[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[H.R. 7437 Reported in House (RH)]
<DOC>
Union Calendar No. 615
118th CONGRESS
2d Session
H. R. 7437
[Report No. 118-728]
To require certain supervisory agencies to assess their technological
vulnerabilities, and for other purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
February 23, 2024
Mrs. Houchin (for herself, Mr. Foster, and Mr. Hill) introduced the
following bill; which was referred to the Committee on Financial
Services
November 1, 2024
Additional sponsor: Ms. Pettersen
November 1, 2024
Reported with an amendment, committed to the Committee of the Whole
House on the State of the Union, and ordered to be printed
[Strike out all after the enacting clause and insert the part printed
in italic]
[For text of introduced bill, see copy of bill as introduced on
February 23, 2024]
_______________________________________________________________________
A BILL
To require certain supervisory agencies to assess their technological
vulnerabilities, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Fostering the Use of Technology to
Uphold Regulatory Effectiveness in Supervision Act''.
SEC. 2. FINDINGS.
Congress finds the following:
(1) Banking regulators continue to examine and monitor
depository institutions without access to real-time
information.
(2) Risk surrounding technology procurement may present
challenges for updating supervisory technology.
(3) To ensure that prudential supervision is effective and
sustainable in the digital age, agencies must leverage new
technologies to allow for the financial monitoring necessary to
preserve a safe and sound banking system.
(4) New technological tools are also necessary in order for
agencies to effectively fulfill mandates other than prudential
supervision, including their mandates to assure consumer
protection and monitor Bank Secrecy Act compliance.
(5) Agencies' reliance on outdated technology creates
vulnerabilities for the financial system, causing--
(A) difficulties in collecting, compiling, and
analyzing relevant information about risks and
noncompliance at supervised firms;
(B) reliance on information that is inaccurate,
incomplete, or not timely;
(C) reliance on limited and outdated tools for data
analysis;
(D) difficulties in using data to identify risk
trends;
(E) difficulties in producing accurate and timely
reports;
(F) inadequacy of cybersecurity safeguards; and
(G) failure to detect illegal activities.
(6) The rapid expansion of financial firms' use of
artificial intelligence may generate opportunities to improve
the financial system while also introducing a range of risks,
making it essential that agencies be equipped with the
technology and skills needed to analyze these opportunities and
potential risks.
(7) While agencies assess their supervisory capabilities on
an ongoing basis, it is imperative that there be a unified goal
to enhancing supervisory technologies that ensures effective
and sustainable oversight in the digital age.
SEC. 3. TECHNOLOGICAL VULNERABILITIES AND PROCUREMENT PRACTICES
ASSESSMENT.
(a) In General.--
(1) Technological vulnerabilities assessment.--Each covered
agency shall, not later than 180 days after the date of the
enactment of this section, assess how existing technological
systems used by the covered agency prevent the covered agency
from conducting real-time supervisory assessments of entities
over which the covered agency has supervisory authority,
including effects stemming from--
(A) core information technology infrastructure;
(B) technology used to supervise entities,
including supervisory technological tools; and
(C) technology for monitoring general market risks
using reported data and external data.
(2) Procurement practices assessment.--Each covered agency
shall, not later than 180 days after the date of the enactment
of this section--
(A) assess the procurement rules and protocols
adhered to by such covered agency when such covered
agency acquires or develops new technological systems;
and
(B) identify any challenges created by such
procurement rules and protocols, including the impact
such rules or protocols have on the ability of the
covered agency to test new technological systems.
(b) Report.--Not later than 1 year after the completion of the
assessments required under subsection (a), and every 5 years
thereafter, the covered agencies shall coordinate and jointly submit to
the Committee on Financial Services of the House of Representatives and
the Committee on Banking, Housing, and Urban Affairs of the Senate a
report that includes the following with respect to each covered
agency--
(1) a general overview of hardware and software used for
information gathering and advanced analytics during supervision
activities, including products purchased from technology
vendors and products developed by the covered agency or
contractors of the covered agency;
(2) a description of the procurement practices and
protocols of the covered agency, including a description of--
(A) whether such processes are voluntarily adhered
to or mandated; and
(B) any challenges resulting from such practices
and protocols and relevant factors, if any, that have
impacted the covered agency's ability to obtain new
technology;
(3) a general overview of the portion of workforce of the
covered agency that is engaged primarily in technology
development within the covered agency, including--
(A) an overview of the ability of the covered
agency to recruit and retain appropriate technology
experts;
(B) employee self-reported workforce data; and
(C) a description of the degree to which the
covered agency relies on contractors to design,
develop, or deploy technology and perform technology-
related tasks;
(4) a description of the processes used by the covered
agency to obtain information from entities supervised by the
covered agency and general information about market trends and
risks;
(5) a description of the ways in which the covered agency
shares information or system access with other covered
agencies;
(6) an evaluation of the level of ease or difficulty
experienced by the covered agency, including any legal or
regulatory challenges, when--
(A) sharing data with other government agencies; or
(B) collecting data from entities supervised by the
covered agency;
(7) an evaluation of cost for supervised entities to modify
systems to share data with covered agencies; and
(8) a description of any plans the covered agency has that
relate to how the covered agency will implement future upgrades
to the technology used by the covered agency to supervise
entities supervised by the covered agency, including--
(A) a general description of any planned upgrades;
(B) the anticipated timeline for any planned
upgrades;
(C) the costs of any planned upgrades;
(D) any concerns about access to needed resources;
(E) intended efforts for hiring and training
individuals as part of any technological upgrades;
(F) any aspects of any planned upgrades that should
be addressed on an interagency basis; and
(G) any anticipated challenges and solutions
associated with entities supervised by the covered
agency adapting to new reporting requirements,
including--
(i) estimates of transition costs; and
(ii) estimates of any potential cost
reductions.
(c) Covered Agency Defined.--In this section, the ``covered
agency'' means the Board of Governors of the Federal Reserve System,
the Federal Deposit Insurance Corporation, Office of the Comptroller of
the Currency, the Bureau of Consumer Financial Protection, and the
National Credit Union Administration.
Union Calendar No. 615
118th CONGRESS
2d Session
H. R. 7437
[Report No. 118-728]
_______________________________________________________________________
A BILL
To require certain supervisory agencies to assess their technological
vulnerabilities, and for other purposes.
_______________________________________________________________________
November 1, 2024
Reported with an amendment, committed to the Committee of the Whole
House on the State of the Union, and ordered to be printed