H.R. 4458 would direct the Federal Reserve, Federal Deposit Insurance Corporation (FDIC), National Credit Union Administration (NCUA), and Office of the Comptroller of the Currency (OCC) to report annually on their internal efforts to strengthen cybersecurity. That report would present analyses of the policies, procedures, and activities undertaken to protect those agencies against cyberattacks and to avert current and emerging threats to the agencies and the entities they regulate. The reporting requirement would end seven years after enactment.
The operating costs for the FDIC, NCUA, and OCC are classified in the federal budget as direct spending. Using information from the affected agencies, CBO estimates that implementing the bill would cost less than $500,000 annually and would increase gross direct spending by $1 million over the 2020-2029 period. However, the NCUA and OCC collect fees from financial institutions to offset operating costs. Because those fees are treated as reductions in direct spending, CBO estimates that the net effect on direct spending would be insignificant over the period.
Costs incurred by the Federal Reserve reduce remittances to the Treasury, which are recorded in the budget as revenues. CBO estimates that enacting H.R. 4458 would decrease revenues by $1 million over the 2020-2029 period.
The Statutory Pay-As-You-Go Act of 2010 establishes budget-reporting and enforcement procedures for legislation affecting direct spending or revenues. The net changes in outlays and revenues that are subject to those pay-as-you-go procedures are shown in Table 1.