SEBI issues cybersecurity framework for KYC Registration Agencies
PrintListen to this Article
With the new norms, to be effective from January 1, 2020, KYC registration agencies or KRAs would be required to define the responsibilities of its employees, including outsourced staff, who have privileged access to the networks, the Securities and Exchange Board of India (Sebi) said in a circular.
Sebi said that rapid technological developments in securities market have highlighted the need for maintaining robust cyber security and cyber resilience framework to protect the integrity of data and guard against breaches of privacy.
Cybersecurity framework includes measures, tools and processes that are intended to prevent cyber-attacks and improve cyber resilience.
"Since KRAs perform important function of maintaining KYC records of the clients in the securities market, it is desirable that KRAs have robust Cyber Security and Cyber Resilience framework in order to provide essential facilities and perform systemically critical functions relating to securities market," Sebi noted.
Accordingly, Sebi has asked KRAs to formulate a comprehensive cybersecurity and cyber resilience policy document encompassing the framework.
The policy document should be approved by the board of KRAs and in case of deviations from the suggested framework, reasons for such deviations, technical or otherwise, should be provided in the policy document. The document should be reviewed by the board of KRAs at least annually.
KRAs will have to define responsibilities of its employees, outsourced staff, and employees of vendors, members and other entities, who may have privileged access to the networks. Further, such staff should also be subject to stringent supervision, monitoring and access restrictions.
They need to establish a reporting procedure to facilitate communication of unusual activities and events to the designated officer in a timely manner.
KRAs should establish appropriate security monitoring systems and processes to facilitate continuous monitoring of security events and timely detection of unauthorised or malicious activities, held in contractual or fiduciary capacity, by internal and external parties.
Sebi said that alerts generated from monitoring and detection systems need to be suitably investigated in order to determine activities that are to be performed to prevent expansion of such incident of cyber attack or breach, mitigate its effect and eradicate the incident. #casansaar (Source - PTI, SEBI, MoneyControl)
Category : SEBI | Comments : 0 | Hits : 459
A financial influencer, also known as finfluencer, who was also involved in imparting training related to stock market trading has been asked to part with a little over ?12 crore, which it made unlawfully. The funds are to be credited or deposited by Ravindra Balu Bharti into an interest-bearing escrow account that has been set up in a nationalised bank especially for that purpose. The regulator stated in an order that the escrow account(s) would establish a lien in favour of SEBI and that th...
The Securities and Exchange Board of India (Sebi), the country's market regulator, has announced the launch of an optional same-day (T+0) settlement cycle for a select group of 25 stocks starting March 28, as per a circular published on its website last Thursday. This new initiative, referred to as the beta version, is set to coexist with the traditional next-day (T+1) settlement cycle, where trades are settled within 24 hours of execution. The T+0 settlement option will be available for ...
Capital markets regulator Sebi on Thursday slapped a fine of Rs 48 lakh on eight entities, including promoters of United Polyfab Gujarat Ltd (UPGL), for manipulating the share prices of the company. These entities have to pay the penalty jointly and severally within 45 days, as per an order. The order came after Sebi conducted an investigation of UPGL and trading by certain entities in the scrip of the company, to ascertain whether there was any violation of the provisions of the PFUTP (Pr...
Sebi alerts investors about the growing trend of unregistered entities falsely claiming Sebi registration and offering unrealistic returns. Investors are advised to verify the registration status and consider the inherent risks associated with high-return investments. The Securities and Exchange Board of India (Sebi) has issued a warning to investors, cautioning them against investing money with unregistered entities that promise assured or exceptionally high returns on investments. This advi...
Capital markets regulator Sebi on Thursday issued orders of action against 15 guest experts of the Zee Business channel for unlawful trading. The entities made unlawful gains to the tune of Rs. 7.41 crore from such trades and the profit was shared with guest experts as per prior understanding, Sebi noted. The market regulator also asked the guest experts to pay Rs.7.41 crore. The guest experts appeared on the Zee Business channel from 1 February 2022 and 31 December 2022. "The facts of t...
Comments