Sebi, the capital markets regulator, has extended the CSCRF deadline by three months. Regulated entities, including depositories, credit rating agencies, and AIFs, now have until June 30 to comply. Sebi made this decision after market participants requested more time to align with its security standards.
Sebi’s Reason for the Extension
The extension aims to support regulated entities in meeting the required cybersecurity measures. Sebi emphasized that this move was in the interest of investor protection and maintaining the integrity of the market. “Cybersecurity and cyber resilience are key to safeguarding the financial markets, and Sebi expects regulated entities to take necessary steps to comply within the revised timeline,” the regulator stated. Cyber threats are becoming more sophisticated. Ensuring financial institutions implement strong cybersecurity measures is crucial for safeguarding the industry and investors.
Exemptions for Certain Entities
However, not all entities are granted this extended timeline. Market infrastructure institutions (MIIs), KYC registration agencies (KRAs), and qualified registrars must meet the March 30, 2025 deadline. Therefore, these entities must implement their cybersecurity frameworks promptly, as their operations play a crucial role in the financial ecosystem.
Sebi’s Cybersecurity Framework and its Role
Sebi first introduced the CSCRF in August 2024 as part of its broader strategy to protect the financial sector from cyber threats. Consequently, the framework requires regulated entities to implement strict guidelines for data protection, incident response, and IT infrastructure security. It also mandates the establishment of strong cybersecurity governance structures, including regular audits and thorough risk assessments.
In December 2024, Sebi provided further clarifications on the framework after stakeholders raised concerns about the feasibility of meeting the original compliance deadlines. These clarifications aimed to address challenges faced by entities in understanding the framework’s implementation requirements.
Importance of Cybersecurity for Financial Markets
Sebi has consistently underscored the importance of cybersecurity in maintaining the stability of financial markets. Furthermore, in its most recent communication, Sebi emphasized that cybersecurity and resilience are fundamental to protecting investors and ensuring the smooth functioning of the financial markets. “Cybersecurity and cyber resilience are key to safeguarding the financial markets, and Sebi expects regulated entities to take necessary steps to comply within the revised timeline,” Sebi said.
Ensuring Compliance with the Extended Deadline
To ensure widespread awareness, Sebi has directed stock exchanges and depositories to notify their members about the new compliance deadline. The regulator has also called on all regulated entities to make the necessary arrangements to adhere to the extended deadline and report their compliance accordingly. Furthermore, Sebi expects these entities to take appropriate steps to meet the updated requirements.
The Framework’s Key Requirements
The CSCRF framework outlines strict guidelines for data protection, incident response protocols, and maintaining robust IT infrastructure security. Entities will need to conduct regular security audits and implement governance mechanisms that address cybersecurity risks. Furthermore, they must ensure that they are fully prepared to handle any potential data breaches or cyber-attacks, thereby minimizing the risks to investors and the financial market as a whole.
Source: The Economic Times
