September 2017

Q&A with Mark Morrison

Mark Morrison, Senior Vice President and Chief Security Officer, shares his insights on cyber security and the exchange-listed options industry.

Read This Story

In This Issue

Latest Stories

Q&A with Mark Morrison, OCC’s Chief Security Officer

Mark Morrison joined OCC on May 1st as Senior Vice President and Chief Security Officer (CSO). He shares his insights on cyber security and the exchange-listed options industry, as well as his responsibilities at the world's largest equity derivatives clearing organization.

Mark Morrison headshotGiven that the Chief Security Officer is a new position for OCC, what are some of your primary responsibilities?

The CSO position is a relatively new role at OCC, but it is really an expansion of the responsibilities and focus assigned to the prior Chief Information Security Officer (CISO). The most significant difference is the CSO now reports to John Fennell, OCC's Chief Risk Officer, and the Security Services department is no longer within the Information Technology organization under the Chief Information Officer (CIO). OCC is following a growing trend in many Fortune 500 corporations who are migrating toward using a CSO. The idea is that these two experts, the CSO and the CIO, represent different viewpoints: a CIO is naturally focused towards production, while a CSO is focused on security and defense. To meet a company's business needs at an acceptable cost and level of risk, the CIO and CSO must synergize their perspectives so that company leadership can choose the right balance of capability and security to meet its operational goals. My colleague, Dave Hoag, OCC's CIO, and I are working toward that goal.

The main responsibility of the CSO is to define and manage the enterprise-wide Information, Cyber, and Physical Security Program. Security Services at OCC partners with IT, our corporate offices, and business units to ensure the confidentiality, integrity and availability of corporate information assets. Security identifies and employs information and cyber security best practices supporting a risk-based methodology consistent with financial sector regulator cyber security policies, procedures and guidelines.

How has your past work at the White House, Department of Defense, and various defense intelligence agencies prepared you for your role at OCC?

The government and defense sectors are tremendous incubators for cutting-edge security technologies and practices because they are constantly under attack. My experience in working with 24/7 global cyber defense operations has afforded me valuable insight into those tactics, techniques, and technologies that work extremely well … and those that simply aren't worth the effort. Even though OCC represents a different sort of target for hackers and criminals, the lessons I have learned from my time in government are immensely valuable in setting our strategic cyber defense priorities at OCC so we can better serve market participants.

The CEO of IBM has said, "Cyber-crime is the greatest threat to every company in the world." What do you see as the biggest challenge facing CSOs in the financial services sector?

The greatest challenge facing CSOs in 2017 is how our adversaries have changed their tactics to hit us where we are the most vulnerable. Back during the first boom (1996-2001), cybercrime defense focused primarily on engineering solutions: firewalls, intrusion detection, network monitoring, and other technological defenses. That is because systems in those days were more fragile and exploitable than users were. Over the last twenty years, our defense equipment has grown so mature and so stable that cybercriminals have come to downplay old-fashioned technical exploits in favor of trying to compromise people. Why invest hundreds of hours crafting a wickedly-complex virus when you can steal a user's network credentials with a phishing message that costs a fraction of a cent to send and only an hour to craft? That is why we as CSOs have to work harder than ever at raising security awareness and changing user behavior.

What do you and your peers see as some of the emerging cyber security threats and trends?

The rise of cost-effective cloud services has significantly changed how companies of all sizes conduct security operations. The cloud providers have made it easier than ever before to spin up new capabilities and services as business needs change. Cloud offerings can be great tools for cost-effectively managing demand. Cloud offerings can also pose a security nightmare depending on how each unique provider approaches the problem of protecting their clients' data, accounts, and services. When all of your IT equipment is safely locked up in your own data center, you have considerably more control over your information and services. When your IT "equipment" is actually a partner's equipment that you are renting from across the public Internet, you have to sacrifice some control and situational awareness. Contracts, monitoring, and cloud-aware security tools become crucial tools for getting what you want out of your cloud providers without unduly losing control of your critical information.

What would you say is the biggest challenge and/or opportunity facing you and your team at OCC?

Realignment and reorganization are the next vital opportunities that we are tackling inside Security Services. We have more than tripled the number of people in Security over the last five years, and we also have seen tremendous turnover. Many of our leaders and experts – people like Erin Collins, Joe Rebone, and Dru Taylor – were recognized for their tremendous achievements and potential, and left Security Services for higher-level opportunities, both inside and outside of OCC. We are proud of our people and wish them all the best. We have also hired a number of new industry experts to deliver new services that we have offered before – specifically in the areas of security engineering, resiliency, and testing. That means that now is the right time to restructure and re-balance our team to ensure that we have the right expertise in the right structure to accomplish our most critical functions. We are getting the team together at the kick-off of Cyber Security Awareness Month to re-set the Security Department into its optimal state so that we enter Fiscal Year 2018 stronger than ever and continue to safeguard the integrity of the exchange-listed options markets.

Celebrating its 25th Anniversary, OIC Continues to Educate Market Participants on the Benefits and Risks of Exchange-Listed Options

Celebrating its 25th Anniversary, OIC Continues to Educate Market Participants on the Benefits and Risks of Exchange-Listed Options

Celebrating its 25th anniversary as the leading provider of unbiased educational content for exchange-listed options, OIC continues on its mission to educate individual investors, financial advisors and institutions about the benefits and risks of using exchange-listed options to manage financial risk. Watch a short video on OIC's 25th anniversary and read more.

In serving its mission, OIC hosts a variety of webinars for market participants to learn more about using options in their portfolios. On July 19th, Ed Modla, OIC Manager of Investor Services, and Bill Ryan, Senior Investor Services Specialist, discussed ways investors can potentially use options for risk reduction, income generation and stock acquisition during OIC's "Options Strategies Made Simple" webinar. To complement this webinar, OIC hosted, "Cracking the Code: Taking the Mystery Out of Options Symbols and Chains" on July 26th. Mark Benzaquen, OIC Senior Investor Services Specialist, discussed options symbology, cycles, quotes and chains during this webinar.

In August, OIC hosted two webinars. The first, featuring Dan Sheridan, President of Sheridan Mentoring, explored the process of selecting strike prices and expiration dates when initiating an options position. The second, presented by Joe Burgoyne, OIC Director of Institutional and Retail Marketing, looked at options series and how investors can chose the right one for their portfolio and market view.

Additionally, OIC hosted its "What's Behind an Options Price?" webinar on September 13th, delivered by Peter Lusk, CBOE Senior Instructor for The Options Institute. On September 21st, OIC will be hosting "Why Do Options Prices Move So Much?" webinar, where attendees will learn about options "Greeks" and other factors that impact an options price.

Along with webinars, OIC is offering a variety of videos, podcasts and seminars throughout the rest of the year. To learn more about the work OIC does on behalf of the exchange-listed options industry and for investors, visit for more information.

OCC Continues to Advocate for U.S. Exchange-Listed Options Industry

In its role as an industry advocate, OCC continues to maintain a visible presence at relevant conferences and events to provide thought leadership on key industry issues.

Craig Donohue, OCC Executive Chairman and CEO, will be attending The Wall Street Journal CEO Council in Washington, D.C. on November 13th. John Davidson, OCC President and COO, was the keynote speaker at the DTCC Collateral Conference for the Americas on September 19th. He also will be speaking at the Chicago Federal Reserve Annual Conference on Risk Management on October 17th, and the SIFMA Listed Options Conference on November 30th.

Scot Warren, OCC Chief Administrative Officer, will be speaking on the clearinghouse leaders panel at the FIA Expo in Chicago on October 19th. John Fennell, OCC Chief Risk Officer, represented OCC at the 84th Security Traders Association Annual Market Structure Conference in Washington, D.C. on September 14th, and at the Financial Stability Institute in Basel, Switzerland on September 18th.

On October 25th, Tracy Raben, OCC Chief Human Resources Officer, is addressing the 2017 SHRM Diversity and Inclusion Conference and Exposition in San Francisco on the topic of advancing diversity of thought as a competitive advantage. Frank Tirado, OIC Vice President of Education, will speak on a panel about the liquidity landscape at the Bloomberg Invest ETFs Summit on October 5th in London. Jason Stradley, OCC Vice President of Security Operations, will participate in a panel discussion in Chicago on October 19th as part of the CISO Chicago Summit.

OCC Helps Families at Risk Through Charitable Sponsorships

For the third consecutive year, OCC, as part of its charitable strategy to support organizations that help people at risk, will be one of several industry sponsors at ALTSO's annual Rocktoberfest in Chicago on October 5th. ALTSO (A Leg To Stand On) is a 501c3 non-profit organization that provides free prosthetic limbs, corrective surgery and rehabilitative care to children in the developing world who are suffering from traumatic or congenital limb disabilities.

This year's Rocktoberfest-Chicago will unite professionals from the trading and related financial services industries, including several OCC partner exchanges and clearing firms, for a night of rock and roll and acoustic music performed by friends and colleagues from our industry.

OCC also is proud to again be a sponsor of this year's Great Chicago Steak Out on October 19th. The Great Chicago Steak Out is an annual fundraiser that takes place as part of the Futures Industry Association's Futures & Options Expo in Chicago. As part of the FIA Cares program, the Great Chicago Steak Out gives companies and individuals in the financial derivatives industry the opportunity to provide financial support to help feed those in need. Since 2008, the FIA Cares program has raised nearly $3 million for the Greater Chicago Food Depository.

OCC is proud to support the good works of ALTSO, FIA Cares program and the Greater Chicago Food Depository in partnership with the Chicago financial services community. For more information on the events mentioned above visit and

From Capitol Hill


Randy Quarles Considered for Vice Chairman Role at the Federal Reserve

On September 7th, the Senate Banking Committee voted 17-6 to advance the nomination of Mr. Randal Quarles to be a Member of the Board of Governors of the Federal Reserve System and Vice Chairman for Supervision. This follows a July 27th hearing held by the Senate Banking Committee on Mr. Quarles’ nomination, Mr. Quarles' nomination, where members of the committee, who have oversight over the Federal Reserve System, questioned Mr. Quarles on his expertise, experience and policy positions on current issues relating to his nomination. This hearing included a discussion of the Volcker Rule, stress tests and bank capital rules among other issues.

Senate Banking Committee Member Urges Action on Bank Capital Rules

During the Quarles confirmation hearing, Senator Mike Rounds (R-SD), questioned Mr. Quarles about the risk weighted asset (RWA) ratio and its negative impacts on the exchange-listed options markets. It was noted that bank risk exposure has impacted liquidity in these markets and that current bank capital rules included in the Basel III regulations have caused this lack of liquidity. The lack of liquidity in the options markets has been an issue of concern and Mr. Quarles responded that if confirmed, he believed it was appropriate to look into the RWA ratio and its impact on the markets.

This hearing followed a June 23rd speech by Federal Reserve Governor Jerome Powell at the Federal Reserve Bank of Chicago Symposium on Central Clearing in which he stated that a risk-insensitive leverage ratio can have negative impacts on capital requirements. In his speech, Governor Powell cited the OCC's pre-funded, committed repurchase facility with CalPERS, the largest U.S. pension fund, as an example of CCPs that are actively engaging in efforts to increase their efficiency in order to better serve market participants.

J. Christopher Giancarlo, Brian Quintenz and Rostin Benham Confirmed for CFTC

On August 3rd, the U. S. Senate approved three nominees for the Commodities Trading Futures Commission (CFTC) by unanimous consent. The Senate confirmed J. Christopher Giancarlo, who had been Acting Chairman, to be the permanent Chair of the CFTC, and Republican Brian Quintenz and Democrat Rostin Behnam to serve as commissioners. Mr. Quintenz was sworn into his position as commissioner on August 15th followed by Mr. Benham on September 6th. A third CFTC nominee, Dawn Stump, who was approved by the Senate Agriculture Committee on August 2nd, was not confirmed prior to recess. President Trump will need to nominate another Democratic candidate to replace outgoing commissioner Sharon Y. Bowen, who announced her departure from the Commission.

Congress May Take Up Tax Reform in September

As Congress prepared to leave for its August recess, there was growing consensus that the House and Senate Republican leadership are looking to take up the issue of comprehensive tax reform in September. On July 27th, select congressional Republicans and representatives of the Trump Administration, known as "The Big Six," issued a joint tax overhaul statement that sets aside the controversial Border Adjustment Tax proposal and provides a general overview of their shared vision for a tax overhaul. A copy of the Big Six statement can be viewed at this link:

OCC and the U.S. Securities Markets Coalition have been engaged with policymakers on potential tax reform since 2014, when former House Ways and Means Chairman Dave Camp (R-MI) released his comprehensive tax legislation. Throughout the spring and summer of 2017, the Coalition continued to engage with various congressional and Administration officials and staff to explain the options industry's concerns regarding previous mark-to-market tax proposals and advocate for a different approach in any forthcoming tax reform package.

Congress Votes to Approve an Extension of the Debt Ceiling

On September 6th, President Trump agreed to a budget deal with Democratic leaders of the House and Senate to extend the nation's borrowing limit and fund government operations until December 15th. The budget deal, which took Republican leaders in Congress by surprise, was agreed to by the President in order to allow Congress to address other issues, including tax reform. Also included in the budget deal was $15 billion in funding for hurricane aid efforts. The deal was approved by the House on September 8th and signed into law by the President on the same day.

Editorial Team