News APP

NewsApp (Free)

Read news as it happens
Download NewsApp

Available on  gplay

This article was first published 1 year ago
Home  » Business » Cybersecurity norms for portfolio managers in place

Cybersecurity norms for portfolio managers in place

Source: PTI
March 29, 2023 22:03 IST
Get Rediff News in your Inbox:

Capital markets regulator Sebi on Wednesday came out with a cybersecurity framework for all portfolio managers having an asset base of at least Rs 3,000 crore.

IMAGE: Kindly note the image has been posted only for representational purposes. Photograph: Kind courtesy Sora Shimazaki/Pexels.com

The new guidelines will come into force from October 1, 2023, the Securities and Exchange Board of India (Sebi) said in a circular.

Under the framework, Sebi asked portfolio managers to report all cyber-attacks and breaches experienced by them within 6 hours of detecting such incidents.

"The response and recovery plan of the portfolio manager should aim at the timely restoration of systems affected by incidents of cyber-attacks or breaches.

 

"Portfolio managers should have Recovery Time Objective and Recovery Point Objective not more than 4 hours and 30 minutes, respectively," Sebi said.

With rapid technological advancement in the securities market, the regulator said there is a greater need for maintaining robust cyber security and to have a cyber resilience framework to protect the integrity of data and guard against breaches of privacy.

As part of the operational risk management, the portfolio managers need to have a robust cyber security and cyber resilience framework in order to provide essential facilities and services and perform critical functions in the securities market, Sebi said.

Accordingly, all portfolio managers with asset under management of Rs 3,000 crore or more, under discretionary and non-discretionary portfolio management service taken together, as on the last date of the previous calendar month will comply with the provisions of cybersecurity and cyber-resilience.

To manage risk to systems, networks, and databases from cyber-attacks and threats, Sebi asked portfolio managers to formulate comprehensive cyber security and cyber resilience policy document thereunder.

The policy document should be approved by the board and in case of deviations from the suggested framework, reasons for such deviations should also be provided in the policy document.

The cybersecurity and cyber resilience policy should include the process to identify, assess, and manage cybersecurity risks associated with processes, information, networks, and systems.

Portfolio managers should define the responsibilities of its employees, outsourced staff, and employees of vendors and other entities, who may have access to their networks.

They should establish a reporting procedure to facilitate communication of unusual activities and events to chief information security officer (CISO)  or to the senior management in a timely manner.

Sebi asked Association of Portfolio Managers in India (APMI) to furnish activity wise implementation timelines and progress in implementation of the new framework on a bi-monthly basis.

Get Rediff News in your Inbox:
Source: PTI© Copyright 2024 PTI. All rights reserved. Republication or redistribution of PTI content, including by framing or similar means, is expressly prohibited without the prior written consent.
 

Moneywiz Live!