SEBI vide its Circular dated 6th February, 2023 came out with parameters for qualified stock brokers (QSBs), who handle a large number of clients’ funds and trading volumes. Certain stock brokers handle a very large number of clients’ funds and trading volumes. Possible failure of such brokers has the potential to cause widespread impact on investors and reputational damage to the securities market. To mitigate this risk, Sebi would designate stock brokers as QSBs based on certain parameters such as the total number of active clients of the stock broker, available total assets of clients with the stock broker, trading volumes of the stock broker and the end of day margin obligations of all clients of a stock broker.
Further, circular details the parameters which shall be considered for designating a stock broker as QSB, enhanced obligations and responsibilities which shall be cast on such QSBs and guidelines on enhanced monitoring of QSBs which shall be carried out by Market Infrastructure Institutions (MIIs).
| Parameters for designating a stock broker as QSB: Initially, the following parameters shall be considered for designating a stock broker as QSB: the total number of active clients of the stock broker; the available total assets of clients with the stock broker;the trading volumes of the stock broker (excluding the proprietary trading volume of the stock broker); andthe end of day margin obligations of all clients of a stock broker (excluding the proprietary margin obligation of the stock broker in all segments). Procedure for assigning score to a stock broker: For each stock broker, an individual score for a particular parameter would be calculated by dividing the individual parameter by the aggregate of the respective parameter summed across all stock brokers– stock broker’s count of active clients will be divided by the aggregate count of active clients of all stock brokers and similarly, individual scores would be calculated for other parameters as well. Then, the total score would be calculated by adding individual scores of all the parameters. For calculating the scores for a particular financial year, parameters as on December 31 of such a financial year would be considered. Identification of QSBs: Initially, stock brokers with a total score greater than or equal to five based on the parameters would be identified as QSBs. The scores would be calculated on an annual basis and the revised list of QSBs would be released jointly by stock exchanges, in consultation with Sebi. The QSBs, which no longer belong to the revised list, will continue to comply with the enhanced obligations and responsibilities, for an additional period of three financial years. Enhanced obligations and responsibilities for QSBs: Governance structure and processes With regard to governance structure and processes, SEBI said that the board of directors of QSBs would exercise oversight over incidents having an impact on functioning of the QSB in the securities market and investor protection including data security breaches that can affect investor data. Further, QSBs are required to have committees of the board of directors such as audit committee, nomination and remuneration committee, risk management committee, information technology (IT) committee and cybersecurity committee. Risk Management Policy and Processes QSBs are required to devise a clear and a well-documented risk management policy. In addition, it has listed out relevant risks which may have to be borne by the QSBs such as risks which can arise during KYC and account opening process ; operational risks such as faulty systems which can cause erroneous execution of orders from clients’ account; technology risks such as technical glitches and cyberattacks; and general risks like fraud risk, credit risk, market risk and risk due to outsourcing of activities. Surveillance of client behaviour: With regard to enhanced monitoring of QSBs, SEBI said that QSBs would be subjected to enhanced monitoring and surveillance including additional submissions to be made to MIIs or Sebi, as and when sought. Ensuring Integrity of Operations: QSBs shall maintain adequate human resources, systems, processes and procedures for seamless running of operations and protection of investor data. A CXO level officer shall be designated as responsible for managing key risks, i.e., Chief Compliance Officer (responsible for all regulatory compliance related activities), Chief Information Security Officer (responsible for all cyber security related activities), Chief Risk Officer (responsible for overall risk management associated with functioning of the QSB). The risk management policy shall be reviewed on half yearly basis by the QSB and a report in this regard shall be submitted by the risk management committee of the QSB to the stock exchange. Scalable infrastructure and appropriate technical capacity: The QSBs shall put in place a policy framework, approved by its IT committee, for upgradation of infrastructure and technology and maintain adequate technical capacity to process 2 times the peak transaction load encountered during the preceding half year. Framework for orderly winding down: QSB would have to put in place a framework for orderly wind down of its business to ensure continuity of services to its clients in case of closure of business by the QSB due to its inability to provide services to its clients or meet the prescribed regulatory requirements. Robust cyber security framework and processes: SEBI, has specified the framework on cybersecurity and cyber resilience to be followed by all stock brokers. The cyber security committee of the QSB shall review the framework on half-yearly basis and review the instances of cyber-attacks, if any, and take steps to strengthen the cyber security framework of the QSB. The QSBs shall have a dedicated team of security analysts, which may include domain experts in the field of cyber security and resilience, network security and data security which shall carry out the following activities: Prevention of cyber security, Monitoring, detection and analysis of potential intrusions/security incidents in real time, Operating network defence technologies, Conducting cyber-attack simulation on quarterly basis, Conducting awareness and training programs for its employees with regard to cyber security and situational awareness on quarterly basis, Prevention of attacks similar to those already faced. Such dedicated team shall submit a quarterly report to the BoD of QSB, on above mentioned activities carried out by them and shall report to Chief Information Security Officer (CISO) of the QSB. Vulnerability Assessment and Penetration Testing (VAPT): QSBs shall carry out continuous assessment of the threat landscape faced by them and also carry out penetration tests on half-yearly basis Business Continuity Plan: Business Continuity Plan policy shall be reviewed on half-yearly basis to minimize the incidents affecting the business continuity. Periodic Audit: QSBs shall arrange to have their systems audited on half-yearly basis by a CERT-IN empanelled auditor to check compliance related to cyber security and other circulars of SEBI on cybersecurity and technical glitches and shall submit the report to stock exchanges along with the comments of the cybersecurity committee within one month of completion of the half year. Investor Services including online complaint redressal mechanism: QSBs must have investor service centers in all cities where they have branches and complaints redressal mechanism should be investor friendly and convenient. Enhanced Monitoring of QSBs: QSBs shall be subjected to enhanced monitoring and surveillance and shall carry out annual inspection of QSBs Any deviation/violation shall be corrected by QSBs including initiating disciplinary action. |
This Circular is applicable to all Recognized Stock Exchanges, Clearing Corporations, Depositories, Registered Stock Brokers through Recognized Stock Exchanges and shall come into force from 1st July, 2023.
About the Author
