Submission of Corrective Action Report pertaining to Cyber Security and Cyber Resilience Audit Report of Stockbrokers / Trading members for the period ended September 2023[...]

NOTICES

Notice No.		20240202-33		Notice Date		02 Feb 2024
Category		Others		Segment		General
Subject		Submission of Corrective Action Report pertaining to Cyber Security and Cyber Resilience Audit Report of Stockbrokers / Trading members for the period ended September 2023 through BEFS (BSE Electronic Filing System).
Content

To All Trading Members,<_o3a_p>

<_o3a_p>

This is further to the Exchange Notice no. 20231023-1 dated October 23, 2023, and Exchange notice No. 20231108-3 datedNovember 08, 2023, wherein all Stockbrokers / Trading members were directed to submit "Corrective Action Report" for "Cyber Security and Cyber Resilience Audit Report"for half year ended September 30, 2023 to the Exchange latest by February 29, 2024 in electronic form through BEFS (BSE Electronic Filing System). Kindly note that no documents are to be submitted in physical form.<_o3a_p>

<_o3a_p>

Please note that in case of any "Non compliances/ Work in progress/ Observation/Suggestion" pointed out by the auditor in Cyber Security and Cyber Resilience Audit Report for the period ended September 2023, Members are required to submit the CAR (Corrective Action report) to the Exchange through BEFS on or before February 29, 2024.<_o3a_p>

The provision to submit the Corrective Action Report and related documents to be submitted only in electronic form through BEFS portal (BSE Electronic Filing System).<_o3a_p>

<_o3a_p>

Web-Link of the CAR (Corrective Action Report)submission system is given below:<_o3a_p>

<_o3a_p>

http://befs.bseindia.com < Cyber Security and Cyber Resilience Audit Report < Corrective Action Report. (TOR II CAR And TOR III CAR).<_o3a_p>

<_o3a_p>

The Stockbrokers / Trading members are requested to take note of the Exchange circular 20231005-54 dated October 05, 2023, regarding "Revised Penalties/disciplinary action(s)/charges for Cyber Security and Cyber Resilience Audit Report & Cyber Security and Cyber Resilience Audit Report related submissions".<_o3a_p>

The penalty / disciplinary actions as provided in below mentioned Table A would be initiated against the Trading Member for Delay / Non-submission of Preliminary Audit Report / Corrective Action Taken Report and Follow-on audit report.<_o3a_p>

Table - A: Penalty / disciplinary action for Delay / Non-submission of Preliminary Audit Report / Corrective Action Taken Report / Follow on audit report and non-Closure of observations<_o3a_p>
Details of Violation<_o3a_p>	Period of violation<_o3a_p>	Penalty/disciplinary actions<_o3a_p>	Penalty/disciplinary action in case of repeated violation<_o3a_p>
Delay / Non-Submission of Preliminary audit / ATR / Follow-on audit report as recommended by the auditor in case of Cyber Security and Cyber Resilience Audit Report / cyber security and cyber resilience audit report.<_o3a_p>	From 1st day to 7th day:<_o3a_p>	Charges Rs. 1,500/- per day for Non QSB & Rs. 3,000/- per day for QSB from the due date till first 7 calendar days or submission of report, whichever is earlier.<_o3a_p>	In case of a repeat instance by the Member, levy of applicable monetary penalty along with an escalation of 50%.<_o3a_p>
From 8th day to 21st day:<_o3a_p>	Charges of Rs. 2,500/- per day for Non QSB & Rs. 5,000/- per day for QSB from 8th calendar day after the due date to 21st calendar day or submission of report, whichever is earlier.<_o3a_p>	Levy of applicable monetary penalty along with an escalation of 50%.<_o3a_p>
From 22nd day onwards:<_o3a_p>	In case of non-submission of report till 21st calendar days, new client registration shall be prohibited and notice of 7 calendar days for disablement of trading facility till submission of report, shall be issued. The disablement notice issued to the trading member will be shared with all the Exchanges for information.<_o3a_p>
After 28th day:<_o3a_p>	In case of non-submission of report by 28th calendar day, Trading member shall be disabled in all segments till submission of report.<_o3a_p>

<_o3a_p>

Further, Stockbrokers / Trading members are also required to submit closure status of all the non-compliances reported in Cyber Security and Cyber Resilience Audit by submitting Action Taken Report (ATR) i.e., within 3 months from the due date of submission of Preliminary Audit Report. To ensure strict adherence for closure of non-compliances within the prescribed timelines, following penalty as provided in Table - B shall be applicable for each High / Medium / Low risk non-compliance, which has not been closed in ATR as per prescribed timelines.<_o3a_p>

Table - B<_o3a_p>
<_o3a_p> <_o3a_p> Risk rating reported by auditor<_o3a_p>	Applicable penalties for each High / Medium / Low risk non-closure of non-compliances, which have not been closed in ATR (i.e., within prescribed timelines of submission of due date of preliminary audit report)<_o3a_p>
Non QSB Trading Members<_o3a_p>	QSB Trading Members<_o3a_p>
High Risk<_o3a_p>	Rs. 15,000<_o3a_p>	Rs. 30,000<_o3a_p>
Medium Risk<_o3a_p>	Rs. 7,500<_o3a_p>	Rs. 15,000<_o3a_p>
Low Risk<_o3a_p>	R s. 2,500<_o3a_p>	Rs. 5,000<_o3a_p>
<_o3a_p> o In case observations are not closed by trading members within three weeks from the due date for submission of Action Taken Report (ATR), new client registration to be prohibited and notice of 7 days for disablement of trading facility till closure of observation(s).<_o3a_p> <_o3a_p> o The disablement notice issued to the trading member shall be shared with all the Exchanges for information. In case of non-closure of observation(s) within four weeks from the due date of submission of ATR, Trading member shall be disabled in all segments until closure of observations(s).<_o3a_p> <_o3a_p>

<_o3a_p>

<_o3a_p>

It may be noted that the Corrective Action Report for Cyber Resilience Audit Report submitted by trading member, the auditor needs to authenticate the report with digital signature and auditor's comments against each observation points submitted by the members and shall submit the status of compliance as Compliant or Non-Compliant though BESF portal. The Corrective Action Report for Cyber Resilience Audit Report shall be considered complete only after Auditor submits the digitally signed report to the Exchange and receives an acknowledgment email. Saved reports /reports submitted by member will not be considered as final submission to Exchange.<_o3a_p>

<_o3a_p>

In case of any queries/clarifications, you may reach us on the following contact details.<_o3a_p>

Table 2: Submission Related Contacts<_o3a_p>
Purpose<_o3a_p>	Contact Nos.<_o3a_p>	Email ID<_o3a_p>
Cyber Security and Cyber Resilience Audit XBRL related issues<_o3a_p>	1800233 0445<_o3a_p>	bse.xbrl(at)bseindia.com<_o3a_p>
Cyber Security and Cyber Resilience Audit Process related<_o3a_p>	22725841/5842/8888<_o3a_p>	bse.msc(at)bseindia.com<_o3a_p>

<_o3a_p>

All Trading Members are advised to take note of the above and comply.<_o3a_p>

<_o3a_p>

<_o3a_p>

For and on behalf of BSE Ltd<_o3a_p>

<_o3a_p>

Shri. Devendra Kulkarni Shri Ashutosh Mastud<_o3a_p>

Additional General Manager Senior Manager<_o3a_p>

Information Security Information Security<_o3a_p>

Public link

Please use the above public link if you want to share this noodl on another website.