Securities and Exchange Board of India
October 15, 2019
Registrars to an Issue / Share Transfer Agents
Dear Sir / Madam,
Subject: Cyber Security & Cyber Resilience framework for Qualified Registrars to an Issue / Share Transfer Agents
1. SEBI, vide circular SEBI/HO/MIRSD/CIR/P/2017/100 dated September 08, 2017, prescribed the framework for Cyber Security & Cyber Resilience for Qualified Registrars to an Issue / Share Transfer Agents (QRTAs).
2. Paragraph 51 of Annexure A of the SEBI circular dated September 08, 2017 specifies the following regarding sharing of information:
Quarterly reports containing information on cyber-attacks and threats experienced by QRTAs and measures taken to mitigate vulnerabilities, threats and attacks including information on bugs / vulnerabilities / threats that may be useful for other QRTAs should be submitted to SEBI in soft copy to firstname.lastname@example.org.
3. In this regard, following guidelines are being issued for submission of report / information and the timelines:
3.1. A format for submitting the reports is attached as Annexure.
3.2. For the quarter ended on September 30, 2019, quarterly reports shall be submitted by QRTAs not later than November 30, 2019 as per the format specified.
3.3. Effective from quarter ending on December 31, 2019, the time period for submission of the report shall be 15 days after the end of the quarter.
3.4. The mode of submission of reports by QRTAs to SEBI shall be through email.
4. This circular is being issued in exercise of powers conferred under Section 11 (1) of the Securities and Exchange Board of India Act, 1992 to protect the interests of investors in securities and to promote the development of, and to regulate the securities market.
D Rajesh Kumar
Market Intermediaries Regulation and Supervision Department