SEBI Modifies Cyber Security and Cyber resilience framework of Mutual Funds/ Asset Management Companies (AMCs) – 09th June, 2022

SEBI, vide circular dated 10 th January, 2019 prescribed framework for Cyber Security and Cyber Resilience for Mutual Funds/ Asset Management Companies (AMCs).

Further, SEBI vide its circular dated 09 th June, 2022 made partial modifications in the Annexure -1 of SEBI Circular dated 10 th January, 2019 in the following paragraphs :-

Paragraph – 11 - to have uniformity for identifying and classifying critical assets, across the industry.

Paragraph - 40, 41 and 42 on the recommendation of IT-Projects Advisory Committee (IT-PAC) of SEBI and also to adopt “audit the auditor approach” for conducting the Vulnerability Assessment and Penetration Testing (VAPT) of the intermediaries.

Paragraph – 51 For receipt of quarterly reports containing information on cyber-attacks and threats experienced by Mutual Funds/ AMCs in a time bound manner.

SEBI also mandated Stock Brokers/Depository Participants to conduct comprehensive cyber audit at least 2 times in a financial year. Further, along with the Cyber audit report, a declaration from the MD/ CEO certifying compliance by all SEBI Circulars and advisories related to Cyber security from time to time.

Further, Stock Brokers / Depository Participants shall take necessary steps for implementation of this Circular.

The provisions of the Circular shall come into force from 15 th July, 2022.

Link to the Circular: View Circular