SEBI releases cyber security framework for brokers, depositories
Mumbai, The Securities and Exchange Board of India (SEBI) on Monday came out with a cyber security framework for stock brokers and depositories.
The guidelines would come into force on April 1, 2019, SEBI said in a circular.
"As part of the operational risk management framework to manage risk to systems, networks and databases from cyber attacks and threats, stock brokers/depository participants should formulate a comprehensive cyber security and cyber resilience policy document encompassing the framework," the circular said.
In case of deviations from the suggested framework, reasons for such deviations, technical or otherwise, should be provided in the policy document, it added.
As per the guidelines, stock brokers or depository participants should designate a senior official or management personnel whose function would be to assess and identify cyber security risks, respond to incidents, establish appropriate standards and controls.
The board or proprietors of the stock brokers or depository participants would have to constitute an internal "technology committee" comprising experts, which would, on a half-yearly basis review the implementation of the cyber security and cyber resilience policy of the organisation.
It also said: "No person by virtue of rank or position should have any intrinsic right to access confidential data, applications, system resources or facilities."
Any access to systems, applications, networks, databases and so on, should be for a defined purpose and for a defined period, the regulator added.
"All critical systems of the stock broker/depository participant accessible over the Internet should have two-factor security (such as VPNs, Firewall controls etc)."
It mandated the brokers and depositories to ensure that records of user access to critical systems, wherever possible, are uniquely identified and logged for audit and review purposes and also ordered for storing logs in a secure location for at least two years.
The guidelines further said that physical access to the critical systems should be restricted only to authorised officials. 
For algorithmic trading facilities, SEBI ordered that adequate measures should be taken to isolate and secure the perimeter and connectivity to the servers running algorithmic trading applications.
"Critical data must be identified and encrypted in motion and at rest by using strong encryption methods," the circular said.
Disclaimer: Information, facts or opinions expressed in this news article are presented as sourced from IANS and do not reflect views of Moneylife and hence Moneylife is not responsible or liable for the same. As a source and news provider, IANS is responsible for accuracy, completeness, suitability and validity of any information in this article.
  • User

    SEBI takes steps to lower trading costs
    Capital market trading costs are likely to decrease next year under a framework for interoperability among clearing corporations (CCPs) which will be operationalised by June 1, 2019, as per new guideliens issued by regulator Securities and Exchange Board of India (Sebi) on Tuesday.
    Interoperability would permit trading entities to clear trades through a firm of their choice instead of going through the CCP owned by the stock exchange on which the trade is executed.
    As per the current practice, different stock exchanges have their own CCPs to handle trade settlements on respective exchanges.
    "Interoperability among CCPs necessitates linking of multiple clearing corporations. It allows market participants to consolidate their clearing and settlement functions at a single CCP, irrespective of the stock exchange on which the trade is executed," a Sebi circular said.
    "It is expected that the interoperability among CCPs would lead to efficient allocation of capital for the market participants, thereby saving on costs as well as provide better execution of trades."
    Following the recommendations made by the regulator-appointed expert committee, the Sebi board, in September, approved the proposal to enable interoperability among CCPs.
    Interoperability framework will be applicable to all the recognised CCPs excluding those operating in the International Financial Services Centre.
    "All the products available for trading on the stock exchanges (except commodity derivatives) shall be made available under the interoperability framework," Sebi said.
    The regulator asked stock exchanges and CCPs to "take all necessary steps to operationalise interoperability at the earliest, but not later than June 1, 2019".
    "The agreements entered into by the stock exchanges/ CCPs shall, inter alia, include system capability, inter-CCP links and CCP-trading venue link, risk management framework, monitoring of client margin/ position limits, obligation system, settlement process, surveillance systems, sharing of client data, sharing of product information, default handling process and dispute resolution process."
    In case of default by a CCP, the collateral provided by such CCP will be utilised by the non-defaulting CCP to cover losses arising from such default, the regulator said.
    Besides, in order to manage the inter-CCP exposure in the peer-to-peer link, CCPs will have to maintain sufficient collateral with each other so that any default by one CCP, in an interoperable arrangement, would be covered without financial loss to the other non-defaulting CCP, it added
    To promote transparency in the area of charges levied by the exchanges and CCPs, Sebi said the transaction charges levied need to be clearly identified and made known to the participants upfront.
    Disclaimer: Information, facts or opinions expressed in this news article are presented as sourced from IANS and do not reflect views of Moneylife and hence Moneylife is not responsible or liable for the same. As a source and news provider, IANS is responsible for accuracy, completeness, suitability and validity of any information in this article.
  • User

    Public Comments on Listing Process Using UPI Affects 'Economic Interest' of India: SEBI
    Market regulator Securities and Exchange Board of India (SEBI) says information sought under Right to Information (RTI) Act, or public comments on a discussion paper on revisiting the public issue process using unified payment interface (UPI), cannot be disclosed as it may harm the economic interest of the country. 
    Refusing to provide information asked for by Hyderabad-based Srikanth, the market regulator says, "...disclosure of such strategic and confidential information and information received in fiduciary capacity would affect and compromise the interest of the securities market in specific and may impact the economic interests of the country."
    On 10 July 2018, a proposal was placed before the primary market advisory committee (PMAC) of SEBI for deliberation in its meeting. The PMAC recommended  the  use  of  UPI with  the facility of  blocking  funds,  as  new payment mechanism for investment in initial public offerings (IPOs) and the consequent reduction of timeline from issue closure to listing from T+6 days to T+3 days.
    Based on PMAC's recommendation, a discussion paper was prepared and placed on the SEBI website on 26 July 2018 for public comments. "More than 60 comments were received from various entities including banks, merchant bankers, stock exchanges, stock brokers, investors, on various aspects of the discussion paper and are placed at Annexure-II," SEBI says in a memorandum published on its website on 1 October 2018. This memorandum is published under the SEBI board meeting held on 18 September 2018.
    However, the page for annexure II is blank with a message "this has been excised for reasons of confidentially". (see image below)
    SEBI told Srikanth, "The information sought (under the RTI) is highly confidential in nature and discloses the mind of the regulator and affects the strategic decision making of the regulator as a whole. In view of the above, the information sought by you is exempted under section 8(1)(a) and 8(1)(d) of the RTI Act. The information, which can be publicly disclosed has already been disclosed in the public domain vide board agenda for the board meeting held on 18 September 2018, which is available at the below given link 
    Interestingly, the memorandum in the SEBI board meeting, clearly says, “The public comments are broadly in agreement with the proposed change, with suggestions with respect to procedural aspects, such as, SMS / email intimation to investors for bid and block of funds, facility to view investor bid details at the time of authorising the block, which SEBI may take into consideration while implementing the proposed mechanism.”
    Srikanth, however, says, “The dangers of centralisation of data has not been studied in the context of IPO and retail investor and access to public consultation comments is essential to gauge if these were considered by the regulator before approving the change.”
    UPI is a centralised payment system with a variety of intermediaries like payment service providers (PSPs), technology partners of the bank and a private settlement and clearing agency National Payment Corp of India (NPCI) owned collectively by banks. “Any mandate approval creates a log with PSPs, bank and all such mandates are held by NPCI. It is trivial to get data on subscription rate, by calculating mandate processing instructions. This exposes retail investor sentiment measurement to a private settlements company,” he added.
    Srikanth, has now filed his first appeal. He contended that since public comments by definition are public in nature, they cannot be treated as confidential. "Transparency in regulation making is essential to measure regulatory accountability," he says.
    Over the past several years and across legal forums, usage of 'fiduciary relationship' to deny information has been ruled out. The traditional definition of a 'fiduciary' is a person who occupies a position of trust in relation to someone else, therefore requiring him to act for the latter's benefit within the scope of that relationship.
    Even Moneylife was forced to fight a hard battle with SEBI to get data on portfolio management services, which was denied by the market regulator citing fiduciary information. Our request for information on PMS under the RTI Act was repeatedly rejected until we approached the Central Information Commission (CIC).
    Chief Information Commissioner (CIC) Satyananda Mishra, in his order on 17 January 2012, stated, "By publishing such information about all Portfolio Management Services (PMS) regulated by it, SEBI would serve two objectives. One, help the investing public to access all information at one place and not have to visit 50 different websites and, two, eliminate the need for seeking such information under RTI, from time to time”. (Read: Power of RTI: CIC directs SEBI to disclose all information related to PMS)
    Explaining the concept of fiduciary, noted chartered account, trainer and author Vinod Kothari says, "It is also necessary that the principal character of the relationship is the trust placed by the provider of information in the person to whom the information is given. An equally important characteristic for the relationship to qualify as a fiduciary relationship is that the provider of information gives the information for using it for the benefit of the giver. All relationships usually have an element of trust, but all of them cannot be classified as fiduciary."
    "It is surprising and unfortunate to find that on being requisitioned, the authorities generally take the ground that the information is being held by them in a fiduciary capacity...whatever information the authorities have, it is because they have power to seek the information under the law, rules, and proceedings and not because the information provider provided the information for safe keeping," he added. (Read: Disclosure of fiduciary information under Sec 8 (1) (e) of the RTI Act: This is the true scope of the exclusion clause)


  • Like this story? Get our top stories by email.


    We are listening!

    Solve the equation and enter in the Captcha field.

    To continue

    Sign Up or Sign In


    To continue

    Sign Up or Sign In



    online financial advisory
    Pathbreakers 1 & Pathbreakers 2 contain deep insights, unknown facts and captivating events in the life of 51 top achievers, in their own words.
    online financia advisory
    The Scam
    24 Year Of The Scam: The Perennial Bestseller, reads like a Thriller!
    Moneylife Online Magazine
    Fiercely independent and pro-consumer information on personal finance
    financial magazines online
    Stockletters in 3 Flavours
    Outstanding research that beats mutual funds year after year
    financial magazines in india
    MAS: Complete Online Financial Advisory
    (Includes Moneylife Online Magazine)
    FREE: Your Complete Family Record Book
    Keep all the Personal and Financial Details of You & Your Family. In One Place So That`s Its Easy for Anyone to Find Anytime
    We promise not to share your email id with anyone