Securities Laws Updates (Country: India)
SEBI, vide circular no. SEBI/HO/MIRSD/CIR/P/2017/0000000100 dated September 08, 2017 to Registrars to an Issue / Share Transfer Agents, has prescribed framework on cyber security and cyber resilience which are be required to be complied by the Qualified RTAs. The contents of the said circular is as under:-
“Rapid technological developments in securities market have highlighted the need for maintaining robust cyber security and cyber resilience framework to protect the integrity of data and guard against breaches of privacy.
A robust cyber security and cyber resilience framework should identify the plausible sources of operational risk, both internal and external, and mitigate the impact through the use of appropriate systems, policies, procedures, and controls. Systems should be designed to ensure a high degree of security and operational reliability and should have adequate, scalable capacity. Business continuity management should aim for timely recovery of operations and fulfilment of its obligation in the event of cyber attack.
Since RTAs perform important functions in providing services to holders of securities, it is desirable that RTAs have robust cyber security and cyber resilience framework in order to provide essential facilities and perform systemically critical functions relating to securities market.
In view of the above, SEBI's High Powered Steering Committee - Cyber Security engaged in detailed discussions and decided that the framework prescribed vide SEBI circular CIR/MRD/DP13/2015 dated July 06, 2015 on cyber security and cyber resilience framework be broadly made applicable for large RTAs. Accordingly, the provisions of this circular are applicable only for RTAs servicing more than 2 crore folios (hereinafter referred to as “Qualified RTAs” or “QRTAs”). The framework placed at Annexure A, would be required to be complied by the QRTAs with regard to cyber security and cyber resilience. QRTAs are directed to take necessary steps to put in place systems for implementation of this circular, by December 01, 2017.
This circular is being issued in exercise of powers conferred under Section 11 (1) of the Securities and Exchange Board of India Act, 1992, to protect the interests of investors in securities and to promote the development of, and to regulate the securities market.”