SP Services
SEBI

SEBI modifies cyber resilience framework for Stock Brokers/ Depository Participants

cyber resilience framework for Stock Brokers

On 30th June 2022, vide circular number SEBI/HO/MIRSD/TPD/P/CIR/2022/93, a Circular was issued by the Securities and Exchange Board of India (SEBI) wherein SEBI modified the cyber security and cyber resilience framework for Stock Brokers and Depository Participants. SEBI has mandated these entities to report incidents of data breaches, cyber-attacks and the like event to the Stock Exchanges/ Depositories Participants within a period of 6 hours from noticing/ detecting such event or being brought to the notice about such an incident. All the recognised stock exchanges and Depositories have been asked under this Circular to take corrective steps and mitigative strategies to prevent such events from taking place in future. 

Who are the players to whom the circular on modified cyber resilience framework for Stock brokers and depository participants is applicable?

The Circular on Modification in Cyber security and Cyber resilience framework for Stock Brokers / Depository Participants” is applicable to the following entities:

  1. All the Recognised Stock Exchanges
  2. All the Depositories

Highlights of the Circular on modified cyber resilience framework for Stock brokers and depository participants   

Reporting of data breach incidents in 6 hours

The stock brokers and depository participants have been mandated by this Circular to report the incidents of data breach, cyber attacks and cyber threats directed toward the stock brokers and depository participants and SEBI within a period of 6 hours from noticing or detecting the above-mentioned incidents or when such incidents have brought within their notice.

Reporting of Incidents to CERT-In 

Apart from reporting the above-mentioned incidents of data breach and cyber-attacks to Stock exchanges, depositories and SEBI, the stock brokers and depository participants have been instructed to report such incidents to Computer Emergency Response Team (CERT-In) in accordance with the directions/ guidelines issued by the CERT-In[1] from time to time.

Reporting to NCIIPC   

Further, the depository participants or stock brokers whose systems have been identified as “Protected systems” by the National Critical Information Infrastructure Protection Centre (NCIIPC) are also bound to report such incidents to NCIIPC.

Submission of Quarterly Reports

The stock brokers and depository participants have been directed to submit quarterly reports containing information on cyber-attacks, cyber incidents, and cyber threats, along with the appropriate measures adopted by the stock brokers and depository participants to mitigate the vulnerabilities, attacks and threats, including information on vulnerabilities, threats and bugs which can be become useful for other Depository participants, stock brokers, stock exchanges, depositories and SEBI.

Such reports shall be submitted to the stock exchanges and depositories within a period of 15 days from the quarter ended June, September, December and March every year.

Dedicated e-mail address

All the above-mentioned information shall be shared with SEBI through a dedicated e-mail address: sbdp-cyberincidents@sebi.gov.in

Further steps to be taken by Depositories and Stock Exchanges   

All the depositories and stock exchanges need to take the following steps:

  1. Necessary amendments have to be made to the bye-laws, rules and regulations for implementing the above criteria; and
  2. The directions of this Circular need to be brought to the notice of their members and participants and also disseminated particulars of this Circular through their websites.

Date of coming into effect

The directions in this Circular shall come into effect immediately, i.e. from 30th June 2022 only, and all the stock brokers and depository participants need to comply with the modified cyber resilience framework with immediate effect.   

Conclusion

This Circular on modification in the cyber resilience framework for Stock Brokers or Depository Participants have been brought after exercising the powers conferred on the SEBI under sub-section 1 of section 11 of the SEBI Act, 1992 with an intent to protect the interests of the investors in the securities market and also to promote the development and regulate the securities market. 

Read our Article: SEBI modifies cyber security framework for Stock Brokers/ Depository Participants

1656589407326

Prabhat Nigam

Prabhat has done his BA LLB (Hons) and has been writing research papers since his law school days. His interest in content writing made him pursue a career in legal research and content writing. His core areas of interest are indirect taxes, finance and real estate.

Business Plan Consultant

Trending Posted

Startup CFO

Our Awards Our Awards

Top 100 Companies in Asia - Red Herring
Top 100 Companies in Asia - Red Herring

Red Herring Top 100 Asia enlists outstanding entrepreneurs and promising companies. It selects the award winners from approximately 2000 privately financed companies each year in the Asia. Since 1996, Red Herring has kept tabs on these up-and-comers. Red Herring editors were among the first to recognize that companies such as Google, Facebook, Kakao, Alibaba, Twitter, Rakuten, Salesforce.com, Xiaomi and YouTube would change the way we live and work.

Top 25 in India - Consultants Review

Researchers have found out that organization using new technologies in their accounting and tax have better productivity as compared to those using the traditional methods. Complying with the recent technological trends in the accounting industry, Enterslice was formed to focus on the emerging start up companies and bring innovation in their traditional Chartered Accountants & Legal profession services, disrupt traditional Chartered Accountants practice mechanism & Lawyers.

Top 25 in India - Consultants Review

In the news