The Case of stolen NSE Live Data

Posted on July 6, 2016 by Vijayashankar Na

(P.S: The discussion that is contained herein is for educational purpose and in exercise of free speech rights in public interest of journalism)

The Incident as Reported

An interesting case has been reported from Mumbai where the Mumbai Cyber Cell has arrested a person from Durgapur for illegally selling “Live NSE Feed”. The accused, one Mr Rajendra Kumar Chell has been booked under Section 420 (Cheating) of IPC besides Section 66 and 66B of ITA 2000/8.

The complaint was filed by the manager of NSE working in a NSEs group company DotEx international Ltd (100% subsidiary of NSE) which has purchased exclusive rights to sell live Capital market data. DOTEX was providing such service to 33 other companies.

Around October 2015, the company DotEx noticed that two websites other than their customers appeared to be selling NSE live data and when approached, offered the service for a fee. On payment the complainant was provided with a “Team Viewer” ID and password through which access was provided to live data. By logging into the Team Viewer, the user would be able to view the “NSE Now Terminal System” and the live market data. The complainant has alleged that the two website owners had stolen NSE’s live data and were selling it illegally.

On receiving the complaint, on January 19, 2016, the police have traced the accused through the Bank account to which payment of the subscription amount (Rs 2550/- presumably per month) was credited and the arrest has now been made on 2nd July 2016.

(Details of the case as reported in dnaindia.com)

Presumption

It is not clear how the accused first acquired the data. It is possible that he would be one of the legal subscribers to the DotEx service which he shared with others like a “Sub Broker”.

“The NSE’s real time data is provided in three levels (level 1, level 2,level 3 and tick by tick). Level 2 provides market depth data upto 5 best bid and ask prices and Level 3 provides market depth data upto 20 best bid and ask prices .The real time data feed is provided in TCP-IP format. It is provided on-line through a dedicated 2-10 mbps channelized E1 private leased line circuits. This line shall be owned by the customer and the line should be from National Stock Exchange, Mumbai to the premises of the customer. Alternatively, the customer can take the data from one of our authorised data vendors.” (Source: DotEx website)

This is raw data which the users need to use through appropriate systems and software. According to the NSE tariff table, the level 3 service for tick by tick basis offered on “Terminal Basis” may cost as much as Rs 99 lakhs for both capital markets and Futures segment. This can be used “Free” by 300 users  with an additional Rs 1140 per month per user there afterwards.

It is presumed that one such user has re-sold the service. It is also possible that the accused has subscribed to the service legally with one of the brokers who is authorized to sell the data and tried to re-sell the same data to his customers.

Alternate Legal Interpretations

The case represents certain important legal interpretations and opens up some old discussions on the principles involved in Copyright law.

Presently the case has been booked under Sections 420 of IPC, Sec 66 and 66B of ITA 2000/8.

Section 420 of IPC is a broad section and states as under

420. Cheating and dishonestly inducing delivery of property.—Whoever cheats and thereby dishonestly induces the person de­ceived to deliver any property to any person, or to make, alter or destroy the whole or any part of a valuable security, or anything which is signed or sealed, and which is capable of being converted into a valuable security, shall be punished with imprisonment of either description for a term which may extend to seven years, and shall also be liable to fine.”

In the instance case, the “Property” is the “Live NSE Data”. Assuming that the property belonged to DotEx as an exclusive licensee, the allegation is that it was dishonestly sold to others by the accused. Does this qualify to be called “Property” under IPC, is a matter to be discussed if IPC sections are to be applied to the case.

On the other hand, Section 66 of ITA 2000 is a reflection of Section 43 and includes “Unauthorized Access” to a computer system including data. Section 66B applies to “Usage of stolen computer resource” which includes data. Hence application of ITA 2000/8 is undisputed though the cause of action under sections 66 and 66B needs to be established. This revolves around “Whether the sharing of data was authorized or not”.

The angle of  License Rights

The interesting aspect of the case is what was the rights available to the accused with regard to the data and whether he wrongfully applied the rights.

More than the concept of “Data Theft”, this offence appears to be falling in the domain of  transgression of the “License to use”. If the accused is an authorized user in the first place and re-sold it to others, it may not qualify as “Data Theft” or “Unauthorized Access” but may have to be debated under the “Terms of usage of license”.

The scheme as reflected in the NSE tariff card, envisages that an authorized user can anyway share the data with 300 free users and more on additional payment basis. It is possible that the accused may be one such licensed user of another licensee.

In the instant case, the accused has further used “Team Viewer” and created a “Closed system of sub-users” who have been authorized to share the feed which was available to him probably as a legal right. If therefore the first right was legal, the sale thereof would be legal or otherwise based on the contract on which the first right was obtained.

SEBI regulates the scheme of “Sub Brokers” and “Investment Advisors” as regards providing “Investment Advise” from the point of view of investor protection. But SEBI regulation may not prohibit distribution of raw data on which the investors may take their own decision. Hence in the instant case, there may not be any violation of SEBI regulations. However, if the concept of “Sub Brokers” and “Investment Advisors” as regulated by SEBI permits providing of investment advice as well as data sharing services through broker’s own shared “Trading software”, there is an implied permission for brokers to share NSE live data to their customers.

The key point therefore that determines this case is how did the accused first come to possess the right to the data and what were the terms. If the terms under which the accused acquired the data did not specifically prohibit its sharing with others either for consideration or otherwise, it may be difficult to make the charges stick.

In this connection, I am reminded of an old debate on copyrights in which it was discussed if a “License to a Music CD” obtained by a person entitles him to play the music aloud in such a manner that the music could be heard by the other non licensees in the vicinity some of whom may be the members of the family of the licensee and some not. (P.S: Reference may be found in the archives in naavi.org)

We can also discuss such “Licence Rights” as to whether it extends to the playing of the music on loud speakers in a function for a fee.

We have similar debates where TV broadcasters and cable operators object to playing of TV in a public place such as a restaurant, arguing that the licence given is for use by a “Single Person”. Even BCCI and ICC have used such rights for restricting rights of providing live feeds of cricket match scores and taking pictures of live sports action etc.

It appears that in the instant case also a debate will ensue on whether the data feed which gets displayed on a TV screen should be viewable only by the licensee and no body else.

The trend in the copyright arena is to narrow down the licenses to such an extent that every commercial harnessing of the licensed material whether it is for personal use or for education or for other truly commercial purposes under different forms of licensing so that the user can be bled to the last drop of his blood.

It must be also remembered that the data in this particular instance refers to the collection of activities of investors as captured by the system. NSE is only an aggregator of the actions of investors to make a bid or buy or sell. The live data feed is therefore not a originally created “Intellectual Property” of the NSE. Hence the right of NSE on live data feed is not “Absolute”.

A comparable example is a sports event where the sportsmen create the spectacle. But the “Organizer” claims right to the viewing of the “Spectacle”.  However, in a Cricket match organized by BCCI, it pays the players so that it can claim the right to their performance view. In the case of NSE, the investors pay money in different forms to NSE and hence NSE cannot automatically claim the right to display the actions of the investor.

 Hence there are several larger complicated issues involved in determining if the offence in this instance is upheld.

If therefore the present charge is upheld, there could be a fall out which would affect several other usage contexts of data beyond the stock markets.

In particular, in the stock market domain,   it would affect every licensed live data feed owner such as a broker. If the concept of “Live data feed is only for the licensee” is upheld, every employee of the broker who works in the trading hall and has the probability of viewing the live data feed on the trader’s screens, would be considered as a “Licensed user”.

Similarly, if a customer of a broker is using a broker’s feed on his personal computer and his friend or colleague is shoulder surfing to find out how a share is moving, it could be construed as an offence of data theft.

From preliminary information that is available, it is unlikely that either DotEx or any of its 33 licensed data users and the scores of licensed brokers have a robust usage contracts that prohibits the viewing of the trading screens on a user’s computer  by friends and family members of the licensed users. They may however make retrospective changes to their contracts now to manipulate the terms of usage of their live data feed to protect their interests unmindful of the possibility that such unilateral changes of contractual terms may amount to offences under Section 65 or 66 of ITA 2008 as well as offences under IPC for manipulation of evidence.

I wish that the Court which goes into the case understands the possibilities of an undesirable consequence of its decision (if it upholds the charge and rules out that a licensed user cannot share the trading screen with another) which would require every computer user to ensure that his computer screen is not visible except to himself when a trading screen is running and take a consumer centric view of the incident.

(The above discussion is for academic purpose and in exercise of the journalistic freedom of speech and is based on the information available at this point of time. I reserve the right to change my views if additional information becomes available)

Naavi

 Related Articles:

When you buy music, will you be buying trouble?

Copyright Act amendments in India.. Watch Out for surprises

Posted in cricket, ITA 2008 | 1 Comment

Supreme Court’s mistake is behind an innocent girl’s suicide in Salem

Posted on June 29, 2016 by Vijayashankar Na

Last year, two erudite Honourable Judges of the Supreme Court of India namely Justice F.Nariman and Justice Chelmeshwar heard a case filed by one Ms Shreya Singhal on the misuse of Facebook. These were cases where the Police had interpreted the Section 66A wrongly and arrested some innocent persons who had posted some innocuous political comments in the Facebook or twitter. (Read the details here)

Section 66A was not meant to address these offences and the cases filed were wrong ab-initio. However, in a bid to become the “Champions of Free Speech” the case was filed and again erudite lawyers argued on behalf of the petitioner and convinced the Judges that Section 66A of ITA 2008 was against the constitutional right of “Free Speech” and should be removed. The Judges were ferocious in their response against the current Government which meekly defended the law passed by the previous Government and scrapped the section. They did not agree even to consider explaining the context in which the section could be applied and the context in which it should not be applied. They said vociferously that the section was not drafted properly and had to go. In the bargain, they showed their anger against the Government and the Parliamentary law makers which was lapped up in the same spirit by the anti Government media as fodder to criticize the Government.

The erudite Government attorneys did not properly defend the case and allowed the decision which was interpreted by the public in the following manner.

  1. Anything posted on Facebook is “Free Speech” and there is a constitutional guarantee that such free speech should be protected.

Public did not understand that the Police had made a mistake and  arrested innocent persons under Section 66A of ITA 2008  though they were exercising their right to “Free Speech” and it was the law to be blamed.

Court as well as the public did not perceive that those to be blamed were perhaps the erring policemen who made the arrests, the erring  prosecutors who advised them wrongly, the  erring magistrates who committed the accused to imprisonment wrongly and the erring higher Courts including the High Court and the Supreme Courts which did not suo moto jump in to stop the wrongful arrests.

The human right activists and the media anchors gloated over the “Victory for Free Speech” and hailed the judges as saviours of Indian democracy and added fuel to the spreading of the wrong message. What these people deliberately failed to recognize is that the decision had created a general perception that

” It is Ok to defame people on Facebook and WhatsApp and law protects it as Free Speech”

Naavi was a minority voice to say that Supreme Court was making a mistake since

a) Section 66A had been wrongly applied to the cases under consideration of the Court

b) If necessary, the section could be read down properly

c) The section had several other uses and if necessary only a part of the section was under dispute in the case and there was no need for the entire section with sub clauses (a), (b) and (c) to be removed.

( For those who want to know more about this , kindly see this page )

Since this infamous decision of the Supreme Court,  Police are confused as to what to do when a “Facebook Crime” is referred to them. If it cannot be booked under Cyber Crime, then they donot know which section of IPC is appropriate and hence there is a delay in swinging into action on such complaints. This could be one of the reasons why the small town police in Salem could not do much in the first 15 days after the complaint was filed in the case of the Salem girl who got frustrated and committed suicide.

Now I want all these “erudite” Judges, Lawyers, Petitioners, Human Right Activists and Media personalities which includes the Arnob Goswamis, Rahul Kanwals, Barkhadatts and Rajdeep Sardesais,  to look at the consequence of their folly in the unfortunate death of a girl in Salem who committed suicide because some deviant person posted morphed defamatory pictures on the Facebook and sent them by SMS/WhatsApp to the girl.

The blood of this innocent girl is on the hands of all these erudite persons and I wish they carry this guilt to their grave.

Naavi

Related Article in Hindu

Posted in Cyber Law | 1 Comment

Bitcoin back on the RBI radar

Posted on June 26, 2016 by Vijayashankar Na

Naavi.org has earlier  discussed Bitcoin in detail in several articles in the past.  A list of such articles is available at

https://www.naavi.org/wp/index.php?s=Bitcoin

The gist of earlier discussions is

a) Bitcoin per-se is an electronic document recognized as such under iTA 2000/8 which cannot be denied admissibility in the Courts in India.

b)  Bitcoin is a “Digital commodity” accepted for barter in a close community and not a “Currency” with the backing of a sovereign Government.

c) What is wrong with “Bitcoin” is its projection as a currency and its use in illegal activities.

d) The purchase and sale of “Bitcoin” involving payment and receipt of foreign exchange may be subject to foreign exchange laws

e) Mining of new Bitcoins in India is not illegal and purchase and sale of such indigenously mined Bitcoins cannot be considered illegal.

f) Purchase or Sale of Bitcoins which identifies legal mining activity and which has not at least once passed through the hands of a criminal in the past and not in violation of foreign exchange laws is also not illegal.

g) However, in the absence of proper tagging of Bitcoins, it is a risk for ordinary users to buy and sell Bitcoins since it is most likely to be tainted in a past transaction through the hands of a criminal.

Naavi.org was unhappy when RBI instead of providing proper and legal clarifications, issued an ambiguous circular and ED conducted raids on many Bitcoin exchanges giving an impression that Bitcoin transaction per-se was completely illegal. When a further clarification was sought from RBI, it threatened legal action against the person who sought the information.

The undersigned has always held that the Block Chain technology has great potential to replace the paper currency and though Bitcoin is too tainted to be given recognition, there is every reason for RBI to consider introducing a new Indigenous crypto currency with all the regulatory aspects that RBI can think of.

It is not out of place that much before Bitcoin became a reality, Naavi had promoted the idea of “Digital Value Imprinted Instrument System” which had the potential to substitute the paper currency as we know today with a hybrid instrument that is less expensive and relies on the digital security. Though applied for, Naavi could not get a patent for this idea and subsequently, some instruments did come up in India following the same principles.

Now it appears that RBI has recognized that the Block Chain technology which is the foundation of Bitcoin as well as other Crypto currencies may have a practical usage potential and is setting up an expert committee to analyze the issue. (Refer this report).

Naavi.org welcomes this move.

Readers are invited to explore all articles on Bitcoin at naavi.org and contribute their views if any.

It is to be recognized that “Block Chain Technology” can be used efficiently and without being adversely affected by the problems which Bitcoin was associated with. There will be concerns of “Security” of a block chain being hacked. But I believe effective checks can be established to prevent such security issues and the risks should be significantly less than what we face today in the form of fake currencies being printed by our neighbor countries as a par of their Proxy war strategy. Whether the committee will be able to grasp these intricacies or not is a point which we need to observe closely.

Naavi

Posted in Cyber Law | 1 Comment

Can “Special EU Economic zone” sort out the problems created by BrExit?

Posted on June 25, 2016 by Vijayashankar Na

There have been various views expressed by experts about the impact of BrExit on the UK economy, Global Economy and more specifically on the Indian economy. The stock markets have provided a first day feedback which was alarming. There is every reason to believe that the down trend may resume on Monday since the immediate effect of BrExit on the balance sheet of some companies may become evident when the quarterly results keep tumbling out in the following week. Infy or TCS results are usually the first to come out and investors would keenly watch the announcements to understand how well these companies had hedged the exchange risks and how they view the forthcoming changes in the EU business.

 The stock market reaction will however be  more to do with the fact that the result was “unexpected” and “Not factored into the pricing” rather than the real fundamental factors.

Unless there is a “Hate driven” reaction from the other EU countries on UK, I donot see much fundamental adverse effect of BrExit on the Indian companies. There could be some temporary slow down in sales out of UK to EU and some tariff barriers to cross. But these can be managed. However, if there are multiple break outs then there will be a continued uncertainty and several rounds of changes that may slow down the activity more than what should happen if EU does not break up further.

As far as the Indian companies are concerned, I have already indicated in my previous post that RBI and SEBI should immediately review the impact and work out a formula of temporary regulatory concessions as an extraordinary measure to ensure that the stock market is not further jolted when the quarterly results are announced in the next fortnight. I am not sure if they would do anything since they are as much shocked as the Companies by being completely being unprepared for the unexpected outcome.

Leaving aside the financial packages that RBI and SEBI should work out, it is necessary to point out that the problems seems to have occurred because the EU Constitution itself was faulty and did not properly structure the Exit provisions.

We can observe that BrExit referendum indicated that 51.9 % of the persons who voted favoured the exit as against the 48.1% who were against. The response was completely skewed in different regions also making it a highly divided response. The total turnout was only 72.2% which meant that it was eventually only 37.47 % of the electorate who voted for “leave” and caused the chaos which affected not only the 100 % of the electorate but also others in EU and outside.

The root cause analysis of the problem indicates that the EU constitution that allowed such a referendum decision was itself faulty. We understand that the entry of countries into the EU was also through such a referendum by simple majority of those who voted. But having allowed entry and working within the Union for a long time, the severance cannot be considered by the same yardstick since people’s life and financial positions have been irrevocably altered by the UK joining the EU. Hence there should have been a difference between the “Entry Referendum” and “Exit Referendum”. Either both should have been based on “Change only when more than two-thirds want”.  Having erred earlier, at least now the EU constitution has to be changed to making an exit referendum valid only if 67% of the total voters want the exit and not when only 37% want it.

Before the other countries think of a referendum, EU constitution needs to be amended to prevent further exodus.

However any prospective change cannot save BrExit. But a provision can be made in the changed constitution that if after a referendum by less than 67% as it happened in BrExit, another referendum holds by more than 67% of the total votes polled then a country can rejoin. This will still mean that the existing “Leave” voters of BrExit who number 37% can block the re-union unless they change their views.

The reason why “Exits” have to be made difficult is that this is like a “Plebiscite” referendum. It is always skewed towards the “Let’s separate” vote since it is a natural reaction of the population and even minor differences get blown up with a demand for independence. Referendum is a democratic process but it cannot be applied everywhere.  Every pocket of influence at country level starts conducting “referendum” then the notion of a country itself will be at stake.

One way by which we need not do away with this democratic decision but recognize the “Newton’s Law” that an “External Force” needs to be injected to change the current state of a body is to introduce the need for 67% or at least 60% of the total electorate to vote for a change either to leave or join and until then the body should remain in its current state.

I therefore urge EU to immediately revise its constitution in this regard to prevent breaking up of EU.

At the same time UK needs to negotiate with the EU to ensure that the damage is limited by ensuring that an “Economic Zone” is created within London (Similar to the SEZ zones as we know in India) which will be “Special EU business zones” from which companies can operate as if no change has taken place. This will separate the contentious “Migration” issues from the not so contentious “Economic” issues of being with the EU or not.

Then the companies who fear economic damage due to the BrExit may move their headquarters to these zones or their present location can be declared as a “Special EU Economic Zones”. There can be suitable segregation of activities of these Special Economic Zones so that those who have voted to “Leave” may still live in their own world and let those who have voted to “Remain” donot get adversely affected. If required, these Special EU Zones may be made available only to  existing Non British entities only and not extended to locals and new entrants.

I hope such an arrangement will be a Win-Win solution for all.

I urge Mr Narendra Modi to take up this suggestion with EU and UK so that the pain of BrExit on India is reduced.

Naavi

Posted in Cyber Law | Leave a comment

Vision 2018- RBI on the future of Payment Systems in India

Posted on June 24, 2016 by Vijayashankar Na

Reserve Bank of India has revised its Vision document on Payment and Settlement Systems for 2012-2015 and issued a new document titled Vision-2018 which incorporates some important guidelines to be followed by all stake holders.

The Vision-2018 professes to revolve around the 5Cs namely

  1. Coverage
  2. Convenience
  3. Confidence
  4. Convergence and
  5. Cost

The vision will focus on 4 strategic initiatives namely

1.Responsive Regulation

2.Robust infrastructure

3. Effective Supervision and

4.Customer Centricity

The Vision-2018 document reiterates the commitment of the RBI to encourage greater use of electronic payments by all sections of society so as to achieve a “Less Cash Society”.

Through the document, RBI has stated its commitment that

i. RBI, in consultation with all the Stakeholders will create a regulatory framework to promote the twin objectives of enhanced coverage with interoperability and convenience with security.

ii. Building a robust payment infrastructure will be a key objective.

iii.The document will focus on effectiveness of supervisory mechanisms, and augmenting the data reporting and fraud monitoring systems.

iv. The vision will adopt a “Customer Centric” approach to streamline the customer grievance redressal mechanism, focus on building customer awareness and education and initiate customer protection measures.

The document also says that towards achieving these objectives, new policies will be framed.

The document also provides some detailed exposition of the vision.

One of the new initiatives proposed is that Payment Gateway Service Providers and Payment Aggregators who are presently being monitored indirectly may be revised and the indication is that they may be brought under direct regulations. Further, RBI intends to introduce penalties for non adherence to its guidelines.

To strengthen the confidence in the payment systems and to minimize instances of frauds, RBI is expected to develop a framework for collection of data on frauds in consultation with the industry.

One of the areas where improvements are expected to be introduced is in the area of grievance redressal systems. RBI in collaboration with all the stakeholders is expected to undertake customer awareness through structured Electronic Bannking Awareness and Training programs.

RBI also indicates that it will encourage payment system providers (which includes NEFT and RTGS) to adopt best practices for protecting customer interest by putting in place robust fraud and risk monitoring systems. Additionally, a regulatory framework to limit the customer liability in case of unauthorized transactions would also be put in place.

The detailed vision document is available here.

While the intentions behind the vision document is welcome, RBI has always been weak in implementing its own policies and lets the Banks dictate the policies through the IBA. Let us hope that  there will be a difference this time.

Naavi

Posted in Cyber Law | Leave a comment

Managing the Brexit Virus will be the next challenge..Lessons from IS practice

Posted on June 24, 2016 by Vijayashankar Na

The BrExit referendum has exposed the complacency of international financial managers including India where we never had any serious discussion running into the BrExit poll on how it could affect the Indian corporate sector. Some of the Business Channels like CNBC TV discussed the likely impact of BrExit in the same tone as the Federal Rate hikes or RBI policy meetings and did not foresee the possibility of the poll going in favour of the Exit and the serious consequences that could follow.

Even yesterday the channels were taking a position that the result will be in favour of “Remain” and they were easily misled by the opinion polls and betting odds. What we saw today was therefore a disaster which was on the horizon but we could not foresee.

Most of the mutual funds who hold the money of the public must have absorbed the loss arising out of the 1000 point drop in the Sensex today in the early morning bloodbath. This could have a huge adverse impact on ordinary investors who trusted the expertise of the fund managers. It would be interesting if some body researches on the impact of BrExit on the mutual funds and how different fund managers managed the crisis.

In the later part of the day,  markets recovered slightly but there is no guarantee that on Monday the recovery will continue or we will see another drop.

One of the developments that may create a further drop on Monday could be the effect of the BrExit virus spreading to other countries in the EU and Germany, France, Austria, Denmark and other members calling for their own referendum to quit EU. Additionally, the possibility of Scotland trying to go out of Britain is another development that could  cause more concern.

From the look of it, the 4% difference in voting in favour of “leave” when 30% of voters did not vote, can cause a USSR kind of break up of the EU and cause multiple fissures of the Union in the next couple of years.

While we may not like such a fissure that appears illogical from the perspective of “Strength in Unity”, the possibility appears very high.

Just as we failed to analyze the probability of “Leave” voting in BrExit, we cannot afford to overlook the probability of EU breaking up into its several erstwhile independent countries. This is a “Risk” that needs to be identified, analyzed and mitigated.

Just as in Information Security management, where we often fail to identify “Risks”, and fall prey to a “Known Risk”, there is a possibility that we may underestimate or ignore the risk of EU break up and this could create another crisis on another day.

The BrExit was like a “Zero Day” risk which we failed to recognize but we cannot afford to do the same next time when Denmark or another country goes on a referendum.

I therefore urge RBI and SEBI to start planning for “EU Break up” and develop strategies to contain the risks.

Before the BrExit, I would have liked an “Advisory” from RBI that in the event of a BrExit “leave” vote, the British Pound would drop 8-10%, and any open position should be avoided. Similarly,  if SEBI could have announced closure of stock exchange today, probably the risk could have been contained.

However, neither RBI nor  SEBI anticipated the possibility and hence did not take any corrective action. Next time when such events occur, RBI and SEBI should be more pro-active and just as meteorology department broadcasts advisories for fishermen in times of expected weather disturbances, they should provide advisories on known events that could cause extreme volatility of the markets.

I must however appreciate some individual investment advisors who kept reminding that “There is No Trade on such uncertainties” though it might not have been taken note of by many.

Now we are at the fag end of June. The listed companies will be coming up with their quarterly results in the next fortnight and if any company has taken a hit on the foreign exchange front because of an uncovered open exchange position today, their quarterly results will be adversely affected.

Before this comes up as a surprise one by one next month, SEBI should make an assessment of the impact of uncovered Foreign Exchange exposure of all companies (mostly the IT companies with high exposure to the EU currencies) by calling for a report from all the listed companies. This is a strategy like the “Incident Report” that a CERT-In would ask after a zero day malware is detected.

Once any risk is detected, SEBI can ensure that the losses if any are allowed as an extraordinary loss which can be written off over the next three or four quarters instead of the first quarter itself.    This will be like the relief that was given to Banks in the NPA write off and would provide relief to the IT sector in particular.

At the same time, just as  anti Virus companies come up with special virus removal tools, RBI should come up with some special measures to even out the foreign exchange impact of the BrExit in the current quarter balance sheets of listed companies by providing hedging options in the form of specially structured “exchange cover instruments” to spread out the impact.

Hope RBI and SEBI will take the necessary action as otherwise  we must be prepared for another round of down trend in the market from the current levels not only through the next week which happens to the expiry week but also the first fortnight of July.

I presume that these are some lessons from the Information Security practice that Financial regulators can benefit from.

Naavi

Posted in Cyber Law | Leave a comment