Sebi plans cyber security framework for stock market

Likely to be put in place by this year-end

The Securities and Exchange Board of India (Sebi) is working on a multi-level cyber security framework for the stock market, covering bourses, depositories and intermediaries.

Exchange data show internet-based trading, including mobile and algo-trading, accounts for nearly 36 per cent of all trades in the equity markets, up from about 25 per cent a year ago. A senior Sebi official said the regulator wanted to frame the regulations before online trading becomes even more popular than it is now. With the growing popularity of the online medium and increasing demand for handheld devices, the number of online-based clients is expected to move up. The official said they had much to learn from the experience of the banking world, which has so far been successful in dealing with this threat of cyber attacks.

"Unlike the banking world, we have different intermediaries like brokerages, depositories and exchanges; all of which deal with securities but fulfil a different role. We cannot have the same set of rules guiding each of them and will have to treat each one of them differently," the official said on condition of anonymity.

Sources said Sebi is looking at separate cyber security guidelines for stock exchanges, depositories and securities firms. These guidelines could be out by the end of the year, they said.

Brokerages have already started increasing their expenditure on cyber security to combat the menace of cyber attacks. According to industry estimates, the total expenditure on cyber security has doubled to 20 per cent, or in some cases even 30 per cent, of the total technology spend of brokerages. Large brokerages, such as Edelweiss, Kotak, Geojit BNP Paribas Financial Services, Angel Broking and ICICI Securities, among others, are some of the financial services firms, which have seen an increase in their cyber security spends.

"Hackers are always one step ahead and we have to be prepared. The vulnerability of the systems has increased but the focus on cyber security has always been there," said Yagnesh Parikh, chief technology officer, ICICI Securities.

"The issue with cyber-security is it is constantly evolving and growing. So, technology spend is also accordingly increasing. These days most products that are created for our customers have a basic security system," said Vinay Agrawal of Angel Broking.

Sebi Chairman U K Sinha has also said incidences of cyber attacks in the securities world are growing and emphasised the need for a framework of rules and regulations to counter such attacks.

"These attacks are getting more sophisticated and the vulnerability of securities markets is increasing. Across the world, securities markets are very vulnerable to such attacks," he said.

Malware threats, threats posed by passwords saved in the browser memory, virus-related problems and phishing or duplication of the securities firms' websites are some major issues that technology teams at brokerage firms have to deal with it. But sectoral officials are concerned that many of these threats go unreported because of lack of information. "Many a times, these cyber attacks are not reported by clients because they are unaware of the existence of such problems. To counter that, we need to have a comprehensive information-sharing platform where we can report such instances of cyber security breach anonymously," said Kamlesh Rao, chief executive officer, Kotak Securities at a cyber security seminar.

Kalpana Maniar, president and chief information officer of Edelweiss, also said the expenditure on technology-protection was on the rise and the focus was on the returns made on such investment by the firm.

"The conversation is more ROI-based now where such expenditure is being made accountable. The conversations and engagement with the technology risk committee is also increasing with third-party technology audits now being made mandatory," she said.

Third-party technology audit of exchanges and depositories was made compulsory by the regulator in November 2013. Consequently, exchanges were asked to keep track of brokerages system audits on a quarterly basis.
CONTROLLING THE CYBER MENACE

• Sebi mulling framework for combating cyber security threats
• Regulations separate for stock exchanges, depositories and securities firms
• Rise in online trades trigger need for cyber security concerns, Sebi said
• Online trading now 36% of all trades, up from 25% last year
• Cyber security spends by brokerages also on the rise to about 1/3rd of all technology spend
• Increase reported by firms like Edelweiss, Geojit BNP Paribas, Kotak, Angel Broking, ICICI Securities