New Delhi, The Securities and Exchange Board of India (Sebi) has imposed a penalty of Rs 5.05 crore on Indian Clearing Corporation Ltd (ICCL) for failure to comply with cybersecurity and disaster recovery framework regulations. The penalty must be paid within 45 days, as per the Sebi order. ICCL is a wholly-owned subsidiary of BSE Ltd, incorporated in 2007, and is responsible for clearing, settlement, collateral management, and risk management for various segments of BSE.
The Sebi inspection, which took place from December 1, 2022, to July 31, 2023, found ICCL to be non-compliant with key regulatory provisions, particularly in cybersecurity and disaster recovery. Specifically, ICCL failed to maintain an up-to-date IT asset inventory, including software assets and criticality classification, and did not close cyber audit observations in a timely manner.
Furthermore, ICCL’s backup systems were not fully synchronized with its primary systems, violating disaster recovery rules. The clearing corporation also submitted its network audit report to Sebi without management or board comments, which is a non-compliance with regulatory requirements. Sebi ruled that even if no comments were needed, ICCL should have recorded and reported this, and therefore, ICCL was found non-compliant.
The regulator found ICCL guilty of three out of four allegations and imposed penalties under the SEBI Act and Securities Contracts (Regulation) Act (SCRA), resulting in the imposition of the penalty. ICCL has been directed to pay the penalty within 45 days.
Source Link
