News and developments

Bridging the Gap: Expanding Social Security for Gig Workers in India

Social security serves as a crucial safeguard for individuals, ensuring access to healthcare and income security,
04 October 2024

MALICIOUS PROSECUTION: BALANCING JUSTICE AND ABUSE OF PROCESS OF LAW AN INDIAN PERSPECTIVE

INTRODUCTION 1.     The principle of malicious prosecution serves as a crucial safeguard against the misuse of legal procedures.
04 October 2024

CYBERSECURITY AND CYBER RESILIENCE FRAMEWORK BY SEBI: A STEP TOWARDS DIGITAL SAFETY

On August 20, 2024, the Securities and Exchange Board of India (“SEBI”) took a major step towards improving the cybersecurity landscape in India’s financial sector by releasing the Cybersecurity and Cyber Resilience Framework (“CSCRF”) for SEBI Regulated Entities (“Regulated Entities/RE”), including but not limited to: Alternative Investment Funds (AIFs) Bankers to an Issue (BTI) and Self-Certified Syndicate Banks (SCSBs) Clearing Corporations Collective Investment Schemes (CIS) Credit Rating Agencies (CRAs) Custodians Depositories and Depository Participants Investment Advisors and Research Analysts KYC Registration Agencies Merchant Bankers The applicability of various standards and guidelines of  CSCRF is based on different categories of Regulated Entities. CSCRF follows a  graded approach and classifies Regulated Entities  in the following five broad categories: (i) Market Infrastructure Institutions (MIIs) (ii) Qualified REs (i) Midsize REs (ii) Small size REs (iii)Self certification REs The Need for CSCRF Indeed, nothing is more imperative than developing a foolproof cybersecurity structure that can meet the requirement of the emergent and dynamic financial sector of India. SEBI has also noted the dynamism and ever growing nature of the threat from cyber incidents and has put in place the CSCRF to tackle the challenges and enhance the security of Regulated Entities. Banks and other financial institutions across the world in the last few years have been on the receiving end of cyber threats, ranging from theft of clients’ data to complex and dangerous hacking executed on the financial markets. The CSCRF is thus an indication of SEBI’s strategy on how to address cyber risks and improve protection from cyber threats. The CSCRF is designed to be comprehensive, addressing a spectrum of cybersecurity issues from preventive measures to response strategies The CSCRF is divided into four main parts to facilitate ease of compliance and implementation: iv. Part I: Objectives and Standards: This section outlines the goals that security controls need to achieve and the established principles for compliance. v. Part II: Guidelines: This part provides recommendations and measures for complying with the standards. Some guidelines are mandatory and must be adhered to by the REs. vi. Part III: Structured Formats for Compliance: This section includes standard formats for compliance, ensuring uniformity and ease of reporting vii. Part IV: Annexures and References: This part contains additional resources and references to support the implementation of the framework. Key Provisions under the CSCRF a. Governance Under the CSCRF, SEBI mandates a dedicated cyber security committee responsible for formulating and overseeing the implementation of cyber security policies be established by all Regulated Entities and such a committee shall include senior management and IT experts to ensure that cyber security considerations are integrated into all the processes of the Regulated Entities. b.Cyber Capability Index  SEBI has also provided for a Cyber Capability Index (“CCI”) under the CSCRF, which is a comprehensive framework intended to evaluate the resilience of cyber security framework. Market Infrastructure Institutions are mandated to undergo a third-party cyber resilience assessment biannually, while Qualified Regulated Entities are required to perform an annual self-assessment. c. Incident Management and Response An important aspect of the CSCRF is the emphasis on effective incident management. Regulated Entities are required to implement procedures for responding, detecting and recovering from cyber incidents. This includes the establishment of an Incident Response Team (“IRT”) along with a communication protocol for reporting incidents to SEBI and other relevant authorities. The CSCRF also stipulates that entities must maintain detailed records of all cyber incidents and their resolutions. d. Risk Management- Third Parties The CSCRF also takes into account the risks associated and posed with third-party vendors and service providers. The Regulated Entities are required to assess and manage the cyber security readiness of their third-party vendors and service providers making sure that they have in place and comply with similar security standards. e. Compliances and Audits SEBI has provided consistency in auditing Regulated Entities by creating and providing an auditors’ checklist under the CSCRF. This shall ensure a more effective audit process, ensuring that all Regulated Entities are held to the same standards. f. Risk Management Regulated Entities under the CSCRF are required to carry out regular risk assessments to identify any cybersecurity threats. This shall enable the Regulated Entities to implement appropriate strategies to mitigate any threats. g. Data Protection and Privacy Protecting sensitive data is the most important part of the CSCRF. It requires that Regulated Entities implement robust data encryption, access controls, and privacy measures to safeguard sensitive information. This includes ensuring compliance with data protection regulations and maintaining transparency in data handling practices. Implementation and Compliance The introduction of the CSCRF is a significant step taken SEBI, however, its effectiveness shall depend on its implementation. Regulated Entities have been provided with clear guidelines for to follow by SEBI, along with a timeline for compliance.  Regulated Entities are required to submit reports regularly on their cyber security preparations and planning. Impact on the Financial Sector By setting high standards for cyber security and resilience, the CSCRF is expected to have a profound impact on the financial sector. SEBI is not only enhancing the protection of data but also reinforcing confidence in India’s financial markets. The CSCRF aligns with best practices all over the world in cyber security, making the Indian financial institutions at par with international standards. This alignment is important as India continues to grow, integrate more deeply into the global financial system and attract international investments. Conclusion While the CSCRF is a crucial initiative by SEBI, the implementation of CSCRF may present challenges as smaller entities may face difficulties in meeting the stringent requirements under the CSCRF due to resource constraints. Therefore, to mitigate this, SEBI may need to provide additional and continued support to help such small entities comply with the CSCRF. Moreover, the fast evolving nature of cyber threats will require that the CSCRF is regularly updated to address all the new challenges presented. The commitment of SEBI towards continuous improvement and engagement with the Regulated Entities will be crucial in ensuring the CSCRF remains relevant and effective. Author: Sanika Mehra (Co-Managing Partner & Head-Corporate Practice) & Antra Ahuja (Senior Associate)
03 October 2024

The Conundrum of NBFC Loans Secured against Unlisted Shares

The Reserve Bank of India (“RBI”) through its notification dated April 10, 2015 (“RBI Notification”) amended Non-Banking Financial (Deposit Accepting or Holding) Companies Prudential Norms (Reserve Bank) Directions,
28 August 2024

NOTE ON INSURANCE REQUIREMENTS UNDER THE KARNATAKA COMPULSORY GRATUITY INSURANCE RULES, 2024

The government of Karnataka vide notification no. LD 397 LET 2023 dated January 10, 2024, notified the Karnataka Compulsory Gratuity Insurance Rules, 2024 (“Rules”).
15 July 2024

Recent Strides in Curative Jurisdiction of the Supreme Court

INTRODUCTION The curative jurisdiction conferred upon the Supreme Court by Article 142 of the Constitution of India empowers the Apex Court to pass such decree or make such order as is necessary for doing complete justice which comes as an extraordinary legal recourse to the litigants.
02 August 2024

Gratuity-(End) of Service Benefits Globally and in India

During colonial rule in India, there was no law regulating gratuity. Employers offered gratuity as a gesture of appreciation upon an employee's completion of active service.
02 August 2024

ARE ADVOCATES LIABLE FOR ‘DEFICIENCY IN SERVICE’ UNDER THE CONSUMER PROTECTION ACT?

INTRODUCTION Recently, the Hon’ble Supreme Court in a batch of civil appeals, one of them titled “Bar of Indian Lawyers v. D.K. Gandhi” 2024 SCC OnLine SC 928 examined a very crucial and important question of law that “whether proceedings alleging “deficiency in service” against Advocates under the Consumer Protection Act, 1986 (‘Act’) would be maintainable”.
02 August 2024

Cybersquatting

Introduction: With the advancement of technology, today almost all business entities have an online presence.
02 August 2024
Press Releases

Saga Legal moves to larger offices in New Delhi and Bengaluru

Saga Legal has relocated to larger offices in New Delhi and Bengaluru to support its rapidly expanding team and better serve its growing client base.
18 June 2024
Press Releases

Saga Legal represented India Quotient Fund and DSG Consumer Fund in their investment in the haircare brand Fix My Curls

Fix My Curls, a leading haircare brand specialising in products for curly and wavy hair, has secured an undisclosed amount in a seed funding round.
06 June 2024