The Pension Fund Regulatory Development Authority (PFRDA) has formulated a draft risk management framework for the National Pension System (NPS) to plug loopholes and further strengthen its security. It has sought feedback from all stakeholders, including subscribers, the general public, and the central recordkeeping agencies (CRAs) by January 1, 2024, to finalize the proposal.

CRAs are registered under Section 27 of the PFRDA Act, 2013 to perform functions of recordkeeping, accounting, administration, and customer services for subscribers.

As provided under regulation 26(2) (c) of CRA Regulations, PFRDA looks into CRA’s inspection and audit system and whether they have adequate internal control mechanisms and safeguards to prevent any possible security lapse. CRAs play a critical role in NPS as all the information among the various participants and the data storage are vested in them.

The draft guidelines are to ensure CRAs render high service standards, exercise due diligence, provide proper care in their operations, and protect the interests of subscribers. Warning that any service disruption or issues concerning the system’s integrity will put the entire NPS architecture at risk, PFRDA said the draft risk-management guidelines will enable CRAs to refine their internal security measures before implementing them.

In its December 11 circular, PFRDA said CRAs will review and further develop the security guidelines and submit them to the authority within 60 days after the CRA board duly approves the framework. After that, the PFRDA board will review the policy periodically.

PFRDA noted that the risk management framework provides CRAs “guidance on the approach to managing risk in the NPS ecosystem so that the risks associated with the functioning of CRAs do not result in any deficiencies in service to customers, disruption or any issues affecting the integrity of recordkeeping, accounting, administration functions of the CRAs”.

The risk management framework, it said, will encompass all the registered CRAs, their employees, agents and risks that the CRA systems and their administration may be exposed to.

It sought feedback from all stakeholders, including CRAs, on the draft proposal on “Risk Management Framework for Central Recordkeeping Agencies (CRAs)” by January 1, 2024.

One can access the draft proposal on www.pfrda.org.in in the “Exposure Draft Section” under the regulatory framework menu. The remarks may be provided in the format: name, entity, and contact details (email & mobile number) with comments to sup-cra1@pfrda.org.in, with the subject line “feedback on proposed risk management framework for CRAs”.