Sponsors (3)
The bill improves ransomware detection, information-sharing, and law-enforcement capability to protect banks and customers, but it imposes government workload, potential compliance costs on financial firms, and a risk that public disclosures could undermine confidence before vulnerabilities are fixed.
Bank customers and financial institutions will get faster detection and response to ransomware, reducing fraud, downtime, and service disruption.
Relevant federal law enforcement and financial regulators will gain better, more usable information through improved public–private sharing, strengthening ransomware investigations and prosecutions.
Congress and taxpayers will receive a detailed, unclassified assessment on ransomware risks to banks to inform more targeted policy and legislation.
Financial institutions may face new reporting mandates or follow-on regulatory actions that create compliance costs and operational burdens.
Customers and some institutions could lose confidence if public reporting highlights systemic weaknesses before fixes are in place, potentially causing reputational or market effects.
Treasury and other federal agencies will incur staff time and administrative costs to prepare the required report and assessments.
Based on analysis of 2 sections of legislative text.
Requires Treasury to report within one year and brief Congress on public–private coordination, reporting utility, legal gaps, and recommended actions for ransomware incidents affecting financial institutions.
Requires the Secretary of the Treasury to deliver an unclassified report (with an optional classified annex) to specified congressional committees within one year assessing how public and private sector and interagency coordination, information sharing, and reporting work for ransomware incidents that affect financial institutions. The Treasury must also provide a briefing to those committees within 15 months of enactment and cover specific topics including reporting timeliness, legal and policy gaps, reasons for delayed reporting, and recommended actions.
Introduced January 28, 2025 by Zach Nunn · Last progress January 28, 2025