Cyber Security, Oversight

OFR Director Berner takes heat from House subcommittee for data collection

140px-US-DeptOfTheTreasury-Seal.svgOffice of Financial Research Director Richard Berner took heat from members of the House Financial Services Subcommittee on Oversight and Investigations on Wednesday due to the agency’s collection of financial data.

Berner testified before the subcommittee on the agency’s annual report, which was released in December. The Dodd-Frank Act charged the OFR with providing support to the Financial Stability Oversight Council and collecting information on the health of the financial system, as well as vulnerabilities to economic downturn.

In his written testimony, Berner said the OFR has produced a data catalog of information collected from the financial services industry to “better measure financial activity and thus better understand how the financial system works,” adding that the catalog contains metadata and not the data itself.

Rep. Ann Wagner (R-Mo.), however, criticized the agency’s data collection efforts.

“Out of all the regulatory creations in Dodd-Frank, I’m not sure there is any more troubling than the Office of Financial Research,” Rep. Ann Wagner (R-Mo.) said. “As if Americans needed yet another agency collecting unlimited amounts of information from the American public for bureaucrats to pore over. There is tremendous concern this agency will do nothing but misinform regulatory decisions and increase the risk of crippling cyberattacks.”

Subcommittee Vice Chairman Rep. Michael G. Fitzpatrick (R-Pa.) said that while the Dodd-Frank directs the OFR to ensure collected data is safeguarded, Berner did not provide any indication that OFR “has achieved this data protection goal.”

Berner said building secure data systems is an “ongoing process” for the OFR but that the agency starts “from a very strong foundation.”

“We start with the governance from the Treasury department, and we use their standards as a starting point for our security systems,” Berner said. “We build on that using technology, using governance, using protocols for access to information depending on the level of sensitivity of the information.”

Additionally, Berner said the agency has made efforts to ensure the proper sharing of information and interim security.

“All those things are being worked on,” Berner said. “I’m pleased to report to you the process of engagement with the council on getting agreement on those protocols is well underway and nearly complete. That ensures that the controls that are applied to data that one agency has will be consistent with all the controls across the council. Limiting access to data, making sure that the right people have access to the data and only those who need to know—that’s also important, the technology governance that controls that access to some extent. But we build in the human element just to make sure that there’s a check and balance system so that nobody has access to data that they shouldn’t.”

Comments are closed.