In accordance with SEBI circular no. SEBI/HO/MIRSD/CIR/PB/2018/147 dated December 03, 2018, SEBI/HO/MIRSD/DOP/CIR/P/2019/109 dated October 15, 2019 and Exchange circular no. 20191022-27 dated October 22, 2019,circular no 20220712-1 dated July 12, 2022, circular no 20220919-2 dated September 19, 2022, in relation to Cyber Security & Cyber Resilience framework for Stock Brokers / Depository Participants, Stock Brokers who have used Algorithmic Trading facility (Type III brokers) to trade for the half year ended September 30, 2022, are required to conduct Cyber Security and Cyber Resilience Audit for the period April 01, 2022 to September 30, 2022 and submit the report to the Exchange as per the following timelines:.
|
Sr No.
|
Particulars
|
Due Date for submission to the Exchange
|
|
1.
|
Preliminary Audit report
|
November 30, 2022
|
|
2.
|
Corrective Action Report
|
February 28, 2023
|
|
3.
|
Follow on Report
|
May 31, 2023
|
Stock Brokers may note that the above-mentioned reports are required to be submitted only in electronic form through BEFS (BSE Electronic Filing System) – https://befs.bseindia.com
Please be informed that a separate notice shall be issued shortly regarding availability of BEFS for submission of Cyber Security and Cyber Resilience Audit Report for the period ended September 30, 2022.
Stock brokers are requested to refer to the following guideline documents while submitting the Cyber Security and Cyber Resilience Audit Report.
Ø Auditor Selection Norms – Annexure I
Ø Audit Process – Annexure II
Ø Auditor User Manual– Annexure III
Ø Member User Manual – Annexure IV
Ø Terms of Reference (ToR)
The following penalty/disciplinary actions would be initiated against the Member for late/non- submission of System Audit Report as mentioned in table 1 below
|
Table 1: Late-Submission and Related Actions
|
|
Particulars
|
Action
|
|
Submission within 1 month from the end of due date of submission.
|
Penalty of Rs. 200/- per day
|
|
Submission after 1 month but within 3 months from the end of the due date for submission.
|
Penalty of Rs. 500/- per day
|
|
Non-Submission within 3 months from the end of due date for submission.
|
Disablement of trading facility across segments after giving 2 weeks’ notice.
Disablement notice issued to the member shall be shared with all the Exchanges for information.
Member will be enabled only after submission of Cyber Security and Cyber Resilience audit report.
|
It may be noted that submission of Cyber Security and Cyber Resilience Audit Report shall be considered complete only after Member submits the report to the Exchange and receives an acknowledgment email. Saved reports/reports submitted by auditor will not be considered as final submission to Exchange.
Stock Brokers are requested to take note of the above and ensure compliance.
In case of any queries/clarifications, you may contact at the following numbers in table 2.
|
Table 2: Submission Related Contacts
|
|
Purpose
|
Contact Nos.
|
Email ID
|
|
CSAR XBRL related issues
|
1800233 0445
|
bse.auditreport@bseindia.com
|
|
Technical queries
|
30594000
|
bsehelp@bseindia.com
|
|
CSAR PROCESS related
|
22728888/ 5785
|
msc@bseindia.com
|
For and on behalf of BSE Ltd.
Devendra Kulkarni Shivkumar Pandey
Additional General Manager CISO |