SEBI has recently released a detailed cybersecurity framework for KYC registration agencies, while requiring them to define responsibilities of employees, including outsourced staff, who have privileged access to networks.
In addition, SEBI said that no person should have any intrinsic right to access confidential data by virtue of their rank or position. KYC registration agencies or KRAs would be required to define the responsibilities of its employees, including outsourced staff, who have privileged access to the networks, SEBI said in a circular.
SEBI had stated that rapid technological developments in securities market have highlighted the need for maintaining robust cyber security and cyber resilience framework to protect the integrity of data and guard against breaches of privacy.
“Since KRAs perform an important function of maintaining KYC records of the clients in the securities market, it is desirable that KRAs have robust Cyber Security and Cyber Resilience framework in order to provide essential facilities and perform systemically critical functions relating to securities market,” SEBI noted.
Sebi has also asked KRAs to formulate a comprehensive cybersecurity and cyber resilience policy document encompassing the framework.
