The Securities and Exchange Board of India has imposed a Rs. 12 lakh fine on NSE Data & Analytics Limited, a wholly-owned subsidiary of the National Stock Exchange, for multiple regulatory violations.
NSE Data & Analytics, previously known as DotEx International, provides data products for NSE.
SEBI identified several key violations by the company. The regulator found that the company failed to comply with SEBI's guidelines on disaster recovery and business continuity plans.
There were significant delays in sending acknowledgement letters to investors, with 61 instances ranging from 13 to 178 days of delay. SEBI found gaps in the company’s cyber security framework and system audits, including unaddressed vulnerabilities and a failure to properly reflect these in audit reports.
The company also failed to validate its Know Your Customer (KYC) records in accordance with SEBI regulations. Irregularities were noted in segregating the company’s operations and infrastructure, leading to further non-compliance.
In response to SEBI’s show-cause notice, NSE Data & Analytics argued that the alleged violations were either procedural or due to delays in manual processes. The company emphasised that these lapses did not result in any significant harm to investors and that corrective measures were promptly taken.
For instance, the firm has since implemented an automated system to issue acknowledgement letters and addressed vulnerabilities discovered in its security audits.
Despite the company’s arguments, SEBI maintained that the violations were severe and required penal action. The regulator emphasised that the company, being a registered intermediary, was obligated to adhere to SEBI’s regulations and maintain a high degree of professionalism.
SEBI further noted that the violations could not be taken lightly as they undermined the integrity of the securities market.