SEBI: Stock Brokers Must Report Any Tech Breach Within Six Hours
Moneylife Digital Team 01 July 2022
The Securities and Exchange Board of India (SEBI) on Thursday issued a fresh cybersecurity and cyber-resilience framework for stockbrokers and depository participants.
As per the new framework, stockbrokers and depository participants must report any cyber-attack, cyber-threat or breach to stock exchanges, depositories, and SEBI within six hours of the incident taking place or being noticed.
Further, these incidents must be reported as per guidelines to the Indian Computer Emergency Response Team (CERT-In). Additionally, those who have been classified as "protected systems" by National Critical Information Infrastructure Protection Centre (NCIIPC) must report these incidents to the agency as per guidelines.
The framework also directs stockbrokers and depository participants to submit to stock exchanges, depositories and SEBI annual reports of cyber-attacks, cyber-threats, cyber-incidents and breaches experienced, as well as steps taken by them to mitigate such incidents, and information on bugs, vulnerabilities, threats that may be useful to other market participants.
These reports must be submitted within 15 days of the end of the financial quarter, the SEBI notice said.
The circular directed stockbrokers and depository participants to take appropriate steps to comply with these directives, and told stock exchanges and depositories to make the required amendments to the relevant bylaws, rules and regulations to enable implementation of these directives, and also spread awareness among their members or participants. 
Free Helpline
Legal Credit