US banking group demands SEC to cancel cybersecurity incident disclosure rules

The five major banking groups led by the American Bankers Association jointly sent a letter to the US Securities and Exchange Commission (SEC) on May 22, requesting the repeal of the "Cybersecurity Risk Management Rules" issued in July 2023, which required listed companies to publicly disclose cybersecurity incidents within four days. Participating in the joint signature include institutions such as the Securities and Financial Markets Association and the Banking Policy Research Institute. The banking industry group pointed out that this rule directly conflicts with the confidentiality reporting requirements for protecting critical infrastructure, which may hinder incident response and enforcement actions, and cause market chaos. They specifically requested the cancellation of the "1.05 clause" in the 8-K form; It is believed that the existing framework for major information disclosure is sufficient to protect the interests of investors. This rule also applies to listed cryptocurrency companies. At the beginning of this month, Coinbase faced at least seven lawsuits for disclosing user data breaches. The company refused to pay a ransom of $20 million and estimated potential losses of up to $400 million. If the rules are cancelled, relevant companies will have more flexible disclosure time for events. (PANews)