PENSION FUND REGULATORY AND DEVELOPMENT AUTHORITY
CIR No.: PFRDA/2020/13/SUP-POP/2
Date: April 21, 2020
Point of Presence (PoPs) / Non-Individual Retirement Advisers (RAs)
Subject: Compliance of Cyber Security Policy by Point of Presence (PoPs) and Non-Individual Retirement Advisers (RAs)
PFRDA (Authority) has received in past, various queries from the stakeholders regarding scope and applicability of Circular no. PFRDA/2017/31/CRA/5 dated 04.10.2017 and Circular no. PFRDA/2019/2/REG dated 07.01.2019.
2. In this regard, it is clarified that: –
(i) All PoPs and Non-Individual RAs are required to adhere to the cyber security measures and compliances as mentioned in the Cyber Security Policy of the Authority, as detailed in Circular PFRDA/2017/31/CRA/5 dated 04.10.2017 and also as mandated by their principal regulator (as applicable).
(ii) In compliance to (i) above, the PoPs and Non-Individual RAs are hereby advised to submit the Compliance certificate with respect to cyber security for respective Financial Year (FY) as per Annexure I (enclosed) within 30 days from the end of the said FY. They are also advised to submit the report on cyber-attacks incident pertaining to NPS activities, if any, as per Annexure II (enclosed) immediately on occurrence of such incident.
(iii) Accordingly, the PoPs may submit Certificate as per Annexure I for FY 2018-19 and FY 2019-20 instead of quarter-basis Certificate as per Annexure A of Circular no. PFRDA/2019/2/REG dated 07.01.2019.
(iv) Circular no. PFRDA/2019/2/REG dated 07.01.2019 therefore stands superseded with respect to PoPs.
3. This circular is issued under Section 14 of PFRDA Act, 2013 and is available in Circulars section of Regulatory Framework at PFRDA’s website.
(Sumeet Kaur Kapoor)
Chief General Manager