In order to protect the interests of investors in securities and to promote the development of, and to regulate the securities market, Securities and Exchange Board of India (SEBI) vide Circular No. SEBI/HO/IMD/IMD-I/DOF2/P/CIR/2022/81 dated 09th June, 2022 has issued notification related to Modification in Cyber Security and Cyber Resilience Framework of Mutual Funds/ Asset Management Companies (AMCs) in exercise of the powers conferred under Section 11 (1) of the Securities and Exchange Board of India Act 1992, read with the provision of Regulation 77 of SEBI (Mutual Funds) Regulation, 1996.

Applicability: The provisions of the Circular shall come into force with immediate effect i.e. 15th day of July, 2022.

Key Highlights:

  1. Mutual Funds/ Asset Management Companies (AMCs) mandated them to conduct a comprehensive cyber audit at least twice in a financial year.
  2. AMCs have been asked to submit to stock exchanges and depositories a declaration from the managing director (MD) and chief executive officer (CEO), certifying compliance by them with all Sebi guidelines and advisories related to cyber security issued from time to time.
  3. Mutual Funds/ AMCs shall identify and classify critical assets based on their sensitivity and criticality for business operations, services and data management. The critical assets shall include business critical systems, internet facing applications/ systems, systems that contain sensitive data, sensitive personal data, sensitive financial data, Personally Identifiable Information (PII) data, etc.
  4. Mutual Funds/ AMCs shall maintain up-to-date inventory of its hardware and systems, software and information assets (internal and external), details of its network resources, connections to its network and data flows.”
  5. All auxiliary systems that connect to or communicate with critical systems, whether for operations or maintenance, must be designated as critical systems as well.
  6. Mutual Funds/ AMCs shall perform vulnerability scanning and conduct penetration testing prior to the commissioning of a new system which is a critical system or part of an existing critical system.
  7. Mutual Funds/ AMCs are required to take necessary steps to put in place systems for implementation of the circular, including modification of internal policies, if any.
  8. Previous Circular:

SEBI vide Circular No. SEBI/HO/IMD/DF2/CIR/P/2019/12 dated January 10, 2019 (hereafter referred as “the circular”) prescribed framework for Cyber Security and Cyber Resilience for Mutual Funds / Asset Management Companies (AMCs).

Source: Click Here

Disclaimer:  Every effort has been made to avoid errors or omissions in this material. In spite of this, errors may creep in. Any mistake, error or discrepancy noted may be brought to our notice which shall be taken care of in the next edition. In no event the author shall be liable for any direct, indirect, special or incidental damage resulting from or arising out of or in connection with the use of this information.


He has contributed in ICAI, ICSI and MCCI and other various Newsletters. He is also a speaker at various platforms including seminars / webinars.