Banks push to scrap SEC cyber reporting rule

Financial groups call for the removal of the SEC’s strict reporting rule.

Banks say the SEC’s breach rule creates confusion and security risks.

Five major US banking groups have asked the Securities and Exchange Commission (SEC) to drop its cyber security disclosure rule. The rule requires public companies to report incidents, such as data breaches, within four days.

The American Bankers Association and others said in a letter that the rule conflicts with systems built to protect critical infrastructure. They warned it may hurt law enforcement and cause market confusion.

The rule, introduced in July 2023, also affects crypto firms like Coinbase. However, the exchange recently reported a breach where hackers bribed staff for user data. Coinbase rejected a $20 million ransom but now faces at least seven lawsuits.

Banking groups want the SEC to remove Item 1.05 from Form 8-K rules. They argue investors would still be protected under existing rules for material information, without the risks of rushed public reporting.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot