The NSE Co-location has been identified as a massive scam and SEBI has taken the unprecedented step of penalizing NSE and some of its executives. (Refer ET article here)
We refer to our earlier article “Whistle Blower Reveals Information Security Breach and Fraud at NSE” in which the NSE Co-Location Scam was discussed.
Now SEBI has conducted an enquiry and come to the conclusion that NSE failed in its “Due Diligence” which allowed some of the brokers had an unfair advantage in trading which could have enabled them to make an unfair gain of enormous provisions.
The incident is an eye opener to Information Security professionals as it throws up the deficiencies in managing critical array of systems where the server to which a user logs in and the relative time of logging in had a profound impact on receipt of trading data. Those who had the knowledge of the system were able to develop an algorithmic trading pattern which enabled them to make unfair gains.
The scam also exposed the weaknesses of the Audit system in which reputed information security auditors were involved.
The enquiry has also highlighted that there was no laid down policies and procedures for allocation/mapping of IPs and no SOPs to deal with request for change of servers.
The report of SEBI contains complete details which will make delicious reading for information security specialists.
In conclusion, SEBI has stated that though sufficient evidence was not available to conclude that NSE had itself committed a fraud, lack of due diligence was proved and penal action is based on this.
As a penalty, NSE has been digorged (asked to repay all the unfair profits made) of Rs 624.89 crores which was the profit made from co-location services in the period 2010-11 to 2013-14
SEBI has also barred NSE from security trade for 6 months from the date of the order
Also, two of the formed MDs of NSE have been disgorged 25% of their salaries in the relevant period.
The amount so recovered would be credited to the Investor Protection Fund.
We congratulate SEBI on successfully concluding this complicated investigation and taken penal action.
This incident should be an eye opener to all information security managers of critical systems.
Political Fall out
In India, every major scam in recent times has inevitably been linked with politics. So is this scam.
This article traces the beneficiaries of the fraud to none other than Mr P Chidambaram and Karti Chidambaram. It suggests that the total earnings made unfairly by all the persons involved could be of the order of Rs 60000 crores. It is difficult for any of us to evaluate the allegations made in this article to Mr P Chidambaram and Karti Chidambaram. But the allegation cannot be ignored and needs further investigation at a different level.
It is not a coincidence that this fraud occurred during the UPA II regime and it involved a very sophisticated financial and technical knowledge in executing it.
It is possible to believe that the MDs of NSE were perhaps victims in the cross fire and were not directly involved in the fraud. In fact the fraud was highly sophisticated and it is reasonable to expect that it was beyond their comprehension levels.
While SEBI could not go beyond the current investigation, it may be necessary for the Government to now continue the investigation from where NSE has left off with a CBI investigation to find the real beneficiaries. CBI may also take the assistance of experts perhaps from FBI who have experience in investigation of complicated techno frauds in Bitcoin investigation and other frauds.
Coming as it does during the election time, there should be no attempt to bury this fraud as a simple cyber crime. It deserves to be classified as one another Scam of the UPA II era where money of the Indian public were looted.
Once again, considering the political implications, we need to again appreciate the SEBI for the action taken.