{"id":12454,"date":"2025-05-26T14:42:36","date_gmt":"2025-05-26T12:42:36","guid":{"rendered":"https:\/\/wsj-crypto.com\/?p=12454"},"modified":"2025-05-26T14:42:36","modified_gmt":"2025-05-26T12:42:36","slug":"banking-organizations-urge-sec-to-eliminate-cybersecurity-incident-reporting-regulation","status":"publish","type":"post","link":"https:\/\/wsj-crypto.com\/index.php\/2025\/05\/26\/banking-organizations-urge-sec-to-eliminate-cybersecurity-incident-reporting-regulation\/","title":{"rendered":"Banking Organizations Urge SEC to Eliminate Cybersecurity Incident Reporting Regulation"},"content":{"rendered":"

“`html
\n<\/p>\n

\n

Advocacy organizations within the American banking and finance sector have urged the Securities and Exchange Commission to annul its requirements for public disclosure of cybersecurity incidents.\u00a0<\/p>\n

On May 22, five United States banking associations, spearheaded by the American Bankers Association, requested the regulator to eliminate its mandate in a letter<\/a>, asserting that revealing cybersecurity<\/a> incidents \u201cconflicts directly with confidential reporting requirements designed to safeguard critical infrastructure and alert potential victims.\u201d<\/p>\n

Included in this coalition are the Securities Industry and Financial Markets Association, the Bank Policy Institute, Independent Community Bankers of America, and the Institute of International Bankers, all of whom contended that the regulation undermines regulatory initiatives aimed at bolstering national cybersecurity.<\/p>\n

The SEC\u2019s Cybersecurity Risk Management rule, released<\/a> in July 2023, mandates that companies swiftly disclose cybersecurity incidents like data breaches or hacks. Nonetheless, the banking associations argue that this regulation was flawed from inception and has proved problematic in execution since its implementation.<\/p>\n

The banking entities stated that the \u201ccomplex and restrictive disclosure delay mechanism\u201d hampers incident responses and law enforcement, leading to \u201cmarket confusion\u201d between obligatory and voluntary disclosures.\u00a0<\/p>\n

Furthermore, public disclosure has been \u201cexploited as a tactic of extortion by ransomware offenders to advance malicious aims,\u201d and hasty disclosures exacerbate insurance and liability challenges for firms while \u201cposing risks to honest internal dialogue and routine information sharing,\u201d asserted the coalition.\u00a0<\/p>\n

Concerns and claims from the banking groups regarding the ruling. Source: <\/em>SIFMA<\/em><\/a><\/figcaption><\/figure>\n

The organizations specifically seek the withdrawal of \u201cItem 1.05\u201d from the SEC\u2019s regulations for Form 8-K reporting and associated reporting stipulations relevant to Form 6-K.\u00a0<\/p>\n

Form 8-K serves to publicly inform investors in US public corporations of specified occurrences, including cybersecurity events, that may be significant to shareholders or the SEC.\u00a0<\/p>\n

\u201cImportantly, without Item 1.05, investor interests will still be safeguarded, and we believe they would be more effectively served through the pre-existing disclosure system for reporting material information, potentially encompassing substantial cybersecurity incidents,\u201d the stakeholders articulated.<\/p>\n

Related: <\/strong><\/em>Hackers employing counterfeit Ledger Live app to steal seed phrases and deplete crypto<\/strong><\/em><\/a><\/p>\n

The complete petition included instances of confusion from participants, specific ransomware attack incidents, and documented clashes with regulations.\u00a0<\/p>\n

Public crypto companies affected\u00a0<\/h2>\n

This requirement also influences publicly traded crypto firms like Coinbase, which revealed earlier this month that hackers had bribed its support personnel to disclose its user information.<\/p>\n

This revelation resulted in the company facing at least seven<\/a> lawsuits stemming from the incident.<\/p>\n

Coinbase indicated that it declined a $20 million ransom demand after staff exposed user data<\/a> during a significant phishing attack, which the exchange estimated could cost it as much as $400 million in damages.<\/p>\n

If the SEC revokes the mandate, it may afford firms like Coinbase additional time to inform the public regarding cybersecurity incidents.\u00a0<\/p>\n

Magazine: <\/strong><\/em>Bitcoin bears target $69K, CZ denies WLF \u2018fixer\u2019 rumors: Hodler\u2019s Digest<\/strong><\/em><\/a><\/p>\n