NSE whistleblower’s 4th letter alleges rigging of currency market; manipulation at NSE
The whistleblower, whose letter was first published by Moneylife, leading to a massive investigation into the National Stock Exchange (NSE) has written a fourth letter addressed to the SEBI (Securities and Exchange Board of India) chairman, which alleges that many of the problems identified by him remain unaddressed despite the apparently sweeping investigation. 
 
The whistle-blower has also alleged rigging in the rupee-dollar trading that gives an unfair advantage to some companies based overseas, and cautioned the problem could spread to the commodities markets. He also says that the National Stock Exchange (NSE) has much more to do to prevent manipulation in stock markets and make trading systems more transparent and fair.
 
It may be recalled that the whistleblower (who calls himself Ken Fong) had copied his first letter to Moneylife leading to the NSE filing a Rs100 crore defamation against this publication, which was subsequently withdrawn, with the exchange paying a fine of Rs50 lakhs levied by the court. He followed up with two more letters, the last of which was addressed to this writer. This fourth letter, dated 14 February 2017, which forms a part of the second round of show cause notices issued by SEBI to was addressed to Ajay Tyagi, when he was with the Ministry of Finance.
 
The detailed, 12-page letter claims that many of the problems remain. The irregularities at the NSE and in some cases, the Bombay Stock Exchange, and the methods used to go around the systems. He has highlighted `various transgressions', alleging the lapses are because of negligence of the exchanges, and in some cases their unwillingness to function in a more transparent manner. While the letter has made several allegations and named specific names, we have decided to publish it because it forms a part of SEBI’s detailed show cause notice to NSE officials. Moneylife is publishing a series of articles based on these notices including feedback from the private companies, exchanges and brokerages involved. We will also update this article with any comments or feedback we receive from them. A copy of the letter is available below. 
 
The whistleblower makes eight key points this time. They are… 
 
1. That old problems remain on the size has changed from milliseconds to micro seconds — but unfairness remains. In this section he alleges that exchanges are still dragging their feet over transparency measures and provides complex technical details to make his case. 
 
2. Lack of control over market abusive practices such as spoofing and flashing orders: The whistleblower alleges that exchanges pay lip service to this objective but have not done enough. His charge is that preventing order modification is not enough, order cancellation is also a problem. In this case, the whistleblower has issues with how both national exchanges the NSE and the Bombay Stock Exchange (BSE) have handled the issue despite time-stamped data being available for audit. 
 
3. Exchanges create policy and commercial impediments to prevent equity across firms alleges the whistleblower. In this section, he alleges that both exchanges have a ‘comfort zone’ with select firms who support their policy initiatives and new products. This section raises issues with how BSE is allegedly creating ‘non-commercial impediments’ while NSE introduced ad hoc ‘volume discounts’ for short periods  and tweaks the criteria to benefit some firms instead of having a clear, transparent policy. 
 
4. Access to USD_INR feeds prohibited in India is enjoyed by select firms via global links.  There are some serious charges here and the whistle blower alleges that certain global firms like Tower Capital have benefitted from access to US data. The whistleblower had made these allegations in the third letter addressed to this writer, which is also a part of the show cause notice.
 
5. Inter exchange colocation links continue to be tweaked illegally. In this section the whistleblower makes another serious charge that although official billing for the collocation links are through official vendors, the actual networks continued to be owned by unlicensed vendors. The basis of the allegation is explained in detail. 
 
6. Transgressions at commodities exchanges continue even as options are about to be introduced, claims the whistleblower. In this, he goes on to what was happening at the controversial MCX before SEBI’s investigation and the change in management. 
 
7. NSE is burying the dark fibre issue claims the whistleblower, however the new set of show cause notices issues by SEBI are over this issue. 
 
8. Action against entities which abused the system remains, he says. However, again, the latest show cause notices cover several brokerage firms who have been called and their testimony recorded. 
 
This article will be updated with any responses from those who are mentioned in the whistleblowers letter.
 
Here is the fourth letter from the Whistleblower…
 
Like this story? Get our top stories by email.

User

NSE Allowed Preferential Access in Currency Market Too, says E&Y Report: NSE Algo Controversy
Three member brokers of National Stock Exchange of India Ltd (NSE) got secondary server access and received maximum ticks due to lack of defined policies and procedures by the Exchange, reveals a forensic review.
 
In the audit, Ernst & Young LLP (India) or EY, also pointed out multiple logins to a single server through multiple internet protocol (IP) addresses, allowed by four member team of NSE.  
 
"Analysis of batches received by members indicated that 92% of ticks were received first by members connected on ports of secondary server. We were also informed by NSE that secondary POP was always active for members to make connections and same TBT market data feed was disseminated to all the POPs including secondary POP. Based on PDC logs we noted that secondary POP had connected to PDC on each trading day after it was operationalized in February 2012. The top three members who connected to secondary server were Adroit Financial Services Pvt Ltd (461 days), Parwati Capital Market Pvt Ltd (441 days) and IKM Investors Pvt Ltd (421 days)," EY says in the report.
 
 
EY says, "We further noted that there were 21 members who connected only to the secondary server and not to any of the primary servers on at least one of the trading days. Below is the list of top 10 members who logged in only to secondary server on at least one of the trading days."
 
 
NSE provided their members a colocation (Colo), which is a paid facility for doing Direct Market Access (DMA) and Algorithmic Trading (Algo trading) within its premises at Bandra Kurla Complex in Mumbai. NSE offers Colo services across market segments, which are Cash Market (CM), Currency Derivative (CD), Interest Rate Futures (IRF) and Futures & Options (F&O) segments. Except those mentioned in the ‘NSE Colocation Guidelines’ released on 16 April 2012, the Exchange had not defined policies and procedures around secondary server access.
 
Through this Colo service, EY says members were able to receive real time tick-by-tick (TBT) market data broadcast. Dissemination of such TBT was done through transmission control protocol/ internet protocol (TCP/IP) in NSE architecture till 30 November 2016. The same TBT data was also shared through a multicast architecture since 7 April 2014.
 
NSE had appointed EY to conduct a forensic review of certain allegations around colocation facility provided by NSE in the currency derivatives and interest rate futures segments. EY reviewed TCP/IP tick-by-tick architecture, available process and policy documents, emails and electronic documents of relevant employees and relevant logs of dissemination servers that were operational from 1 January 2010 to 31 December 2015 at NSE. It submitted its report on 3 November 2017 to NSE Board. Later it held discussions with Securities and Exchange Board of India (SEBI)'s Technical Advisory Committee (TAC), which led to certain additional checks. EY completed the work and submitted its report on 18 May 2018. 
 
At NSE, there were three point-of-presence (POP) servers, including secondary with two ports each and consequently six independent dissemination queues. A member would need to be first on all the six ports across three POPs to be disseminated all the batches first on that trading day.
 
"Based on analysis of timestamp of batches received by member IPs, it was noted that around 28% to 55% and about 75% to 98% of batches were received first by members who had logged in first on respective ports of primary server and secondary server respectively indicating that a member logging in first on a port may not receive all batches first on that port," EY says.
 
The forensic report highlights how in the absence of defined policies and load balancing process, four members from NSE were assigning member IPs to ports manually. It says, "Based on our discussions with NSE team, we were informed that it was a practice (no documented policy) to limit the number of maximum IP allocations to a port of a primary POP to 30. Such assignment of member IPs to ports was done manually by four members within the PSM IICS team. We were also informed that a dynamic load balancing process was not implemented which would have distributed load evenly across the ports based on the number of connections made on each trading day."
 
"There was no randomisation implemented on the ports. Further, there was no dynamic load balancing to evenly distribute the member connections across all available ports on each trading day. On account of the above weaknesses, NSE’s TCP/IP TBT architecture may have caused ticks to be disseminated earlier to members who logged in ahead of others and members who logged on less loaded server/port. However, a member would need to be logged in first on all the six ports (across three POPs) to be disseminated all the ticks first on that trading day. There was no member who logged in first on all six ports on any trading day," the Report says.
 
Based on the information shared by the Exchange, EY says, it appears that on four trading days in 2012 (4 May 2012, 18 May 2012, 7 June 2012 and 8 June 2012), NSE monitored connections to secondary server (for CD/IRF segment) and also communicated to members that they should not be connecting without intimation by exchange and later also termed such connections as an ‘offense’. "During discussions, NSE informed us that such limited monitoring on secondary server connections in 2012 was carried out at the time of TBT infrastructure migration to colocation datacentre and till the operations were stabilised. Further, NSE informed us that they did not monitor secondary server connections after 2012," it says.
 
The forensic audit also found out how members were using multiple logins to a single dissemination server through multiple IPs. It says, "Based on the TBT IP allotment process as explained by NSE, there was no restriction based on any policy or procedure on a member to avail multiple TBT IPs. Similarly, multiple TBT IPs of a member could have been configured on the same port of the same dissemination server. Such configurations were done manually by a four member team of production support and management (PSM) IICS team based on the number of connections made on the ports of the primary server on that trading day."
 
Based on the review of login logs, EY says it observed that there were 36 members out of 58 members since operationalisation of secondary server, who had accessed both the primary servers (POP11 and POP13) at least once. Out of remaining 22 members who accessed either of the primary servers, 15 members had only one TBT IP.
 
"While no member logged in first and second and third on all the ports, there were 48 members out of 59 members who had logged in first on at least one of the trading days on either of the ports in the review period. There were four members, who had logged in first, second and third on one of the six ports on at least one trading day. Adroit Financial Services had logged in first and second and third on same port for 43 days (4% of the review period), which is maximum for a member," the review says.
 
"However," EY says, "three members, Parwati Capital Market, Adroit Financial Services and Mansukh Securities & Finance Ltd logged in first on either of the ports for more than a quarter of the review period or for more than 275 days out of total 1,103 trading days."
 
The main reason for this, according to the forensic review, is lack of randomisation in TCP/IP TBT architecture at NSE. “Our review of the available source code of the Primary Data Centre (PDC) and POP and discussions with NSE personnel indicates that randomisation was not implemented. In the absence of a randomizer, dissemination on each port of a TBT server was sequential based on login time of a member,” EY says in its report. 
 
 
Like this story? Get our top stories by email.

User

COMMENTS

tanay

3 months ago

What is the inference of this report? Does it mean that the only problem is that random load distribution to servers was not implemented, and there is no player who got undue advantage since no one was able to connect to all 6 ports across 3 POP's??

Probe ordered against management of MSEI; Moneylife reported the story in May
The Securities and Exchange Board of India (SEBI) has ordered an inquiry into allegations of mismanagement, flouting of rules and siphoning of funds against the management of Metropolitan Stock Exchange of India Ltd (MSEI), Parliament was told on Friday.
 
In a written reply to a question, Minister of State for Finance Pon Radhakrishnan told the Lok Sabha that the government as well as the SEBI, the regulator for securities market in India, had received complaints from two whistleblowers about irregularities and fraud at MSEI. 
 
"The complaints have been examined in detail by SEBI and as an interim measure, directions have been issued to the governing board of MSEI, inter alia, to constitute a Committee of Public Interest Directors (PIDs) to examine all the allegations levelled by whistleblowers against the management of MSEI," he said.
 
Radhakrishnan added that based on the recommendations of the committee, SEBI will take suitable action against the entities and persons found to be involved in the malpractices.
 
In their complaints, the two whistleblowers levelled allegations against officials of the Exchange, including the Managing Director and CEO, regarding mismanagement, flouting of rules and laws, personnel-related issues, and siphoning and misappropriation of funds. 
 
"MSEI has engaged the services of forensic auditor for the purpose of examination, including assessing the actual magnitude of fraud. Allegations against brokers are (being) separately looked into," the Minister said. 
 
"Further, the MD and CEO of MSEI has been directed to proceed on an indefinite leave to ensure fair and uninterrupted examination of the charges levelled in the complaints of the whistleblowers," he added.
 
Earlier in May 2018, Moneylife had published allegations from some employee shareholders of MSEI. They had alleged the youngest and the third national level stock Exchange had used member's fund for its working capital requirements and other activities, which was pointed out in an audit report. (Read: Employee shareholders turn whistleblower over irregularities in Metropolitan Stock Exchange; Exchange denies allegations)

The Exchange, however, has refuted all allegations made by the whistleblowers. In an email to Moneylife, MSEI had said, "It has come to our attention that a handful of people have been trying to malign the image of the exchange by making baseless allegations and malicious statements against the Board of Directors, Management, Auditors and key people at MSEI. We strongly refute these baseless allegations and have initiated appropriate legal action against the suspected perpetrators."

User

COMMENTS

HD Motiramani

3 months ago

Diversion of funds for operations is a common practice in India.

We are listening!

Solve the equation and enter in the Captcha field.
  Loading...
Close

To continue


Please
Sign Up or Sign In
with

Email
Close

To continue


Please
Sign Up or Sign In
with

Email

BUY NOW

online financial advisory
Pathbreakers
Pathbreakers 1 & Pathbreakers 2 contain deep insights, unknown facts and captivating events in the life of 51 top achievers, in their own words.
online financia advisory
The Scam
24 Year Of The Scam: The Perennial Bestseller, reads like a Thriller!
Moneylife Online Magazine
Fiercely independent and pro-consumer information on personal finance
financial magazines online
Stockletters in 3 Flavours
Outstanding research that beats mutual funds year after year
financial magazines in india
MAS: Complete Online Financial Advisory
(Includes Moneylife Online Magazine)