New framework to address cyber security threats
Amid rising concerns of technical glitches and cyber security threats, the Security and Exchange Board of India (Sebi) has issued a framework for stock exchanges and brokers to deal with incidents of malfunction in the systems.
Under the new framework, any malfunction resulting in slowing down or variance in normal operations for five minutes or more will have to be reported within an hour of the occurrence.
Stock brokers have been directed to submit a preliminary incident report within a day following the incident, mentioning the details and the immediate action taken to rectify it while a root cause analysis report will have to be submitted to the respective stock exchange within 14 days.
These malfunctions could be on the account of inadequate infrastructure, cyber-attacks, procedural errors or process failures, Sebi noted.
The capital markets regulator has mandated stock brokers, with a minimum client base, to establish business continuity planning (BCP) and disaster recovery site (DRS) to be followed in the event of any disaster. They will have to constitute responsible teams and resources for shifting operations to DRS.
The minimum client base for stock brokers will be specified form the exchanges time to time.
Specified stock brokers will have to conduct drills or live trading from DRS for at least one full trading day. However, the frequency of this drill will be declared later.
Stock exchanges will also, after consultation with brokers, declare the maximum time taken to restore operations and the maximum tolerable period for which data might be lost due to major incidents. “Primary Data Centre (PDC) and DRS shall be separated from each other by a distance of at least 250 kilometers to ensure that both of them do not get affected by the same natural disaster,” said Sebi.
Stock exchanges have been directed to put a structure of financial disincentives applicable to stock brokers for technical glitches and noncompliance of the provisions. The root cause analysis reports and such incidents will have to be mentioned on the exchanges’ website.
The market watchdog has asked stock exchanges to maintain dedicated cell for monitoring of such incidents and to intimate brokers about breach of any key parameter.