Modification in Cyber Security and Cyber Resilience Framework of Mutual Funds/ Asset Management Companies (AMCs)

June 9, 2022

To,
All Mutual Funds/
All Asset Management Companies (AMCs)/
All Trustee Companies/ Boards of Trustees of Mutual Funds/
Association of Mutual Funds in India (AMFI)

1. SEBI vide Circular No.SEBI/HO/IMD/DF2/CIR/P/2019/12 dated January 10, 2019 (hereafter referred as “the circular”) prescribed framework for Cyber Security and Cyber Resilience for Mutual Funds / Asset Management Companies (AMCs).

1. 2. In partial modification to Annexure 1 of SEBI circular dated January 10, 2019 :
2. 1. i. To have uniformity for identifying and classifying critical assets, across the industry, paragraph 11 on section “Identify” of the circular shall be read as under :
   3. “11. Mutual Funds/ AMCs shall identify and classify critical assets based on their sensitivity and criticality for business operations, services and data management. The critical assets shall include business critical systems, internet facing applications/ systems, systems that contain sensitive data, sensitive personal data, sensitive financial data, Personally Identifiable Information (PII) data, etc. All the ancillary systems used for accessing / communicating with critical systems either for operations or maintenance shall also be classified as critical assets. The Board of the AMCs and Trustees shall approve the list of critical assets.
   5. To this end, Mutual Funds/ AMCs shall maintain up-to-date inventory of its hardware and systems, software and information assets (internal and external), details of its network resources, connections to its network and data flows.

To Read More….
Click the link below….

Circular : https://www.dropbox.com/s/rh0vvtu4eovf7lw/Circular%20on%20Modification%20in%20Cyber%20Security%20and%20Cyber%20Resilience%20Framework%20of%20Mutual%20Funds%20Asset%20Management%20Companies%20%28AMCs%29.pdf?dl=0