116th CONGRESS 1st Session |
To require the Board of Governors of the Federal Reserve System to issue reports on cybersecurity with respect to the functions of the Federal Reserve System, and for other purposes.
September 24, 2019
Mr. McHenry introduced the following bill; which was referred to the Committee on Financial Services
To require the Board of Governors of the Federal Reserve System to issue reports on cybersecurity with respect to the functions of the Federal Reserve System, and for other purposes.
Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,
This Act may be cited as the “Cybersecurity and Financial System Resilience Act of 2019”.
(a) In general.—Not later than the end of the 180-day period beginning on the date of enactment of this Act, and annually thereafter, the Board of Governors of the Federal Reserve System shall submit a report to the Committee on Financial Services of the House of Representatives and the Committee on Banking, Housing, and Urban Affairs of the Senate that provides a detailed explanation on measures taken by the Board of Governors and the Federal reserve banks to strengthen cybersecurity with respect to the functions of the Federal Reserve System, including the supervision and regulation of financial institutions. Each such report shall specifically include a detailed explanation of—
(1) policies and procedures that guard against—
(A) efforts to deny access to or degrade, disrupt, or destroy any information and communications technology system or network, or exfiltrate information from such a system or network without authorization;
(B) destructive malware attacks;
(C) denial of service activities; and
(D) any other efforts that, in the determination of the Board, may threaten the functions of the Federal Reserve System by undermining cybersecurity; and
(2) activities to ensure the effective implementation of policies and procedures described under paragraph (1), including—
(A) the appointment of qualified staff, the provision of staff training, and the use of accountability measures to support staff performance;
(B) deployment of adequate resources and technologies;
(C) the development and dissemination of best practices regarding cybersecurity; and
(D) as appropriate, efforts to strengthen cybersecurity in coordination with departments and agencies of the Federal Government, foreign central banks, and other partners.
(b) Form of report.—The report required under subsection (a) shall be submitted in unclassified form, but may include a classified annex, if appropriate.
(c) Congressional briefing.—The Chairman of the Board of Governors of the Federal Reserve System, or a member of the Board of Governors (as designated by the Chairman), shall provide a detailed briefing to the appropriate Members of Congress on each report submitted pursuant to subsection (a).
(d) Appropriate members of congress defined.—For the purposes of this Act, the term “appropriate Members of Congress” means the following:
(1) The Chairman and Ranking Member of the Committee on Financial Services of the House of Representatives.
(2) The Chairman and Ranking Member of the Committee on Banking, Housing, and Urban Affairs of the Senate.
(e) Sunset.—The provisions of this Act shall have no force or effect on or after the date that is 7 years after the date of enactment of this Act.