- SEBI, vide circular dated 10th January, 2019 prescribed framework for Cyber Security and Cyber Resilience for Mutual Funds/ Asset Management Companies (AMCs).
- Further, SEBI vide its circular dated 09th June, 2022 made partial modifications in the Annexure -1 of SEBI Circular dated 10th January, 2019 in the following paragraphs :-
Paragraph – 11 – to have uniformity for identifying and classifying critical assets, across the industry.
Paragraph – 40, 41 and 42 on the recommendation of IT-Projects Advisory Committee (IT-PAC) of SEBI and also to adopt “audit the auditor approach” for conducting the Vulnerability Assessment and Penetration Testing (VAPT) of the intermediaries.
Paragraph – 51 For receipt of quarterly reports containing information on cyber-attacks and threats experienced by Mutual Funds/ AMCs in a time bound manner.
- SEBI also mandated Stock Brokers/Depository Participants to conduct comprehensive cyber audit at least 2 times in a financial year. Further, along with the Cyber audit report, a declaration from the MD/ CEO certifying compliance by all SEBI Circulars and advisories related to Cyber security from time to time.
- Further, Stock Brokers / Depository Participants shall take necessary steps for implementation of this Circular.
The provisions of the Circular shall come into force from 15th July, 2022.