Read More>> 
The Securities and Exchange Board of India (SEBI) is in news again after it decided to provide ‘regulatory forbearance’ to regulated entities (REs) concerning the CSCRF compliance until March 31, 2025. While SEBI REs (Regulated Entities) have some time to restructure and strengthen their IT infrastructure, immense risks lurk if new rules are not mandated.
To control the increasing information security related threats in the securities market, the Securities and Exchange Board of India (SEBI) Regulated Entities (REs) are advised to implement their certain set of policies to ensure secure and seamless IT operations.
- SEBI penalized a renowned IT Service Provider and its promoters for accounting fraud in 2023
- SEBI directed a renowned Indian Group of Companies to refund billions to investors and imposed a ban on its promoters from raising capital
- SEBI imposed monetary penalties on one of the largest trading houses in India for irregularities in providing preferential access
The above examples from history reflect SEBI’s strict enforcement measures to maintain transparency, fairness, and investor protection in the securities market. Non-adherence to SEBI (Securities and Exchange Board of India) regulations by regulated entities (RE) can result in several significant risks. Here are the major ones:
1. Legal Risks: SEBI can impose substantial monetary fines for non-compliance with its regulations, as stipulated in the SEBI Act. Legal proceedings may also be initiated against the entity or its directors, leading to reputational damage and financial loss.
2. Operational Risks: SEBI has the authority to suspend or cancel the registration of intermediaries or market participants. Entities may face restrictions on issuing new products, conducting specific transactions, or operating in certain segments of the market.
3. Financial Risks: SEBI may order the entity to compensate affected investors for any financial losses caused by regulatory violations. Legal fees, penalties, and compliance remediation measures can strain the entity’s financial resources.
4. Regulatory Risks: Persistent non-compliance can lead to the cancellation of licenses or registrations required to operate in the securities market. The entity may face enhanced regulatory monitoring, audits, and inspections in the future.
5. Reputational Risks: Non-compliance can damage the credibility and reputation of the entity among investors, stakeholders, and the public. Negative publicity can impact stock prices and the overall standing of the entity in the financial markets.
6. Investor Risks: Non-compliance often triggers a surge in investor grievances, leading to further regulatory intervention and loss of investor confidence. Investors may withdraw their investments, leading to liquidity issues.
Addressing the Non-compliance Risks
A robust and reputed Identity and Access Management (IAM) solution ensures compliance with SEBI mandates, particularly in data protection, operational transparency, and cybersecurity. ARCON’s range of IAM solutions lays the foundation for complying with the SEBI mandates.
Some IAM features such as Multifactor Authentication (MFA), Role-Based Access Control (RBAC), privileged users’ logging activity reports, monitoring secure API integrations, and automated access reviews help complying with SEBI mandates. By implementing a robust IAM framework, banks and trading houses can ensure compliance and reduce the risks of non-compliance penalties, operational disruptions, and reputational damage.
The Bottom-Line
The extension of “Regulatory Forbearance” announced by SEBI is a golden opportunity for regulated entities to audit their IT security do’s/ don’ts and address the non-compliance risks before it is too late.
