NACHA Government Relations Update - Jan. 21, 2016

Posted January, 19 2016

NACHA GR Releases Congressional Outlook for 2016
NACHA’s GR team has compiled a summary of 2016 Congressional work that could impact the payments industry and our members. The summary highlights anticipated congressional activity leading up to the November elections.

NACHA Assists GAO with Congressional Request
On Jan. 12, 2016, Priscilla Holland, Jane Larimer and Bill Sullivan assisted The General Accountability Office (GAO) by sharing lessons learned from the financial services sector in which interoperability and consumer access have been successfully addressed. NACHA staff related experiences as a rules-writer/standards group in ACH, EBT and the Affordable Care Act to assist the GAO with their Congressional request for a report on interoperability of electronic health information, as well as patients’ ability to electronically access and use their personal health information.
Longer Wait Times for Tax Refunds as Fraud Prevention Increases
As tax season opens, the IRS, state tax authorities and the tax preparation industry all indicate that consumer wait time for tax refunds may be longer this year as increased security measures are implemented on various levels to help cut down on tax fraud. Consumers should expect changes including more steps in verifying taxpayer identity and stronger password requirements when filing electronically, longer wait times – especially at the state level – between filing and receipt of tax returns as increased measures are taken to ensure returns are valid, and possibly more refunds processed via paper checks in cases of first-time filers or those who have changed their filing preferences since last year.
Sen. Sherrod Brown Writes Letter to President Obama Urging Funding for Dodd-Frank Title XII
On Jan. 6, 2016, Senate Banking Committee Ranking Member, Sherrod Brown (D-OH) sent a letter to President Obama urging him to strongly consider inclusion of funding in the Fiscal Year 2017 budget proposal for programs authorized (but not yet implemented) by Title XII – Improving Access to Mainstream Financial Institutions of the 2010 Dodd-Frank Act. Programs outlined in this portion of the law were designed to assist lower-income borrowers, who are frequently unbanked or underbanked within the mainstream financial system, to obtain small-dollar loans from other sources (in partnership with the Treasury Department) instead of payday lenders.
Brown wrote, “The financial system is not working for many Americans. When one in four Americans cannot access financial products with reasonable terms, it is imperative to explore solutions to ensure that the financial system is inclusive of all people. Title XII was intended to address these concerns and can potentially lead to alternatives that will enable more people to responsibly manage their finances.”
Providing reasonable lending alternatives may become increasingly important as the CFPB is expected to propose tough regulation regarding payday lending in February, therefore possibly forcing low-income borrowers to work with even fewer and/or less desirable options.

House Science, Space, and Technology Joint Subcommittee (Research and Technology; Oversight) Hearing – “Cybersecurity: What the Federal Government Can Learn from the Private Sector”
Jan, 8, 2016

Witness List:
  • Mr. John Wood, Chief Executive Officer and Chairman, Telos Corporation
  • Dr. Martin Casado, Senior Vice President and General Manager, Networking and Security Business Unit, VMWare
  • Mr. Ken Schneider, Vice President of Technology Strategy, Symantec Corporation
  • Mr. Larry Clinton, President and Chief Executive Officer, Internet Security Alliance 

On Jan. 8, 2016, the House Science, Space, and Technology Committee held a joint subcommittee (Research and Technology; Oversight) hearing to discuss the current state of cybersecurity and how cybersecurity practices in the private sector can be applied to governmental agencies. Noting that 178 million records of Americans’ data have been compromised in cyber attacks, Committee Chair Lamar Smith (R-TX) maintained that clearly that too many agencies, such as the Office of Personnel Management (OPM) “fail to meet the basic standards of information security.” Echoing his sentiments, Subcommittee (Oversight) Chair Barry Loudermilk (R-GA) agreed that it is incumbent upon government agencies to implement effective agency-wide information programs given that they have received a “D” grade for their cybersecurity programs. There was also bipartisan agreement amongst the leadership of the Research and Technology Subcommittee, namely Chair Barbara Comstock (R-VA) and Ranking Member Dan Lipinski (D-IL), that both the private and public sectors are facing growing challenges with cybersecurity. They underscored the need to be more agile and adaptive to ongoing threats and to hold the perpetrators of cyber attacks accountable for their actions.
Numerous themes emerged from the testimony and the subsequent question and answer period:
  • Interplay Between Cybersecurity and the Economy – When Rep. Comstock asked how existing government contracting provisions impact the ability for the private sector to be agile, Mr. Clinton stated that there is a direct tradeoff between economy and security, and it is important to know the interplay between the between the two. Specifically, Mr. Clinton called for a way to provide incentive for smaller companies to adopt better cybersecurity standards. While Mr. Schneider also recommended greater funding for startups, he emphasized that the government should use the money it has already spent wisely. Mr. Wood also advocated for encouraging closer relationships between the university and business ecosystems to promote research. 
  • Innovative Ideas to Combat Cyber Threats – During questioning with Rep. Loudermilk, Mr. Wood posited that in retrospect, we would have had more protection had OPM been using two-factor authentication, encryption, and lockboxes. When Rep. Paul Tonko (D-NY) asked what research gaps were missing that could spur innovation, Mr. Wood responded that more could be done to make the industry aware of what the National Institute of Standards and Technology (NIST) is pursuing and to provide a mechanism to license some of those research and development (R&D) initiatives. Regarding practices in his own company, Mr. Schneider stated that Symantec Corporation is invested in simulation platforms, such as sending phishing emails to see if employees respond. When Rep. Bruce Westerman (R-AR) asked if there are proactive technological measures to pursue, Mr. Schneider recommended honeypots and putting shock absorbers to protect against potential cyber attacks.
  • Mandatory vs. Voluntary Cybersecurity Standards and Insurance – When Subcommittee Ranking Member Don Beyer (D-VA) asked if businesses come together to agree to a mandated standard, Mr. Wood responded that a baseline standard would be helpful in that companies would know doing business with each other that they all adhere to the same standards. Regarding having a mandatory standard, Mr. Clinton responded that technology is under attack, and some standards are obsolete, and the old model will not work for modern problems. Instead, he championed a forward-looking model that gives industry incentives to comply. On the subject of cyber insurance, Rep. Lipinski asked if this is something that should be required or developed over time, to which Mr. Wood responded that there is no need for the government to make it a requirement as lawyers will explain to companies the liabilities of not taking the appropriate actions.
  • Enforcement of Cyber Hackers – Rep. Darin LaHood (R-IL) asked if data breaches in the private sector or government would be considered criminal behavior or a violation of a state or federal statute in some respect. Mr. Schneider responded that the legal considerations are very complicated, so in general they are considered criminal, but they are not in all cases. Mr. Clinton called for increasing our enforcement activities and lamented that law enforcement is dramatically underfunded. When Rep. LaHood asked if anyone was leading the charge on enforcement domestically or internationally, Mr. Clinton emphasized the need for Congress to demonstrate that enforcement is a priority and to fund it more aggressively. 
Key Takeaways:
  • There was a universal bipartisan consensus that government agencies have inadequate information programs and that both the public and private sector need to strengthen cybersecurity standards.
  • Some of the proactive technological strategies to combat cybersecurity that witnesses recommended include multi-factor authentication, encryption, lockboxes, simulation platforms, and honeypots.
  • Witnesses and members were in agreement that cybersecurity standards have economic effects, and they called for greater funding for enforcement to hold perpetrators of cyber attacks accountable and for startups so that the expense of adopting effective cybersecurity standards is less. 
More information on the hearing can be found on the Committee’s website.

Senate Votes Not to Proceed with “Audit the Fed” Bill
On Jan. 12, 2016, The Senate declined to proceed forward with Sen. Rand Paul's (R-KY) Federal Reserve Transparency Act of 2015, known as the "Audit the Fed" bill. The proposed legislation would have required a full audit of the Board of Governors of the Federal Reserve System and the Federal Reserve banks by the Comptroller General of the United States. Currently, most of the Fed’s operations are subject to regular external audits, but its monetary policy deliberations are excluded from this process. A procedural vote, requiring the support of 60 senators in order to move the bill forward, failed (53-44.)
Federal Reserve Transparency Act of 2015 (S.2232 — 114th Congress)
Legislative Tool Kit
House 2016 Calendar (also in bottom right hand bar)
Senate 2016 Calendar (also in bottom right hand bar)​​
Access: Public