XBRL US submitted a comment letter to the Securities and Exchange Commission (SEC) in response to the rule proposal on Cybersecurity Risk Management Rule for Broker-Dealers, Clearing Agencies, Major Security-Based Swap Participants, the Municipal Securities Rulemaking Board, National Securities Associations, National Securities Exchanges, Security-Based Swap Data Repositories, Security-Based Swap Dealers, and Transfer Agents.
The XBRL US letter supported the Commission proposal to require the reporting of cybersecurity incidents in structured format, but disagreed with the proposed requirement that the new Form SCIR be prepared in a custom XML schema. Our rationale for Inline XBRL rather than custom XML pointed out that:
Requiring XBRL would be more efficient and cost-effective and would allow both preparers and data consumers to avail themselves of a competitive marketplace of open-source and commercial tools that already work with the open-source XBRL standard. This approach would enable economies of scale and ensure the lowest possible cost to all stakeholders. Furthermore, Inline XBRL is proposed for cybersecurity information reported by public companies and investment management companies in two other SEC rule proposals. Reporting one set of cybersecurity data in XML and other cybersecurity datasets in XBRL would be inconsistent and not cost-effective.