NewKerala.com

SEBI to Issue Advisory on Cyber Vulnerabilities: Chairman Tuhin Kanta Pandey

SEBI Chairman Tuhin Kanta Pandey announced an upcoming advisory for market players to identify and mitigate cyber vulnerabilities, particularly regarding the "Mythos" threat. He highlighted that CKYC 2.0, a unified KYC system, is expected to launch by July 2026. Pandey also reaffirmed guardrails limiting retail exposure to illiquid Alternative Investment Funds (AIFs). On commodity derivatives, he noted that IRDAI and RBI currently oppose bank and insurance participation, citing long-term commitment concerns.

Key Points: SEBI Advisory on Cyber Threats & Market Vulnerabilities

  • SEBI to issue advisory on cybersecurity vulnerabilities for market players
  • CKYC 2.0 "One KYC" system expected by July 2026
  • Private credit guardrails limit retail exposure to AIFs
  • SEBI, IRDAI, RBI differ on bank-insurance participation in commodity derivatives
2 min read

SEBI to issue advisory for market players on vulnerabilities: Tuhin Kanta Pandey

SEBI Chairman Tuhin Kanta Pandey announces advisory on cyber vulnerabilities, CKYC 2.0 launch in July, and private credit guardrails at IMC Capital Market Conference 2026.

"It's important for market players to use whatever tools they have to proactively find vulnerabilities themselves and patch them. - Tuhin Kanta Pandey"

Mumbai, May 4

Securities and Exchange Board of India Chairman, Tuhin Kanta Pandey, stated on Monday that SEBI will soon issue an advisory outlining how market players should remain alert to vulnerabilities and play a proactive role in mitigation.

He also advised market participants to utilise available tools to proactively identify vulnerabilities and combat cyber threats.

Speaking to the media on the sidelines of the IMC Capital Market Conference 2026 regarding "Mythos", likely referring to a specific cybersecurity threat or software vulnerability, Pandey said, "We have engaged with all stakeholders on this, and shortly we are going to issue an advisory in terms of how they should be alert to the vulnerabilities that may exist and play a proactive role. As you know, Mythos is only available to a very few entities, it's not widely available, but nevertheless, it presents grave risks."

He added, "It's important for market players to use whatever tools they have to proactively find vulnerabilities themselves and patch them."

The SEBI Chairman also addressed concerns regarding the domestic private credit sector.

When asked about the steps SEBI is taking, Pandey noted, "Regarding private credit, we have already established guardrails. We do not allow retail exposure to Alternative Investment Funds (AIFs) because we have a minimum commitment requirement. Secondly, even for accredited investors, there must be a minimum threshold. We do not allow general retail participation in AIFs precisely because of their illiquid nature. Whenever there is a liquidity crisis, this could lead to significant problems."

The Chairman shared details regarding the launch of CKYC 2.0, expected by the end of July this year. The initiative aims to create a "One KYC" (Know Your Customer) system across all financial institutions.

He clarified that two versions would be launched. "According to the information I have, CERSAI (Central Registry of Securitisation Asset Reconstruction and Security Interest of India) is looking into this. The C-KYC technology portal they are preparing will likely be substantially completed by July."

When asked if SEBI would re-engage with other regulators regarding guardrails, considering that the IRDAI (Insurance Regulatory and Development Authority of India) and the RBI (Reserve Bank of India) are currently not in favor of banks and insurance companies participating in commodity derivatives, he replied:

"We engaged with them, and they had their rationale that, at this moment, they don't feel it is the right time or the right thing... because insurance is a long-term commitment."

- ANI

Share this article:

Reader Comments

M
Michael C
Interesting that they're calling out this "Mythos" vulnerability specifically. But I wonder how many market players actually know about it—sounds like a niche threat. The real issue is the basic hygiene: outdated systems, weak passwords, untrained staff. SEBI should focus on that first, rather than exotic threats.
P
Priya S
Finally some clarity on AIFs! Retail investors already burn their fingers chasing high returns without understanding illiquidity risk. SEBI's guardrails make sense. But the real test will be when there's a major liquidity crunch—let's hope these rules hold up. Also, CKYC 2.0 by July? Hope it's truly seamless across all institutions! ☺️
D
David E
Private credit is a growing asset class globally, and India needs to balance innovation with caution. SEBI's approach of limiting retail exposure is sensible, but the accredited investor threshold should be reviewed periodically—₹1 crore minimum commitment might be too low for truly sophisticated investors in a few years.
R
Rohit P
The commodity derivatives issue is a classic Indian regulatory tangle—RBI and IRDAI saying no, SEBI asking why. Insurance companies have long-term liabilities, so hedging with commodity derivatives makes sense, no? But I guess each regulator has its own turf. 🤷‍♂️ Hope they resolve this soon—Indian commodity markets need more depth.
N
Neha E
One small critique: SEBI is always proactive on advisories and regulations, but what about enforcement? We've seen enough data breaches in financial services where penalties were negligible. Advisory ke saath saath, strict action bhi hona chahiye. Otherwise it's

We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.

Leave a Comment

Minimum 50 characters 0/50