Bills Expanding Regulators’ Reporting to Congress Pass Committee

The House Financial Services Committee this week advanced two bills that would require financial regulators to report additional information to Congress on a regular basis. One focuses on cybersecurity while the other requires an annual update on general supervisory and regulatory efforts.

The Cybersecurity and Financial System Resilience Act (H.R. 4458) would require NCUA and other sectors’ regulators to each issue an annual report to Congress describing measures the respective agency has taken to strengthen cybersecurity with respect to its functions as a regulator, including the supervision and regulation of financial institutions and, where applicable, third-party service providers.

It would enhance the Federal Information Security Modernization Act of 2014 (FISMA) through reporting requirements while also requiring the regulators to ensure comprehensive oversight of their regulated entities, already a primary duty of regulators. FISMA requires regulators to develop, document and implement an agency-wide program to provide information security for systems that support the operations and assets of the agency.

CUNA wrote to House Financial Services Committee leadership on support of H.R. 4458 noting that, “regulators should be given wide latitude to decide the information reported publicly on the status of their regulated entities. Any information that details cyber vulnerabilities at financial institutions should not be reported publicly as it could harm the sector as bad actors could use reports as a roadmap for future attacks.”

The committee also approved The Prudential Regulatory Oversight Act (H.R. 4841), would require annual testimony before Congress from NCUA and other financial regulators.

Both bills now head to the full House for consideration.