Member’s attention is drawn to SEBI circular no. SEBI/HO/MIRSD/CIR/PB/2018/147 dated December 03, 2018, SEBI/HO/MIRSD/DOP/CIR/P/2019/109 dated October 15, 2019 and Exchange circular no. 20191022-27 dated October 22, 2019, in relation to Cyber Security & Cyber Resilience framework for Stock Brokers / Depository Participants and Exchange notice no. 20230331-68 dated March 31, 2023, on Revised and Standardized “Terms Of Reference” for “Cyber Security and Cyber Resilience Audit report” of Stock Brokers / Trading Members across Exchanges.

Reference is further drawn to para 5 of the said SEBI Circular dated October 15, 2019, wherein periodicity of audit for the purpose of compliance with Cyber Security and Cyber Resilience is defined. Accordingly, trading members are required to carry-out Cyber Security & Cyber Resilience Audit for the period ended March 31, 2024, as per the applicability criteria given below in Table 1: 

Timelines for submission of Cyber Security & Cyber Resilience Audit Report for the period ended March 31, 2024, is given below in Table 2:

Stock Brokers may note that the above mentioned reports are required to be submitted only in electronic form through BEFS (BSE Electronic Filing s) –  http://befs.bseindia.com

All Trading members are requested to take note that, for each non-compliance reported by the auditor, trading members are required to submit corrective action taken report as per above mentioned timelines. On review of details of corrective action submitted by trading member, the auditor shall submit the status of compliance as Compliant or Non-Compliant on BEFS.

Submission of Cyber Audit Report with Management comments shall be considered complete only after Member submits the report to the Exchange and receives an acknowledgment email. Saved reports/reports submitted by auditor will not be considered as final submission. Further, auditor must provide compliance status for each TOR item i.e., Compliant/Non-Compliant and Not Applicable and in case of any TOR item which is not applicable, auditor is required to provide justification for the non-applicability of said TOR.

Trading members shall comply with any non-compliance/ non-conformities (NCs) pending submissions for cyber audit report for the previous audit period by submitting ATR through BEFS Portal.

Trading members are requested to take note of the Exchange circular 20231005-54 dated October 05, 2023, regarding “Revised Penalties/disciplinary action(s)/charges for System Audit Report & Cyber Security and Cyber Resilience Audit Report related submissions”. The details of Penalties/disciplinary action(s)/charges have been provided in Annexure V.

Stockbrokers/Trading Members are requested to refer to the following documents while submitting the Cyber Security & Cyber Resilience Audit Report.

Ø  Auditor Selection Norms – Annexure I

Ø  Audit Process – Annexure II

Ø  Auditor User Manual – Annexure III

Ø  Member User Manual – Annexure IV

Ø  Penalty/disciplinary action for Delay/Non-submission of Preliminary?Audit Report / Corrective Action Taken Report and non-Closure of observations – Annexure V

Ø  Cyber Terms of Reference (TOR) - II and III

All Trading Members are advised to take note of the above and comply to avoid disincentives.

In case of any queries/clarifications, you may contact us on the below numbers in Table 4.

For and on behalf of BSE Ltd. 

Devendra Kulkarni                                                                                                                          

Additional General Manager