Sebi plans to put in place cyber security framework for stock brokers
New Delhi, Nov 16, 2022
Sebi is planning to come out with a cyber security framework for stock brokers that will help in reducing the impact of potential risks by cyber fraud, data leaks and hacking of trading accounts, a top official said on Wednesday. The framework, aimed at protecting stock brokers as well as their clients, would include measures, tools and processes that are intended to prevent cyber-attacks and improve cyber resilience, Association of National Exchanges Members of India (ANMI) President Kamlesh Shah told PTI here.
The move is part of the capital markets regulator's investors safeguard mechanism.
The Securities and Exchange Board of India (Sebi) has set-up a panel that consists of representatives from the regulator, stock exchanges and ANMI, a grouping of stock brokers, for framing the guidelines.
The rapid technological developments in the securities market have highlighted the need for having a robust cybersecurity and cyber resilience framework for stock brokers to protect the integrity of data and guard against breaches of privacy.
"Stock brokers possess a lot of critical data of investors and it's their responsibility to protect such data from possible cyber fraud and hacking of trading accounts so that investors do face any losses due to any cyber incident," Shah said.
According to him, the committee may present a draft guidelines to Sebi by the end of December but it will take at least a year to implement the final rules.
"The committee is working on a solution that will be affordable to small brokers too, otherwise the whole purpose of the framework will be defeated," he added.
In June, Sebi asked stock brokers to report all cyber attacks, threats and breaches experienced by them within six hours of detecting such incidents. They have to report such incidents within the specified time to the exchanges, depositories and the regulator.
Cyber resilience is an organisation's ability to prepare and respond to such attacks and to continue operations as well as recover from cyberattacks.