India - Modification In Cyber Security And Cyber Resilience Framework Of Mutual Funds/ Asset Management Companies (AMCs).

SEBI vide Circular No. SEBI/HO/IMD/DF2/CIR/P/2019/12 dated January 10. 2019 (SEBI Circular) prescribed the framework for Cyber Security and Cyber Resilience Framework of Mutual Funds/ Asset Management Companies (AMCs). In partial modification to Annexure 1 of the SEBI circular : to have uniformity for identifying and classifying critical assets, across the industry, Paragraph 11 on Section “identify” of the circular was amended as under : “11. Mutual Funds/ AMCs shall identify and classify critical assets based on their sensitivity and criticality for business operations, services and data management. The critical assets shall include business critical systems, internet facing applications/ systems, systems that contain sensitive data, sensitive personal data, sensitive financial data, Personally Identifiable Information (PII) data, etc.

All the ancillary systems used for accessing/ communicating with critical systems either for operations or maintenance shall also be classified as critical assets. The Board of the AMCs and Trustees shall approve the list of critical assets. To this end, Mutual Funds/ AMCs shall maintain up-to-date inventory of its hardware and systems, software and information assets (internal and external), details of its network resources, connections to its network and data flows.” Furthermore, based on the recommendation of IT-Projects Advisory Committee (IT-PAC) of SEBI and also to adopt the “audit the auditor approach” for conducting the Vulnerability Assessment and Penetration Testing (VAPT) of the intermediaries, Paragraphs 40, 41 & 42 of the SEBI Circular are also amended. Further, the Mutual Funds/ AMCs are mandated to conduct comprehensive cyber audit at least 2 times in a financial year. Along with the cyber audit reports, henceforth, all Mutual Funds/ AMCs are directed to submit a declaration from the Managing Director (MD)/ Chief Executive Officer (CEO) certifying compliance by the Mutual Funds/ AMCs with all SEBI Circulars and advisories related to cyber security from time to time.

Mutual Funds/ AMCs are required to take necessary steps to put in place systems for implementation of the circular, including modification of internal policies, if any. The provisions of this Circular shall come into force with effect from July 15, 2022.

Click here to read more

For further information, please contact:

Vineet Aneja, Partner, Clasis Law

vineet.aneja@clasislaw.com

India – Modification In Cyber Security And Cyber Resilience Framework Of Mutual Funds/ Asset Management Companies (AMCs).

Employer Sponsorship And Work Permits In Indonesia.

- Stephen Igor Warokka - SSEK,

Labor And Employment Law Updates From Indonesia And The World.

Gross Split Production Sharing Contracts: Commercial Insights From Indonesia’s MEMR Regulation No. 13 Of 2024.

- Fitriana Mahiddin - SSEK, SSEK

UK – Shifts Workers – A New Right To Reasonable Notice.

Hong Kong – Keepwell Deeds: A Workable Solution To PRC’s Foreign Exchange Control?

The Catch And Kill Of Non-Disclosure Agreements? New UK Guidance.

EU – Tightening The European Union’s Powers To Review Foreign Direct Investments.

Malaysia – General Average And Salvage.

- Philip Teoh - Azmi & Associates, Azmi & Associates

Role Of Technology In Legal Service Delivery.

Process Optimisation In Legal Teams: Improving Workflow Efficiency.

CONVENTUS LAW

OTHERS

India – Modification In Cyber Security And Cyber Resilience Framework Of Mutual Funds/ Asset Management Companies (AMCs).

Register for your monthly Asia legal updates from Conventus Law

- Manisha Singh - Lex Orbis,

- Manisha Singh - Lex Orbis,

- Manisha Singh - Lex Orbis,

Footer

CONVENTUS LAW

OTHERS