[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[H.R. 4458 Referred in Senate (RFS)]
<DOC>
116th CONGRESS
2d Session
H. R. 4458
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
January 14, 2020
Received; read twice and referred to the Committee on Banking, Housing,
and Urban Affairs
_______________________________________________________________________
AN ACT
To require the Board of Governors of the Federal Reserve System to
issue reports on cybersecurity with respect to the functions of the
Federal Reserve System, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Cybersecurity and Financial System
Resilience Act of 2019''.
SEC. 2. CYBERSECURITY AND FINANCIAL SYSTEM RESILIENCE REPORT.
(a) In General.--Not later than the end of the 180-day period
beginning on the date of enactment of this Act, and annually
thereafter, each banking regulator shall submit a report to the
Committee on Financial Services of the House of Representatives and the
Committee on Banking, Housing, and Urban Affairs of the Senate that
provides a detailed explanation of measures undertaken to strengthen
cybersecurity with respect to the functions of the regulator, including
the supervision and regulation of financial institutions and, where
applicable, third-party service providers. Each such report shall
specifically include a detailed analysis of--
(1) policies and procedures (including those described
under section 3554(b) of title 44, United States Code) that
guard against--
(A) efforts to deny access to or degrade, disrupt,
or destroy any information and communications
technology system or network, or exfiltrate information
from such a system or network without authorization;
(B) destructive malware attacks;
(C) denial of service activities; and
(D) any other efforts that may threaten the
functions of the banking regulator or entities overseen
by the regulator by undermining cybersecurity and the
resilience of the financial system;
(2) activities to ensure the effective implementation of
policies and procedures described under paragraph (1),
including--
(A) the appointment of qualified staff, the
provision of staff training, the use of accountability
measures to support staff performance, and the
designation, if any, of senior appointed leadership to
strengthen accountability for oversight of
cybersecurity measures;
(B) deployment of adequate resources and
technologies;
(C) efforts to respond to cybersecurity-related
findings and recommendations of the Inspector General
of the banking regulator or the independent evaluation
described under section 3555 of title 42, United States
Code; and
(D) as appropriate, efforts to strengthen
cybersecurity in coordination with other Federal
departments and agencies, domestic and foreign
financial institutions, and other partners, including
the development and dissemination of best practices
regarding cybersecurity and the sharing of threat
information; and
(3) any current or emerging threats that are likely to pose
a risk to the resilience of the financial system.
(b) Form of Report.--The report required under subsection (a) shall
be submitted in unclassified form, but may include a classified annex,
if appropriate.
(c) Congressional Briefing.--Upon request, the head of each banking
regulator shall provide a detailed briefing to the appropriate Members
of Congress on each report submitted pursuant to subsection (a),
except--
(1) the Chairman of the Board of Governors of the Federal
Reserve System may designate another member of the Board of
Governors of the Federal Reserve System to provide such
briefing;
(2) the Chairperson of the Federal Deposit Insurance
Corporation may designate another member of the Board of
Directors of the Corporation to provide such briefing; and
(3) the Chairman of the National Credit Union
Administration may designate another member of the National
Credit Union Administration Board to provide such briefing.
(d) Definitions.--For the purposes of this Act:
(1) Appropriate members of congress.--The term
``appropriate Members of Congress'' means the following:
(A) The Chairman and Ranking Member of the
Committee on Financial Services of the House of
Representatives.
(B) The Chairman and Ranking Member of the
Committee on Banking, Housing, and Urban Affairs of the
Senate.
(2) Banking regulator.--The term ``banking regulator''
means the Board of Governors of the Federal Reserve System, the
Comptroller of the Currency, the Federal Deposit Insurance
Corporation, and the National Credit Union Administration.
(3) Senior appointed leadership.--With respect to a banking
regulator, the term ``senior appointed leadership'' means a
position that requires Senate confirmation.
(e) Sunset.--The provisions of this Act shall have no force or
effect on or after the date that is 7 years after the date of enactment
of this Act.
SEC. 3. DETERMINATION OF BUDGETARY EFFECTS.
The budgetary effects of this Act, for the purpose of complying
with the Statutory Pay-As-You-Go Act of 2010, shall be determined by
reference to the latest statement titled ``Budgetary Effects of PAYGO
Legislation'' for this Act, submitted for printing in the Congressional
Record by the Chairman of the House Budget Committee, provided that
such statement has been submitted prior to the vote on passage.
Passed the House of Representatives January 13, 2020.
Attest:
CHERYL L. JOHNSON,
Clerk.