InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
House Passes Cyber Crime Bill
On May 16, the U.S. House of Representatives officially approved the Strengthening State and Local Cyber Crime Fighting Act of 2017 (H.R. 1616) in a vote of 408-3. The Act would amend the Homeland Security Act of 2012 to formalize the Secret Service’s National Computer Forensic Institute’s (NCFI) responsibilities for coordinating investigations into cyberattacks and hacks and would provide training and tools for state and local agencies dealing with electronic crime related threats. In an April press release issued by the bill’s sponsor, Rep. John Ratcliffe (R-Tex.), Chairman of the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection, stated, “The [NCFI] has played a major role in equipping state and local law enforcement officers across the country with the tools they need to address the extra layers of complexity presented by the growing incidences of cybercrime,” Notably, the legislation, which now heads to the Senate, follows the recent international cyberattack that infected computer systems globally with the WannaCry ransomware (see previous InfoBytes coverage here).
House Democrats Seek Full Review of Financial CHOICE Act by Appropriate Committees; Investor Group Claims Act Will Undercut Shareholder Rights
As previously covered in InfoBytes, on May 4 the House Financial Services Committee approved the revised Financial CHOICE Act of 2017, H.R. 10, in a party-line vote, 34-26. Earlier this month the Ranking Members of two House committees sent letters to their respective Chairmen, urging their committees to not waive their jurisdiction over H.R. 10 and allow their respective committees to debate and vote on the legislation given its wide ranging effects on the U.S. economy. Ranking Member Bobby Scott (D-Va.) of the House Committee on Education and the Workforce stated in his letter that Democrats on the Education and the Workforce Committee “have expressed great concern over the attempts to weaken oversight and enforcement power of the [CFPB] and the important role it plays regarding the integrity of student loan finance services.” Ranking Member John Conyers Jr. (D-Mich.) of the House Committee on the Judiciary urged the Chairman in his letter that “[i]t is particularly critical that our Committee examine and vote on this legislation given numerous provisions squarely within our Rule X jurisdiction that will prevent government agencies from protecting the rights of consumers and hold the financial marketplace more accountable.” As reported previously in InfoBytes, Rep. Elijah Cummings (D-Md.) also called for the House Oversight and Government Reform Committee to assert jurisdiction over H.R. 10.
Additionally, on May 17, an advocacy group of institutional investors called upon the House of Representatives to oppose H.R. 10, saying the bill will undercut shareholder rights. The Council of Institutional Investors (CII) submitted a letter to all members of the House, urging them to oppose the bill. It was signed by CII and 53 institutional investors that collectively hold more than $4 trillion in assets, including representatives from the California Public Employees’ Retirement System, Colorado Public Employees’ Retirement Association, and New York State Teachers’ Retirement System. The letter said the bill would rollback curbs on “abusive” executive pay practices, restrict shareholder rights in board elections, and raise the cost of proxy advisers. The letter also cautioned that the bill would impede the SEC’s oversight of financial markets by requiring “excessive cost-benefit analysis” and including “unwise limits on enforcement.”
Legislation Reintroduced to Make CFPB Spending Accountable to Congress
On May 19, Rep. Andy Barr, (R-Ky.) reintroduced legislation that would amend the Consumer Financial Protection Act of 2010 to make the CFPB’s budget subject to congressional appropriations. As set forth in a press release issued by Rep. Barr’s office, the Taking Account of Bureaucrats’ Spending Act (H.R. 1486), first introduced in March 2015 to the House and referred to the House Financial Services Committee, would give Congress power over what Rep. Burr terms an “unaccountable agency.” “I am reintroducing the TABS Act because the Bureau deserves the same scrutiny and the same checks and balances as any other federal agency,” said Rep. Barr. “Congressional oversight and accountability will ensure that the Bureau stays true to its mission of consumer protection, and avoids politically motivated overreaches, wasteful spending, and unnecessary regulations.” Currently, the CFPB is funded directly by the Federal Reserve. As previously covered in InfoBytes, House Republicans are also trying to overhaul existing financial regulations with the approval of the Financial CHOICE Act (H.R. 10) by the House Financial Services Committee, which would subject the Bureau to greater congressional oversight and tighter budgetary control.
Ransomware Attack Has Global Impact, Bipartisan Legislation Introduced to Counter Hacking
On May 12, a cyberattack spread around the world, affecting more than 230,000 computers in roughly 150 countries, according to a statement issued by the American Bankers Association. The ransomware, known as “WannaCry,” was used to exploit a vulnerability that affects computers running Microsoft Windows (see Department of Homeland Security Alert). Users of infected computers received a message that their files had been encrypted and that they must pay a ransom in bitcoin in order to decrypt their files. However, as conveyed in a press release issued by the Financial Services - Information Sharing and Analysis Center (FS-ISAC), it appears that the majority of the attacks seem to be targeting and impacting non-financial sector entities globally. FS-ISAC “believes the current attacks utilize known vulnerabilities for which there are available software patches,” but that firms and service providers need to implement the patches. Agencies continue to monitor what may be the first in a series of attacks.
SEC Office of Compliance and Examinations (OCIE) and FBI Issue Responses. The OCIE released a statement cautioning registrants to be vigilant in mitigating risk, and noted a recent OCIE study that determined a substantial number of registrants did not conduct periodic risk assessments, penetration tests, or vulnerability scans, while a smaller number had not updated critical security patches. The OCIE also provided links to guidance on cybersecurity risk management. Likewise, the FBI issued a bulletin providing guidance on additional protection measures following the attack.
Bipartisan Legislation Introduced. On May 17, bipartisan legislation was introduced in the House and Senate to add transparency and accountability to the federal government process for retaining or disclosing vulnerabilities in technology products, services, applications, and systems. The bill, Protecting our Ability To Counter Hacking (PATCH) Act, follows the apparently leaked NSA hacking tool which opened the door to the global “WannaCry” ransomware attack. It is sponsored by Senators Brian Schatz (D-Haw.), Ron Johnson (R-Wis.), and Cory Gardner (R-Colo.), and Representatives Ted Lieu (D-Cal.) and Blake Farenthold (R-Tex.). As described in a release issued by Sen. Schatz’s office, the proposed legislation would make the Vulnerabilities Equities Process (VEP) more permanent, while altering its structure. It would also make the Department of Homeland Security the chair of the interagency board overseeing the VEP. Under the bill, the NSA and other security agencies would still be a permanent part of the board, while other agencies and the White House's National Security Council could attend meetings if the board deems it necessary. The established board would also produce a report for Congress on the policies it establishes regarding the disclosure of vulnerabilities no later than 180 days after the enactment of the Act. An unclassified version of the report will be publicly available as well. “Striking the balance between U.S. national security and general cybersecurity is critical, but it's not easy,” Sen. Schatz noted. “This bill strikes that balance. Codifying a framework for the relevant agencies to review and disclose vulnerabilities will improve cybersecurity and transparency to the benefit of the public while also ensuring that the federal government has the tools it needs to protect national security.”
Coalition for Cybersecurity Policy and Law. The legislation has already received support. The Coalition issued the following statement in support of the proposed bill: “We support the goals of the PATCH Act and we look forward to working with Chairman Johnson, Senators Schatz and Gardner, and Reps. Lieu and Farenthold as it moves forward in both chambers. The events of the past week clearly demonstrate the real-world consequences of exploited vulnerabilities. Governments have a critical role in getting vulnerability information to organizations capable of acting to protect security in a timely manner upon discovery.”
Sens. Portman, Bennet Introduce Bipartisan Electronic Signature Standards Act
On May 9, Senators Rob Portman (R-Ohio) and Michael Bennet (D-Colo.) introduced legislation that would make it easier for taxpayers to be represented in disputes with the Internal Revenue Service (IRS). As set forth in a press release issued by Sen. Portman’s office, the Electronic Signature Standards Act (S. 1074) would amend the Internal Revenue Code of 1986 by providing uniform standards for the use of electronic signatures for third-party disclosure authorizations, and thereby would “make it easier, and faster, for professional tax experts to represent taxpayers before the IRS by instituting electronic signature standards for third party disclosure authorization forms.” Notably, the IRS already uses electronic signatures for Form 4506-T (Request for a Transcript of Tax Return), which is commonly used in the mortgage industry. The use of electronic signatures on these forms has allowed the IRS to process over 20 million of these forms a year, and the Electronic Signature Standards Act would extend similar electronic signature requirements to Form 2848 (Power of Attorney and Declaration of Representative) and Form 8821 (Tax Information Authorization). These forms are required before a professional tax expert can begin representing a taxpayer before the IRS. “Taxpayers deserve quick access to the IRS, and this bill makes that access possible,” said Sen. Portman.