have implemented traffic control and vehicle screening at the checkpoints. We have installed fixed protective planters and movable vehicle barriers.  We have created a new screening area with x-rays and magnetometers.  There is an external perimeter screening post to check bags and packages.   A New York City bus route was re-routed from a “drive through” located at one of the data centers.  We acquired a parking garage at the data centers and only SIAC authorized employees may use this garage.  Identification cards are required to gain entry and all vehicles are inspected at the garage entrance.

We have lowered SIAC’s profile by removing SIAC’s name from all entrances, maps, and area directories.  We have installed x-ray units and magnetometers at the data center loading docks.  A dock master supervises all deliveries.  We have implemented digital closed circuit television coverage for the data center’s interior, exterior and parking garages.  Also, we have enhanced the security of SIAC’s critical inter-site communications routes.

All employees, domestic and international, undergo comprehensive background checks - FBI, local criminal, Immigration and Customs Enforcement, Social Security Administration, residence, education and employment verification.  All visitors that access SIAC facilities for at least three days during a two-week period undergo FBI, local criminal, residence, education and employment verification.  All foreign companies doing business with SIAC are investigated.   We have implemented electronic fingerprinting which has significantly reduced the turnaround time for criminal record checks.
Contingency Trading Floor Back to top
In the weeks and months after the resumption of trading on September 17, 2001, the NYSE and SIAC continued its plan of risk mitigation and decided to develop and maintain a contingency site.   Approximately one year after September 11, 2001, the NYSE and SIAC outfitted and tested a contingency site.  This alternative venue has the capability to support the trading of all NYSE-listed equity securities without modifications to the NYSE’s market structure model and operate on a next-day basis should an event disable the primary Trading Floor.  Support is provided for both specialists and brokers, and they have access to the NYSE’s full suite of trading applications.  The CTF can trade all securities processed at the Exchange today with the same technology used on the primary Trading Floor.  A full range of logistical and support services are available at the contingency site.  Equipment is checked daily, and quarterly simulations of the full trading day are performed at the contingency site to ensure smooth and reliable operation if necessary.
The Secure Financial Transactions Infrastructure (“SFTI”) Back to top
The NYSE and SIAC have launched Secure Financial Transaction Infrastructure (“SFTI,” pronounced "safety"), a private extranet to serve the financial industry.  NYSE and SIAC designed and implemented the SFTI network, which combines recovery, redundancy, and diversity to provide continuous telecommunications resiliency and a secure means of connecting to trading, clearing and settlement, market data distribution, and other SIAC services to member financial firms.

SFTI provides diverse, fully redundant routing to the SIAC data centers for the member firms and national market participants that are connected to the NYSE, American Stock Exchange (“AMEX”), National Market System (“NMS”) and DTCC IT infrastructure.   Following September 11, 2001, U.S. equities trading was interrupted because many broker-dealers lost their connectivity to the markets due to damage suffered by a major central telecommunications switching facility at Ground Zero.  SFTI addresses this by enabling member firms to connect to the NYSE's data centers via fiber-optic connections to multiple access centers throughout the New York tri-state region, as well as in other financial centers in Boston and Chicago.  In June 2004, Brian Roseboro, Undersecretary of the Treasury for Domestic Finance, joined the NYSE, AMEX, the SIA, the Bond Market Association and SIAC to praise this effort to enhance the resiliency of the financial system.

Instead of running circuits directly to SIAC, users connect to multiple access centers via their carrier(s) of choice, eliminating the need to rely on a single telecommunications route.   Once the communication reaches the access center, SFTI carries the signal to SIAC via geographically and physically diverse fiber route pathways.

SFTI possesses no single point of failure.  All of SFTI’s equipment, connections, power supplies, network links and access centers are redundant and its architecture features independent, self-healing fiber-optic rings making SFTI completely independent of all other telecommunications circuits and conduits.  Therefore even if one SFTI fiber pathway is compromised, financial data traffic will continue to move uninterrupted along another pathway, improving the industry's protection against possible threats.  Over 600 firms, including all of the major securities industry participants, are now connected to SFTI.
The Remote Newtowrk Operations Center Back to top
The NYSE and SIAC designed and built a remote network operating center (“RNOC”).    The RNOC will allow for same-day recovery of technology and supporting infrastructure if the NYSE’s data centers are inaccessible due to a regional event.  We will have the ability to monitor and operate the data centers from the RNOC.  The RNOC will support NYSE and National Market Systems (the Intermarket Trading System, the Consolidated Trade System, the Consolidated Quotation System and the Options Price Reporting Authority) computer operations and the SFTI network.  SIAC staff will operate the RNOC on a 24x7 basis and they will be able to assume the operations of all NYSE systems and the systems used to support the National Market System.  The RNOC will be operating in the fourth quarter of 2004.
Remote National Market System Data Center Back to top
The Consolidated Tape Association/Consolidated Quotation Operating Committee (CTA/CQOC) directed SIAC to move one of the National Market System data centers away from the New York area.  SIAC designed and is currently implementing a remote data center for them in support of the Consolidated Tape and Consolidated Quotation (CT/CQ) systems, and for the Options Price Reporting Authority (“OPRA”) in support of the OPRA system.  Taken together, the Consolidated Tape Association, which is comprised of the CT/CQ systems, the Intermarket Trading System (“ITS”), and the OPRA comprise the National Market System (“NMS”).  The remote data center is scheduled to be completed and activated in the second quarter of 2005 and will operate at least one of the NMS systems at all times.  Should the primary processing facility be unavailable, the remote data center will be able to run all of the OPRA, CT and CQ systems the following business day.
Unlisted Equities Back to top
The NYSE is ready to trade the top 250 Nasdaq stocks, which comprise almost 85 percent of Nasdaq’s average daily volume.   Each quarter we update the list of the top 250 stocks.  The NYSE allocates, on a proportional basis to the NYSE’s specialist firms, each of the top 250 Nasdaq stocks.  This allocation file is saved for immediate activation.

NYSE-listed securities are identified by three or fewer character symbols, and our trading systems were previously configured to accept only up to three such symbols.   All NYSE systems were modified and tested to accept and process four (or more) character symbols as of July 2001 used by such unlisted stocks.    We currently have at least one five character stock symbol in the top 250 Nasdaq stocks.  The NYSE tests the ability of our member firms to trade Nasdaq listed securities with the NYSE in the event Nasdaq is not operational.  The NYSE will schedule semi-annual production tests with all affected systems to enhance continued readiness to trade Nasdaq stocks.  We believe that our current capacity model and our continuing enhancements to our capacity will be adequate.

It should be noted that the NYSE has the capacity to process five times our current average daily volume of 1.5 billion shares.   With the recent addition of capacity-on-demand from our technology vendors, our capacity is more than adequate to handle our current message traffic as well as the additional message traffic for the top 250 Nasdaq securities.
NYSE Rule 446 Back to top
As a self-regulatory organization (“SRO”), the NYSE filed Rule 446 (“Business Continuity and Contingency Plans”) on August 16, 2002 and the SEC approved it on April 7, 2004.   NYSE Rule 446 mandates that NYSE member firms specifically define and continuously update business continuity plans.  The NYSE’s Member Firm Regulation Division will review member firm business continuity plans as part of the NYSE’s ongoing and rigorous examination practices.   Rule 446, which became effective August 5, 2004, also requires that a member’s or member organization’s business continuity plan (BCP) be reasonably designed to enable it to meet its existing obligations to customers, and address existing relationships with other broker-dealers and counter-parties.  Rule 446 also requires members and member organizations to conduct at least annually a review of their BCPs to determine whether modifications are necessary in light of changes to operations.  However, BCPs must be updated whenever there is a material change in a firm’s operations, structure, business, or location that affects the information set forth in the BCP.
Information Security Back to top
An ongoing component of the NYSE’s contingency planning is a rigorous information security infrastructure.   This infrastructure ensures the reliability of all information that we receive, process, and disseminate to the world every day.  The NYSE utilizes a state of the art private network to process all order flow.  

We employ external perimeters, intrusion detection, internal access controls, and we conduct penetration testing by using “friendly” hackers.    A SIAC employee chairs the Financial Services Information Sharing Analysis Center (ISAC) that works with government agencies to identify and assess potential threats and to respond to actual threats.

We have designed and implemented a full range of protections to ensure the confidentiality, availability and integrity of information transmitted to and from the NYSE and SIAC.   Examples include firewalls and intrusion detection systems.

We have increased our focus on collective intelligence.   Using various threat intelligence and analysis services, SIAC has increased its level of situational awareness regarding cyber threats and their potential impact on our networks and on the industry as a whole.  SIAC participates in the ISAC program of information sharing, which allows the industry as a whole to gain a fuller picture of the nature and extent of threats and vulnerabilities.

We have increased internal and external network assessments to ensure that our systems operate with the highest possible level of security.   All our critical networks are scanned for vulnerabilities daily and any issues found are dealt with expeditiously.

We have enhanced surveillance of the network traffic flowing between SIAC and the outside world.   We have upgraded our Intrusion Detection Systems, allowing us to analyze IDS data for patterns of activity indicative of reconnaissance or attack.

SIAC has increased its monitoring of the Internet and other media for mentions of SIAC and our customers.   We have taken a more proactive role in reviewing information to ensure that potential adversaries are not provided with information that could assist in attacks on the financial system of the United States.

We also regularly conduct reviews of publicly available information to determine what an adversary planning an attack would know about the NYSE and SIAC.
NYSE-SIAC Public-Private Partnerships Back to top
As an example, the NYSE and SIAC participate in or chair the following industry committee or task-forces which share information on business continuity preparation and preparedness, system security, disaster recovery and have taken leadership roles in the following public and private organizations:
  • Securities Industry Association (SIA) Business Continuity Planning Steering Committee;
  • Co-chair of the SIA Exchanges & Industry Utilities Committee;
  • Co-chair of the SIA Industry Testing Committee;
  • The President's National Security Telecommunications Advisory Committee   (NSTAC);
  • Financial Services Sector Coordination Council (FSSCC);
  • Bond Market Association (BMA) Business Continuity Council;
  • Chair of the Financial Services Information Sharing Advisory Council (FS/ISAC); and
  • Chair of the ISAC Council, a coordinating body with representation from all the industry ISACs.

We also participate in the SEC Market Regulation Division’s Automation Review Policy (ARP) reports and inspections, and we responded to requests from the GAO as part of their original study on financial markets initiatives following 9/11 – and their subsequent follow-up.

We have also initiated a program to improve coordinated communication with Federal agencies as well as NYSE members and staff.  We have created an Emergency Notification System that will forward to our member firms alert messages received from the U.S. Department of Homeland Security or the SEC.  The Exchange has established new 800 telephone numbers and websites for disseminating emergency information to its members and staff and is developing a secure contingency website for members and staff to report their status after an emergency.

The August 14-15, 2003 Blackout Back to top
The blackout of August14-15, 2003 was the first opportunity for the NYSE and SIAC to activate their contingency planning.   A number of our business continuity initiatives were used during the fourteen hours that the NYSE and SIAC were without electricity from ConEdison.  The overwhelming majority of the NYSE’s management, technology, facilities and security personnel remained at the NYSE throughout the evening, as did SIAC’s management and operational staff.   The SIAC Emergency Commend Center functioned as the Command Center for the Securities Industry Association during the blackout.

On August 14, 2003, large portions of the Midwest and Northeast United States and Ontario, Canada, experienced an electric power blackout.    The blackout began shortly after 4:00 p.m.   NYSE trading had closed for the day when the blackout began and the post-trade clearance and settlement processes were underway.

When the NYSE’s data centers lost electricity, data center generators automatically started and no post-trade processes were affected.    The NYSE did not start its generators until approximately 10:00 p.m. on Thursday, August 14.  We hoped that the blackout was a temporary condition and we were in constant communication with ConEdison as well as New York City officials to determine when ConEdison could restore electrical power to the NYSE.  When it became clear that ConEdison would not be able to restore electrical power until some time on Friday, August 15, the NYSE decided to start its own generators.

The NYSE’s generators powered the NYSE’s Trading Floor and the first six floors of the NYSE’s headquarters until approximately 5:00 a.m. on Friday, August 15.   ConEdison restored electrical power to the NYSE shortly after 5:00 a.m. and the NYSE opened at 9:30 a.m. on August 15.  While trading was light, the NYSE did not experience any systemic problems.
The August 1 Heightened Terror Threat Back to top
On Sunday, August 1, 2004,Secretary Ridge of the U.S. Department of Homeland Security announced that al-Qaeda was targeting specific sites in Washington, D.C., Newark, New Jersey and New York City, including the NYSE.    In addition, Secretary Ridge announced that the Department of Homeland Security was raising the terror threat level to orange for New York City.

At approximately 6:00 p.m. on Saturday, July 31, the New York office of the FBI contacted NYSE security officials to inform them that the FBI had information that was very pertinent to the NYSE.   The FBI requested that NYSE officials come to their New York offices immediately to review the specific intelligence obtained by the U.S. government.  This intelligence clearly indicated that Al-Qaeda had surveilled the NYSE.

On Sunday, August 1, NYSE Security officials met with the FBI and NYPD Commissioner Ray Kelly.   At this meeting, the FBI and the NYPD informed the NYSE that there would be an immediate increase of NYPD officers and NYPD Hercules teams deployed around the NYSE’s perimeter.  In addition, the NYPD would increase the number of truck inspections for vehicles traveling south of Canal Street to determine if those trucks actually needed to proceed downtown towards the financial district.

At 6:00 p.m. on Sunday, August 1, the NYPD called a meeting with security officials from broker-dealers located in and around Wall Street.   At this meeting the NYPD pledged their assistance of NYPD assets and cooperation during the heightened alert.

Also on Sunday, August 1, the NYSE’s CEO, John Thain, spoke with Secretary Ridge and New York City Mayor Michael Bloomberg to discuss the heightened threat level.   The Department of Homeland Security as well as other Federal, state and local agencies notified the NYSE before the Secretary’s announcement that the Exchange was a specific terrorist target.  With this advance notice, the NYSE was able to communicate with its employees through our contingency websites.  Using these contingency websites we were able to provide timely information about the status of our operations for Monday, August 2, to NYSE members, member firms and member firm employees and NYSE employees.  On Tuesday, August 3, NYSE officials met with Homeland Security Secretary Tom Ridge and New York City Mayor Michael Bloomberg where they both pledged their cooperation and provision of Federal and New York City assets as needed.

Since 9/11, all of our efforts have served to increase NYSE’s physical security presence and its business continuity planning.   Our enhanced business continuity and contingency planning are on-line and being tested every day.  Unlike many localities and sites, New York City and the NYSE remain at a higher alert than the rest of the United States.


The NYSE is committed to ensuring that the U.S. capital markets remain the strongest and most resilient in the world.   In the event of another terrorist attack or catastrophe, the NYSE plans to resume trading in a timely, fair and orderly fashion that will provide confidence to America’s 85 million investors. While the NYSE and SIAC have implemented a comprehensive contingency plan that would provide for the orderly resumption of trading in the event of an attack or other catastrophe, we cannot prepare for every possible contingency.   We will continue to work with the SEC, Department of the Treasury, the Department of Homeland Security, the NYSE’s member firms, the financial services industry, and Federal, state and local law enforcement to address threats and to implement strategies and solutions.

I hope the foregoing is helpful to the Committee.   We look forward to working with you and the Financial Services Committee on issues affecting the capital markets.  Mr. Chairman, I want to thank you for the opportunity to present this testimony.   I would be happy to answer any questions.