News Business Disclose names of those behind systems breach in 2012, fix responsibility: SEBI to NSE

Disclose names of those behind systems breach in 2012, fix responsibility: SEBI to NSE

SEBI has asked NSE to fix responsibility for the systems breach on its trading servers that had happened for 18 months starting December 2012.

NSE systems were compromised for 18 months starting December 2012 Image Source : REPRESENTATIVE IMAGENSE systems were compromised for 18 months starting December 2012

The Securities and Exchange Board of India (SEBI) has asked the National Stock Exchange (NSE) to fix responsibility for the systems breach on its trading servers that had happened for 18 months starting December 2012 and wants the bourse to name those who were responsible for this breach that led to substantial illegal profits for a select few brokers. 

The regulator also wants NSE to disgorge all the profits made by brokers during the breach and take appropriate remedial actions, a report by the Economic Times said, citing sources. 

NSE had disclosed in its IPO prospectus filed last week that a system audit by consulting firm Deloitte had found that its trading system was compromised, which allowed certain brokers to get preferential treatment over all others. 

The audit found that some of the employees of NSE had helped these brokers gain preferential access to the trading system. 

The audit was conducted on orders from SEBI, after the bourse initially denied the reports and even filed a defamation case against Moneylife magazine for reporting the issue. 

"We are not satisfied with the response given by NSE. We are going to ask them to fix responsibility for the breach of system," a SEBI official told the ET.   

"We want to see them fixing responsibility on individuals," the official added. 

The SEBI had asked the exchange to appoint an independent auditor to look into the breach and present its finding after it received a letter from a whistleblower in early 2015 alleging that some brokers had manipulated NSE's trading system for illegal gains. 

The bourse then roped in Deloitte to examine its systems and place its report by December 31, 2016.  

However, NSE declined to disclose the names of its employees who were named in the Deloitte report and also if it has already fixed responsibility.  

Under SEBI rules, a company going public is not authorised to communicate anything that is not in the IPO prospectus. The Deloitte report has not found a place in the IPO prospectus.  

The audit found that between December 10, 2012 and May 30, 2014, market data was disseminated in a manner that allowed the broker who connected first to the server to receive market data before the broker who connected later. 

"Different stock brokers were treated differently and there was no uniform approach applied across stock brokers when NSE was allocating new IPs across ports on its servers and also moving the members from one server to another," the Deloitte report said.  

"Ticks were disseminated faster to members connected to less crowded servers, thereby giving an advantage to such stock brokers," the report said.

Latest Business News