Sebi Takes Action Against BSE’s Indian Clearing Corporation Levies ₹ 5.05 Crore Fine

Introduction

The Securities and Exchange Board of India (SEBI) has imposed a fine of ₹ 5.05 Crore on Bombay Stock Exchange’s (BSE) subsidiary, Indian Clearing Corporation Ltd (ICCL). The markets regulator said the decision was taken after an inspection discovered the company stood in non-compliance with cybersecurity and disaster recovery framework, as per an order dated February 25, 2025.

SEBI Imposes ₹5.05 Crore Fine on ICCL

The Securities and Exchange Board of India (SEBI) has imposed a fine of ₹ 5.05 crore on the Indian Clearing Corporation Ltd. (ICCL), a subsidiary of the Bombay Stock Exchange (BSE). The fine was levied due to multiple regulatory violations identified during an inspection conducted by SEBI between December 2022 and July 2023. The penalty was imposed in response to deficiencies in various compliance areas, including cybersecurity, audit processes, and disaster recovery protocols, which fell short of SEBI’s prescribed standards for market infrastructure institutions. The fine serves as a warning to ensure that similar lapses are not repeated, emphasizing the need for improved compliance with regulatory guidelines to ensure the smooth functioning and security of the financial market ecosystem.

Areas of Violation

It further observed that the company had not closed its cyber and network audit observations in a time-bound manner, and that while ICCL conducted biannual cyber audits, observations made in the report were not addressed within the stipulated time period. ICCL submitted the network audit report to SEBI on August 4, 2023 – without any comments from ICCL’s Board or Management.

Certain audit findings remained unresolved for over six months, violating the stipulated time-bound closure requirement, reports observed. ICCL also did not maintain one-to-one correspondence between assets at its Disaster Recovery Site and its Primary Data Center (PDC), as per reports, which is a fundamental requirement to continue business operations in case of a disaster. As the corporation’s backup systems were found to not be in synchronization with its primary systems in the report, the requirement was violated.

SEBI Crackdown

SEBI’s circular mandates that the systems at these two locations should mirror each other to guarantee an uninterrupted functioning of operations, a stipulation ICCL failed to meet. ICCL, in its defence, argued that the violations were of a technical nature and did not result in harm to investors or any financial gain to the corporation. The clearing corporation insisted that corrective actions had already been taken, including updating the asset inventory and addressing the audit findings. It further contended that some of the alleged lapses were mere discrepancies, such as minor variations in server specifications, which did not impact performance. The corporation also emphasized that the violations did not stem from deliberate wrongdoing, but were inadvertent oversights. ICCL maintained that penalties should not be imposed for such technical lapses, citing legal precedents where penalties were avoided for minor, unintentional breaches that did not result in harm. Despite ICCL’s explanations and corrective measures, Sebi found the violations to be serious, particularly given the importance of the clearing corporation’s role in the financial market. According to SEBI, the lapses undermined the integrity and security of the systems that are crucial for market operations.

As a result, SEBI imposed a total monetary penalty of ₹ 5.05 crore on ICCL. The fine includes ₹ 5 lakh under Section 15HB of the SEBI Act and ₹ 5 crore under Section 23GA of the SCRA. ICCL is required to pay the penalty within 45 days of receiving the order.

SEBI’s Commitment to Cybersecurity and Audit Standards

The Securities and Exchange Board of India (SEBI) has always prioritized maintaining high standards of security and regulatory compliance within India’s financial markets. This action against the Indian Clearing Corporation Ltd. (ICCL) highlights SEBI’s determination to enforce these standards, ensuring that market infrastructure institutions operate with the utmost integrity, cybersecurity, and risk management practices.

Through strict oversight, SEBI seeks to create a robust regulatory framework for market participants. This includes regular audits, cybersecurity assessments, and ensuring disaster recovery protocols are in place to safeguard the financial ecosystem from potential disruptions. By levying penalties for violations, SEBI also reinforces the importance of timely compliance and adherence to security norms, aiming to safeguard the interests of investors and maintain trust in the Indian capital markets. SEBI’s actions underscore its unwavering commitment to strengthening the cybersecurity posture and the overall operational resilience of financial entities. These measures help foster a secure and reliable market environment for all stakeholders involved.

Conclusion

SEBI’s ₹5.05 crore fine on ICCL highlights the regulator’s commitment to upholding stringent cybersecurity, audit, and disaster recovery standards within the financial market infrastructure. This penalty serves as a reminder to market participants about the importance of adhering to regulatory guidelines to ensure secure operations and protect investor interests. SEBI’s actions emphasize the need for continuous vigilance and compliance to maintain the integrity and stability of India’s financial ecosystem.

GMICapitals.com  RaysVeda.com  GetMyStartup.com  LawCanal.com  GetMyIndia.com  ZinCob.com Angeltors.com