To All Members,

This is with reference to SEBI Circular: SEBI/HO/MIRSD/TPD/P/CIR/2022/80 dated June 07, 2022, Exchange Notice:  20220610-1 Dated 10 June 2022

and Exchange Notice: 20220919-2 Notice Date: 19 Sep 2022 regarding “Modification in Cyber Security and Cyber resilience framework for Stockbrokers / Depository Participants.”

Trading Members are required to conduct and complete the VAPT during the period September to November for FY 2023-24 and the final report shall be submitted  through member

portal to the Stock Exchanges within one month from the date of completion of VAPT after approval from Technology Committee of respective Stockbrokers.  

The detailed VAPT report along with summary of report (as per format specified in Annexure A) as a single document shall be digitally signed by CERT-In empaneled entity to be submitted to Exchange by December 31, 2023.

The guidelines for submission of VAPT Report and Action Taken Report (ATR)  shall be published separately in the month of October 2023. 

Further, as per para 44 of SEBI Circular No. SEBI/HO/MIRSD/CIR/PB/2018/147 dated December 03, 2018, amended vide SEBI Circular No.  SEBI/HO/MIRSD/TPD/P/CIR/2022/80 dated June 07, 2022, requires that any gaps / vulnerabilities detected shall be remedied on immediate basis and compliance of closure of findings identified during VAPT shall be submitted to the Stock Exchanges within 3 months post the submission of final VAPT report.

Accordingly, members are required to submit VAPT Compliance Report / Action Taken Report (ATR) for FY 2023-24,

as per format specified in Annexure B by 31st March 2024, on BSE E-filing System (BEFS portal).

In view of the above, Stockbrokers / Trading Members / Qualified Stockbrokers are advised as under:

a) Strict Adherence with the reporting timelines for submission of VAPT report and Compliance report/Action Taken Report (ATR) to the Exchange.

b) Ensure that all open gaps / vulnerabilities are closed within prescribed timelines and are accordingly confirmed in the Compliance report.

In order to ensure strict adherence to the regulatory requirements by Members with the prescribed framework applicable for VAPT / Compliance Report submission and timely

closure of vulnerabilities, penalties/disciplinary actions have been prescribed vide BSE Notice no. 20230831-17 dated August 31, 2023, which shall be applicable for submissions

of FY 2023-24 (Including Half yearly for Qualified StockBrokers “QSB’s”) and onwards.

The details of penalties/disciplinary action are provided in Annexure-C.

All Members are advised to take note of the above and put in place adequate systems and procedures to ensure strict adherence to the compliance requirements.

In case of any clarifications, Members / Stockbrokers may contact on below provided contact details: 

 For and on behalf of BSE Ltd.