Keeping in mind the growing instances of cybercrimes globally, SEBI has asked fund houses to put in place robust cyber security and cyber resilience framework to deal with such cyber threats and data breach.
In a circular, SEBI said, “With rapid technological advancement in securities market, there is greater need for maintaining robust cyber security and to have a cyber resilience framework to protect integrity of data and guard against breaches of privacy.”
Here are some key highlights of the circular
- AMCs will have to appoint Chief Information and Security Officer (CISO) who will assess, identity and reduce cyber security risks, respond to such incidents and establish appropriate controls
- AMCs board will have to constitute technology committee comprising experts in technology. This committee will review exiting framework of the AMCs and instances of cyber security on quarterly basis
- MFs will have to identify their critical assets, which are prone to such risks
- MFs will have to encourage third party providers, RTAs, custodians, brokers and distributors to have similar standards of information security
- MF officials of any rank do not have right to access confidential data. Any access to AMCs should be for a defined purpose or defined period
- MFs will have to implement strong password for users access to systems, apps and networks. AMCs will have to provide two-factor authentication at log in.
- MFs will have to deploy additional controls and security measures to supervise staff
- Employees and outsourced staff who have access to such systems will be subject to stringent supervision and access restriction
- Alerts should be generated in an event of detection of unauthorized system activity
- MFs have to impart trainings to employees and outsourced staff to increase awareness
Anuj Kumar, CEO, CAMS believes that the move will raise cyber security standards of the industry. Sharing his view, he said, "In September 2017, SEBI had asked R&T agents to enhance their systems and processes to reduce cyber risks. That time SEBI gave 55 pointers. This time too, SEBI has come out with 55 pointers, which are largely in line with what we have complied with."
The circular will come into effect from April 1, 2019.