SEBI Modifies Cyber Security and Cyber resilience framework of Mutual Funds/ Asset Management Companies (AMCs) – 09th June, 2022

• SEBI, vide circular dated 10^th January, 2019 prescribed framework for Cyber Security and Cyber Resilience for Mutual Funds/ Asset Management Companies (AMCs).

• Further, SEBI vide its circular dated 09^th June, 2022 made partial modifications in the Annexure -1 of SEBI Circular dated 10^th January, 2019 in the following paragraphs :-

Paragraph – 11 – to have uniformity for identifying and classifying critical assets,  across the industry.

Paragraph – 40, 41 and 42 on the recommendation of IT-Projects Advisory Committee (IT-PAC) of SEBI and also to adopt “audit the auditor approach” for conducting the Vulnerability    Assessment    and    Penetration    Testing    (VAPT)    of the intermediaries.

Paragraph – 51 For receipt of quarterly reports containing information on cyber-attacks and threats experienced by  Mutual  Funds/  AMCs  in  a  time  bound  manner.

• SEBI also mandated Stock Brokers/Depository Participants to conduct comprehensive  cyber audit at least 2 times in a financial year. Further, along with the Cyber audit report, a declaration from the MD/ CEO certifying compliance by all  SEBI  Circulars  and advisories related to Cyber security from time to time.

• Further, Stock Brokers / Depository Participants shall take necessary steps for implementation of this Circular.

The provisions of the Circular shall come into force from 15^th July, 2022.

Link to the Circular:

https://www.sebi.gov.in/legal/circulars/jun-2022/circular-on-modification-in-cyber-security-and-cyber-resilience-framework-of-mutual-funds-asset-management-companies-amcs-_59611.html