SEBI slaps Rs 5.05 cr penalty on Indian Clearing Corporation Ltd. for regulatory lapses found during audit

by


The Securities and Exchange Board of India (SEBI) has levied a fine of Rs 5.05 crore on the Indian Clearing Corporation Ltd (ICCL) for various violations. The violations included submitting the Network Audit Report to SEBI without Governing Board comments and not maintaining correct and up-to-date asset inventory, as well as incorrectly classifying mission-critical servers.

SEBI’s Quasi Judicial Authority, G Ramar, referenced the Dr. Bimal Jalan Committee’s report on ‘Review of Ownership And Governance Of Market Infrastructure Institutions (MIIs)’ from November 2010 in the order issued on February 25.

ICCL, established in 2007 as a wholly owned subsidiary of BSE Ltd, underwent an inspection by SEBI for the period of December 1, 2022, to July 31, 2023. During the inspection, non-compliance with key regulatory provisions, particularly in cybersecurity and disaster recovery, was noted. 

The main allegations include:

Failure to adhere to the Cyber Security and Cyber Resilience Framework:
ICCL neglected to maintain an up-to-date inventory of IT assets, including software assets and criticality classification.
Despite conducting the required audit, ICCL did not promptly address cyber audit observations within the specified timeframe.

Failure to meet System and Network Audit Requirements:
ICCL submitted the Network Audit Report to SEBI without input from management or the Board.
While the ICCL Board later claimed to have resolved all audit observations, SEBI discovered unresolved IT asset inventory issues.

Non-compliance with Business Continuity Plan (BCP) and Disaster Recovery (DR) Guidelines:
The configuration of primary servers (PDC) and disaster recovery servers (DRS) did not align, in violation of SEBI’s requirement for a one-to-one correspondence.

The committee report stated: “These institutions (i.e., stock exchanges, depositories and clearing corporations) are systemically important for the country’s financial development and serve as the infrastructure necessary for the securities market. These institutions are collectively referred to as Market Infrastructure Institutions (MIIs)… They are, therefore, ‘vital economic infrastructure’. The recent financial crisis has shown the importance of financial institutions to economic stability.”

The regulator asked ICCL to pay the penalty within 45 days of receiving its order. 


Leave a Comment