NPS regulator Pension Fund Regulatory and Development Authority (PFRDA) has recently released an advisory on how the National Pension System investments can be safely done by government sector employees. PFRDA, under its new advisory, Digital Safety Practices for Government Nodal Offices Under NPS Architecture Advisory, 2024, has said that the new norms shall be applicable for nodal offices of central and state governments (including autonomous bodies under it) under the architecture of the NPS.
“This advisory is in addition to the Cybersecurity and other related guidelines issued by MHA/MEITY and Cert-In and in no way reduces the liability of the officer for any omission or commission in the discharge of their duties,” said PFRDA in the circular issued on March 27, 2024.
Top 4 things PFRDA aims to do
1. New subscribers
The PFRDA advisory says while digitisation and uploading of documents on the CRA system, the information as per the Subscriber Registration form and supporting KYC details, as provided by the subscriber, will be to be verified with the supporting officially valid documents (OVDs). Besides, it will be also be verified with the information available in the service records of the employee.
The NPS investor will have to follow the stepwise instructions of the CRA system while processing NPS-related activities/transactions in the CRA system without deviation, along with proper due diligence/certification before submission/approval in the CRA system.
2. Updating information
As per the advisory, any request for update/change in nomination, subscriber profile, like name, change in address, change in mobile number, choice for provident fund (PF) & Investments, Bank account details, re-KYC, has to be processed and approved along with digital authentication (such as Aadhaar Authentication) as per the request received from the subscriber.
If not done or delayed or inputs are incorrect, all these will have legal/financial implications.
3. Withdrawals and claims
While executing the exit/withdrawal request on the CRA system, the information provided by the subscriber/claimant is to be verified with the supporting documents and the information available in the service records of the employee. The instructions of the CRA system are to be followed by the user while processing exit/withdrawals/claims requests of the subscriber/claimants without any deviation. This has to be done along with proper due diligence/certification with digital authentication (such as Aadhaar Authentication) before submission/approval in the CRA system.
4. Two-factor authentication
PFRDA has also said that it will implement two-factor authentication (2FA) for accessing the CRA system. The new security layer in the NPS will come into effect from April 1 and will be mandatory for all password-based users logging into the CRA system. This facility may be implemented and adhered to without deviation.
PFRDA said, “To enhance the security measures in accessing the CRA system and safeguard the interests of subscribers and stakeholders, it has been decided to bring in additional security features through Aadhaar-based authentication for login to the CRA system.”
“The Aadhaar-based login authentication will be integrated with the current user ID and password-based login process so as to make the CRA system accessible through 2 Factor Authentication,” the notification explained.