Clarification on Information Technology / Cybersecurity Committee at QSBs

Description

BSE clarifies that Qualified Stockbrokers can maintain one IT committee instead of separate IT and Cybersecurity committees, with mandatory external cybersecurity expert.

Summary

BSE has clarified that Qualified Stockbrokers (QSBs) can constitute and maintain one Information Technology (IT) committee instead of maintaining two separate committees for IT and Cybersecurity functions. This IT committee must mandatorily include at least one external independent expert on cybersecurity and can handle functions of both IT and cybersecurity committees as specified in applicable circulars.

Key Points

QSBs can maintain one IT committee instead of separate IT and Cybersecurity committees
The unified IT committee must include at least one external independent cybersecurity expert
Committee can handle functions of both IT and cybersecurity as per applicable regulations
Clarification issued based on representations from QSBs and SEBI consultation
References SEBI circular on Enhanced Obligations for QSBs and updated Cybersecurity framework

Regulatory Changes

Simplification of committee structure for QSBs from two separate committees to one unified IT committee
Mandatory inclusion of external independent cybersecurity expert in the IT committee
Alignment with SEBI’s updated Cybersecurity and Cyber resilience framework (CSCRF)

Compliance Requirements

QSBs must constitute/maintain one IT committee with cybersecurity expertise
Committee must include at least one external independent expert on cybersecurity
IT committee must perform functions of both IT and cybersecurity committees as per applicable circulars
Compliance with SEBI’s Enhanced Obligations and Responsibilities framework

Important Dates

Notice Date: August 22, 2025
Implementation: As per timelines mandated by SEBI for CSCRF circular implementation
Reference to original SEBI circular dated February 6, 2023
Updated SEBI cybersecurity framework dated August 20, 2024

Impact Assessment

Reduces administrative burden on QSBs by allowing unified committee structure
Maintains cybersecurity oversight through mandatory external expert requirement
Provides operational flexibility while ensuring regulatory compliance
Affects all Qualified Stockbrokers in terms of governance structure
No immediate market trading impact but enhances regulatory clarity

Impact Justification

Provides regulatory clarity for QSBs on committee structure but doesn't change fundamental requirements

Category	Compliance
Circular ID	`156638ed90623942`
Impact	Medium
Severity	Medium
Tags	qualified-stockbrokers it-committee cybersecurity governance compliance sebi-circular
Source	BSE
Links	PDF Document ↗ Original Source ↗ Permalink