Introduction: SEBI’s recent circular, SEBI/HO/MRD/TPD/P/CIR/2023/192, emphasizes the need for robust Business Continuity in Clearing Corporations (CCs). This article delves into the details of the circular, specifically focusing on the innovative use of the Software as a Service (SaaS) model to fortify the Business Continuity framework, with a special emphasis on Risk Management Systems (RMS).
Detailed Analysis:
1. Background and Rationale: The circular highlights the existing guidelines for Business Continuity Planning (BCP) and Disaster Recovery Site (DRS) for Market Infrastructure Institutions (MIIs) under SEBI Master Circulars. While DRS is effective for disasters, the limitations for major software malfunctions are acknowledged.
2. Strengthening Business Continuity: To address major software malfunctions, SEBI proposes the utilization of the SaaS model, starting with an additional tool for Business Continuity in the case of issues with Risk Management Systems (RMS) of CCs. The interoperability arrangement between CCs is leveraged for increased standardization.
3. SaaS Model for RMS: The proposed SaaS model involves each CC designing a system (SaaS-RMS) using the RMS-related software components of another CC. This creates a client-service provider relationship, ensuring continuity in online real-time risk management.
4. Responsibilities and Operations: The client CC is responsible for risk management functions, including intraday risk management, margin computation, and member interface. The service provider CC’s role is to provide functioning software for RMS and associated processes.
5. Implementation Timeline: The circular outlines specific timelines for CCs to decide to shift operations to SaaS RMS, activate allied activities, and conduct mock sessions. These timelines aim to ensure a swift and effective transition in case of disruptions.
6. Redundancy Model and Directives: SaaS-RMS is positioned as a redundancy model within the Business Continuity framework. Directives are given for CCs and Exchanges to enter into agreements, prepare Standard Operating Procedures, and enhance existing Interoperability Agreements.
Conclusion: SEBI’s proactive approach to enhancing Business Continuity in Clearing Corporations through the SaaS model is a commendable step toward ensuring the resilience of the securities market. The circular’s directives and timelines provide a clear roadmap for CCs and Exchanges to implement this innovative solution, further safeguarding investor interests and promoting a robust regulatory environment.
This detailed analysis underscores the significance of SEBI’s circular, outlining the strategic use of SaaS in addressing potential disruptions in Clearing Corporations’ Risk Management Systems. As financial markets evolve, such forward-thinking measures become crucial to maintaining the integrity and continuity of operations.
Securities and Exchange Board of India
Circular No. SEBI/HO/MRD/TPD/P/CI R/2023/192
Dated: December 20, 2023
To
All Stock Exchanges
All Clearing Corporations
(Except Commodity Derivatives Exchanges and Clearing Corporations)
Sir/Madam,
Business Continuity for Clearing Corporations through Software as a Service (SaaS) Model
1. Clause 9 of Chapter 2 of SEBI Master Circular dated October 16, 2023 for Stock Exchanges and Clearing Corporations as well as Clause 4.31 of Section 4 of SEBI Master Circular dated October 06, 2023 for Depositories provide guidelines for Business Continuity Planning (BCP) and Disaster Recovery Site (DRS) for Market Infrastructure Institutions (MIIs). While DRS is meant to ensure Business Continuity of the MIIs in case of any disaster, it may have limited utility for any major malfunction of software, as software deployed at Primary Site as well as at DRS remains identical.
2. In order to strengthen the Business Continuity framework of MIIs particularly from the perspective of handling major software malfunction, discussions were held with MIIs and it was decided that in the first phase, systems would be designed to provide additional tool for business continuity in case of issues with Risk Management Systems (RMS) of CCs. The existing interoperability arrangement between CCs, mentioned in Clause 4 of Chapter 6 of SEBI Master Circular dated October 16, 2023 for Stock Exchanges and Clearing Corporations and which resulted in increased standardization between CCs, may be leveraged to achieve this objective.
3. RMS is classified as a critical system of CC and plays an important role in ensuring smooth and uninterrupted functioning of the securities market by carrying out online real time risk management of trades happening on stock exchanges. Non-availability of RMS poses a major risk to the continuity of trading on stock exchanges. In order to further manage disruptions impacting availability of RMS, it is proposed to have another contingency measure in place under Software as a Service (SaaS) model. The framework in the first phase would operate for existing interoperable segments of CCs (Cash Market, Equity Derivatives Segment, Currency Derivatives) as follows:
Outline of SaaS model for RMS:
4. Each CC shall design a system to run its RMS related operations, to risk manage trades for its clearing members, using the RMS related software components of another CC. This instance would be called SaaS-RMS. For instance, when NCL designs SaaS-RMS using software of ICCL, NCL would be considered as client CC and ICCL would be considered as service provider
5. The arrangement between Client CC and Service Provider CC, in the context of design of SaaS-RMS shall be as below:
i. The SaaS-RMS instance would be designed to accept the trade data from exchanges; online collateral, positions etc. from the CC(s) and depository data as required from depositories. The client CC would carry out all the functions related to online real time risk management at the SaaS-RMS. This would ensure that if the SaaS-RMS is invoked by client CC, it would be in a ready state to take over operations.
ii. Responsibility of service provider CC would be to provide the functioning software for RMS and that for other associated processes to the client Beyond that, it would be responsibility of the client CC to operate SaaS-RMS in normal course and on the day it is invoked. Further, client CC would put in place systems to detect latency/performance issue of SaaS-RMS to flag off such anomalies to the concerned MII(s).
iii. Each CC shall also make necessary arrangements for members to login to SaaS-RMS through a portal and view/add collateral and its utilization etc. in case SaaS-RMS is invoked by CC.
iv. As the key purpose of the exercise is to ensure ability to risk manage trades, all the functions pertaining to risk management/collateral shall be made available by the client CC in the SaaS-RMS i.e.:
a. Intraday risk management of trades
b. Real time computation of margins and member utilization
c. Violation intimation to Exchanges
d. Response to Exchanges for orders of members in RRM
e. Online Custodial Participant Modifications / CP confirmations
f. Collateral addition by members
g. Receipt of Margin pledge / re-pledge data
h. Sending Margin pledge / re-pledge data
i. Member interface for Margin display, Custodial confirmations and Collateral addition/ allocation un-allocation
j. Handling of Early Pay-In (EPI) instructions
6. The following schematic diagram illustrates the functioning of SaaS-RMS involving exchanges, CCs and CMs:
Fig1: Schematic outline of SaaS Model
7. For the purpose of illustration, the aforesaid schematic diagram considers two CCs and two exchanges wherein:
a. In normal conditions, all the RMS related activities are replicated online by both CCs in the SaaS-RMS. CMs connect to CCs through normal web interface for collateral, positions related query, updates etc.
b. Due to certain issues / malfunctioning, once CC-A decides to invoke SaaSRMS viz. designed using RMS software of CC-B, the RMS functioning to resume by CC-A through SaaS-RMS within the timelines stipulated in the instant circular.
c. CMs of CC-A to login and operate through a separate interface provided by CC-A.
8. The aforesaid mechanism has been discussed with Technical Advisory Committee of SEBI and CCs have implemented a working model of SaaS-RMS. On the basis of test runs carried out by CCs, following timelines are stipulated:
a. A CC to take decision to shift operations to SaaS-RMS within 30 minutes of occurrence of its inability to do online real time risk management of trades at its site of functioning.
b. Within 30 minutes of the above, all allied activities such as sending violation messages to exchanges, intimating details of portal to interact with SaaS-RMS to the Clearing Members etc. to be activated through SaaS-RMS.
c. Mock session of SaaS-RMS to be carried out at least once in a quarter to familiarize and train members.
9. SaaS-RMS would be considered as a redundancy model for the CCs as part of the business continuity framework. CCs and Exchanges are therefore directed to implement the following within 30 days of the Circular:
a. To enter into an agreement laying down the roles and responsibilities of each of the entities (i.e. exchange, CCs, depositories etc.) with regard to functioning of SaaS-RMS as envisaged
b. To prepare Standard Operating Procedures covering various operational issues and edge cases related to functioning of SaaS-RMS
c. To enhance existing Interoperability Agreement to clearly demarcate roles and responsibilities of exchanges and CCs in detecting and addressing scenarios causing delay in sending/receiving the transactions data from exchanges to CCs in real time
10. The Stock Exchange, CCs and Depositories are also directed to:
a. Take necessary steps to put in place requisite infrastructure and systems for implementation of the circular, including necessary amendments to the relevant bye-laws, rules and regulations;
b. Bring the provisions of this circular to the notice of their members and also disseminate the same on its website; and
c. Communicate to SEBI, the status of implementation of the provisions of this circular.
11. Considering the above, Stock exchange and CCs are advised to submit their revised Business Continuity Policy to SEBI within two months from the date of this circular.
12. The circular would be effective immediately and is being issued in exercise of powers conferred under Section 11 (1) of the Securities and Exchange Board of India Act, 1992 to protect the interests of investors in securities and to promote the development of, and to regulate the securities market.
Yours faithfully,
Ansuman Dev Pradhan
Deputy General Manager
Technology, Process Re-engineering, Data Analytics
Market Regulation Department
+91-22-26449622 Email: [email protected]
