Banking groups ask SEC to drop cybersecurity incident disclosure rule
Major banking groups want the Securities and Exchange Commission to rescind a rule that requires public companies to report cybersecurity incidents to the public within four days.
American banking and financial industry advocacy groups have petitioned the Securities and Exchange Commission to repeal its cybersecurity incident public disclosure requirements.
Five US banking groups led by the American Bankers Association asked the regulator to remove its rule in a May 22 letter, arguing that disclosing cybersecurity incidents “directly conflicts with confidential reporting requirements intended to protect critical infrastructure and warn potential victims.”
The group, which also included the Securities Industry and Financial Markets Association, the Bank Policy Institute, Independent Community Bankers of America and the Institute of International Bankers, claimed that the rule compromises regulatory efforts to enhance national cybersecurity.