| Framework ‘Technical glitches’ in Stock Brokers’Electronic Trading Systems

All Registered Stock Brokers

Rapid changes in technology have made it easier to trade stocks electronically on the stock market. Technology-related risks include interruptions and problems with technology (technical glitches) and how they affect investors’ ability to trade. Because there are more and more of these kinds of problems, SEBI set up a working group to come up with ways to solve the problem. Based on what the working group said and what stakeholders and industry experts said, it was decided to set up the following framework to deal with technical glitches that happen in stock brokers’ trading systems.

What is a technical glitch?
Technical glitch means any problem with a stock broker’s systems, including problems with its hardware, software, networks, processes, or any electronic products or services it offers. The problem could be caused by insufficient infrastructure or systems, cyber-attacks or incidents, procedural errors and omissions, process failures, or something else. It could happen in their own systems or the ones they get from third parties. This could stop, slow down, or change the normal functions, operations, or services of the stock broker’s systems for five minutes or more.

Needs for Reporting

Stock brokers must tell the stock exchanges about a technical glitch as soon as possible, but no later than one hour after the glitch happened.

Within T+1 days of an incident, stock brokers must send the Exchange a Preliminary Incident Report (T being the date of the incident). The report must include the date and time of the incident, as well as details about what happened, what happened because of it, and what was done right away to fix the problem.

Within 14 days of the date of the problem, stock brokers must send the stock exchange a Root Cause Analysis (RCA) Report (as per Annexure I) of the problem.

The RCA report that stock brokers send in must include, among other things, the time of the incident, the cause of the technical glitch (including the root cause from the vendor(s), if applicable), the duration, a timeline of events, an analysis of the impact and details of corrective/preventive actions taken (or to be taken), the restoration of operations, etc.

Stock brokers must send the information listed in paragraphs 3.1, 3.2, and 3.3 to infotechglitch@nse.co.in, which is a common email address for all stock exchanges.

All technical problems that stock brokers report and that stock exchanges monitor on their own will be looked at by the stock exchanges together with the report/RCA, and the right steps will be taken.

Planning for capacity

As the number of investors grows, the trading system of the stock broker may become more difficult to use. For stock brokers to continue to serve their clients, they must plan for their capacity needs. Stock brokers must do capacity planning for the whole trading infrastructure, which includes server capacities, network availability, and the number of trading applications that can be served at the same time.

Stock brokers must keep an eye on the peak load of their trading applications, servers, and network architecture. The highest peak load seen by the stock broker during a calendar quarter will be used to figure out the peak load. At least 1.5 times (1.5x) the peak load must be added to the system.

Stock brokers must set up the right monitoring tools in their networks and systems so they can be notified quickly if the current use of capacity goes over the allowed limit of 70% of its installed capacity.

So that services don’t stop at the main data centre, stock brokers that the stock exchange specifies from time to time (from now on, “specified stock brokers”) must try to have full redundancy in their IT systems for trading applications and services related to trading.

Stock exchanges should put out clear rules about how often they should look at their available capacity, their peak load, and how much new capacity they need to handle future load on the system.

Management of software updates and testing

Because of the frequency with which software is updated or changed, stock brokers must verify that any and all modifications to their applications have been thoroughly tested before being deployed to live systems. If proper testing is not done after making changes to software, the modifications might break the product’s functionality. Therefore, stock brokers must use the following methodology for making and testing software-related system changes:

Brokers in the stock market are obligated to set up test driven environments for every software they or their suppliers build. The software development, deployment, and operations processes must include regression testing, security testing, and unit testing.

Certain stock brokers are required to do their software testing in a fully automated setting.

When building trading software, stock brokers must maintain a traceability matrix linking features to individual tests.

Brokers must establish a change management procedure to protect their information security resources from being compromised by unapproved or unanticipated modifications (hardware, software, network, etc.).

Stock brokers must ensure that their servers, operating systems, databases, middleware, network devices, firewalls, IDS / IPS desktops, and any other assets are kept up-to-date with the latest security patches and versions at all times.

The stock exchanges must publish comprehensive rules for everything from software testing to automated testing to a change management approach and regular asset updates.

Methods of surveillance:

One method for minimising the effects of technological problems is to keep an eye out for them on your own own. In this regard, the stock exchange is obligated to develop an API-based Logging and Monitoring Mechanism (LAMA) to be used between the stock exchange and the trading systems of certain stock brokers. For this method to work, some stock brokers will need to keep an eye on critical system and functional characteristics to guarantee that their trading platforms are always running smoothly. The stock exchanges are responsible for independently monitoring these critical metrics via the API gateway to evaluate the robustness of the trading systems of the authorised stock brokers.

In cooperation with stock brokers, stock exchanges must determine the most important metrics. These critical metrics must be tracked in real time or very close to it by stock exchanges and stock brokers that have been designated.

To keep track of the most important metrics and any technical issues that may arise with stock brokers’ trading platforms, stock exchanges must have a special monitoring unit. If any of the critical parameters tracked under LAMA are broken, the cell is also obligated to promptly notify the relevant stock broker.

In the usual sequence of events, stock exchanges and stock brokers will keep records of the most important metrics for 30 days. In the event of a technological error, however, records pertaining to that error must be kept for a full two years.

“Business Continuity Planning” or “BCP”

Planning for a disaster and a secondary location where operations may continue in the event of a major catastrophe; also known as “business continuity planning” or “BCP”

Business continuity and disaster recovery plans are required for stock brokers with a minimum number of clients across all exchanges, as may be established by stock exchanges from time to time.

Stock brokers are required to create a detailed Business Continuity Plan and Crisis Recovery Policy defining the normal operating procedures to be followed in the case of a disaster. As part of daily operations, a proper structure should be implemented to monitor the status of all vital systems. To reduce the likelihood of disruptions to operations, the BCP-DR policy document must be evaluated on a regular basis.

The DRS should ideally be installed in areas with varying levels of seismic activity. If such physical separation is not feasible for any reason, such as operational considerations, then the Primary Data Centre (PDC) and DRS must be located at least 250 kilometres apart to reduce the risk of both being destroyed by the same natural catastrophe. To guarantee data is synchronised between the main data centre and the DR site, the DR site must be accessible from the primary data centre.

During DR exercises, authorised stock brokers must perform live trading from the DR location. All activities must be conducted from DRS for at least 1 full trading day during DR drills/live trading. The frequency of DR drills and live trading from the DR site must be determined by stock exchanges in conjunction with designated stock brokers.

Stock brokers should form decision-making teams responsible for making plans for transferring operations to a disaster recovery site, allocating sufficient resources to that site, and establishing a method to bring that site online in the event of a main data centre outage.

There must be a one-to-one relationship between the DRS and PDC in terms of hardware, system software, application environment, network and security devices, and related application environments. All activities at PDC or DRS must have access to sufficient resources at all times.

The Recovery Time Objective (RTO), i.e. the maximum time taken to restore operations from DRS after the declaration of Disaster, and the Recovery Point Objective (RPO), i.e. the maximum tolerable period for data loss due to a major incident, shall be determined by the stock exchanges in consultation with the stock brokers.

High availability, appropriate sizing, and no single point of failure must be guaranteed across the board, including in the replication architecture, bandwidth, and load considerations between the DRS and PDC within the specified RTO. Changes done in the PDC will show up instantly in DRS.

The stock exchanges may require some stock brokers to achieve ISO certification in the areas of information technology and information technology-enabled infrastructure and operations.

The System Auditor, in the course of performing the required yearly System Audit, will examine the BCP – DR and provide comments on the recorded findings and observations of the stock broker’s DR drills to ensure that it is ready to transition its operations from PDC to DRS.

Stock exchanges must define “critical systems” and “disaster” and give comprehensive instructions for reviewing business continuity plans, conducting disaster recovery exercises, running disaster recovery sites from primary data centres, acquiring ISO certification, and more.

The stock market must institute a system of financial penalties for stock brokers who fail to comply with the rules or who have technological difficulties with their trading platforms.

The occurrences of technical errors in stock brokers’ trading systems, as well as the RCAs conducted by stock exchanges on these errors, must be made public.

The stock exchange shall construct the mechanisms required for implementation of the requirements of this circular, and shall provide relevant guidance to the stock brokers for compliance with the provisions of this circular.

To protect the interests of investors in securities and to promote the development of, and to regulate, the securities market, the Securities and Exchange Board of India is issuing this circular in accordance with the authority granted to it by Section 11 (1) of the Securities and Exchange Board of India Act, 1992.

You may find this circular under the SEBI website’s “Legal Framework” and “Circulars” sections at www.sebi.gov.in.

The effective date of this circular is April 1, 2023.

For Understanding and implementation

Get in touch with us

Regards and Thanks

Estabizz Fintech Private Limited.

( One Place for all Stock Brokers Needs )

Framework to address the ‘technical glitches’ in Stock Brokers’ Electronic Trading Systems (SEBI Circular ) Implementation April 1, 2023

PSARA LICENSE – Estabizz Fintech

AUTHORISED PERSONS (APs) FRAMEWORK – Estabizz Fintech

GST DUES ( VOID PROPERTY TRANSFER ) -Estabizz Fintech

GST ( INSTALLMENT & RECOVERY ) – Estabizz Fintech

SEBI ( Surveillance of Transaction Alerts) – Estabizz Fintech

RESERVE BANK OF INDIA (Rules for payment companies outsourcing core activities) -Estabizz Fintech

RESERVE BANK OF INDIA( Guidelines for Appointment of Statutory Auditors of Banks, NBFCs) -Estabizz Fintech

RESERVE BANK OF INDIA ( Deadline for Current Account Notification) – Estabizz Fintech

RESERVE BANK OF INDIA ( Treatment of Inactive Trading account) -Estabizz Fintech

SEBI revises financial info filing formats for entities having listed non-convertible securities

SEBI notifies certification requirements for distributors, staff of portfolio management services

SEBI extends relaxations for compliance with rights issues.

SEBI extends relaxations for compliance with rights issues

SEBI extends deadline for investment advisers to conduct annual compliance audit

SEBI board okays steps to make M&As easier

SEBI proposes to revise settlement rules

SEBI approves framework for creating Social Stock Exchange

Scope of ED’s power to freeze bank accounts under Prevention of Money Laundering Act, 2002

Framework for Supervision of Authorised Persons (APs) & Branches by Members

NBFC REGISTRATION PROCESS

WHAT IS CYBER SECURITY AUDIT AND HOW IT IS HELPFUL FOR YOUR BUSINESS?

Annual Compliance for Private Limited Company

LLP Annual Compliance

FSSAI License Renewal

Maximizing Tax Savings from Stock Market Losses

Decline in Retail Investor Base for Adani Group Firms

Binance Pioneers Framework for Cryptocurrency Compliance and Advocates Responsible Digital Asset Usage

A Comprehensive Guide to Calculating and Maximising Input Tax Credit with a GST Calculator

SEBI Enhances Position Limits for Trading Members in Index F&O Contracts

The Intriguing Journey of Manoj Bhargava: From Monastic Life to Billionaire Philanthropist and Alleged Tax Evader

Indigo Ventures Receives SEBI Approval for Venture Capital Fund

Comprehensive Overview of Credit Card Insurance Options

Growing AI Use: The Dual Edges of Innovation and Financial Stability Risks

Maternity Insurance in India: Essential Insights for Expectant Parents

Company

services

Website Visitors