Clarifications to Cybersecurity and Cyber Resilience Framework (CSCRF) for SEBI Regulated Entities

Description

SEBI clarifies client counting methodology and proprietary trading classification for CSCRF compliance by regulated entities.

Summary

SEBI has issued clarifications regarding the implementation of the Cybersecurity and Cyber Resilience Framework (CSCRF) for regulated entities. The circular clarifies two key aspects: the methodology for counting total registered clients based on unique PAN, and the criteria for categorizing trading members engaged in both clientele and proprietary trading.

Key Points

Registered clients must be counted based on unique PAN, including both active and inactive status
Clients marked as ‘Closed’ in UCC database should be excluded from the count
Trading members with clientele trading turnover less than 10% of proprietary trading turnover are categorized as proprietary stockbrokers
Clarifications build upon previous SEBI circulars and FAQs issued between August 2024 and August 2025

Regulatory Changes

The circular modifies the interpretation of Clause 2.1.1, Table 1 of SEBI Circular No. SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2025/60 dated April 30, 2025. The parameter for determining registered clients now explicitly includes active and inactive clients based on unique PAN, while excluding closed accounts.

Compliance Requirements

Trading members must calculate registered clients using unique PAN methodology
Entities engaged in both clientele and proprietary trading must assess their turnover ratio for the financial year (April 1 to March 31)
Investment advisors and trading members must implement these clarifications for CSCRF compliance
All regulated entities must follow the updated categorization criteria

Important Dates

Circular Issue Date: September 2, 2025
Assessment Period for Proprietary Trading Classification: Financial year April 1 to March 31
Previous Related Circulars: August 20, 2024; December 31, 2024; March 28, 2025; April 30, 2025; August 28, 2025
FAQ Publication: June 11, 2025

Impact Assessment

These clarifications will impact how SEBI regulated entities categorize themselves under the CSCRF framework. Trading members may be reclassified based on the 10% threshold for clientele versus proprietary trading turnover. The unique PAN-based client counting methodology provides a standardized approach for determining entity size and applicable cybersecurity requirements.

Impact Justification

Important clarifications for cybersecurity framework implementation affecting all SEBI regulated entities

Category	Compliance
Circular ID	`82b1ff42c935a38b`
Impact	Medium
Severity	Medium
Tags	cybersecurity compliance investment-advisors trading-members sebi-regulations cscrf
Source	BSE
Links	PDF Document ↗ Original Source ↗ Permalink