With the rise in cybercrime, the demand for cybersecurity issues is getting higher with every passing day. The worst part is that it has affected the financial sector significantly especially for the regulated entities as well.
On 14th January, 2024, SEBI or Securities and Exchange Board of India came out with an important clarification with regards to Cybersecurity and Cyber Resilience Framework (CSCRF) that was brought into context in August 2024.
Here we are going to discuss about all about the made clarifications and what their implications are to assist you move ahead with complete clarity. Read on.
What is the Cybersecurity and Cyber Resilience Framework?
It is basically a regulatory framework that has been designed to help SEBI-regulated entities maintains a decent cybersecurity hold. In fact, it is this framework that allows the respective entities to keep on working on different cyber resilience measures so that they remain a step ahead from all kinds of cyber threats in every which way.
This is why this clarification was essential as it assures that all the safety with so many cyber incidents taking place around the world in terms of financial institutions. If you are thinking what are the primary objectives of CSCRF, then in the section below we have it all answered. Read on.
CSCRF: Key Objectives For You To Consider
Below are the essential objectives that CSCRF covers, take a look:
- One of the primary objectives that CSCRF covers is that boosts cyber resilience. The primary objective of the respective act is to enhance the ability of the regulated entities to withstand all kinds of cyber incidents.
- Another major objective of the respective move is that it allows the entities to match compliance standards. It helps the framework to have clear compliance that needs to be ticked for complete cyber-safety.
- Lastly, it is going to push for regular improvement that inspires all the entities to constantly improve and work on their cybersecurity tactics to be one step ahead of the threats.
So, these are the objectives covered by CSCRF as initiated by SEBI to ensure that all the entities are safe and follow the set standard protocols to keep things safe and secure.
What Was The Recent Clarifications by SEBI
SEBI provided several important clarifications regarding the implementation of the CSCRF and we have specified all of it below in detail. Check it out:
- Regulatory Forbearance Until March 31, 2025: They announced that the respective implementation is going to offer regulatory forbearance until March 31, 2025. So, the regulated entities will not face any kind of penalties for non-compliance with the respective framework during this period of time. But, for this, they need to highlight the progress in overall implementation of the same.
- Extended Compliance Deadlines: As per the response received from the stakeholders, SEBI has increased the deadline to match the compliance for specific categories of regulated entities like KYC Registration Agencies and Depository Participants. For them the deadline has been extended to April 1, 2025.
- Data Localization Guidelines on Hold: Lastly, they have also specified that the guidelines related to data localization has been kept on hold at the moment. As these aspects are important in terms of maintaining the data security standards, they are working on the same and will be notified as and when all of it is prepared to perfection.
Implications for Regulated Entities
Below are the essential clarifications provided by SEBI that leads to complete implications for regulated entities:
- Opportunity for Compliance Improvement: The regulatory forbearance period allows organizations to focus on enhancing their cybersecurity measures without the immediate threat of penalties. This opportunity can be used to conduct thorough assessments of existing systems and implement necessary improvements.
- Need for Stakeholder Engagement: The decision to extend deadlines and hold off on data localization guidelines highlights SEBI’s commitment to engaging with stakeholders. Regulated entities should take this opportunity to voice their concerns and provide feedback on compliance requirements.
- Focus on Cyber Resilience: The emphasis on cyber resilience means that organizations must prioritize not just compliance but also their overall ability to respond effectively to cyber incidents. This includes investing in training, technology, and processes that enhance their cybersecurity posture.
Best Practices for Compliance
To help regulated entities navigate these changes effectively, here are some best practices:
- Conduct Regular Assessments
- Implement Robust Training Programs
- Invest in Technology Solutions
- Develop Incident Response Plans
- Engage with Regulators
Final Take: A Step Toward Stronger Cybersecurity
Hopefully you have got complete understanding of SEBI’s recent clarifications on the Cybersecurity and Cyber Resilience Framework. It represents a significant move when it comes to enhancing the cybersecurity measures for the regulated entities in India. Not only this, SEBI has understood the issues faced by the stakeholders in implementing the same and thereby has increased the compliance deadlines as well. to prioritize cyber resilience.
We all know how all the sectors are rapidly moving towards digital future; it has become a necessity for all the regulated entities to comply with these regulations and also follow a proactive approach toward cybersecurity. If they are able to implement the specified practices and regularly engage with regulators, organizations can certainly remain safe to all kinds of cyber threats.
