Description:
H.R. 1731 would require the Securities and Exchange Commission (SEC) to issue rules that require publicly traded companies to report annually on whether members of their governing bodies (such as general partners or members of a board of directors) have cybersecurity expertise and the nature of that experience. If nobody has such experience, then the company would be required to describe what other aspects of its cybersecurity were considered by the people responsible for identifying and evaluating nominees for governing body membership. H.R. 1731 would require the SEC (in consultation with the National Institute of Standards and Technology) to define expertise or experience in cybersecurity. For this estimate, CBO assumes that the bill will be enacted in fiscal year 2020. Based on the estimated costs of similar proposals, CBO estimates that it would cost the SEC less than $500,000 to issue rules over the 2020-2021 period. CBO expects that the work would require two employees, at an annual cost of $260,000 each, for less than a year. However, because the SEC is authorized to collect fees sufficient to offset its annual appropriation, CBO expects that the net effect on discretionary spending would be negligible, assuming appropriation actions consistent with that authority. H.R. 1731 contains private-sector mandates as defined in the Unfunded Mandates Reform Act (UMRA). CBO estimates that the cost to comply with those mandates would be small and would not exceed the threshold established in UMRA ($168 million in 2020, adjusted annually for inflation). By requiring publicly traded companies to annually disclose to the SEC the nature of their board members’ experience in cyber security, H.R. 1731 would impose a mandate as defined in UMRA. The incremental cost of the mandate would be small because the mandated entities already collect or possess the information to be reported under the bill and would use an established reporting process. If the SEC increased fees to offset the costs associated with implementing the bill, H.R. 1731 would increase the cost of an existing mandate on private entities required to pay those fees. CBO estimates that the incremental cost of the mandate would be small. H.R. 1731 contains no intergovernmental mandates as defined in UMRA.
