SEBI vide its Circular dated 22nd February, 2023 issued a notification regarding advisory for SEBI Regulated Entities (REs) regarding Cybersecurity best practices.
An efficient and effective response to and recovery from a cyber-incident by REs is essential to limit any related financial stability risks. For ensuring the same, Financial Computer Security Response Team (CSIRT-Fin) has provided important recommendations in its report sent to SEBI. The applicable recommendations, in the form of an advisory are enclosed in Annexure-A of the given Circular.
Further, the advisory should be read in conjunction with the applicable SEBI circulars (including but not limited to Cybersecurity and Cyber Resilience framework, Annual System Audit framework, etc.) and subsequent updates issued by SEBI from time to time.
Further, the compliance of the advisory shall be provided by the REs along with their cybersecurity audit report (conducted as per the applicable SEBI Cybersecurity and Cyber Resilience framework). The compliance shall be submitted as per the existing reporting mechanism and frequency of the respective cybersecurity audit.
Further, with the increasing cybersecurity threat to the securities market, SEBI Regulated Entities (REs) are advised to implement the following practices as mentioned in the Annexure-A of the given Circular as recommended by CSIRT-Fin.
This Circular is applicable to all Stock Exchanges, Clearing Corporations, Depositories, Stock Brokers through Exchanges, Depository Participants through Depositories, Mutual Funds / Asset Management Companies / Trustee Companies / Boards of Trustees of Mutual Funds / Association of Mutual Funds in India (AMFI), KYC Registration Agencies, Qualified Registrars to an Issue / Share Transfer Agents and shall come into force with immediate effect.
About the Author
