U.S. banking groups call on the SEC to eliminate cybersecurity incident disclosure rules.

According to Cointelegraph, five major banking groups led by the American Bankers Association jointly sent a letter to the U.S. Securities and Exchange Commission (SEC) on May 22, demanding that the July 2023 Cybersecurity Risk Management Rules require listed companies to publicly disclose cybersecurity incidents within four days. Participating institutions include the Securities Industry and Financial Markets Association, the Bank Policy Research Institute and other institutions. Banking groups point out that the rule is in direct conflict with confidential reporting requirements to protect critical infrastructure, could hinder incident response and enforcement actions, and create market disruption. In particular, they called for the removal of "Section 1.05" on Form 8-K, arguing that the existing material disclosure framework is sufficient to protect the interests of investors. This rule also applies to listed cryptocurrency companies. Earlier this month, CEX faced at least seven lawsuits due to the disclosure of a user data breach, and the company refused to pay a $20 million ransom, with potential losses estimated at up to $400 million. If the rule is canceled, related companies will gain more flexibility in event disclosure timing.