SEBI Guidelines on Cyber Security for Stock Brokers & Sub-brokers

SEBI & Cyber Security

Most of us, particularly those who invest in securities, are familiar with stock markets, mutual funds and the investments within here. It is now very important to have someone who can regulate the securities market and relate to it for matters. The Securities and Exchange Board (SEBI) is the one responsible for all of this. On 12 April 1992, SEBI was established in accordance with the provisions of the 1992 Securities & Exchange Board Act of India.

In the last decade, cyber-attacks have hit the entire globe very hard. The primary reason behind that is the evolution of hackers by the time that is far ahead and beyond the existing levels of security used by online merchants. Hence, the SEBI realized a significant need for strict cybersecurity guidelines for brokers who are major game changers in securities investments.

SEBI Guidelines for Stock-brokers & Sub-brokers on Cyber Security

As per SEBI- The stockbroker and sub-broker shall be bound by all SEBI rules and regulations and relevant notifications from time to time issued by the government. Some of SEBI’s main highlights for cyber-safety brokers are given below:

  • The stockbroker shall ensure that all ECNs (Electronic Communication) sent via e-mail are digitally signed, encrypted, non-tamperable and in accordance with the IT Act, 2000 provisions. In case ECN is sent as an attachment via e-mail, the attached file must also be secured with digital signature, encrypted and non-tamper capable form, to enable large numbers of digital signatures, today the market is flooded with Document Signing Software, which relieves the burden of signing bulk documents.
  • It will be the duty of the stockbroker to hold a backup of all the ECN in a soft and non-tamperable manner in accordance with the enforcement provisions of the IT Act, 2000 and the rules / regulations / guidelines provided by SEBI from time to time. Under the existing SEBI / stock exchange regulations, the log report generated by the system at the time of sending the contract notes shall be maintained by the stockbroker for the period specified. The log report will serve as a repository for emails which are not sent or bounced back to the client.
  • Where the ECNs have not been delivered to the customer or have been rejected by the customer’s e-mail ID, the stock broker shall send the customer a physical contract note within the time prescribed by the existing SEBI / stock exchange regulations and maintain the proof of delivery of such physical contract notes.
  • A stockbroker is eligible to provide online trading (IBT) and securities trading using wireless technology that includes the use of devices such as mobile phones, data card laptops, etc. that use Internet Protocol ( IP). The stockbroker shall fulfill all internet-based trading / securities trading requirements using wireless technology as may be specified from time to time by SEBI & the Exchanges.
  • The broker shall notify the customer of the features, risks, responsibilities, obligations and liabilities associated with securities trading through wireless technology / internet / smart order routing, or any other technology the stockbroker should notify the customer.

The Action course much-needed

India will continue to face cyber threats which are increasingly sophisticated and destructive. Cyber-attacks use tactics and methods to help offenders avoid detection with that sophistication, and this has led the government to identify cybersecurity as a “strategic area” and to formulate plans for expanding international cooperation. Some of the key future initiatives to take to further strengthen our cybersecurity maturity level at national level are as follows:

  • Cyber threat intelligence center
  • Cyber workforce development
  • R&D product development
  • Security standards, Frameworks & Audit

Cyber criminals have modernized their techniques to take advantage of the gap between digital technology being adopted and effective security checks being implemented. There are ever-changing and evolving technologies that bring new conveniences and capabilities to individuals and companies, but they also give criminals new tools and outlets for committing their crimes. The best defense against a fraud or malware attack is to be prepared in advance.