Direct Tax
Consulting
ESG Advisory
Indirect Tax
Growth Advisory
Internal Audit
BFSI Audit
Industry Audit
Valuation
RBI Services
SEBI Services
IRDA Registration
AML Advisory
IBC Services
NBFC Compliance
IRDA Compliance
Finance & Accounts
Payroll Compliance Services
HR Outsourcing
LPO
Fractional CFO
General Legal
Corporate Law
Debt Recovery
Select Your Location
On 30th June 2022, vide circular number SEBI/HO/MIRSD/TPD/P/CIR/2022/93, a Circular was issued by the Securities and Exchange Board of India (SEBI) wherein SEBI modified the cyber security and cyber resilience framework for Stock Brokers and Depository Participants. SEBI has mandated these entities to report incidents of data breaches, cyber-attacks and the like event to the Stock Exchanges/ Depositories Participants within a period of 6 hours from noticing/ detecting such event or being brought to the notice about such an incident. All the recognised stock exchanges and Depositories have been asked under this Circular to take corrective steps and mitigative strategies to prevent such events from taking place in future.
Who are the players to whom the circular on modified cyber resilience framework for Stock brokers and depository participants is applicable?
The Circular on Modification in Cyber security and Cyber resilience framework for Stock Brokers / Depository Participants” is applicable to the following entities:
Reporting of data breach incidents in 6 hours
The stock brokers and depository participants have been mandated by this Circular to report the incidents of data breach, cyber attacks and cyber threats directed toward the stock brokers and depository participants and SEBI within a period of 6 hours from noticing or detecting the above-mentioned incidents or when such incidents have brought within their notice.
Reporting of Incidents to CERT-In
Apart from reporting the above-mentioned incidents of data breach and cyber-attacks to Stock exchanges, depositories and SEBI, the stock brokers and depository participants have been instructed to report such incidents to Computer Emergency Response Team (CERT-In) in accordance with the directions/ guidelines issued by the CERT-In[1] from time to time.
Reporting to NCIIPC
Further, the depository participants or stock brokers whose systems have been identified as “Protected systems” by the National Critical Information Infrastructure Protection Centre (NCIIPC) are also bound to report such incidents to NCIIPC.
Submission of Quarterly Reports
The stock brokers and depository participants have been directed to submit quarterly reports containing information on cyber-attacks, cyber incidents, and cyber threats, along with the appropriate measures adopted by the stock brokers and depository participants to mitigate the vulnerabilities, attacks and threats, including information on vulnerabilities, threats and bugs which can be become useful for other Depository participants, stock brokers, stock exchanges, depositories and SEBI.
Such reports shall be submitted to the stock exchanges and depositories within a period of 15 days from the quarter ended June, September, December and March every year.
Dedicated e-mail address
All the above-mentioned information shall be shared with SEBI through a dedicated e-mail address: sbdp-cyberincidents@sebi.gov.in.
Further steps to be taken by Depositories and Stock Exchanges
All the depositories and stock exchanges need to take the following steps:
The directions in this Circular shall come into effect immediately, i.e. from 30th June 2022 only, and all the stock brokers and depository participants need to comply with the modified cyber resilience framework with immediate effect.
This Circular on modification in the cyber resilience framework for Stock Brokers or Depository Participants have been brought after exercising the powers conferred on the SEBI under sub-section 1 of section 11 of the SEBI Act, 1992 with an intent to protect the interests of the investors in the securities market and also to promote the development and regulate the securities market.
Read our Article: SEBI modifies cyber security framework for Stock Brokers/ Depository Participants
A company needs cost-effective financial management for overall survival and growth. This invol...
Automotive industry audit checklist as the process audits is made simpler and generates better...
An Automotive Dealerships Audit Checklist helps in an examination and review of aspects related...
The Companies Commission of Malaysia sets mandatory guidelines for maintaining the annual compl...
An industry audit is an important aspect of the oil and gas industry, it serves as a tool for e...
Are you human?: 6 + 1 =
Easy Payment Options Available No Spam. No Sharing. 100% Confidentiality
Introduction A stock market functions as a marketplace where individuals and companies exchange equities. Shares of...
04 Jul, 2023
Before issuing a research report, a Research Analyst should disclose certain mandatory disclosures in the research...
04 Aug, 2021