The Securities and Exchange Board of India (“SEBI”) vide its circulars dated October 15, 2019 (“October Circular”) and May 30, 2022 (“May Circular”) (collectively the “Cyber Security and Resilience Framework”) had prescribed framework for cyber security and cyber resilience for all the KYC registration agencies (“KRAs”).
SEBI now vide its circular dated July 5, 2022 (“Circular”), has modified paragraph 51 (Sharing of Information) of the Annexure A of the October Circular to read as under:
“51. All Cyber-attacks, threats, cyber-incidents and breaches experienced by KRAs shall be reported to SEBI within 6 hours of noticing / detecting such incidents or being brought to notice about such incidents.
The incident shall also be reported to Indian Computer Emergency Response team (CERT-In) in accordance with the guidelines / directions issued by CERT-In from time to time. Additionally, the KRAs, whose systems have been identified as “Protected system” by National Critical Information Infrastructure Protection Centre (NCIIPC) shall also report the incident to NCIIPC.
The quarterly reports containing information on cyber-attacks, threats, cyber-incidents and breaches experienced by KRAs and measures taken to mitigate vulnerabilities, threats and attacks including information on bugs/ vulnerabilities/threats that may be useful for other KRAs shall be submitted to SEBI within 15 days from the quarter ended June, September, December and March of every year. The above information shall be shared through the dedicated e-mail id: kra@sebi.gov.in. The format for submitting the quarterly reports is attached as Annexure B.”
The Circular will come into force with immediate effect.
Please find a copy of the Circular here and a copy of the Cyber Security and Resilience Framework (i.e. the October Circular here and the May Circular here).
This update has been contributed by Swaraj Narula (Senior Associate).
Argus Knowledge Centre is now on WhatsApp! Send us a message on +91 8433523504 to receive updates from our Knowledge Centre.
Express Building
9 – 10 Bahadur Shah Zafar Marg
Delhi – 110002
+91 11 23701284/5/7
155, ESC House, 2nd floor,
Okhla Industrial Estate, Phase 3,
New Delhi – 110020
The rules of the Bar Council of India do not permit advocates to solicit work or advertise in any manner. This website has been created only for informational purposes and is not intended to constitute solicitation, invitation, advertisement or inducement of any sort whatsoever from us or any of our members to solicit any work in any manner. By clicking on 'Agree' below, you acknowledge and confirm the following:
a) there has been no solicitation, invitation, advertisement or inducement of any sort whatsoever from us or any of our members to solicit any work through this website;
b) you are desirous of obtaining further information about us on your own accord and for your use;
c) no information or material provided on this website is to be construed as a legal opinion and use of this website will not create any lawyer-client relationship;
d) while reasonable care has been taken in ensuring the accuracy of the contents of the website, Argus Partners shall not be responsible for the results of any actions taken on the basis of information provided in this website or for any error or omission in the website; and
e) in cases where the user has any legal issues, the user must seek independent legal advice.