Bill Overview
Title: Strengthening Cybersecurity for the Financial Sector Act of 2022
Description: This bill provides for the regulation and supervision of certain financial organizations and service providers. Specifically, if a credit union that is subject to examination by the Board of Directors of the National Credit Union Administration delegates the performance of certain activities and services, the delegation must be disclosed and shall be subject to regulation and examination by the board. Additionally, if the Federal National Mortgage Association, the Federal Home Loan Mortgage Corporation, any Federal Home Loan Bank, or the Office of Finance of the Federal Home Loan Bank System delegates the performance of certain activities and services, the delegation must be disclosed and shall be subject to regulation and examination by the Federal Housing Finance Agency.
Sponsors: Rep. Foster, Bill [D-IL-11]
Target Audience
Population: People using or employed by certain US financial organizations with cybersecurity oversight
Estimated Size: 30000000
- The bill affects financial organizations and service providers, implying direct impact on these institutions and their employees.
- Individuals who utilize services from credited unions or the National Credit Union Administration may be indirectly affected due to potential changes in service processing and security implementations.
- Similarly, customers of the Federal National Mortgage Association, the Federal Home Loan Mortgage Corporation, and others could experience changes in service delivery or security protocol enhancements.
- Any entity globally that provides or receives services through these financial institutions could be potentially impacted by the enhanced regulations, particularly those involved in delegated activities and services.
- Given the global nature of many financial transactions and organizations, the effects could be international in scope, touching everyone who transacts with these US-based institutions.
Reasoning
- The policy primarily targets financial institutions and entities involved with mortgage and credit unions, putting a priority on ensuring cybersecurity and transparency in delegations of activities and services. The impact will depend on roles within these organizations and how closely individuals interact with the affected entities.
- Employees of targeted financial organizations, especially those in cybersecurity and compliance, will be more directly impacted due to increased workload and potentially beneficial job security due to policy-driven demand.
- Credit union members or customers of the Federal National Mortgage Association might experience slight changes in service delivery, potentially improving through enhanced security.
- Small credit unions and less digital-forward institutions could feel a medium to high impact due to resource constraints when implementing new security measures mandated by the policy.
- Organizations sufficiently staffed with cybersecurity experts might see minimal disruption, yet employees will witness a protocol shift which may improve job satisfaction if it aligns with improved security practices.
Simulated Interviews
Cybersecurity Analyst (San Francisco, CA)
Age: 37 | Gender: male
Wellbeing Before Policy: 7
Duration of Impact: 5.0 years
Commonness: 3/20
Statement of Opinion:
- This policy will lead to more security measures, which is crucial for protecting our customers.
- My workload will likely increase, but it aligns with my career goals, so it's a positive impact for me.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 8 | 7 |
| Year 2 | 8 | 7 |
| Year 3 | 8 | 6 |
| Year 5 | 7 | 6 |
| Year 10 | 7 | 5 |
| Year 20 | 6 | 4 |
Mortgage Specialist (New York, NY)
Age: 45 | Gender: female
Wellbeing Before Policy: 6
Duration of Impact: 2.0 years
Commonness: 4/20
Statement of Opinion:
- With this policy, I expect to see clearer channels of communication within my organization and with customers.
- Our focus will be on ensuring compliance, which may delay some processes but ultimately makes them safer.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 6 |
| Year 2 | 6 | 5 |
| Year 3 | 6 | 5 |
| Year 5 | 6 | 5 |
| Year 10 | 6 | 5 |
| Year 20 | 5 | 4 |
Member of a Credit Union (Austin, TX)
Age: 29 | Gender: other
Wellbeing Before Policy: 5
Duration of Impact: 3.0 years
Commonness: 6/20
Statement of Opinion:
- I'm slightly concerned about how these changes might affect the ease of service I've become accustomed to.
- In the long run, if it means better protection for my financial details, then I'm in favor.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 5 | 5 |
| Year 2 | 6 | 5 |
| Year 3 | 6 | 5 |
| Year 5 | 6 | 5 |
| Year 10 | 7 | 5 |
| Year 20 | 7 | 5 |
Bank Manager (Buffalo, NY)
Age: 52 | Gender: male
Wellbeing Before Policy: 6
Duration of Impact: 4.0 years
Commonness: 2/20
Statement of Opinion:
- Implementing these cybersecurity regulations will be a challenge due to budget constraints.
- I worry about potential resource shortages or increases necessary to comply efficiently.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 5 | 6 |
| Year 2 | 5 | 6 |
| Year 3 | 6 | 6 |
| Year 5 | 6 | 5 |
| Year 10 | 6 | 5 |
| Year 20 | 6 | 4 |
IT Professional (Seattle, WA)
Age: 34 | Gender: female
Wellbeing Before Policy: 7
Duration of Impact: 6.0 years
Commonness: 5/20
Statement of Opinion:
- The policy requires us to upgrade our systems which, although costly initially, will secure our networks more effectively.
- My job stability is assured for the next few years if I adapt to these changes well.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 8 | 6 |
| Year 3 | 8 | 6 |
| Year 5 | 9 | 5 |
| Year 10 | 8 | 5 |
| Year 20 | 7 | 5 |
Retired (Chicago, IL)
Age: 63 | Gender: male
Wellbeing Before Policy: 5
Duration of Impact: 0.0 years
Commonness: 8/20
Statement of Opinion:
- I'm hoping these changes won't complicate how I manage my accounts.
- Ultimately, knowing my retirement savings are secure is reassuring.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 5 | 5 |
| Year 2 | 5 | 5 |
| Year 3 | 5 | 5 |
| Year 5 | 5 | 5 |
| Year 10 | 5 | 4 |
| Year 20 | 5 | 4 |
Startup Entrepreneur (Los Angeles, CA)
Age: 28 | Gender: female
Wellbeing Before Policy: 6
Duration of Impact: 2.0 years
Commonness: 5/20
Statement of Opinion:
- I worry that increased regulations might slow down funding processes.
- However, if it results in fewer data breaches, it could benefit my company.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 5 | 6 |
| Year 2 | 6 | 6 |
| Year 3 | 6 | 6 |
| Year 5 | 7 | 6 |
| Year 10 | 6 | 6 |
| Year 20 | 6 | 5 |
Mortgage Customer (Miami, FL)
Age: 40 | Gender: male
Wellbeing Before Policy: 7
Duration of Impact: 1.0 years
Commonness: 7/20
Statement of Opinion:
- As a customer, I'm minimally aware of backend changes.
- If it means I can sleep better knowing my data is protected, then it's valuable.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 7 | 7 |
| Year 3 | 7 | 7 |
| Year 5 | 7 | 7 |
| Year 10 | 7 | 6 |
| Year 20 | 7 | 6 |
Financial Analyst (Denver, CO)
Age: 25 | Gender: female
Wellbeing Before Policy: 8
Duration of Impact: 5.0 years
Commonness: 4/20
Statement of Opinion:
- The policy will define clearer roles in examining financial delegations.
- This could enhance service delivery efficiency and boost our teams' morale.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 8 | 8 |
| Year 2 | 8 | 7 |
| Year 3 | 9 | 7 |
| Year 5 | 9 | 7 |
| Year 10 | 8 | 6 |
| Year 20 | 8 | 6 |
CEO of Finance Tech Startup (Boston, MA)
Age: 50 | Gender: female
Wellbeing Before Policy: 6
Duration of Impact: 7.0 years
Commonness: 1/20
Statement of Opinion:
- Increased regulation will demand innovation from us, which is exciting but challenging with tight budgets.
- We have an opportunity to lead in creating compliance-ready solutions.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 5 | 6 |
| Year 2 | 6 | 6 |
| Year 3 | 7 | 6 |
| Year 5 | 7 | 6 |
| Year 10 | 8 | 6 |
| Year 20 | 8 | 5 |
Cost Estimates
Year 1: $80000000 (Low: $60000000, High: $100000000)
Year 2: $50000000 (Low: $40000000, High: $60000000)
Year 3: $40000000 (Low: $30000000, High: $50000000)
Year 5: $30000000 (Low: $20000000, High: $40000000)
Year 10: $20000000 (Low: $10000000, High: $30000000)
Year 100: $10000000 (Low: $5000000, High: $20000000)
Key Considerations
- The potential for enhanced cybersecurity to prevent significant financial breaches and data losses, which could mitigate more substantial costs associated with cybercrime.
- The adaptability of financial institutions to new regulatory requirements and the role of governmental oversight in ensuring compliance.
- The long-term economic impact of stronger cybersecurity in fostering confidence in the financial sector.