- SEBI, vide circular dated 15th October, 2019 and 30th May, 2022 prescribed framework for Cyber Security and Cyber Resilience of KYC Registration Agencies (KRAs).
- Further, SEBI vide its circular dated 05th July, 2022 made partial modifications in the paragraph 51 of Annexure -1 of SEBI Circular dated 15th October, 2019.
- SEBI in the Circular said that KYC Registration Agencies (KRAs) must notify the stock exchanges or depositories as well as SEBI of any cyberattacks, threats or breaches within six hours of them becoming aware of the incident or it being brought to their notice.
- The incidents must also be reported to the Indian computer emergency response team (CERT-In).
- SEBI further availed requirement to file quarterly report containing cyberattacks, threats or breaches experienced by KRAs and measures taken for mitigation within 15 days from the quarter ended June, September, December and March.
- Further, KYC Registration Agencies (KRAs) shall take necessary steps for implementation of this Circular.
- The provisions of the Circular shall come into force with immediate effect.