Clarification on Information Technology / Cybersecurity Committee Requirements for Qualified Stockbrokers

Description

BSE clarifies that QSBs can maintain a single IT committee instead of separate IT and cybersecurity committees, with mandatory external cybersecurity expert inclusion.

Summary

BSE has clarified that Qualified Stockbrokers (QSBs) can constitute and maintain a single Information Technology (IT) committee instead of maintaining two separate committees for IT and Cybersecurity. This single IT committee must mandatorily include at least one external independent expert on cybersecurity and can perform the functions of both IT and cybersecurity committees as required by applicable regulations.

Key Points

QSBs can maintain one combined IT committee instead of separate IT and Cybersecurity committees
The single IT committee must include at least one external independent cybersecurity expert
This combined committee can handle functions of both IT and cybersecurity oversight
Clarification issued based on representations from QSBs in consultation with SEBI
Applies to the Cybersecurity and Cyber Resilience Framework (CSCRF) requirements

Regulatory Changes

Modification of committee structure requirements under SEBI Circular SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2023/24 dated February 06, 2023
Updated interpretation of SEBI Circular SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113 dated August 20, 2024 on Cybersecurity framework
Streamlined committee structure while maintaining cybersecurity expertise requirements

Compliance Requirements

QSBs must constitute an IT committee that includes mandatory external cybersecurity expertise
The committee must perform all functions previously required of separate IT and cybersecurity committees
External independent cybersecurity expert participation is mandatory
Committee must comply with all applicable SEBI circular requirements for both IT and cybersecurity oversight

Important Dates

Effective Date: As per timelines mandated by SEBI for implementation of CSCRF circular
Notice Date: August 22, 2025
Reference to SEBI CSCRF circular dated August 20, 2024

Impact Assessment

Operational Impact: Reduces administrative burden on QSBs by allowing single committee structure
Compliance Impact: Maintains cybersecurity oversight requirements while providing structural flexibility
Cost Impact: Potential reduction in committee management costs while preserving expert oversight
Risk Management: Continues to ensure adequate cybersecurity expertise at board level

Impact Justification

Provides operational flexibility for QSBs while maintaining cybersecurity oversight requirements

Category	Compliance
Circular ID	`7e95d1ec8c176268`
Impact	Medium
Severity	Medium
Tags	qualified-stockbrokers cybersecurity it-committee board-committees compliance sebi-framework
Source	BSE
Links	PDF Document ↗ Original Source ↗ Permalink