How Will The Cyber-Security Framework For Mutual Funds Benefit Investors
Jan 16, 2019

Author: PersonalFN Content & Research Team

(Image Source:

Investors have become digital-savvy nowadays. Whether it’s investing in mutual funds, completing Know Your Customer (KYC) formalities, or giving a service mandate to Registrar and Transfer Agents (RTAs), investors prefer the online route.

In this process, they share a lot of personal information with various agencies handling their investments. Given the bad precedence that data leakages and ransomware attacks have set in developed countries, the Securities and Exchange Board of India (SEBI) decided to create a regulatory framework—cyber security and cyber resilience framework for Asset Management Companies (AMCs).

On January 10, 2019, the capital market regulator issued a circular in this regard. The cyber security and cyber resilience policy endeavours to identify, assess, and manage cyber security risks associated with processes, information, networks, and systems of mutual funds.

According to which, mutual funds will have to formulate the board-approved comprehensive cyber security and resilience policy. This will be reviewed at least once a year by the board of an AMC.

The AMC has to report deviations from the suggested policy framework along with reasons. The Board of the AMCs must constitute a Technology Committee comprising experts proficient in technology.

AMCs will have to present a quarterly report to the market regulator that contains details of cyber-attacks and threats the mutual funds face in a soft-copy form along with measures they have takento mitigate vulnerabilities.

Moreover, AMCs are required to get their systems audited by an independent CISA/CISM qualified or CERT-IN empanelled auditor who’s expected to submit a separate report to SEBI along with the comments of the board of AMCs by June 30 every year.

Important pro-investor provisions the new framework has introduced…

  • In future, no person at the AMC will be able to access your confidential data using system resources and facilities merely using his position in the company.

  • If one needs access to critical data of an investor, it will be granted strictly on a need-to-use basis by adhering to a robust authentication process, that too after ensuring that it is granted only when it is required.

  • According to the new rulebook, AMCs are expected to maintain password hygiene to protect their systems, processes, networks, and databases.

  • AMCs will have to maintain a separate record of user access in a uniquely identifiable and an encrypted form for at least two years. They shall make these details available for audit purposes when required.

  • Employees and service vendors will be more accountable for handling your data and will be subject to a number of usage restrictions and stringent supervision.

  • Mutual funds are expected to ensure that data-at-rest and data-in-motion is protected. They will be responsible for the data safety during the process of exchanging information with and transmitting data to external parties.

What does it mean for mutual funds, their RTAs, vendors, and all other third-party service providers associated with them?

  • Accountability onmutual fund houses will go up.

  • Compliance costs will also rise. It will becrucial to see if they cause any change in the expense ratios of various mutual fund schemes.

  • Accountability of RTAs, third-party vendors will also go up.

  • Since the regulator will oversee cyber security implementation and will keep itself updated through reports of independent auditors, the systemic risk mitigation response might improve substantially in future.

At a time when, the debate about right to privacy is heating up in this country, SEBI’s effort will be seen as the positive step taken by a responsible regulator to protect investors’ right to privacy.

PersonalFN believes cyber security and cyber resilience framework will go a long way to create a conducive environment for the growth of mutual fund industry. It will encourage more investors to invest online, invest in direct plans, thereby making Systematic Investment Plans (SIPs) more popular.

PS: Do you know unusual and lesser-known funds are capable of generating big gains for you? Yes, some hidden gems that are managed well and have the potential to deliver superior risk-adjusted returns in line with the popular peers in the category.

But any small sized fund will not do. You do not want to pick lesser-known funds that have delivered a one-off performance, isn’t it? You need the ‘right’ ones that can generate wealth for you.


PersonalFN brings to you a special report: 5 Undiscovered Equity Funds with High Growth Potential. This report will help you invest in the hidden gems. PersonalFN has tested the viability of the Undiscovered Equity Funds featuring in this report by applying its stringent mutual fund selection process.

What are you waiting for? Subscribe to the special report, 5 Undiscovered Funds today!

Add Comments

Daily Wealth Letter

Fund of The Week

Knowledge Center

Money Simplified Guides (FREE)

Mutual Fund Fact Sheets

Tools & Calculators