Site icon SCC Times

SEBI Introduces Executive Directors, CTO and CISO Roles in 3rd Amendment to Depositories Regulations

Shubhi
SEBI Depositories and Participants 3rd Amendment Regulations 2025

On 21-11-2025, the Securities Exchange Board of India (SEBI) notified the SEBI (Depositories and Participants) (3rd Amendment) Regulations, 2025, introducing new roles and responsibilities for officials to strengthen governance and risk management in depositories.

These amendments are set to come into force on 21-12-2025.

Key Points of SEBI Depositories and Participants 3rd Amendment Regulations 2025:

  1. This Amendment revises the SEBI (Depositories and Participants) Regulations, 2018.

  2. The Amendments, represent a significant step in modernizing the regulatory framework for depositories and enhancing accountability in India’s securities market.

  3. The amendment aims to:

    • Enhance corporate governance in depositories.

    • Strengthen risk management and operational resilience.

    • Introduce technology and cybersecurity leadership roles.

    • Ensure that depositories operate in public interest, not revenue-driven objectives.

  4. This Amendment revises the Board Composition under Regulation 24 by expanding the governance framework to “executive directors.”

  5. In Regulation 26, the roles and responsibilities of Managing Director (‘MD’) is expanded. He will:

    • Manage the entire affairs of the depository.

    • Ensure compliance with all applicable laws, rules, and SEBI directions.

    • Oversee risk management and infrastructure adequacy.

    • Can hold certain non-executive positions with prior approval of the governing board.

  6. Under the newly inserted Regulation 26A, every depository is mandated to appoint:

    • Two Executive Directors as key management personnel:

      ○ Vertical 1 Head — Responsible for infrastructure and systems.

      ○ Vertical 2 Head — Responsible for risk management.

    • Optionally, an executive director for Vertical 3.

  7. It clearly defines the appointment process, tenure, and age limits aligned with those of the MD.

  8. Executive directors are not allowed to serve on external boards, except subsidiaries with prior approval.

  9. Appointment of Chief Technology Officer (CTO) is mandated by introducing Regulation 81B, to oversee technology systems, infrastructure, and IT risk management. Their responsibilities include:

    • Managing IT risks,

    • Formulating IT policy and risk framework,

    • Addressing technology audit observations.

  10. Regulation 81C is inserted mandating the appointment of Chief Information Security Officer (CISO), to manage cybersecurity risks. Their responsibilities include:

    • Establishing standards and controls,

    • Implementing cybersecurity and resilience policies,

    • Leading initiatives in information security policy development and implementation.

Exit mobile version