In Brief:
- Patrick McHenry introduced the Ransomware and Financial Stability Act yesterday.
- The bill aims to establish “rules of the road.”
- Also the bill appears to have no co-sponsors and no Senate version.
Patrick McHenry, the top Republican on the House Financial Services Committee, introduced The Ransomware and Financial Stability Act on November 10th.
The bill aims to establish “rules of the road” for financial institutions attacked by ransomware attacks.
There are requirements to report such assaults to the Treasury’s Financial Crimes Punishment Network, as well as exemptions from regulatory enforcement if they attempted to tell them in good faith.
The bill would also force financial institutions to seek special approval from the Treasury before paying out more than $100,000 in ransomware. It does, however, require the Treasury to keep information regarding ransomware attacks secret.
Many companies would rather pay ransoms quietly as a cost of doing business than deal with the public relations fallout of a ransomware attack, as is frequently mentioned in policy discussions on ransomware.
The requirements of McHenry’s bill are similar to the requirements of the Bank Secrecy Act, which requires financial institutions to disclose suspicious activity to FinCEN.
Also the bill appears to have no co-sponsors and no Senate version. McHenry’s staff has not responded to a request for confirmation.
Despite a surge in congressional concern in ransomware in 2021, the infrastructure bill and the Build Back Better Act have received all of the focus. Just 2 days back, the US Congress passed a $1.2 trillion infrastructure bill that includes a cryptocurrency tax.
Both bills have been subject to lengthy delays, however the former was passed by Congress at the end of last week.
Data on reported ransomware payments is already kept by FinCEN in its suspicious activity reports.
The agency just released its data for 2020 and the first half of 2021, demonstrating an increase in both ransomware payment activity and financial institution reporting.