The Security and Exchange Board of India (Sebi) has issued a framework for stock exchanges and brokers to deal with incidents of malfunction in trading systems, amid rising concerns of technical glitches and cyber security threats.
Under the new framework, any malfunction that causes a slowdown in or variance from normal operations for five minutes or more will have to be reported within an hour of occurrence.
Stock brokers have been directed to submit a preliminary incident report within a day following the incident, mentioning the details and immediate action taken to rectify it, while a root cause analysis report will have to be submitted within 14 days to the stock exchanges.
Also Read : Demonetisation: Can’t put the clock back, govt tells Supreme Court
These malfunctions could be on account of inadequate infrastructure, cyber attacks, procedural errors or process failures, noted Sebi.
The capital market regulator has directed stock brokers with a minimum client base to follow business continuity planning (BCP) and disaster recovery site (DRS) in the event of any disaster. They will have to set up responsible teams and resources for shifting operations to DRS.
The minimum client base for stock brokers will be specified by the exchanges from time to time.
Specified stock brokers will have to conduct drills or live trading from DRS for at least one full trading day. However, the frequency of this drill will be declared later.
Stock exchanges will also, after consultation with brokers, declare the maximum time taken to restore operations and the maximum tolerable period for which data might be lost due to a major incident.
“Primary Data Centre (PDC) and DRS shall be separated from each other by a distance of at least 250 kilometers to ensure that both of them do not get affected by the same natural disaster,” Sebi said.
Stock exchanges have been directed to put a structure of financial disincentives applicable to stock brokers for technical glitches and non-compliance of the provisions.
Root cause analysis reports and such incidents will have to be mentioned on the exchanges’ website.
The market regulator has asked the exchanges to maintain a dedicated cell for monitoring such incidents and to inform brokers about breach of any key parameter. The logs of the key parameters will have to be preserved for 30 days in normal course, while in the event of a technical glitch the data will have to be maintained for two years.
To remain abreast with technological developments, stock brokers have been asked to periodically update their systems, servers and firewalls along with following regular testing of the softwares.
With a rising investor base, stock brokers have also been asked to do capacity planning for the entire trading infrastructure including server capacities, network availability, and the serving capacity of trading applications. The capacity for stock brokers will have to be 1.5 times the highest peak load during a quarter.