The House Committee on Financial Services passed H.R. 4458, The Cybersecurity and Financial System Resilience Act of 2019, via voice vote on Jan. 13.
The legislation, sponsored by Ranking Member Patrick McHenry, R-N.C., would “ensure the Federal Reserve is prioritizing cybersecurity and modernization to combat the growing threat of cyberattacks to our financial system,” the congressman said.
When he introduced the bill on Sept. 24 of last year, McHenry said, “This summer, more than a million people fell victim to the most recent high-profile theft of customer records, and this isn’t an isolated incident. While our financial institutions fend off these types of attacks daily, we must acknowledge and address the systemic risk these 21st century threats pose to our financial system.”
The bill would require the Board of Governors of the Federal Reserve System to provide an annual report and briefings to the House Financial Services Committee and Senate Banking Committee on its cybersecurity efforts.
The report would need to provide a “detailed explanation on measures taken by the Board of Governors and the Federal reserve banks to strengthen cybersecurity with respect to the functions of the Federal Reserve System, including the supervision and regulation of financial institutions.”
The Board would have to address policies and procedures that guard against:
- “Efforts to deny access to or degrade, disrupt, or destroy any information and communications technology system or network, or exfiltrate information from such a system or network without authorization;
- Destructive malware attacks;
- Denial of service activities; and
- Any other efforts that, in the determination of the Board, may threaten the functions of the Federal Reserve System by undermining cybersecurity.”
Additionally, the report would have to cover the Board’s activities to ensure the implementation of policies and procedures mandated in the report, including:
- “The appointment of qualified staff, the provision of staff training, and the use of accountability measures to support staff performance;
- Deployment of adequate resources and technologies;
- The development and dissemination of best practices regarding cybersecurity; and
- As appropriate, efforts to strengthen cybersecurity in coordination with departments and agencies of the Federal Government, foreign central banks, and other partners.”
“We need to ensure the Fed is working with financial institutions, regulators, third party service providers, and government partners to ensure that all parties are appropriately prioritizing and safeguarding American’s most sensitive information and our financial system,” Rep. McHenry said in September. “[The legislation] ensures Congress is read-in on the Fed’s cybersecurity countermeasures, and its oversight functions of financial institutions, to help us better protect consumers from the threats of tomorrow.”