Sebi Unveils Cybersecurity Categories for Financial Entities
Sebi has categorized qualified registered entities under the Cybersecurity and Cyber Resilience Framework (CSCRF) into four groups based on size and risk level. This initiative aims to improve cybersecurity in financial market entities and outlines specific obligations for each category, with changes effective by mid-2025.
- Country:
- India
The Securities and Exchange Board of India (Sebi) has announced a significant update to its Cybersecurity and Cyber Resilience Framework (CSCRF) by grouping qualified registered entities into four categories. These classifications are based on the size and risk level of the entities, ranging from those with the highest risk to those with the least.
This amendment comes after Sebi introduced the CSCRF in August 2024, intending to fortify cybersecurity across financial market entities. Since the framework's introduction, there have been numerous requests for clarification and extensions, which prompted this new circular providing additional details on categorization and implementation deadlines.
Key financial market players such as stock brokers, investment advisers, and portfolio managers are now categorized by specific criteria like the number of registered clients, trading volumes, or assets under management. The Sebi directive outlines compliance expectations and sets a deadline of June 30, 2025, for the necessary framework implementations.
(With inputs from agencies.)
ALSO READ
U.S. Intensifies Sanctions on Iran, Targeting Key Entities
Demand for NCW Autonomy: Sushmita Dev Criticizes Current Framework
U.S.-China Trade Truce: Framework Reached Amid Rare Earth Contest
US-China Trade Framework in the Making: A Step Toward Resolution
U.S.-China Trade Truce Framework: Rare Earths & Tariff Turmoil
Google News