Sec. 6209. Testing methods rulemaking
475 words·~2 min read·
/bill/116/hr/6395/enr/section-6209·A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Section 5318 of title 31, United States Code is amended by adding at the end the following: The Secretary of the Treasury, in consultation with the head of each agency to which the Secretary has delegated duties or powers under subsection (a), shall issue a rule to specify with respect to technology and related technology internal processes designed to facilitate compliance with the requirements under this subchapter, the standards by which financial institutions are to test the technology and related technology internal processes. The standards described in paragraph
(1)may include— an emphasis on using innovative approaches such as machine learning or other enhanced data analytics processes; risk-based testing, oversight, and other risk management approaches of the regime, prior to and after implementation, to facilitate calibration of relevant systems and prudently evaluate and monitor the effectiveness of their implementation; specific criteria for when and how risk-based testing against existing processes should be considered to test and validate the effectiveness of relevant systems and situations and standards for when other risk management processes, including those developed by or through third party risk and compliance management systems, and oversight may be more appropriate; specific standards for a risk governance framework for financial institutions to provide oversight and to prudently evaluate and monitor systems and testing processes both pre- and post-implementation; requirements for appropriate data privacy and information security; and a requirement that the system configurations, including any applicable algorithms and any validation of those configurations used by the regime be disclosed to the Financial Crimes Enforcement Network and the appropriate Federal functional regulator upon request. If a financial institution or any director, officer, employee, or agent of any financial institution, voluntarily or pursuant to this subsection or any other authority, discloses the algorithms of the financial institution to a government agency, the algorithms and any materials associated with the creation or adaption of such algorithms shall be considered confidential and not subject to public disclosure. Section 552(a)(3) of title 5 (commonly known as the Freedom of Information Act ) shall not apply to any request for algorithms described in subparagraph
(A)and any materials associated with the creation or adaptation of the algorithms. In this subsection, the term Federal functional regulator means— the Board of Governors of the Federal Reserve System; the Office of the Comptroller of the Currency; the Federal Deposit Insurance Corporation; the National Credit Union Administration; the Securities and Exchange Commission; and the Commodity Futures Trading Commission. . The Financial Institutions Examination Council shall ensure that any manual prepared by the Council is— updated to reflect the rulemaking required by subsection
(o)section 5318 of title 31, United States Code, as added by subsection
(a)of this section; and consistent with relevant FinCEN and Federal functional regulator guidance, including the December 2018 Joint Statement on Innovative Efforts to Combat Money Laundering and Terrorist Financing.