{"id":23085,"date":"2024-09-30T10:27:59","date_gmt":"2024-09-30T04:57:59","guid":{"rendered":"https:\/\/ivaluegroup.com\/en-in\/?p=23085"},"modified":"2025-04-25T13:11:40","modified_gmt":"2025-04-25T07:41:40","slug":"cybersecurity-for-stock-brokers-custodians-sebi-cscrf","status":"publish","type":"post","link":"https:\/\/ivaluegroup.com\/en-in\/resources\/blogs\/cybersecurity-for-stock-brokers-custodians-sebi-cscrf\/","title":{"rendered":"Cybersecurity for Stock Brokers & Custodians: Meeting SEBI’s CSCRF Mandates"},"content":{"rendered":"

Cybersecurity Challenges in India\u2019s Financial Market<\/h2>\n

 <\/p>\n

Since the beginning of this decade, India has undergone further rapid strides in retail investing. There were over 40 million active demat accounts in 2020, which has ballooned to over 150 million now. In the same year, it was also reported that 1 in 5 Indian households channel their savings into the financial market. This increased participation entails that people are having more confidence in our markets.<\/span><\/p>\n

The role of <\/span>stock brokers, custodians<\/b> and <\/span>depository participants<\/b> in these markets is crucial to maintaining this confidence. <\/span>Stock brokers<\/b> facilitate the buying & selling of securities, <\/span>custodians<\/b> manage the securities of institutional investors and <\/span>depository participants<\/b> serve as intermediaries between investors and depositories, facilitating electronic storage & transfer of securities. They all have to facilitate millions of transactions daily, with the responsibility of keeping sensitive investor data safe. Negligence in carrying out this responsibility, even for a single transaction, could be highly detrimental in the face of increasing cyberattack attempts aimed at the sector. According to the 2023 Kaspersky Cybersecurity Report, India experienced a 25% increase in malware attacks on financial institutions last year.<\/span><\/p>\n

SEBI\u2019s Cybersecurity & Cyber Resilience Framework (CSCRF) Overview<\/h2>\n

Therefore, <\/span>continuous monitoring<\/b> for threats, combined with <\/span>consistent improvement of security posture<\/b> becomes crucial in upholding investor confidence and maintaining the sector\u2019s upward trajectory. To that end, SEBI recently released the <\/span>Cybersecurity & Cyber Resilience Framework (CSCRF)<\/b> on August 20, 2024, which has several mandates for regulated entities (REs) including stock brokers, custodians and depository participants.\u00a0<\/span><\/p>\n

A major component of CSCRF, which helps in both continuous monitoring and strengthening your organization\u2019s security posture, is the requirement of a 24x7x365 <\/span>Security Operations Centre (SOC)<\/b><\/a> to monitor, prevent, predict, detect, investigate and respond to cyber threats. This blog talks about the various SOC requirements you have to undertake as part of the framework, including incorporation of advanced audits like vulnerability assessment & penetration testing (VAPT).<\/span><\/p>\n

It is important to note here that you will have specific CSCRF requirements based on what RE classification your organization falls under. There are 5 categories in the framework, shown in decreasing order of requirements: Market Infrastructure Institutions (MIIs), qualified REs, mid-size REs, small-size REs and self-certification REs.\u00a0<\/span><\/p>\n

Stock Brokers: CSCRF SOC Requirements Based on Active Client<\/strong><\/p>\n

For <\/span>stock brokers<\/b>, the classification is based on the <\/span>number of active clients<\/b> you have:\u00a0<\/span><\/p>\n

(Note: As per CSCRF guidelines, client-based stock brokers having less than 100 clients do not require a SOC.)<\/span><\/p>\n\n\n\n\n
Self-Certification REs<\/b><\/td>\nSmall-size REs\u00a0<\/b><\/td>\nMid-size REs<\/b><\/td>\nQualified REs<\/b><\/td>\n<\/tr>\n
Less than or equal to 10,000 active clients without providence of IBTs or algo trading facility<\/span><\/td>\nLess than or equal to 10,000 active clients if providing IBTs\/algo trading, <\/span>if not,<\/span><\/i> they should have active clients between 10,000 and 50,000<\/span><\/td>\nBetween 50,000 to 5 lac active clients<\/span><\/td>\nOver 5 lac active clients<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Custodians: Meeting CSCRF Mandates Based on AUC<\/h2>\n

For <\/span>custodians<\/b>, the distinction is made keeping <\/span>assets under custody (AUC)<\/b> as the consideration:<\/span><\/p>\n\n\n\n\n
Small-size REs<\/b><\/td>\nMid-size REs<\/b><\/td>\nQualified REs<\/b><\/td>\n<\/tr>\n
Less than 1 lakh crores<\/span><\/td>\nBetween 1 lakh cr. and 10 lakh cr.<\/span><\/td>\nOver 10 lakh cr.<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n

Finally, for <\/span>depository participants, <\/b>it is dependent on type:<\/span><\/p>\n\n\n\n\n
Mid-size REs<\/b><\/td>\nQualified REs<\/b><\/td>\n<\/tr>\n
Non-institutional depository participants<\/span><\/td>\nInstitutional depository participants<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

SOC Options Under CSCRF: Choosing the Right Fit<\/h2>\n

Being cognizant of the fact that setting up an in-house SOC could lead to great difficulties for smaller REs, CSCRF provides three SOC options: your <\/span>own\/group SOC<\/b>, a <\/span>market SOC <\/b>(implemented mandatorily by NSE & BSE and optionally by NSDL & CDSL) and a <\/span>third-party managed SOC<\/b>, like the <\/span>state-of-the-art solution we at iValue possess<\/span>. It is important to note here that small-size and self-certification REs are <\/span>mandated <\/b>to be on-boarded to the aforementioned Market SOC. It is also noteworthy that Qualified REs must measure the functional efficacy of their SOC every 6 months, while all other REs having managed SOC must do it on a yearly basis. (Should you opt for our SOC solution, we will make this process extremely streamlined for your organization.)<\/span><\/p>\n

The scope of your SOC with regards to your IT infrastructure shall cover but not be limited to: networks, endpoints, activities of third parties, physical environments, malicious code and monitoring of unauthorized personnel, devices, connections and software. Here are the key SOC functions as mandated by the framework:<\/span><\/p>\n