[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[H.R. 4458 Engrossed in House (EH)]

<DOC>
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
116th CONGRESS
  2d Session
                                H. R. 4458

_______________________________________________________________________

                                 AN ACT


 
  To require the Board of Governors of the Federal Reserve System to 
  issue reports on cybersecurity with respect to the functions of the 
            Federal Reserve System, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Cybersecurity and Financial System 
Resilience Act of 2019''.

SEC. 2. CYBERSECURITY AND FINANCIAL SYSTEM RESILIENCE REPORT.

    (a) In General.--Not later than the end of the 180-day period 
beginning on the date of enactment of this Act, and annually 
thereafter, each banking regulator shall submit a report to the 
Committee on Financial Services of the House of Representatives and the 
Committee on Banking, Housing, and Urban Affairs of the Senate that 
provides a detailed explanation of measures undertaken to strengthen 
cybersecurity with respect to the functions of the regulator, including 
the supervision and regulation of financial institutions and, where 
applicable, third-party service providers. Each such report shall 
specifically include a detailed analysis of--
            (1) policies and procedures (including those described 
        under section 3554(b) of title 44, United States Code) that 
        guard against--
                    (A) efforts to deny access to or degrade, disrupt, 
                or destroy any information and communications 
                technology system or network, or exfiltrate information 
                from such a system or network without authorization;
                    (B) destructive malware attacks;
                    (C) denial of service activities; and
                    (D) any other efforts that may threaten the 
                functions of the banking regulator or entities overseen 
                by the regulator by undermining cybersecurity and the 
                resilience of the financial system;
            (2) activities to ensure the effective implementation of 
        policies and procedures described under paragraph (1), 
        including--
                    (A) the appointment of qualified staff, the 
                provision of staff training, the use of accountability 
                measures to support staff performance, and the 
                designation, if any, of senior appointed leadership to 
                strengthen accountability for oversight of 
                cybersecurity measures;
                    (B) deployment of adequate resources and 
                technologies;
                    (C) efforts to respond to cybersecurity-related 
                findings and recommendations of the Inspector General 
                of the banking regulator or the independent evaluation 
                described under section 3555 of title 42, United States 
                Code; and
                    (D) as appropriate, efforts to strengthen 
                cybersecurity in coordination with other Federal 
                departments and agencies, domestic and foreign 
                financial institutions, and other partners, including 
                the development and dissemination of best practices 
                regarding cybersecurity and the sharing of threat 
                information; and
            (3) any current or emerging threats that are likely to pose 
        a risk to the resilience of the financial system.
    (b) Form of Report.--The report required under subsection (a) shall 
be submitted in unclassified form, but may include a classified annex, 
if appropriate.
    (c) Congressional Briefing.--Upon request, the head of each banking 
regulator shall provide a detailed briefing to the appropriate Members 
of Congress on each report submitted pursuant to subsection (a), 
except--
            (1) the Chairman of the Board of Governors of the Federal 
        Reserve System may designate another member of the Board of 
        Governors of the Federal Reserve System to provide such 
        briefing;
            (2) the Chairperson of the Federal Deposit Insurance 
        Corporation may designate another member of the Board of 
        Directors of the Corporation to provide such briefing; and
            (3) the Chairman of the National Credit Union 
        Administration may designate another member of the National 
        Credit Union Administration Board to provide such briefing.
    (d) Definitions.--For the purposes of this Act:
            (1) Appropriate members of congress.--The term 
        ``appropriate Members of Congress'' means the following:
                    (A) The Chairman and Ranking Member of the 
                Committee on Financial Services of the House of 
                Representatives.
                    (B) The Chairman and Ranking Member of the 
                Committee on Banking, Housing, and Urban Affairs of the 
                Senate.
            (2) Banking regulator.--The term ``banking regulator'' 
        means the Board of Governors of the Federal Reserve System, the 
        Comptroller of the Currency, the Federal Deposit Insurance 
        Corporation, and the National Credit Union Administration.
            (3) Senior appointed leadership.--With respect to a banking 
        regulator, the term ``senior appointed leadership'' means a 
        position that requires Senate confirmation.
    (e) Sunset.--The provisions of this Act shall have no force or 
effect on or after the date that is 7 years after the date of enactment 
of this Act.

SEC. 3. DETERMINATION OF BUDGETARY EFFECTS.

    The budgetary effects of this Act, for the purpose of complying 
with the Statutory Pay-As-You-Go Act of 2010, shall be determined by 
reference to the latest statement titled ``Budgetary Effects of PAYGO 
Legislation'' for this Act, submitted for printing in the Congressional 
Record by the Chairman of the House Budget Committee, provided that 
such statement has been submitted prior to the vote on passage.

            Passed the House of Representatives January 13, 2020.

            Attest:

                                                                 Clerk.
116th CONGRESS

  2d Session

                               H. R. 4458

_______________________________________________________________________

                                 AN ACT

  To require the Board of Governors of the Federal Reserve System to 
  issue reports on cybersecurity with respect to the functions of the 
            Federal Reserve System, and for other purposes.