Investment in government sector NPS to become safer

The Pension Fund Regulatory and Development Authority (PFRDA) has released an advisory on how government sector employees can safely invest in the National Pension System (NPS). In its advisory, Digital Safety Practices for Government Nodal Offices Under NPS Architecture Advisory, 2024, issued on March 27, 2024, PFRDA said that this advisory shall apply to nodal offices of central and state governments (including autonomous bodies under it) for their functions under the architecture of the NPS.

“This advisory is in addition to the Cybersecurity and other related guidelines issued by MHA/MEITY and Cert-In and in no way reduces the liability of the officer for any omission or commission in the discharge of their duties,” said PFRDA in the circular.

Here’s how PFRDA’s digital safety advisory aims at making NPS transactions safer online for government sector employees.

Onboarding of subscribers

As per the advisory, while digitisation and uploading of documents on the CRA system, the information as per the Subscriber Registration form and supporting KYC details, as provided by the subscriber are to be verified with the supporting officially valid documents (OVDs) and the information available in the service records of the employee. The stepwise instructions of the CRA system are to be followed by the user while processing NPS-related activities/transactions in the CRA system without deviation, along with proper due diligence/certification before submission/approval in the CRA system.

Subscriber Maintenance Activities

While digitisation and uploading on the CRA system, any request for update/change in nomination, subscriber profile, such as name change, change in address, change in mobile number, choice for provident fund (PF) & Investments, Bank account detail, including Re-KYC are to be processed and approved along with digital authentication (such as Aadhaar Authentication) as per the request received from the subscriber after due verification with the required supporting document as per norms. Delayed and incorrect processing for update/change requests may have legal/financial implications.

Exit and withdrawals/claims of NPS

While executing the exit/withdrawal request on the CRA system, the information provided by the subscriber/claimant is to be verified with the supporting documents and the information available in the service records of the employee. The instructions of the CRA system are to be followed by the user while processing exit/withdrawals/claims requests of the subscriber/claimants without any deviation, along with proper due diligence/certification with digital authentication (such as Aadhaar Authentication) before submission/approval in the CRA system.

Other measures

  • Implementing two-factor authentication (2FA) for accessing the CRA system. 2FA adds an extra layer of security beyond passwords, typically requiring users to provide a secondary piece of information, such as a code sent to their mobile device. This facility may be implemented and adhered to without deviation.
  • Regular security training sessions can help reinforce security best practices and ensure that employees remain vigilant against evolving threats.
  • Penetration Testing and Vulnerability Assessments: Nodal office to conduct regular penetration testing or vulnerability assessments to proactively identify and address security weaknesses.
  • Clear protocols should be established for reporting and mitigating data breaches to minimise their impact or security incidences.

Also read: New NPS rule from April 1: How to do two-factor Aadhaar authentication to log into National Pension System account.


New NPS from April 1, 2024

PFRDA has improved the security of the National Pension System (NPS) by implementing a new security layer, two-factor Aadhaar based authentication. This process of authentication would be required for all password based users logging into the CRA system from April 1, 2024.

William Murphy

Related post