WASHINGTON — A senior Treasury Department official said Wednesday that financial institutions and policymakers need to focus on operational risk, warning specifically about information-technology threats.

In remarks broadly describing the goals of, and the events leading to, financial reform efforts, Cyrus Amir-Mokri said regulations need to evolve to keep pace with a dynamic system. He also acknowledged the challenges in complying with rules that are so highly complex, and said firms' self-regulation is an important factor in ensuring long-term stability.

"We must revisit our assumptions, adapt our models, and refine our regulations, when warranted. By way of example, one area of risk in which recent experience teaches that we need to pay more attention is operational risk," Amir-Mokri, the assistant Treasury secretary for financial institutions, said in prepared remarks before the Practising Law Institute in New York.

He said while financial institutions have had successes "incorporating technology," they should not rest on their laurels.

The sector "relies heavily on information technology systems to keep records, conduct transactions and test risk models, thus bringing about substantial efficiencies, certainty and improved customer experience," Amir-Mokri said. But, he added, "We must not take this success and the convenience it has brought for granted.

"A failure to adequately understand and mitigate risks that are introduced into a firm's operations as a result of systems breakdowns from within or cyber attacks from outside could have significant adverse consequences."

More generally, Amir-Mokri suggested that policymakers may ultimately consider tweaks to regulations stemming from the crisis in order to reduce complexity.

"Notwithstanding the progress made thus far by both firms and regulators, there is much work to be done to reach a proper calibration of the relevant rules and practices," he said. "We are familiar with the criticisms that the rules are too complex, that they are inconsistent or redundant, that they encourage activity to move into unregulated space, and that they cause contraction of economic activity. We pay close attention to such comments.

"Our regulators seek to better understand problems with regulation. They also take their responsibilities for coordination seriously. Working out the details and proper calibration of how this architecture works, if done right, will be a continuing process. That being said, it is important not to conflate apparent shortcomings of individual rules or their components with the financial stability architecture that underlies them."

He also warned that financial stability relies on institutions self-regulating, and not just a flurry of rules from Washington.

"We should not simply assume that better regulation will necessarily prevent all future crises," Amir-Mokri said.

"Confidence in the financial system also depends on the integrity of both the private institutions that operate within it and the individuals who run those institutions. Inculcating a culture of integrity and responsible risk-taking is not a one or two-year project. It is a perpetual duty that depends on developing robust governance structures that provide appropriate incentives, accountability for failure, independence of functions so as to emphasize the importance of risk management and compliance, attracting and retaining talent in all corners, and a management culture that focuses on long-term stability."