SEBI Proposes Major Overhaul of Tech and Cyber Security Rules for Exchanges

The Securities and Exchange Board of India (SEBI) has unveiled a strategic proposal to revamp the technology and cybersecurity framework governing India's market infrastructure institutions (MIIs). This comprehensive overhaul aims to streamline complex regulations, eliminate redundant rules, and fortify the digital resilience of stock exchanges, clearing corporations, and depositories.

Consolidating Regulations for Greater Clarity

A central pillar of SEBI's proposal is the simplification of the existing regulatory landscape. The regulator intends to merge various scattered circulars and master circulars into a single, consolidated framework. This new structure will govern critical areas such as annual system audits, cybersecurity, business continuity planning, disaster recovery, and capacity planning.

By aligning legacy rules with the existing Cyber Security and Cyber Resilience Framework (CSCRF), SEBI aims to remove outdated provisions that currently overlap. Specific requirements regarding cyber crisis management plans, data encryption, vulnerability assessments, and security operations centres are slated for consolidation to ensure there is no regulatory duplication.

Enhancing Flexibility in Co-location and Algo Trading

In a significant move to improve the "ease of doing business," SEBI is looking to reform exchange co-location facilities. Currently, certain mandates may restrict the choice of service providers; however, the new proposal suggests allowing vendors to provide either hardware or software services independently, rather than forcing end-to-end solutions. This shift is expected to offer trading members greater flexibility, increased choice, and ultimately, lower operational costs.

Furthermore, the regulator seeks to rationalise the rules surrounding algorithmic trading. The proposal suggests bringing together disparate rules regarding algorithm tagging, software testing, and order-to-trade ratio penalties under one unified section, providing clearer guidelines for market participants using automated trading systems.

Strengthening Capacity Planning and Uniformity

To safeguard the market against technical glitches and surges in volume, SEBI has proposed harmonised capacity planning protocols across all MIIs. Under the revised guidelines:

  • Exchanges and Clearing Corporations: Must take immediate action if the utilization of any IT component exceeds 75% of its installed capacity.
  • Depositories: Must intervene if utilization remains above the 75% threshold for 15 consecutive days on a rolling basis.

Additionally, the regulator plans to bridge the gap between different market segments by merging the technology provisions for commodity derivatives exchanges with those for equity exchanges. This creates a uniform regulatory environment across the entire securities market.

Key Takeaways

  • Regulatory Simplification: SEBI aims to merge multiple circulars into a single framework to eliminate overlaps and reduce complexity for MIIs.
  • Operational Flexibility: Proposed changes in co-location services will allow for decoupled hardware and software vendors, lowering costs for trading members.
  • Robust Capacity Monitoring: New thresholds mandate immediate action when IT component utilization crosses the 75% mark to ensure market stability.