IFASCA circular on Guidelines on Cyber Security and Cyber Resilience for Market Infrastructure Institutions (MIIs) in IFSC
secmarkupdates
Highlights of the Circular
1. IFSCA vide circular dated March 10, 2025 had issued the ‘Guidelines on Cyber Security and Cyber Resilience for Regulated Entities in IFSCs’, prescribing a minimum baseline framework for cyber security applicable to all Regulated Entities (REs) operating within GIFT IFSC. The said framework adopts a principles-based approach to ensure proportional applicability, taking into account the heterogeneity of REs in terms of size, structure, complexity and risk profile.
2. The Market Infrastructure Institutions (MIIs) comprising Stock Exchanges, Clearing Corporations, Depository and the Bullion Exchange are systemically critical to the stability, integrity and continuity of the capital market in IFSC. In view of their central role and heightened risk exposure, a more robust, granular and prescriptive cyber security framework is warranted.
3. Accordingly, with a view to enhancing cyber resilience, mitigating systemic cyber risks and ensuring preparedness against evolving threat vectors, IFSCA has formulated the “Guidelines on Cyber Security and Cyber Resilience for Market Infrastructure Institutions (MIIs) in IFSC” as set out in Annexure A.
4. The key objective of these Guidelines is to establish a comprehensive cyber security and cyber resilience framework for the MIIs operating in IFSC. The Guidelines seek to:
a. strengthen governance and reinforce accountability for cyber security at the Board and Senior Management level
b. address evolving cyber threat landscape, including emerging risks such as those arising from developments in quantum computing
c. align MII cyber security practices with national and international standards and
d. ensure robust incident detection, response, reporting and recovery mechanisms.
5. These Guidelines are structured around the following cyber security functions:
a. Govern
b. Identify
c. Protect
d. Detect
e. Respond
f. Recover
g. Resilience.
6. These Guidelines shall come into effect from April 01, 2026. The MIIs shall ensure full compliance within the timelines specified in the respective provisions of these Guidelines.
7. This Circular is issued in exercise of powers conferred by Sections 12 and 13 of the International Financial Services Centres Authority Act, 2019, to develop and regulate the financial services market in the International Financial Services Centre.