Amfi issues guidelines for cyber security and privacy of user data

Photo: Shutterstock
The Association of Mutual Funds in India (Amfi), in a communication to top officials of asset management companies (AMCs), has issued a set of minimum standards that the industry must follow, in order to protect digital-savvy investors from cyber crime and identity theft.

Markets regulator Securities and Exchange Board of India (Sebi) had in the past directed the players to follow the ‘best practices’ guidelines laid down by Amfi.

On cyber security, the guidelines said that AMCs should conduct checks to ensure that a bank account belongs to a genuine investor. “This may be done by means of verification of scanned image of a cancelled cheque or by ‘penny-drop’ or a similar method…”

In cases where ‘more secure’ methods such as biometric authentication are not available, guidelines recommended two-factor authentication through user ID — password verification and one-time password (OTP) sent to the registered e-mail or mobile number.

The guidelines also advise caution on simultaneous updates of email address and mobile number. “There should be a minimum cooling off period of 10 days between the two changes.”

Experts feel as more technology-savvy investors start opting for mutual funds, it is important to protect them against various risks. “With the increase in online transactions in the MF industry, the thrust on data and cyber security has assumed importance for mutual funds,” NS Venkatesh, CEO, Amfi, said in his introductory remarks.

Digital transactions have gained some pace in recent years. The share of gross inflows through digital modes has grown from just about 0.5 per cent two years ago to more than six per cent in March 2018. As of June 2018, gross inflows through digital modes had jumped to nearly 10 per cent.

According to people in the know, while Sebi wants more investors to use technology, it also wants the industry to have robust systems in place to ensure that investors do not have any unpleasant experience.

Sources suggest that Sebi has asked Amfi to promote direct plans as part of its investor awareness programmes. These plans allow investors to bypass distributors and save on commission. Investors can save 80-100 basis points (bps) in direct equity plans vis-a-vis the regular equity ones.

Mobile payments company Paytm, which is all set to start its mutual fund operations next week, is targeting 20 million customers to buy and sell mutual funds on its platform in the next three years.


-       Amfi recommends use of cancelled cheque or ‘penny-drop’ to ensure a bank account is genuine

-       In absence of biometric verification, it recommends two-factor authentication

-       Tells AMCs to take prior consent of investors on dislosure of ‘sensitive personal data or information’ to any third party

Business Standard is now on Telegram.
For insightful reports and views on business, markets, politics and other issues, subscribe to our official Telegram channel