HDFC Securities Settles Regulatory Violations with SEBI for Rs 65 Lakh

On Tuesday, domestic brokerage HDFC Securities reached a settlement with market regulator SEBI over alleged non-compliance with regulatory norms by paying a settlement amount of Rs 65 lakh. The settlement follows the company's application to SEBI, proposing to resolve the alleged violations “without admitting or denying the findings of facts and conclusions of law.” In its settlement order, SEBI stated, "The instant adjudication proceedings initiated against the notice, HDFC Securities Ltd, via SCN (show cause notice)... dated August 8, 2024, are hereby disposed of."

The SCN alleged that the broker's IT policies and procedures lacked a requirement to generate alerts when the capacity utilization of critical assets exceeded 70 percent, as mandated under capacity management procedures.

Additionally, the broker had set alert thresholds at over 80 percent for tools like the Meap application and at 75 percent for CPU and memory utilization, instead of the prescribed 70 percent for critical assets.

The SCN also alleged that HDFC Securities had not implemented the LAMA system on 47 out of 52 servers during the inspection period. LAMA facilitates the provisioning of application servers.

Additionally, the broker had reportedly failed to conduct disaster recovery drills for a full trading day every quarter during the inspection period.

The company's cybersecurity and cyber resilience policy was also lacking, as it did not define the frequency of periodic cyber and information security awareness training or differentiate between critical and non-critical vendors.

Furthermore, the policy for identifying critical and non-critical assets allegedly failed to categorize all essential applications and their servers—such as the active directory for employee logins and the HSL internet-facing website—as critical during the inspection period.

Source: Read Full News