The hearing will come to order.

This financial crisis has demonstrated that, contrary to the presumption of many, financial institutions were unprepared and in many cases incapable of adequately assessing the risks that they were bearing on their books.

Having listened to that, it is, I think, very insightful, and it seems to be a great approach.

You know, making the diagnosis that you are ill and then not treating the patient is, you know, malpractice.

And it raises the question with respect to the Federal Reserve that if these documents are solely within the purview of the Federal Reserve, how is the broader financial community and the broader community and how is Congress to inform…

I would presume, and correct me, that those procedures, those appropriate procedures you described, were not being deployed very successfully at Bear Stearns or Lehman Brothers.

I would hope it would be public.

it raises an issue, which is that in 2006, you had at least had serious concerns because of the stress testing that these firms could not handle or have systems in place to deal with the risk.

the fact that they did not have systems in place to adequately assess the risk, which I think is a fair conclusion of the report of the GAO.

Let me talk to Mr. Cole. As the umbrella regulator of several large financial institutions, do you feel that you are responsible, the Federal Reserve is responsible for the overall capacity of that institution as an enterprise to evaluate…

you need to do more here, and that is one of the main tools that we have, is that type of horizontal review.

Yes. Mr. Long, the same sort of set of issues about reliance upon information and being a captive of the regulated entity.

I will say, though, that in terms of really doing our job, if we sense that there are deficiencies and need to do more than the functional regulator is doing, we do reserve the ability, I think--under Gramm-Leach-Bliley, in fact, by…

Well, let me raise--because this has been publicly discussed.

But, you know, it goes back to the question I raised before, to which I think you affirmatively responded, that in terms of overall risk mechanisms or risk compliance, that it was clear that the umbrella regulator had that responsibility.

We have rigorous stress testing around those models.

You know, where was the risk assessment at the enterprise, as you described it?

But there is another way sort of to get the message across to the marketplace, and that is enforcement action.