
	

116 HR 4458 : Cybersecurity and Financial System Resilience Act of 2019
U.S. House of Representatives
2020-01-14
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.



		IIB
		116th CONGRESS2d Session
		H. R. 4458
		IN THE SENATE OF THE UNITED STATES
		January 14, 2020Received; read twice and referred to the Committee on Banking, Housing, and Urban AffairsAN ACT
		To require the Board of Governors of the Federal Reserve System to issue reports on cybersecurity
			 with respect to the functions of the Federal Reserve System, and for other
			 purposes.
	
	
 1.Short titleThis Act may be cited as the Cybersecurity and Financial System Resilience Act of 2019. 2.Cybersecurity and financial system resilience report (a)In generalNot later than the end of the 180-day period beginning on the date of enactment of this Act, and annually thereafter, each banking regulator shall submit a report to the Committee on Financial Services of the House of Representatives and the Committee on Banking, Housing, and Urban Affairs of the Senate that provides a detailed explanation of measures undertaken to strengthen cybersecurity with respect to the functions of the regulator, including the supervision and regulation of financial institutions and, where applicable, third-party service providers. Each such report shall specifically include a detailed analysis of—
 (1)policies and procedures (including those described under section 3554(b) of title 44, United States Code) that guard against—
 (A)efforts to deny access to or degrade, disrupt, or destroy any information and communications technology system or network, or exfiltrate information from such a system or network without authorization;
 (B)destructive malware attacks; (C)denial of service activities; and
 (D)any other efforts that may threaten the functions of the banking regulator or entities overseen by the regulator by undermining cybersecurity and the resilience of the financial system;
 (2)activities to ensure the effective implementation of policies and procedures described under paragraph (1), including—
 (A)the appointment of qualified staff, the provision of staff training, the use of accountability measures to support staff performance, and the designation, if any, of senior appointed leadership to strengthen accountability for oversight of cybersecurity measures;
 (B)deployment of adequate resources and technologies; (C)efforts to respond to cybersecurity-related findings and recommendations of the Inspector General of the banking regulator or the independent evaluation described under section 3555 of title 42, United States Code; and
 (D)as appropriate, efforts to strengthen cybersecurity in coordination with other Federal departments and agencies, domestic and foreign financial institutions, and other partners, including the development and dissemination of best practices regarding cybersecurity and the sharing of threat information; and
 (3)any current or emerging threats that are likely to pose a risk to the resilience of the financial system.
 (b)Form of reportThe report required under subsection (a) shall be submitted in unclassified form, but may include a classified annex, if appropriate.
 (c)Congressional briefingUpon request, the head of each banking regulator shall provide a detailed briefing to the appropriate Members of Congress on each report submitted pursuant to subsection (a), except—
 (1)the Chairman of the Board of Governors of the Federal Reserve System may designate another member of the Board of Governors of the Federal Reserve System to provide such briefing;
 (2)the Chairperson of the Federal Deposit Insurance Corporation may designate another member of the Board of Directors of the Corporation to provide such briefing; and
 (3)the Chairman of the National Credit Union Administration may designate another member of the National Credit Union Administration Board to provide such briefing.
 (d)DefinitionsFor the purposes of this Act: (1)Appropriate members of CongressThe term appropriate Members of Congress means the following:
 (A)The Chairman and Ranking Member of the Committee on Financial Services of the House of Representatives.
 (B)The Chairman and Ranking Member of the Committee on Banking, Housing, and Urban Affairs of the Senate.
 (2)Banking regulatorThe term banking regulator means the Board of Governors of the Federal Reserve System, the Comptroller of the Currency, the Federal Deposit Insurance Corporation, and the National Credit Union Administration.
 (3)Senior appointed leadershipWith respect to a banking regulator, the term senior appointed leadership means a position that requires Senate confirmation. (e)SunsetThe provisions of this Act shall have no force or effect on or after the date that is 7 years after the date of enactment of this Act.
 3.Determination of budgetary effectsThe budgetary effects of this Act, for the purpose of complying with the Statutory Pay-As-You-Go Act of 2010, shall be determined by reference to the latest statement titled Budgetary Effects of PAYGO Legislation for this Act, submitted for printing in the Congressional Record by the Chairman of the House Budget Committee, provided that such statement has been submitted prior to the vote on passage.
		
	Passed the House of Representatives January 13, 2020.Cheryl L. Johnson,Clerk
