Introduction
On April 11th, Representatives Patrick McHenry (R-NC) and Brittany Pettersen (D-CO) introduced the bipartisan Ransomware and Financial Stability Act of 2024. This bill amends text in the Consolidated Appropriations Act, 2021.
Summary
This legislation aims at strengthening the resilience of the U.S. financial system against ransomware attacks, establishing clear protocols for ransom payments, and ensuring that such payments, including those involving cryptocurrencies, are made within a controlled and legally compliant framework.
Key Provisions
Financial institutions must secure a “ransomware payment authorization” from a federal law enforcement agency for any payouts exceeding $100,000. Also, these institutions must report to the Financial Crimes Enforcement Network (FinCEN) before making such payments, providing full details of the attack and the ransom sought.
The Treasury Department will offer guidance to simplify reporting, ensuring that institutions are not overburdened. In cases where national interests are at stake, the President may waive these stringent requirements, but Congress and the relevant institutions must be notified.
By adhering to these guidelines, financial institutions can enjoy legal protection, gaining immunity from certain liabilities and shielding from adverse actions. This immunity extends to institutions that, in good faith, attempt to report ransomware attacks; they will not be penalized for incomplete reports due to a lack of information.
The bill grants federal and state agencies the right to review the validity of any ransomware payment authorizations. It also outlines confidentiality provisions, ensuring that information related to these incidents is disclosed only when legally necessary. The scope of this bill is quite broad, covering major financial entities and tech service providers, and it includes a sunset clause that mandates a legislative review a decade after enactment.
How we see it
Intentionally defining “ransomware payment” to include digital currency payments is a clear nod to the digital asset sector’s staying power and growing role in finance. This proactive legislative approach mirrors global trends and the increasing integration of digital assets into the economy.
This stance also aligns with Deputy Secretary Adeyemo’s April 9th Senate Banking testimony, where he stated that bad actors will increasingly exploit expanding markets. The bill’s approach to digital currencies recognizes their legitimacy and tackles the risks they may pose, paving the way for regulations that balance risk mitigation with the industry’s innovative momentum.