This is with reference to Exchange notice no. 20190716-9 dated 16 July 2019 and SEBI circular No. SEBI/HO/MIRSD/CIR/PB/2018/147; dated December 03, 2018, and SEBI/HO/MIRSD/DOP/CIR/P/2019/109 dated October 15, 2019, wherein members were informed to submit the Quarterly Cyber Security Incident reporting through BSE E-Filing System “BEFS” only, within 15 days from end of the quarter.
A. Quarterly Incident Reporting: -
Members are requested to submit quarterly report on cyber alert / attacks for the quarter ending September 2023 through BSE E-Filing System “BEFS” only. Please note that the timeline for submission of the report shall be 15 days from the end of the quarter.
Web-Link of the Quarterly Incident Reporting system is given below:
https://befs.bseindia.com -> Cyber Incident Report -> Quarterly Incident Reporting
Further please note that submission process will be completed when acknowledgement mail is received.
B. Immediate Incident Reporting: -
Members may please note that Immediate Incident Reporting to be done only if applicable as per Exchange notice no. 20220712-1 dated July 12, 2022, details of which are reproduced as below:
“Designated Officer on receipt of any information with respect to all Cyber-attacks, threats, cyber-incidents and breaches experienced as prescribed in the said SEBI Circular SEBI/HO/MIRSD/CIR/PB/2018/147 dated December 03, 2018, and SEBI/HO/MIRSD/TPD/P/CIR/2022/93 dated June 30, 2022, shall inform the Exchange within 6 hours of receipt of such information”.
Web-Link of the Immediate Incident Reporting system is given below:
https://befs.bseindia.com -> Cyber Incident Report> Immediate Incident Reporting
User manual for the reference has been attached.
In case of non-compliances observed, disincentives including financial disincentives and disciplinary action are applicable and can be referred to as per the Exchange Notice no 20230704-27 on 4th July 2023; summary details of which are listed in Table 1 below.
|
Table 1: Late-Submission and Related Actions
|
|
Details of Violation/contravention
|
Penalty/disciplinary actions
|
Penalty/disciplinary action in case of Repeat violation/contravention
|
|
Non-submission of Cyber Incident reporting (Quarterly Submission) within the time specified by the Exchange
|
1. For 1st week after due date, Charges of Rs. 2,500/- per day
2. Charges of Rs. 5000/- per day from second week after due date
3. In case of non-submission within three weeks from the due date of submission, new client registration to be prohibited and notice of 7 days for disablement of trading facility till submission of data/report. The disablement notice issued to the member shall be shared with all the Exchanges for information.
4. In case of non-submission within four weeks from the due date of submission, Member shall be disabled in all segments till submission of data/report
|
In case of a repeat instance by the Member, levy of applicable monetary penalty along with an escalation of 50%.
In case of non-submission within three weeks from the due date of submission, New client registration to be prohibited and notice of 7 days for disablement of trading facility till submission of data/report. The disablement notice issued to the member shall be shared with all the Exchanges for information.
In case of non-submission within Four weeks from the due date of submission, Member shall be disabled in all segments till submission of data/report.
|
|
Non-submission of Cyber Incident reporting (Immediate Submission) within the time (within 24 hours) specified by the Exchange.
|
If the incident not reported within 24 hours. Rs. 20,000/- per day till the incident is reported subject to a maximum of Rs.2 lakhs per incident.
|
In case of a repeat instance by the Member, levy of applicable monetary penalty along with an escalation of 50%.
|
Members are requested to take note of the above and ensure compliance.
In case of any queries/clarifications, you may reach us on the following contact details.
Email ID: - msc(dot)qcir(at)bseindia(dot)com
For and on behalf of BSE Ltd
|
Shri. Shivkumar Pandey
|
Shri. Devendra Kulkarni
|
|
Group Chief Information Security Officer
|
Additional General Manager
|
|