Bloomberg View: Libor Has Outworn Its Welcome; Fixing the Cybersecurity Act

The $360 Trillion Fib Rate ● Fighting Hacks With National Security Standards
Photograph by Chris Ratcliffe/Bloomberg

An End to Libor

Every weekday morning at about 11:00 a.m., a panel of the world’s largest banks reports how much it would cost to borrow from other banks in various currencies and time periods. An adjusted average of those rates determines the size of payments on corporate and mortgage loans worldwide. This is the London interbank offered rate, or Libor. About $360 trillion in financial contracts depends on Libor, and in times of crisis it serves as an indicator of stress in the banking system: The more banks pay for short-term loans, the more trouble they’re in.

Problem is, banks have powerful incentives to fib about their borrowing costs—a flaw that’s become the focus of civil lawsuits, a criminal investigation by the U.S. Department of Justice, and a multinational regulatory inquiry into possible manipulation of Libor. Sick banks can make themselves appear healthier by artificially lowering their reported borrowing rates, which are made public. Manipulating Libor can also help banks that are major players in derivatives. Hundreds of millions of dollars can be made on differences of as little as a quarter of a percentage point, and studies suggest such incentives are skewing Libor. Economists at the Federal Reserve Bank of New York estimated that, during the financial crisis, the rates reported by banks in the Libor panel were as much as 0.3 percentage points lower than their borrowing rates.

The British Bankers’ Association, the trade group that oversees Libor, made an inadequate attempt to overhaul the benchmark in 2008, and given another try its chances of success are slim. One major reason is that the BBA is conflicted: Representatives of the reporting banks, for example, lead the BBA committee responsible for Libor. Beyond that it’s difficult to find actual borrowing rates to verify independently what the banks are reporting.

Hence, the world needs a new benchmark. Ideally, it would reflect an actual trading market rather than the “what if” quotes that underpin Libor. The market should be active and used by a variety of participants, making it difficult to manipulate. It should also be useful for banks and other institutions that want to hedge against changes in interest rates.

The leading candidate is the market for so-called general collateral repo loans—loans that banks and investors take out against good collateral, such as U.S. Treasuries. The Depository Trust Clearing Corporation, owned by a diverse group of financial institutions, has started publishing a daily index of the rates on overnight repo loans. Any transition from Libor to a new system will take a long time. Traders will resist change. But these are small obstacles to creating an honest benchmark for interest rates.

The Flexibility to Fight Cyberattacks

Companies such as Lockheed Martin, Citigroup, and Sony have recently reported serious breaches of their networks. NASA said on Feb. 29 that hackers had launched 13 major attacks against it last year. In one they gained access to networks at the Jet Propulsion Laboratory, which manages active space missions. The national counterintelligence executive, a federal post, estimates that $398 billion in U.S. research and development spending is jeopardized by cyber-espionage from China and Russia. As scary as it sounds, cybersecurity is a manageable problem. The important thing for Congress is to act quickly—but not overreact.

The Cybersecurity Act of 2012, a bipartisan bill backed by Senator Joseph Lieberman (ID-Conn.), is a noble but imperfect start. It would require operators of critical networks—such as those used by utilities, banks, and telecommunications services—to meet federal security standards overseen by the Department of Homeland Security. Unfortunately, the bill defines as “critical” systems that, if disrupted by a cyberattack, “would cause mass death, evacuation, or major damage to the economy, national security, or daily life.” That leaves a lot of business outside its mandate.

A competing bill, introduced on March 1 and backed by Senator John McCain of Arizona and other Republicans, would encourage companies to voluntarily share information with the government and with one another. Republicans argue that no one has a greater incentive to prevent cyberattacks than companies themselves. Except that making your business more secure costs money. A study by Bloomberg Government of 172 organizations found they would need to increase their cybersecurity spending almost nine times over—to $46.6 billion from the current $5.3 billion—to achieve security that could repel 95 percent of attacks.

Such calculations are perhaps why 71 percent of cybersecurity professionals would like to see the federal government take a more active role against cyberattacks, according to a 2010 study by the Enterprise Strategy Group, an information-technology consulting firm. True, these are the people who would benefit from increased cybersecurity budgets. Yet their point holds: If the government creates uniform security standards, a given company won’t be at a disadvantage for taking proper precautions.

This is where the Lieberman bill is smart. By letting businesses develop their own means of meeting the federal standards—through new software, for instance—the bill could harness competition to create efficiency in meeting the threats from cyberspace.

To fix the bill’s flaws, the Senate should broaden the definition of critical infrastructure modestly by requiring some commercial IT companies to adhere to federal standards on installation and maintenance procedures. It should ensure that the requirements for companies are as flexible as possible, to allow for unanticipated new threats and to enable the quick correction of flawed measures or unforeseen consequences.


    To read Virginia Postrel on OTC contraception and William Cohan on another Goldman Sachs conflict, go to:

    Before it's here, it's on the Bloomberg Terminal.