{"id":23088,"date":"2024-09-30T10:32:38","date_gmt":"2024-09-30T05:02:38","guid":{"rendered":"https:\/\/ivaluegroup.com\/en-in\/?p=23088"},"modified":"2025-04-25T13:11:39","modified_gmt":"2025-04-25T07:41:39","slug":"securing-customer-communications-portfolio-data-sebi-compliance","status":"publish","type":"post","link":"https:\/\/ivaluegroup.com\/en-in\/resources\/blogs\/securing-customer-communications-portfolio-data-sebi-compliance\/","title":{"rendered":"Securing Customer Communications & Portfolio Data: Achieving SEBI Compliance for Portfolio Managers & Investment Advisors"},"content":{"rendered":"

The Need for SEBI Compliance in Securing Customer Data and Communications<\/h2>\n

India\u2019s growth story is reflected in the emergence of its financial markets. The total market capitalization of India\u2019s stock market exceeded $5 trillion<\/a> recently, and a key reason for this is the democratization of access to these markets. In FY24, non-institutional investors accounted for more than half of the stock market\u2019s cash volumes<\/a>, and two key players integral in facilitating that are <\/span>portfolio managers <\/b>and <\/span>investment advisors.<\/b><\/p>\n

Not only are they flag bearers of this emerging industry, they are also custodians of extremely sensitive customer data. Both deal with developing and implementing investment strategies based on clients\u2019 particular financial goals and risk tolerance, which requires the use of state-of-the-art <\/span>software that is also secure<\/b>. They also have to constantly allocate assets by moving them around, and that requires <\/span>secure communications<\/b>. In a world where Indian companies face the second highest number of weekly attacks per organization at 3,201<\/a> attacks per week – the worldwide average is 1,636 – it is imperative for organizations like yours to protect your sensitive data. Failure to do that can lead to erosion of customer confidence, and that could significantly affect your bottom line.\u00a0<\/span><\/p>\n

Understanding SEBI\u2019s Cybersecurity and Cyber Resilience Framework (CSCRF)<\/h3>\n

To aid you in improving your organizational cybersecurity posture, SEBI recently released the <\/span>Cybersecurity and Cyber Resilience Framework (CSCRF)<\/b> on August 20, 2024. The framework has certain mandates for all its <\/span>Regulated Entities (REs)<\/b>, including portfolio managers and investment advisors. This blog will focus on the guidelines mandated by CSCRF when it comes to <\/span>securing your software<\/b> and <\/span>securing your communications<\/b>.<\/span><\/p>\n

Let\u2019s start by mentioning that not all REs will have the same guidelines. The requirements specific to your organization depend on which one of these five REs you fall under, in descending order of requirements: <\/span>Market Infrastructure Institutions (MIIs), Qualified REs, Mid-size REs, Small-size REs<\/b> and<\/span> Self-certification REs<\/b>.\u00a0<\/span><\/p>\n

For <\/span>investment advisors<\/b>, individual IAs are exempt from CSCRF requirements, while non-individual IAs are categorized as <\/span>small-size REs.<\/b><\/p>\n

For <\/span>portfolio managers<\/b>, the criteria for categorization is the value of <\/span>Assets Under Management (AUM):<\/b><\/p>\n\n\n\n\n
Self-certification REs<\/b><\/td>\nSmall-size REs<\/b><\/td>\nMid-size REs<\/b><\/td>\n<\/tr>\n
Less than \u20b91000 cr.<\/span><\/td>\n\u20b91000 cr. and above, but less than \u20b93000 cr.<\/span><\/td>\n\u20b93000 cr. and above<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n

Now that you\u2019ve figured out which RE classification your organization comes under, let\u2019s start with the mandates for\u2026<\/span><\/p>\n

How Portfolio Managers & Advisors Can Secure Their Software<\/h3>\n

A key factor towards achieving this goal is the CSCRF mandate of <\/span>Secure Software Development Life Cycle (SSDLC)<\/b>, which is all about integrating security testing at every stage of software development, from design to development to deployment and beyond.\u00a0<\/span><\/p>\n

Here are the SSDLC requirements mandated for <\/span>all REs<\/b>:<\/span><\/p>\n