New framework. SEBI asks PMS with AUM of over ₹3,000 crore to enhance cyber security

Our Bureau Updated - March 29, 2023 at 08:55 PM.

The move is to protect the integrity of data and guard against breaches of privacy

Market regulator SEBI on Wednesday came out with new framework to boost cyber security of portfolio management services.

With rapid technological advancement in the securities market, there is a greater need for maintaining robust cyber security and to have a cyber-resilience framework to protect the integrity of data and guard against breaches of privacy, it said.

Accordingly, all Portfolio Managers with assets under management of over ₹3,000 crore portfolio management service should formulate a comprehensive cyber security and cyber resilience policy document encompassing the framework by identifying critical IT assets and risks associated with such assets, deploying suitable controls, tools, and measures to protect the asset, detect incidents, anomalies and attacks through appropriate monitoring tools/processes, respond by taking immediate steps after identification of the incident, anomaly or attack and recover from incident through incident management, disaster recovery, and business continuity framework.

PMS should appoint a Chief Information Security Officer and constitute a Technology Committee comprising experts proficient in technology.

The cybersecurity policy should encompass the principles prescribed by the National Critical Information Infrastructure Protection Centre of the National Technical Research Organization in the latest report titled ’Guidelines for Protection of National Critical Information Infrastructure’.

From October 1

Based on feedback received from stakeholders, it has been decided that the guidelines should be effective from October 1, 2023, SEBI said.

In this context, the Association of Portfolio Managers in India should also furnish activity-wise implementation timelines and progress in the implementation to SEBI on a bimonthly basis, it said.

The policy document should be approved by the Board of the Portfolio Manager and in case of deviations from the suggested framework, reasons for such deviations should also be provided in the policy document. The policy document should be reviewed by the Board at least once annually with the view to strengthen and improve its cyber security and cyber resilience framework, it said.

Published on March 29, 2023 14:11

This is a Premium article available exclusively to our subscribers.

Subscribe now to and get well-researched and unbiased insights on the Stock market, Economy, Commodities and more...

You have reached your free article limit.

Subscribe now to and get well-researched and unbiased insights on the Stock market, Economy, Commodities and more...

You have reached your free article limit.
Subscribe now to and get well-researched and unbiased insights on the Stock market, Economy, Commodities and more...

TheHindu Businessline operates by its editorial values to provide you quality journalism.

This is your last free article.