SDG 9: Industry, Innovation and Infrastructure | SDG 16: Peace, Justice and Strong Institutions

Institutions: International Financial Services Centres Authority (IFSCA) | Ministry of Finance

The International Financial Services Centres Authority (IFSCA) has released a consultation paper soliciting feedback on the new “Guidelines on Cyber Security and Cyber Resilience for Market Infrastructure Institutions (MIIs) in IFSC.” Recognizing the systemic risk MIIs (Stock Exchanges, Clearing Corporations, and Depositories) pose due to high operational interconnectivity, these guidelines propose a “differentiated and elevated baseline” of security compared to standard regulated entities.

While Cyber Security and Cyber Resilience are often used interchangeably, the guidelines make a critical distinction:

• Cyber Security refers to the measures, tools, and processes intended to prevent cyber-attacks (the shield).

• Cyber Resilience is the organization’s ability to prepare for, respond to, and recover from a cyber-attack while continuing operations (the recovery muscle). Essentially, security is about keeping the attacker out, while resilience is about surviving and functioning if they get in.

The proposed framework is built on five pillars: Identify, Protect, Detect, Respond, and Recover. Key mandates include:

• Governance: Establishment of a Standing Committee on Technology (SCOT) and appointment of a dedicated Chief Information Security Officer (CISO).

• Advanced Protection: Implementation of Multi-Factor Authentication (MFA) for all critical systems, robust network segmentation, and awareness of post-quantum cryptography risks.

• Detection & Response: Operationalizing a 24x7 Cyber Security Operation Center (C-SOC) and a strictly defined Cyber Crisis Management Plan (CCMP).

• Reporting: A tight 6-hour window for reporting cyber incidents to IFSCA and CERT-In.

• Audit: Mandatory ISO 27001 certification within 2 years and annual audits by CERT-In empanelled auditors.

Policy Relevance: This framework aligns India’s IFSC with global IOSCO Principles for Financial Market Infrastructures (PFMI), ensuring that GIFT City remains a trusted global financial hub capable of withstanding systemic shocks and sophisticated technological threats.

What is IFSCA? The International Financial Services Centres Authority (IFSCA) is a unified regulatory body in India—often described as a “super-regulator”—that combines the powers of the RBI, SEBI, PFRDA, and IRDAI for special international financial zones, primarily GIFT City in Gujarat. Its job is to oversee all international financial activities (like banking, stocks, and insurance) happening within these zones to ensure they match global standards of ease and security.

What does this paper imply for the common man? For the common man, this paper implies greater safety and stability for the broader economy. Market Infrastructure Institutions (MIIs) like stock exchanges and clearing corporations are the “plumbing” of the financial system; if they are hacked, the entire economy can suffer from frozen funds or data theft. By mandating military-grade cyber security (like 24x7 monitoring and “post-quantum” encryption) for these institutions, the IFSCA is essentially “future-proofing” India’s financial gateway. This protects the integrity of the financial system, prevents systemic crashes that could hurt the rupee or jobs, and ensures that as India integrates with global markets, foreign and domestic investors’ money remains safe from sophisticated cyber-attacks.

Follow the full news here: Consultation Paper on Guidelines on Cyber Security and Cyber Resilience