SECURITIES AND EXCHANGE BOARD OF INDIA
January 31, 2000
Executive Director/Managing Director All Stock Exchanges
The SEBI Board has approved the report on Internet Trading brought out by the SEBI Committee on Internet Based Trading and Services.
Internet Based trading can take place through order routing systems, which will route client orders, to exchange trading systems, for execution of trades on the existing stock exchanges. SEBI Registered Brokers can introduce the service after obtaining permission from respective Stock Exchanges. Exchanges while giving permission will be required to ensure minimum conditions specified in the report which is available on the SEBI’s web site. The salient conditions to be met are:
Application for Permission by Brokers
SEBI registered Stock Brokers interested in providing Internet based trading services will be required to apply to the respective stock exchange for a formal permission. The stock exchange should grant approval or reject the application as the case may be, and communicate its decision to the member within 30 calendar days of the date of completed application submitted to the exchange.
The stock exchange, before giving permission to brokers to start Internet based services shall ensure the fulfilment of the following minimum conditions:
The broker must have a minimum net worth of Rs.50 lacs if the broker is providing the Internet based facility on his own. However, if some brokers collectively approach a service provider for providing the internet trading facility, net worth criteria as stipulated by the stock exchange will apply. The net worth will be computed as per the SEBI circular no FITTC/DC/CIR-1/98 dated June 16, 1998.
Operational and System Requirements
Operational Integrity: The Stock Exchange must ensure that the system used by the broker has provision for security, reliability and confidentiality of data through use of encryption technology. (Basic minimum security standards are specified in following paras). The Stock Exchange must also ensure that records maintained in electronic form by the broker are not susceptible to manipulation.
System Capacity: The Stock Exchange must ensure that the brokers maintain adequate backup systems and data storage capacity. The Stock Exchange must also ensure that the brokers have adequate system capacity for handling data transfer, and arranged for alternative means of
communications in case of Internet link failure.
Qualified Personnel: The Stock Exchange must lay down the minimum qualification for personnel to ensure that the broker has suitably qualified and adequate personnel to handle communication including trading instructions as well as other back office work which is likely to increase because of higher volumes.
Written Procedures: Stock Exchange must develop uniform written procedures to handle contingency situations and for review of incoming and outgoing electronic correspondence.
Signature Verification/ Authentication: It is desirable that participants use authentication technologies. For this purpose it should be mandatory for participants to use certification agencies as and when notified by Government / SEBI. They should also clearly specify when manual signatures would be required.
Client Broker Relationship
Know Your Client: The Stock Exchange must ensure that brokers comply with all requirements of “Know Your Client” and have sufficient, verifiable information about clients, which would facilitate risk evaluation of clients.
Broker-Client Agreement: Brokers must enter into an agreement with clients spelling out all obligations and rights. This agreement should also include inter alia, the minimum service standards to be maintained by the broker for such services specified by SEBI/Exchanges for the Internet based trading from time to time.
Exchanges will prepare a model agreement for this purpose. The broker agreement with clients should not have any clause that is less stringent/contrary to the conditions stipulated in the model agreement.
Investor Information: The broker web site providing the internet based trading facility should contain information meant for investor protection such as rules and regulations affecting client broker relationship, arbitration rules, investor protection rules etc. The broker web site providing the Internet based trading facility should also provide and display prominently, hyper link to the web site/ page on the web site of the relevant stock exchange(s) displaying rules/ regulations/circulars. Ticker/quote/order book displayed on the web-site of the broker should display the time stamp as well as the source of such information against the given information.
Order/Trade Confirmation: Order/Trade confirmation should also be sent to the investor through email at client’s discretion at the time period specified by the client in addition to the other mode of display of such confirmations on real time basis on the broker web site. The investor should be allowed to specify the time interval on the web site itself within which he would like to receive this information through email. Facility for reconfirmation of orders which are larger than that specified by the member’s risk management system should be provided on the internet based system.
Handling Complaints by Investors: Exchanges should monitor complaints from investors regarding service provided by brokers to ensure a minimum level of service. Exchange should have separate cell specifically to handle Internet trading related complaints. It is desirable that exchanges should also have facility for on-line registration of complaints on their web-site.
Exchanges must ensure that brokers have a system-based control on the trading limits of clients, and exposures taken by clients. Brokers must set pre-defined limits on the exposure and turnover of each client.
The broker systems should be capable of assessing the risk of the client as soon as the order comes in. The client should be informed of acceptance/rejection of the order within a reasonable period. In case system based control rejects an order because of client having exceeded limits etc., the broker system may have a review and release facility to allow the order to pass through.
Reports on margin requirements, payment and delivery obligations, etc. should be informed to the client through the system.
Contract notes must be issued to clients as per existing regulations, within 24 hours of the trade execution.
As in the case of existing system, brokers using Internet based systems for routing client orders will not be allowed to cross trades of their clients with each other. All orders must be offered to the market for matching.
It is emphasised that in addition to the requirements mentioned above, all existing obligations of the broker as per current regulation will continue without changes. Exchanges may also like to specify more stringent standards as they may deem fit for allowing Internet based trading facilities to their brokers.
Network Security Protocols and Interface Standards
At present the Indian laws are silent on the security of Internet information. However, the draft E-Commerce Act focuses on this issue and prescribes the requirements like electronic certification, digital signatures etc. which will play an important role on the authenticity of such information gathered from the Internet. These requirements will also have to be met by Internet trading systems, as when they come into force.
The following security features are mandatory for all Internet based trading systems:
i. User id
ii. First Level password (Private code)
iii. Automatic expiry of passwords at the end of a reasonable duration. Reinitialise access on entering fresh passwords
iv. All transaction logs with proper audit facilities to be maintained in the system.
v. Secured Socket Level Security for server access through Internet
vi. Suitable Firewalls between trading set-up directly connected to an Exchange trading system and the Internet trading set-up.
The following advanced security products are advisable.
a. Microprocessor based SMART cards
b. Dynamic Password (Secure ID Tokens)
c. 64 bit/128 bit encryption **
d. Second Level password (personal information e.g. village name, birth date etc.)
**DOT policy and regulations will govern the level of encryption. Standards for Web Interfaces and Protocols
Between a Trading Web Server and Trading Client Terminals, Interfaces Standards as per recommendations of IETF (Internet Engineering Task Force) and W3C (World Wide Web
Consortium) may be adopted. E.g.: HTTP Ver 4 or above HTML Ver 4/XML. Systems Operations
a. Brokers should follow the similar logic/priorities used by the Exchange to treat client orders
b. Brokers should maintain all activities/ alerts log with audit trail facility
c. Broker Web Server should have internally generated unique numbering for all client order/trades
d. Brokers should seek permission from the Exchange before commencement of Internet trading facility after providing complete details of the features of implemented systems. e. Brokers should make periodic reporting to the Exchange as specified by the Exchange.
Exchanges are requested to make necessary arrangements for early approval of the Internet trading systems submitted by their members for examination, so that Internet trading services can commence without delay.
P. K. BINDLISH DIVISION CHIEF