You are here: Home » Markets » News
Business Standard

Sebi eases norms around cyber security ops for small market intermediaries

The decision has been taken after discussions with market participants

Press Trust of India  |  New Delhi 

Sebi. (Photo: Kamlesh Pednekar)
Sebi. (Photo: Kamlesh Pednekar)

Market regulator on Friday relaxed guidelines pertaining to setting up operations centre for small market intermediaries as they lack knowledge in

The decision has been taken after discussions with market participants, the (Sebi) said in a circular.

During the meeting it was noted that compliance with guidelines may be onerous for smaller intermediaries because of lack of knowledge about cyber security and also the cost factor involved in setting up own security operations centre.

Under the new framework, said, small intermediaries can utilise services of market (SOC), which is proposed to be set up by market infrastructure institutions (MIIs) with the objective to provide cyber security solutions to such intermediaries. "The intermediaries' membership in market SOC is non-mandatory," it added.

Such a centre will be set up as a separate entity and MIIs will have at least 51 per cent stake in the new entity. Intermediaries, which do not have the capability to set up such centre on their own, can opt for market SOC. Market SOC would provide only technology perspective for cyber security guidelines, but people and process perspectives of cyber security would still have to be managed by intermediaries.

Market SOC needs to ensure that intermediaries participating in SOC adhere to minimum IT guidelines and security protocols. MII will carry out the audit of their market SOC activity annually and submit report to the regulator.

MIIs have been directed to put in place appropriate systems for implementation of guidelines within six months.

Last week, had asked MIIs — clearing corporations, depositories and exchanges — to set up a round-the-clock cyber security operation centre manned by dedicated security analysts to identify, respond, recover and thwart cyber attacks.

First Published: Sat, December 15 2018. 02:36 IST