March 29, 2016
The Managing Directors
All National Commodity Derivatives Exchanges
Subject: Cyber Security and Cyber Resilience framework of National Commodity Derivatives Exchanges
1. Pursuant to Section 131 of the Finance Act, 2015 and Central Government notification F.No. 1/9/SM/2015 dated August 28, 2015, all recognized associations under the Forward Contracts (Regulation) Act, 1952 are deemed to be recognized stock exchanges under the Securities Contracts (Regulation) Act, 1956 with effect from September 28, 2015. This circular applies to National Commodity Derivatives Exchanges (Exchanges) as defined in the Securities Contracts (Regulation) (Stock Exchanges and Clearing Corporations) (Amendment) Regulations, 2015.
2. Exchanges are one of the systemically important Market Infrastructure Institutions (MII) and for operational risk management, these MIIs,as per Principle 17 for Financial Market Infrastructures (PFMIs) laid down by CPMIIOSCO,need to have robust cyber security framework in order to provide essential facilities and perform systemically critical functions relating to trading, clearing and settlement in market operation environment seamlessly.
3. In this regard, based on the recommendations of Technical Advisory Committee (TAC), SEBI had specified framework for MIIs in the securities market with respect to cyber security and cyber resilience,SEBIvide circularCIR/MRD/DP/13/2015 dated July 06, 2015. (copy enclosed)
4. It has been decided to make provisions of the aforesaid circular applicable to MIIs in the commodity derivatives market.The major provisions/framework of cyber security and cyber resilience covered are as under:
d) Monitoring and Detection
e) Responses and Recovery
f) Sharing of Information
g) Training h) Periodic Audit
5. The circular shall be applicable for Exchanges with effect from January 01, 2017.
6. The Exchanges are advised to:-
Make necessary amendments to relevant bye-laws/rules for the implementation of this circular
Communicate SEBI, the status of implementation of the provisions of this circular
7. The circular is issued in exercise of the powers conferred under section 11(1) of the Securities and Exchange Board of India Act, 1992, to protect the interests of investors in securities and to promote the development of, and to regulate the securities market.
8. The circular is available on SEBI website at i.e. www.sebi.gov.in.
B J DILIP
Division of Inspection and Complaints against Exchanges
Commodity Derivatives Market Regulation Department