American banking groups want the Securities and Exchange Commission (SEC) to revoke its cybersecurity incident disclosure requirements. These groups, led by the American Bankers Association (ABA), wrote to the SEC last week, contending that disclosing cybersecurity incidents “directly conflicts with confidential reporting requirements intended to protect critical infrastructure and warn potential victims.” Joining the ABA were the Securities Industry and Financial Markets Association, the Bank Policy Institute, Independent Community Bankers of America, and the Institute of International Bankers, who argue the rule hinders regulatory efforts to bolster national cybersecurity. The letter was flagged in a report Monday (May 26) by Cointelegraph, which noted that the rule in question — the SEC’s Cybersecurity Risk Management rule, published in July 2023 — requires companies to quickly disclose incidents such as data breaches or hacks. But the banking groups say this rule was flawed from the beginning and has been problematic in practice since going into effect. The letter said that the “complex and narrow disclosure delay mechanism” interferes with incident response and law enforcement, while also breeding “market confusion” between mandatory and voluntary disclosures.