The new norms would be effective from April 1, 2019, Securities and Exchange Board of India (Sebi) said in a circular.
“Quarterly reports containing information on cyber-attacks and threats experienced by mutual Funds/AMCs and measures taken to mitigate vulnerabilities, threats and attacks including information on bugs/vulnerabilities/threats that may be useful for other AMCs/MFs should be submitted to Sebi in a soft copy,” the circular added.
The move comes after Sebi observed that rapid technological developments in securities market have highlighted the need of a robust cybersecurity and cyber resilience framework to protect the integrity of data and guard against breaches of privacy.
According to the circular, the entities need to formulate a cybersecurity and cyber resilience policy document adhering to the required framework and document needs to be approved by the board of AMC and trustees.
However, in case of deviations from the suggested framework, reasons for such deviations would have to be laid down in the policy document.
Besides, policy document is mandated to be reviewed by the board at least once annually with a view to strengthen and improve the cyber security framework.
Moreover, the watchdog has said no person should have any intrinsic right to access confidential data by virtue of their rank or position.
The recommendations are in line with that of Sebi’s high-powered steering committee on cybersecurity.