PANews reported on May 26 that according to Cointelegraph, five major banking groups led by the American Bankers Association jointly wrote to the U.S. Securities and Exchange Commission (SEC) on May 22, requesting the abolition of the Cybersecurity Risk Management Rules promulgated in July 2023, which require listed companies to publicly disclose cybersecurity incidents within four days. The co-signers include the Securities Industry and Financial Markets Association, the Banking Policy Institute and other institutions. The banking industry groups pointed out that the rule directly conflicts with the confidentiality reporting requirements for protecting critical infrastructure, which may hinder incident response and law enforcement actions and cause market confusion. They specifically requested the cancellation of "Clause 1.05" in Form 8-K, believing that the existing framework for disclosure of significant information is sufficient to protect the interests of investors.

The rule also applies to listed crypto companies. Earlier this month, Coinbase faced at least seven lawsuits for disclosing a user data breach. The company refused to pay a $20 million ransom, estimating potential losses of up to $400 million. If the rule is canceled, related companies will have more flexible disclosure time.