The Securities and Exchange Commission (SEC) has voted to require publicly traded companies to disclose within four days when they suffer a cyber incident significant enough to weigh into the decisions of prospective investors. The rule will provide investors with critical information about a company’s risk management, strategy, and governance in its periodic reporting. The four-day trigger can be delayed if the attorney general determines and affirms that disclosure would jeopardize national security. Registrants also will have to describe their processes for identifying and managing cyber risks in annual reports.
Senators Lindsey Graham and Elizabeth Warren argue that Big Tech companies have too much power and operate without accountability, and propose the creation of a Digital Consumer Protection Commission Act to regulate and police the nation’s biggest tech companies to prevent online harm, promote free speech and competition, guard Americans’ privacy, and protect national security. The proposed legislation would set clear rules for tech companies, impose real consequences for companies that break the law, and prohibit anticompetitive practices by dominant Big Tech platforms.
Proposed federal privacy legislation in the US is expected to transfer oversight of the telecom industry’s privacy practices from the FCC to the FTC, a priority for telecom companies due to the FCC’s technical expertise and strict oversight. Experts suggest the FCC has not consistently regulated the industry’s privacy practices, and some support moving oversight to the FTC to gain support from congressional Republicans.
The FedNow instant payment system has gone live in the US, offering faster payment rail for financial institutions and immediate access to funds. The Federal Reserve said banks and credit unions of all sizes could sign up and use the tool, with 35 financial institutions and 16 service providers already on board. Future features include bank and credit union customers being able to send instant payments via their financial institution’s mobile app or website. The potential for FedNow to be a game-changer in the US is massive, with the success of Brazil’s Pix instant payment system a good indication.
Why do we care?
Four-day disclosures for cyber is a standard. I’m not saying a good or bad one; I’m just saying that putting this rule out there sets a standard. There’s an existence of the rule and a process. Over time, that would become a norm.
The US government is getting serious about regulation – and when Lindsey Graham and Elizabeth Warren team up, you can tell there’s intention. I’m still pushing for an actual privacy law… although we may be on our way if we’re moving the pieces around.
I included the FedNow detail as it’s something to be aware of for your banking needs.

