Understanding SEBI’s Framework for Cloud Services Adoption by Financial Entities in India

Authorities and governments across the globe take measures and issue regulatory frameworks to protect the financial sector against the increasing threat landscape and make banks and other institutions resilient. The European Commission enacted the Digital Operational Resilience Act (DORA), while in Singapore, the Monetary Authority published an advisory for addressing technology and cyber risks.

The financial sector in India faces the same challenges as elsewhere; hence, the Securities and Exchange Board of India (SEBI) introduced the Framework for the Adoption of Cloud Services by SEBI Regulated Entities (REs) on March 6, 2023. The Framework is a crucial addition to SEBI’s existing guidelines on cloud computing, sets baseline standards for security and regulatory compliances, and is designed to help REs implement secure and compliant cloud adoption practices.

Purpose of the SEBI Framework

The primary purpose of this Framework is to highlight the key risks and mandatory control measures regulated entities need to implement before adopting cloud computing. The circular outlines nine principles and requirements for REs to consider when adopting cloud computing. The Framework was developed after consulting with market stakeholders, regulators, cloud service providers, government agencies, and SEBI Advisory Committees.

Applicability

The REs falling under the SEBI framework requirements are the following:

• Stock Exchanges
• Clearing Corporations
• Depositories
• Asset Management Companies
• Qualified Registrars to an Issue and Share Transfer Agents
• Know Your Customer (KYC) Registration Agencies

REs currently availing cloud services should ensure that, wherever applicable, all such arrangements are revised, and they should comply with the Framework within 12 month

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.