SEBI's Cybersecurity and Cyber Resilience Framework (CSCRF)
Banks have approached the government for an extension to the deadline for implementing the Securities and Exchange Board of India’s Cybersecurity and Cyber Resilience Framework (CSCRF).
- The implementation of CSCRF is crucial for strengthening cybersecurity measures across financial market intermediaries, but challenges such as data localisation need to be addressed to meet compliance.
Purpose and Components of CSCRF
- CSCRF is designed to bolster cybersecurity for market participants, including:
- Stockbrokers
- Depositories
- Asset management companies
- Mutual funds
- Other intermediaries
- The framework mandates robust data protection and security protocols in areas such as:
- IT services
- Software-as-a-Service (SaaS) solutions
- Hosted services
- Data classification
- Audit for software solutions, applications, and products
Challenges in Implementation
- Banks require a gap analysis study to identify necessary measures.
- Data localisation is a significant constraint, especially for foreign banks, which has been temporarily paused.
- Foreign banks have raised concerns with both the Reserve Bank of India (RBI) and SEBI for more practical solutions.