[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[H.R. 7437 Introduced in House (IH)]

<DOC>






118th CONGRESS
  2d Session
                                H. R. 7437

 To require certain supervisory agencies to assess their technological 
                vulnerabilities, and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                           February 23, 2024

  Mrs. Houchin (for herself, Mr. Foster, and Mr. Hill) introduced the 
   following bill; which was referred to the Committee on Financial 
                                Services

_______________________________________________________________________

                                 A BILL


 
 To require certain supervisory agencies to assess their technological 
                vulnerabilities, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Fostering the Use of Technology to 
Uphold Regulatory Effectiveness in Supervision Act''.

SEC. 2. FINDINGS.

    Congress finds the following:
            (1) Banking regulators continue to examine and monitor 
        depository institutions without access to real-time 
        information.
            (2) Bureaucracy and risk surrounding technology procurement 
        presents a difficult challenge for updating supervisory 
        technology.
            (3) To ensure that prudential supervision is effective and 
        sustainable in the digital age, agencies must leverage new 
        technologies to allow for the financial monitoring necessary to 
        preserve a safe and sound banking system.
            (4) New technology tools are also necessary in order for 
        agencies to effectively fulfill mandates other than prudential 
        supervision, including their mandates to assure consumer 
        protection and monitor Bank Secrecy Act compliance.
            (5) Agencies' reliance on outdated technology creates 
        vulnerabilities for the financial system, causing--
                    (A) difficulties in collecting, compiling, and 
                analyzing relevant information about risks and 
                noncompliance at supervised firms;
                    (B) reliance on information that is inaccurate, 
                incomplete, or not timely; reliance on limited and 
                outdated tools for data analysis;
                    (C) difficulties in using data to identify risk 
                trends;
                    (D) difficulty in producing accurate and timely 
                reports;
                    (E) inadequacy of cybersecurity safeguards; and
                    (F) failure to detect illegal activities.
            (6) The rapid expansion of financial firms' use of 
        artificial intelligence is generating opportunities to improve 
        the financial system, making it essential that agencies be 
        equipped with the technology and skills needed to analyze these 
        opportunities and potential risks.
            (7) While agencies assess their supervisory capabilities on 
        an ongoing basis, it is imperative that there be a unified goal 
        to enhancing supervisory technologies that ensures effective 
        and sustainable oversight in the digital age.

SEC. 3. TECHNOLOGICAL VULNERABILITIES AND PROCUREMENT PRACTICES 
              ASSESSMENT.

    (a) In General.--
            (1) Technological vulnerabilities assessment.--Each covered 
        agency shall, not later than 180 days after the date of the 
        enactment of this section, assess how its existing 
        technological systems prevent an agency from conducting real-
        time supervisory assessments over entities which the covered 
        agency has supervisory authority, including the effects 
        stemming from the agency's--
                    (A) core information technology infrastructure;
                    (B) technology used to supervise entities, 
                including supervisory technology tools; and
                    (C) technology for monitoring general market risks 
                using reported data and external data.
            (2) Procurement practices assessment.--Each covered agency 
        shall, not later than 180 days after the date of the enactment 
        of this section, assess the procurement rules and protocols 
        adhered to by such covered agency when such covered agency 
        acquires or develops new technological systems and identify any 
        challenges created by such procurement rules and protocols, 
        including the impact such rules or protocols have on the 
        ability of the covered agency to test new technological 
        systems.
    (b) Report.--Not later than 180 days after the completion of the 
assessments set forth in this section, and every 5 years thereafter, 
the covered agencies shall coordinate and submit to the Committee on 
Financial Services of the House of Representatives and the Committee on 
Banking, Housing, and Urban Affairs of the Senate a report that 
includes the following with respect to each covered agency--
            (1) a general overview of hardware and software used for 
        informational gathering during supervision activities, 
        including products purchased from technology vendors and 
        products developed by the covered agency or contractors;
            (2) a description of the procurement practices and 
        protocols of the covered agency, including a description of--
                    (A) whether such processes are voluntarily adhered 
                to or mandated; and
                    (B) any challenges resulting from such practices 
                and protocols that have hindered the ability of the 
                covered agency to obtain new technology;
            (3) a general overview of the agency's workforce engaged 
        primarily in technology development within the covered agency, 
        including--
                    (A) an overview of the ability of the covered 
                agency to recruit and retain appropriate technology 
                experts; and
                    (B) a description of the degree to which the 
                covered agency relies on outside contractors to design 
                technology and perform technology-related tasks;
            (4) a description of the processes used by the covered 
        agency to obtain information from entities supervised by the 
        covered agency and general information about market trends and 
        risks;
            (5) a description of the ways in which the covered agency 
        shares information with other covered agencies;
            (6) an evaluation of the level of ease or difficulty 
        experienced by the covered agency when--
                    (A) sharing data with other government agencies; 
                and
                    (B) collecting data from entities supervised by the 
                covered agency; and
            (7) a description of any plans the covered agency has with 
        respect to how the covered agency will implement future 
        upgrades to the technology used by the covered agency to 
        supervise entities supervised by the covered agency, 
        including--
                    (A) a general description of any planned upgrades;
                    (B) the anticipated timeline of any planned 
                upgrades;
                    (C) the costs of any planned upgrades;
                    (D) any concerns about access to needed resources;
                    (E) intended efforts for hiring and training 
                individuals as part of any technological upgrades;
                    (F) any aspects of any plan that should be 
                addressed on an interagency basis; and
                    (G) any anticipated challenges and solutions 
                associated with entities supervised by the agency 
                adapting to new reporting requirements, including the 
                needs and plans for supervised entities adaptation to 
                new reporting requirements, including estimates of 
                transition costs and potential cost reductions over 
                time.
    (c) Covered Agency Defined.--The term ``covered agency'' means the 
Federal Reserve System, Federal Deposit Insurance Corporation, Office 
of the Comptroller of the Currency, Consumer Financial Protection 
Bureau and the National Credit Union Administration.
                                 <all>