Findings

Congress finds the following: (1)Banking regulators continue to examine and monitor depository institutions without sufficient access to real-time information. (2)Supervisory regulators should leverage technologies to more effectively carry out their duties. (3)When updating supervisory technology, risks surrounding technology procurement must be effectively managed. (4)Agencies’ reliance on outdated technology can create vulnerabilities for the financial system, through— (A)difficulties in collecting, compiling, and analyzing relevant information about risks and noncompliance at supervised firms; (B)reliance on information that is inaccurate, incomplete, or not timely; (C)reliance on limited and outdated tools for data analysis; (D)difficulties in using data to identify risk trends; (E)difficulties in producing accurate and timely reports; (F)inadequacy of cybersecurity safeguards; and (G)failure to detect illegal activities. (5)The rapid expansion of financial firms’ use of artificial intelligence may generate opportunities to improve the financial system while also introducing a range of risks, making it essential that agencies be equipped with the technology, expertise, and skills needed to analyze these opportunities and potential risks. (6)While agencies assess their supervisory capabilities on an ongoing basis, it is imperative that there be a unified goal of enhancing supervisory technologies that ensure effective and sustainable oversight.

Technological capabilities and procurement practices assessment

(a)

In general

(1)

Technological capabilities assessment

Each covered agency shall, not later than 180 days after the date of the enactment of this section, assess how existing technologies used by the covered agency pose challenges to the covered agency in conducting adequate, real-time supervisory assessments of entities over which the covered agency has supervisory authority. Such technologies include, as applicable— (A)core information technology infrastructure; (B)technologies used to supervise entities; (C)technologies for monitoring general market risks using reported data and external data; and (D)technologies for data collection, storage, processing, and security. (2)

Procurement practices assessment

Each covered agency shall, not later than 180 days after the date of the enactment of this section— (A)assess the procurement rules and protocols adhered to by such covered agency when such covered agency acquires or develops new technological systems; and (B)identify any opportunities to further streamline procurement rules and protocols, including an assessment of the impact such rules or protocols have on the ability of the covered agency to test new technological systems, that are within the covered agency’s authority to streamline. (b)

Report

Not later than 18 months after the completion of the assessments required under subsection (a), and for every 5 years thereafter, the covered agencies shall coordinate and jointly submit to the Committee on Financial Services of the House of Representatives and the Committee on Banking, Housing, and Urban Affairs of the Senate, in a manner that does not pose a risk to the integrity or security of any technologies, systems, or capabilities of covered agencies, regulated entities, or market participants, a report that includes, as applicable, the following with respect to each covered agency: (1)A general overview of hardware and software used for information gathering and advanced analytics during supervision activities, including categories of technology purchased from vendors and developed by the covered agency or contractors of the covered agency. (2)A description of the procurement practices and protocols of the covered agency, including a description of— (A)whether such processes are voluntarily adhered to or mandated; and (B)any opportunities to further streamline procurement rules and protocols, including an assessment of the impact such rules or protocols have on the ability of the covered agency to test new technological systems. (3)A general overview of the portion of the workforce of the covered agency that is engaged materially in technology development within the covered agency, including— (A)an overview of the ability of the covered agency to recruit and retain appropriate technology experts; and (B)a description of the degree to which the covered agency relies on contractors to design, develop, or deploy technology and perform technology-related tasks. (4)A general description of the processes used by the covered agency to obtain information from entities supervised by the covered agency and any impediments thereto, including regulatory obstacles. (5) General information about market and technology trends and risks in the underlying regulated markets including, specific to the covered agency’s jurisdiction— (A) market developments influenced by the adoption of new technologies; (B) the use of new technologies by supervised entities for compliance and risk management purposes; (C) the impact of new technologies on the collection and analysis of data submitted to the covered agencies by supervised entities as required by regulation, including on data quality, interoperability, and standardization; and (D) potential risks, including risks of illicit activity, related to new technologies. (6)A general description of the ways in which the covered agency shares information or system access with other covered agencies and any impediments thereto, including regulatory obstacles. (7)An estimate of the costs for supervised entities to modify systems to share data with covered agencies, as appropriate. (8) A general description of any plans of the covered agency to implement future upgrades to the technology it uses to supervise entities, including— (A) the anticipated timeline for any planned upgrades; (B) the costs of any planned upgrades; (C) any impediments to procuring relevant technologies; (D) plans for hiring and training individuals in connection with technological upgrades; (E) any aspects of any planned upgrades that should be addressed on an interagency basis; (F) any anticipated challenges and opportunities associated with entities supervised by the covered agency adapting to the covered agency’s reporting process, including— (i) estimates of transition costs; and (ii) estimates of any potential cost reductions; and (G) as applicable, the covered agency’s relationships with other covered agencies in their capacity as delegated examiners. (c)

Covered agency defined

In this section, the covered agency means the Board of Governors of the Federal Reserve System, the Bureau of Consumer Financial Protection, the Federal Deposit Insurance Corporation, the Department of the Treasury, including the Office of the Comptroller of the Currency and the Financial Crimes Enforcement Network, the Federal Housing Finance Agency, and the National Credit Union Administration.