Cybersecurity incident disclosure
Cybersecurity incident disclosure requirements for Financial & Capital Markets firms have tightened considerably, with the U.S. Securities and Exchange Commission's Rule 10b-5 amendments and its dedicated cybersecurity disclosure rule (effective December 2023) now requiring public companies to report material incidents within four business days of determining materiality. The U.S. Federal Reserve and the European Banking Authority have layered operational resilience and incident reporting obligations on top of that baseline, leaving compliance teams to reconcile overlapping timelines and materiality thresholds across multiple regimes. The coordination burden is real and immediate.
Watch
- SEC 10-K/8-K cybersecurity disclosure rule: materiality determination triggers and timelines
- EBA DORA incident classification thresholds taking effect January 2025 for EU-licensed entities
- Federal Reserve SR 23-4 guidance on third-party cyber incident notification expectations
- Gap between SEC 'material' standard and DORA 'major incident' definitions for cross-border firms
- Proposed New York DFS amendments to Part 500 expanding notification scope to include ransomware payments
Recent material activity in Financial & Capital Markets
-
SEC proposes amendments to Exchange Act Rule 3b-16 expanding ATS definition to include DeFi protocols
The SEC has proposed rule changes that would bring decentralized finance protocols under the regulatory umbrella of Alternative Trading Systems. The amendment targets platforms facilitating token swaps exceeding $50M dai…
Read a full sample brief → -
SEC enforcement action against crypto lending platform for unregistered securities offering
The Commission filed charges against a major crypto lending platform alleging the firm offered and sold crypto asset lending products that constituted unregistered securities. The complaint seeks disgorgement of $340M in…
Read a full sample brief → -
CFTC and SEC release joint statement on digital asset classification framework
The two primary federal financial regulators issued a joint interpretive statement providing guidance on when digital assets fall under securities law versus commodities law. The framework introduces a functional test ba…
Read a full sample brief → -
Federal Reserve announces enhanced supervisory expectations for banks with crypto asset exposure
The Board of Governors issued SR 26-4 establishing new supervisory expectations for state member banks engaging in crypto-related activities. Banks must now maintain dedicated risk management frameworks, capital reserves…
Read a full sample brief → -
SEC approves spot Ethereum ETF amendments allowing staking yield pass-through
The Commission approved amendments to existing spot Ethereum ETF registration statements permitting the pass-through of staking rewards to fund shareholders. The approval includes enhanced disclosure requirements and a 3…
Read a full sample brief → -
SEC Division of Examinations publishes 2026 priorities: crypto compliance tops the list
The SEC's examination division released its annual priorities letter placing crypto asset compliance, stablecoin reserves, and DeFi protocol governance as the top three examination focus areas for 2026. Registered invest…
Read a full sample brief → -
FINRA proposes new rules for broker-dealer crypto custody and customer protection
FINRA filed a proposed rule change establishing custody requirements for broker-dealers holding crypto assets on behalf of customers. The proposal requires segregated wallets, proof-of-reserves attestations, and $10M min…
Read a full sample brief → -
Federal Reserve Board publishes research paper on CBDC impact on commercial bank deposits
The Board published a staff research paper modeling the potential displacement of commercial bank deposits by a retail CBDC. The paper estimates 8-12% deposit migration in the first two years, with disproportionate impac…
Read a full sample brief →