Securities and Exchange Board of India
Circular No. SEBI/HO/MIRSD/TPD/P/CIR/2022/95 | Dated: July 05, 2022
To
All KYC Registration Agencies
Dear Sir/ Madam,
Sub: – Modification in Cyber Security and Cyber resilience framework of KYC Registration Agencies (KRAs)
1. SEBI vide circular dated 15 October 2019 and 30 May 2022 prescribed framework for Cyber Security and Cyber Resilience for KYC Registration Agencies.
2. In partial modification to Annexure A of SEBI circular dated 15 October 2019 the paragraph-51 shall be read as under:
51. All Cyber-attacks, threats, cyber-incidents and breaches experienced by KRAs shall be reported to SEBI within 6 hours of noticing / detecting such incidents or being brought to notice about such incidents.
The incident shall also be reported to Indian Computer Emergency Response team (CERT-In) in accordance with the guidelines / directions issued by CERT-In from time to time. Additionally, the KRAs, whose systems have been identified as “Protected system” by National Critical Information Infrastructure Protection Centre (NCIIPC) shall also report the incident to NCIIPC.
The quarterly reports containing information on cyber-attacks, threats, cyber-incidents and breaches experienced by KRAs and measures taken to mitigate vulnerabilities, threats and attacks including information on bugs/ vulnerabilities/threats that may be useful for other KRAs shall be submitted to SEBI within 15 days from the quarter ended June, September, December and March of every year. The above information shall be shared through the dedicated e-mail id: kra@sebi.gov.in. The format for submitting the quarterly reports is attached as Annexure B.
3. KRAs shall take necessary steps to put in place systems for implementation of the circular.
4. The provisions of the Circular shall come into force with immediate effect.
5. The circular is issued with the approval of the competent authority.
6. This circular is being issued in exercise of powers conferred under Section 11 (1) of the Securities and Exchange Board of India Act, 1992 to protect the interests of investors in securities and to promote the development of, and to regulate the securities market.
Yours faithfully,
Vishal M Padole
Deputy General Manager
MIRSD
Tel. No: 022 26449247
Email ID: vishalp@sebi.gov.in
Annexure – B
