February 10, 2023
To keep abreast with the changing capital market dynamics including technological advancements, high
investor penetration and to mitigate risk having potential of widespread impact on the market on any potential failure of Stock Brokers handling large number of clients funds and assets, SEBI, vide Gazette
Notification dated January 17, 2023, amended the SEBI (Stock Broker) Regulations, 1992 for designating
certain stockbrokers, as Qualified Stock Brokers (QSBs).
Thereby, SEBI, on February 6. 2023 issued circular no. SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2023/24 enumerating the details of such parameters which shall be considered for designating a stockbroker as QSB, enhanced obligations and responsibilities which shall be cast on such QSBs and guidelines on enhanced monitoring of QSBs which shall be carried out by Market Infrastructure Institutions (MIIs), the same are discussed in brief herein below:
Initial Parameters & Procedure for Designating a stockbroker as QSB:
a. Initially following parameters shall be considered for
i. the total number of active clients of the stockbroker.
ii. the available total assets of clients with the stockbroker.
iii. the trading volumes of the stockbroker (excluding the proprietary trading); and
iv. the end of day margin obligations of all clients of a stock broker (excluding the proprietary margin obligation in all segments)
a. Basis the aforesaid parameters, each stockbroker, individual score for a particular parameter shall
be calculated by dividing the individual parameter by the aggregate of the respective parameter summed across all stockbrokers. For example: A stockbroker’s count of active clients will be divided by the aggregate count of active clients of all stockbrokers and similarly individual scores shall be
calculated for other parameters as well.
b. Then, total score shall be calculated by adding individual score of all the parameters.
c. For calculating the scores for a particular financial year, parameters as on December 31st of such
financial year shall be considered.
d. The first list of QSBs will be prepared on the basis of parameters as on December 31, 2022.
Enhanced Obligations For QSB
Governance Structure
a. QSBs shall have committees of the Board of Directors (BoD) or analogous body such as:
Audit Committee (for listed QSBs),
Nomination and Remuneration Committee,
Risk Management Committee,
Information Technology (IT) Committee,
Cybersecurity Committee, and any other committee as mandated by SEBI.
b. The CFO or analogous person shall submit to the audit committee details in respect of
Financial status of the entity
Disclosure of any related party transactions
Inter-corporate loans and investments
Internal financial controls and risk management systems
Compliance with listing and other legal requirements relating to financial statements.
Adherence to regulatory provisions
c. QSBs shall, before appointing directors, KMPs, and other employees shall consult the Nomination
and Remuneration Committee.
d. QSBs seek inputs from various committees such as risk management committee and cybersecurity committee while framing policies relating to respective areas to establish a robust cyber security framework and augmenting IT infrastructure and scalability of operations.
e. QSBs shall submit an annual report to the stock exchanges regarding the observations of the committees of BOD or analogous body, subject to any corrective actions taken by QSB.
Risk Management Policy and Processes
a. QSBs shall devise a clear and well-document risk management policy encompassing the following:
List of all relevant risks which may have to be borne by the QSBs like risks associated with KYC and account opening, operational risk like faulty systems, technology risks and general risks.
Such risk management policy shall address the root cause of the risks and try to prevent recurrence. It should enable early identification and prevention of the risk as well.
Risk management policy should assess the likely impact of a probable event on various aspects of functioning of QSBs.
Such policy shall assign accountability and responsibility of Key Managerial Personnel in the organization.
b. Surveillance of Client Behaviour
The risk management framework shall have measures for carrying out surveillance of client behaviour through analysing the pattern of trading done by clients, detection of any unusual activity being done by such clients, reporting the same to stock exchanges and taking necessary measures to prevent any kind of fraudulent activity in the market in terms of the regulatory requirements prescribed by SEBI and MIIs.
c. Ensuring integrity of operations
Adequate human resources, systems, and processes for seamless running of operations.
Regular training to employees in matters related to activities being handled by them.
CXO level officer shall be designated as responsible for managing key risks i.e., Chief Compliance Officer (responsible for all regulatory compliance related activities), Chief Information Security Officer (responsible for all cyber security related activities), Chief Risk Officer (responsible for overall risk management associated with functioning of the QSB).
QSBs shall employ sufficient tools to automate processes of risk management.
Review of the risk management policy on a half-yearly basis by the QSB. A report shall be submitted by the Risk Management Committee of the QSB to the Stock Exchange.
The BoD/senior management shall view any recurrence of a particular incident seriously andtake prompt and appropriate action including fixation of accountability.
d. Scalable infrastructure and appropriate technical capacity
The QSBs shall put in place a policy framework, approved by its IT committee, for upgradation of infrastructure and technology from time to time to ensure smooth functioning and scalability for always delivering services to investors. Such framework should be reviewed on half-yearly basis.
QSBs shall, always, maintain adequate technical capacity to process 2 times the peak transaction load encountered during the preceding half year and shall also fulfil all other requirements as specified by SEBI/MIIs from time to time, in this regard.
e. Framework for orderly winding down
A wind-down framework shall be put in place to ensure continuity of services to the clients in case of closure of business by the QSB.
It should ascertain seamless portability of its clients to other SEBI registered stockbrokers while protecting the funds and securities of such clients.
Providing all necessary support to the clients to ensure a smooth and secure transfer process.
Providing adequate notice to the clients before winding down of the operations after taking approval of the stock exchanges.
Preventing any significant impact on the market and inconvenience to the investors.
f. Robust Cybersecurity framework & processes
QSBs shall have additional features in their cyber security framework which would be commensurate with the amount of data handled by them.
Review by the Committee: The cyber security committee of the QSB shall review the framework on half-yearly basis and review the instances of cyber-attacks, if any, and take steps to strengthen the cyber security framework of the QSB.
QSBs shall have a dedicated team of security analysts, which may include domain experts in the field of cyber security and resilience, network security and data security who shall carry out the necessary activities as notified by SEBI.
Such team shall submit a quarterly report to the BoD of QSB on such activities carried out by them along with details of cybersecurity incidents which occurred, and which were prevented from occurring.
Such a team shall report to CISO as prescribed.
The QSB should have well-defined and documented processes for monitoring of its systems and networks, analysis of cyber security threats and potential intrusions / security incidents, usage of appropriate technology tools, classification of threats and attacks, escalation hierarchy of incidents, response to threats and breaches, and reporting of the incidents.
Vulnerability Assessment and Penetration Testing (VAPT)
a. Continuous assessment of threat landscape on half-yearly basis, conduct vulnerability assessment
to detect security vulnerabilities in their IT environments exposed to internet.
b. QSB shall also carry out penetration tests on half-yearly basis, to conduct an in-depth evaluation of
the security posture of the system as prescribed.
Business Continuity Plan
a. Comprehensive Business Continuity Plan to be put and reviewed every half-year.
b. QSB shall develop and document mechanisms and standard operating procedures to recover from the cyber-attacks within the stipulated Recovery Time Objective (RTO) of the QSB.
c. The CISO of the QSB shall review the implementation of the BCP and SOP on DR on monthly basis
and submit a report to the board of QSBs.
d. All the provisions applicable to specified stockbrokers (as stated in SEBI circular SEBI/HO/MIRSD/TPD-1/P/CIR/2022/160 dated November 25, 2022 regarding Framework to address the ‘technical glitches’ in Stock Brokers’ Electronic Trading Systems) shall also be applicable to the QSBs.
Periodic Audit
a. QSBs shall arrange to have their systems audited on half-yearly basis by a CERT-IN empanelled auditor
to check compliance with the above-mentioned requirements related to cyber security and other circulars of SEBI on cybersecurity and technical glitches, to the extent they are relevant to them and shall submit the report to stock exchanges along with the comments of the cybersecurity committee within one month of completion of the half year.
Investor Services including Online Complaint Redressal Mechanism
a. QSBs must have investor service centres in all cities where they have branches.
b. QSBs shall have online capabilities for engaging with clients and clearly defined procedures.
c. The complaints redressal mechanism should be investor friendly and convenient. The same should have capabilities of being retrieved easily by the complainant online through complaint reference number, e-mail id, mobile no. etc.
Enhanced Monitoring of QSBs
a. QSBs shall be subjected to enhanced monitoring and surveillance including additional submissions to be made to MIIs/SEBI, as and when sought.
b. Stock Exchanges, in consultation with SEBI, shall carry out annual inspection of QSBs and communicate the findings of such inspection along with action taken report to SEBI.
c. In case of any deviation/violation observed, Stock Exchanges shall take necessary steps to ensure that the same is corrected by QSBs including initiating disciplinary action, wherever found necessary, in accordance with the relevant regulatory provisions/byelaws.
The provisions of this circular shall come into effect from July 01, 2023
Conclusion
The Capital Markets in India is witnessing increased inflow of capital from domestic as well as foreign participants. The concentration of investor wealth with some large stock brokers makes the market vulnerable
to potential risk which may arise due to failure or disruption in the functioning of any of these large Stock
Broker and can impact the whole market and the economy. Thus SEBI has taken a step in right direction
requiring Stock Brokers with high concentration of funds and market share to have enhanced obligations,
governance & monitoring and robust security systems. The System is only newly introduced and will develop
over time. The framework may be extended to more brokers in due course. Also, the newly introduced
Regulatory Updaterequirements will be challenging for the stock brokers to implement but will be beneficial for the market as
well as all its participants in the longer run.
Transique Corporate Advisors
Disclaimer:
The information contained in this note is provided for informational purpose only and is not intended to substitute for professional
advice. The author expressly disclaim any financial or other responsibility arising due to any action taken by any person on basis of
this note.