Sebi asks exchanges to keep constant vigil on cyber threats

Regulator Sebi today said it will undertake a comprehensive review of technology and systems at all market institutions including stock exchanges to safeguard the marketplace from cyber threats and technical glitches.
At a meeting held against the backdrop of the recent case of technical glitch at leading bourse NSE, due to which trading had to be halted for over three hours on July 10, Sebi chief Ajay Tyagi also asked the exchanges and other institutions to keep a constant vigil on cyber threats globally and take lessons to put in place necessary safeguards.
As for the technical glitch, the NSE informed the regulator that based on internal assessment, processes are being strengthened to further reduce the response time for recovery and also adoption of automated processes.

"It was emphasised that there should be prompt and diligent reporting of any technical issues, including cyber attacks, to relevant agencies including CERT-In and Sebi," the regulator said in a statement after the meeting.
Sebi emphasised that the MIIs (Market Infrastructure Institutions) should have well laid out change management and standard operating procedures that should encompass all areas related to technology and operations.
"MIIs were advised to have a collaborative approach in dealing with technological challenges, including cyber threats," the Securities and Exchange Board of India (Sebi) said.

Besides the stock exchanges, major MIIs include depositories and clearing corporations.
During the meeting, Sebi stressed on the importance of the need for sharing information on instances of technology- related disruptions, cyber threats and attacks among MIIs so as to enhance their situational awareness.

The meeting assumes significance in the wake of the recent glitch at the NSE and also a spate of suspected cyber attack cases globally, including in India. Recently, a slew of dreaded ransomware attacks like WannaCry and Petya had impacted the computer systems worldwide.
"Sebi shall also undertake a comprehensive review of the technology and systems deployed at MIIs through its Technical Advisory Committee," the regulator said.
During the meeting, MIIs confirmed that the comprehensive framework for cyber security and system audit prescribed by Sebi is modelled on international best practices and is being followed.
The meeting was convened by Sebi with stock exchanges, clearing corporations and depositories operating in the domestic market and GIFT IFSC in order to assess their preparedness on areas related to cyber security, technology and systems upgradations as well as business continuity plans.

The meeting was chaired by the Sebi chairman and attended by chiefs of MIIs and their CTOs/CISOs.
The National Stock Exchange (NSE) recently submitted its report on the technical glitch to Sebi.
Earlier, NSE's internal technical team and external vendors had examined the matter to analyse and identify the cause that led to the issue and suggest solutions to prevent repeat of such instances.
The regulator had sought a detailed report from the NSE on the matter and had asked the exchange to have a review of their 'Business Continuity Plans'.