SECURITIES AND CYBER LAWS

8/14/2019 SECURITIES AND CYBER LAWS

1/36

Chapter 1

Introduction

Online Trading is a service offered on the internet for purchase and sale of shares andsecurities. In the real world, you place orders on your stockbroker either verbally

(personally or telephonically) or in a written form (fax). In Online Trading, you will

access a stockbroker's website through your internet-enabled PC and place orders throughthe broker's internet-based trading engine. These orders are routed to the Stock Exchange

without manual intervention and executed thereon in a matter of a few seconds.

Through online trading, the securities industry has, for the first time, paved the way forthe implementation of direct order placement directly into the broking firm's trading

system via the Internet. By circumventing the broker in the order entry stage, the price

setting power for trading has shifted from the brokers and traditional stock exchanges tothe individuals.

The advent of online trading is probably the final stage in the `disintermediation of the

trading environment,' ending the process which started with the abolition of the fixed

brokerage commissions in the mid-1970s. In three years, by the end of 1999 this trend isgrowing rapidly through out the world. 1

Stock exchanges today have to rely increasingly on information technology to stay

competitive in delivering services. This is primarily because of newer trading channels

used for communicating and transacting like Internet and On-line security trading.The ITdepartment of National Stock Exchange (NSE) employs 150 IT professionals forming a

third of its total staff strength. The exchange has invested close to Rs.400 Crores in

computers, software and communication equipment. It is therefore recognized as one of"Top IT User" organizations.

In line with global trends NSE is structured and operates much like an informationtechnology company. It has the largest VSAT network in this part of the world with ahuge and complex web of hardware and software. It has a detailed disaster recovery site

that mirrors all operating systems. The NSE has set up its own Internet Webster, which is

visited daily by four Lakh persons for securities and share.2

The modern stock exchange technology does not need the traditional type of brokers to

match investors' orders as they used to do on the physical-trading floor. The automatedTrading screens can match buy and sell orders without the intervention of brokers. Today

brokers are needed only for settlement responsibilities. NSE introduced a nation-wide

VSAT driven screen based trading system

Operations commenced in Mumbai and rapidly spread all over India. NSE today offersinvestors trading facilities in over 280 cities and town through 4000 terminals. For the

first time NSE introduced in India screen based trading with automated matching.

1 www.openarticlesubmission.com

2www.indianexpress.com

1


2/36

The system conceals the identity of the parties to an order or trade. This help better

functioning of the market as disclosures of identity would put most members at a

disadvantage. The trading system operates on price time priority. This means given thesame set or orders, the orders that come first receive priority in matching. When an order

does not find an immediate match in remains in the system and is displayed to the whole

market, till a fresh order comes in or the earlier order is modified or cancelled. Themarket screens at any point of time give the members complete information on the total

order depth in a security, the high price, the low price, the last traded price and other

related information.3

Electronic commerce (E-Commerce or EC) is an emerging concept that describes the

process of buying and selling or exchanging of products, services, share, securities and

information via computer networks including the Internet. It is the use of the Internet andthe Web to transact business. Doing business online, typically via the Web. It is also

called e-business e-tailing e-sharing and "I-commerce." Although in most cases e-

commerce and e-business are synonymous, e-commerce implies that goods and services

can be purchased online, whereas e-business might be used as more of an umbrella termfor a total presence on the Web, which would naturally include e-commerce (shopping)

component. E-commerce may also refer to electronic data interchange (EDI), in whichone company's computer queries and transmits purchase orders to another company's

computer.

It is an umbrella term for the process by which a customer may perform bankingtransactions electronically without visiting a brick-and-mortar institution. The following

terms all refer to one form or another of electronic banking: personal computer (PC)

banking, Internet banking, virtual banking, online banking, home banking, remoteelectronic banking, and phone banking. PC banking and Internet or online banking are

the most frequently used designations. It should be noted, however, that the terms used to

describe the various types of electronic banking are often used interchangeably.

PC banking is a form of online banking that enables customers to execute bank

transactions from a PC via a modem. In most PC banking ventures, the bank offers thecustomer a proprietary financial software program that allows the customer to perform

financial and securities transactions from his or her home computer. The customer then

dials into the bank with his or her modem, downloads data, and runs the programs that

are resident on the customer's computer. Currently, many banks offer PC bankingsystems that allow customers to obtain account balances and credit card statements, pay

bills, status of securities and transfer funds between accounts. 4

But this time some problem occurs that the cyber theft are hack the system and done

many grievous offences so to protect the securities and money our legislation took

measures .SEBI also led down some guidelines .The discussion of Securities and CyberLaws not only securities or share or banking but also relates to cyber law.

3 economictimes.indiatimes.com4 www.blonnet.com/iw/2000/08/27

2


3/36

Chapter 2

DefinitionSecurity generally means an organizations occasionally need to raise cash (or capital)

in order to expand their business through, for example, buying new premises, buildingnew factories or acquiring other companies. The options open to such organizations for

raising the necessary capital include:

Borrowing cash from banks,Selling a part of their existing business,

Selling part ownership in the company (issuing shares), and

Borrowing cash from investors (issuing bonds)With both shares and bonds generically known as securities. The securities marketplace:

Facilitates the process of bring new securities to the marketplace, and

Provides a structured and regulated method of buying and selling existing securities forthe protection of the investors.

"Securities" means shares, debentures, bonds and other stock of any company or otherbody corporate, whether incorporated in India or outside, and securities issued by any

local authority in India, or by the Government of, or a local authority in, any such countryoutside India as may be approved by the Reserve Bank and includes Government security

as defined in section 2 of the Public Debt Act, 1944, (18 of 1944.) but does not include

mortgages on immovable property;5

Security means shares, stocks, bonds and debentures, Government securities as defined

in the Public Debt Act, 1944 (18 of 1944), savings certificates to which the Government

Savings Certificates Act, 1959 (46 of 1959) applies, deposit receipts in respect ofdeposits of securities and units of the Unit Trust of India established under sub-section

(1) of section 3 of the Unit Trust of India Act, 1963 (52 of 1963) or of any mutual fund

and includes certificates of title to securities, but does not include bills of exchange or promissory notes other than Government promissory notes or any other instrumentswhich may be notified by the Reserve Bank as security for the purposes of

Foreign Exchange Management Act 1999 .6

Securities includeShares, scrips, stocks, bonds, debentures, debenture stock or other marketable securities

of a like nature in or of any incorporated company or other body corporate;

[(ia) Derivative;(ib) Units or any other instrument issued by any collective investment scheme to the

investors in such schemes;]7

Government security means a security created and issued, whether before or after the

commencement of this Act, by the Central Government or a State Government for thepurpose of raising a public loan and having one of the forms specified in clause (2) of

section 2 of the Public Debt Act, 1944 (13 of 1944);8

5 Unit Trust of India Act, 1963 Sec 2 (i)6 Foreign Exchange Management Act 1999 Sec 2(za)7 Securities Contracts (Regulation) Act, 1956 Sec 2 (h)8 Securities Contracts (Regulation) Act, 1956. Sec 2 (b)

3


4/36

Foreign security means any security, in the form of shares, stocks, bonds, debentures

or any other instrument denominated or expressed in foreign currency and includes

securities expressed in foreign currency, but where redemption or any form of return suchas interest or dividends is payable in Indian currency .9

"Securitisation" means acquisition of financial assets by any securitisation company or

reconstruction company from any origin nator whether by raising of funds by suchsecuritisation company or reconstruction company from qualified institutional buyers by

issue of security receipts representing undivided interest in such financial assets or

otherwise.10

Cyber Law is a relevant knowledge for all of us living in a society with increasing use

of Computers and you will appreciate this as you proceed to read more of this book. The

Cyber Laws that we are discussing here is the Fundamental Law of the Cyber Space.Whoever is living in this Cyber Space or is conducting business in Cyber Space or is

exposed to Crimes in Cyber Space and Crimes emanating from Cyber Space, should all

be concerned with this branch of Law.

In particular, Software professionals who actually create Cyber Space elements in theform of software products that communicate in Cyber Space and live for most part of

their day in Cyber Space need to absorb many salient features of this Law so that theykeep themselves and their clients safe and protected from the consequences of Cyber

Law.

Corporate Executives who own and manage Cyber Space properties also need to be

conversant with Cyber Laws so that they will be able to discharge their functionsproperly. With the passage of the Information Technology Act 2000, (ITA- 2000) with

effect from October 17, 2000 India has decisively moved from a paper Based society to a

paper less society.As per the provisions of the ITA-2000, Records and Signatures in Electronic form will

have complete legal effect, validity or enforceability in all transactions except for the

following five types of transactions specifically excluded in the Act.1.Negotiable Instruments (Other than Cheques)

2.Power of Attorney instruments,

3.Trust deeds,4.Wills, and

5.Any contract of sale or conveyance of immovable property or interest in such property.

In bringing Digital Documents and Signatures within the ambit of law, ITA-2000 hasused a Bridging Provision to state that Wherever Law requires documents to be in

writing and to be Signed, the requirement will be deemed to have been satisfied if such

a document is rendered in electronic form and the signature is rendered in the mannerspecified in the Act.

By virtue of this, every law in India today stands extended to Electronic Documents

excepting the categories mentioned in the earlier paragraph.11

9 Foreign Exchange Management Act, 1999 Sec 2(o)10 Securitisation and Reconstruction of Financial Assets and Enforcement of Security Interest Act, 2002.Sec

2(z)11 Naavi Na.Vijayashankar Cyber Laws For Every Netizen in India(Version 2004) Page 13

4


5/36

What is cyber crime?

Cyber refers to imaginary space, which is created when the electronic devicescommunicate, like network of computers.

Cyber crime refers to anything done in the cyber space with a criminal intent. These

could be either the criminal activities in the conventional sense or could be activities,newly evolved with the growth of the new medium. Cyber crime includes acts such as

hacking, uploading obscene content on the Internet, sending obscene e-mails and hacking

into a person's e-banking account to withdraw money.12

Chapter 3

Transfer of securities through internet

Security generally means an organizations occasionally need to raise cash (or capital)

in order to expand their business through, for example, buying new premises, building

new factories or acquiring other companies. The options open to such organizations forraising the necessary capital include:

Borrowing cash from banks,Selling a part of their existing business,

Selling part ownership in the company (issuing shares), and

Borrowing cash from investors (issuing bonds)With both shares and bonds generically known as securities. The securities marketplace:

Facilitates the process of bring new securities to the marketplace, and

Provides a structured and regulated method of buying and selling existing securities for

the protection of the investors.

This Securities may be transfer by following ways:1. Prencipal2 .Repurchase (repo)

3.Securities lending and borrowing

4.Treading book transfer5.Depot(custodian)transfer13

1.Principal TransactionA principal transaction represents either a purchase or a sale by an security treading

organization(STO) on a proprietary trading basis(that is ,on its own behalf of a

client).A purchase of a security at one price followed by a sale at a higher price, with

each trade being effected STO as principal will reap a profit for the STO.

Characteristics Principal Transaction

12 www.naavi.org ,www.cyberlawcollege.com(21.01.09)13 Michael Simmons ,Securities operation , John Wiley & sons Ltd, Page 71

5
http://www.cyberlawcollege.com/http://www.cyberlawcollege.com/http://www.cyberlawcollege.com/


6/36

Securities only,

Securities + cash, cash only? Securities +Cash

Origin? Front office(trader or

market markers)

Trading position affected? Yes.

External Securities movement? Yes

External Cash movement Yes

Number of external counterparties? One

Issue a Trade confirmation? Yes.

Issue a settlement instruction Yes14

2.Repurchase (repo) TransactionSTO wishing to minimize the cost of borrowing cash may have arrangements with banks,to borrow cash on a secure or unsecured basis; secured cash is cheaper to borrow than

unsecured cash as the lender has less risk. A repo is a form of secured cash borrowing

where the STO utilize the securities it has purchased and which it holds at the relevantcustodian to deliver to the cash lender as security for the cash that the STO is borrowing.

Characteristics Repurchase (repo) Transaction

Securities only,Securities + cash, cash only? Securities +Cash

Origin? Front office(Repo trader )

Trading position affected? No.





Issue a settlement instruction Yes(one for opening value

date, one for closing)15

3. Securities Lending and Borrowing Transaction

14 Michael Simmons ,Securities operation , John Wiley & sons Ltd, Page 7215 Securities operation ,Michael Simmons ,John Wiley & sons Ltd, Page 73

6


7/36

Any investor in securities ,including individuals, institutions and STOs,is able to increase

the return on their investment if they lend their securities STOs and other investors

borrow a lenders securities ,for which the lender receives a fee agreed with the borrower.

Characteristics Securities Lending and Borrowing Transaction

Securities only,Securities + cash, cash only? Securities only or

Securities +Cash

Origin? Front office

or back office






Issue a settlement instruction Yes(two for opening valuedate, two for closing)16

4.Treading book transfer Transaction

STOs traders an market marker trade on a principal basis with other STOs and

institutional clients within some STOs ,two (or more)trading books within the same legalentity may be allowed to trade and hold trading possession in the same security

Characteristics Treading book transfer Transaction

Securities only,


Origin? Front office

Trading position affected? Yes (both seling and

buying books).

External Securities movement? No

External Cash movement No

Number of external counterparties? None

16 Securities operation ,Michael Simmons ,John Wiley & sons Ltd, Page 75

7


8/36

Issue a Trade confirmation? No.

Issue a settlement instruction No

5. Depot ( custodian ) Transfer Transactions

An individual STO typically appoints one custodian in each financial centre to settle

transactions and to hold the resultant securities on behalf of the STO.Normally, an STO will hold secdurities in one custodian per financial centre, however

certain securities may be held at more than one custodian or financial centre.

Characteristics Depot ( custodian ) Transfer Transactions

Securities only,


Origin? Back office

Trading position affected? Yes(both selling and buying

.books)

External Securities movement? No

External Cash movement No

Number of external counterparties? None

Issue a Trade confirmation? No.

Issue a settlement instruction No17

To protect the transaction Securities and Exchange Board of India (SEBI) made some

rules & regulation .They are as discussed in the next chapter.

Chapter 4

17 Michael Simmons ,Securities operation , John Wiley & sons Ltd, Page 78

8


9/36

Guideline of SEBI on Internet Based Trading and Services

Modernization of market infrastructure improves market transparency standard. The

improvement of market micro-structure increases trading efficiency. Risk containment

measures help in improving market integrity and safety. Rolling settlement enhancesliquidity and also provides for faster settlement. These have been the main focus of the

SEBIs efforts in the secondary market. The SEBI extends its oversight to 23 stock

exchanges in the country and directs its efforts towards encouraging them to becomemore effective and efficient self-regulatory organizations. The measures taken by the

SEBI in 1999-2000 in the secondary market are discussed below.

Depositories and paperless trading and other related issues

Dematerialisation of securities is one of the major steps for improving and modernizing

market and enhancing the level of investor protection through elimination of bad

deliveries and forgery of shares, and expediting the transfer of shares. Recognizing thefar reaching benefits that would accrue to the market through the removal of physical

securities, the speeding up of dematerialisation process has been high on the agenda ofthe SEBI. During the year 1999-2000, the SEBI continued its policy to enhance the

growth of paperless trading and electronic book entry transfer but in a phased manner so

as to allow time for required infrastructure to develop and to gain acceptance of theinvestors and the market. The following measures have been taken by the SEBI during

the year under review :

The SEBI issued directive to the companies included in the list of securities for

dematerialisation to effect compulsory dematerialised trading for all investors andinstitutional investors on the scheduled dates announced and to sign agreements and

complete all formalities with both the depositories and establish connectivity on time sothat dematerialisation could proceed on schedule. Companies whose shares are being traded compulsorily in dematerialised form by all

investors, are required to compulsorily provide for transfer and dematerialisation of

securities simultaneously. This will help the investors in reducing the time taken fortransfer of shares.

The SEBI (Depositories and Participants) Regulation, 1996 was amended to include

registrars to an issue or share transfer agents in the eligible category to become a

depository participant. Introduction of procedures for interconnectivity between the various segments and

components involved in the process of dematerialisation and its smooth functioning at

various levels of participantion in dematerialised securities. In respect of the value of portfolio of securities of the beneficiary accounts, the broker

DPs allowed to maintain client assets in custody to the extent of 100 times of brokers

networth from the earlier limit of 35 times upto a networth of Rs.750 lakhs and 50 timesabove the networth of Rs. 750 lakh .

The branch offices of DPs that are handling more than 5000 accounts shall either have

direct electronic connectivity with the depository or with office of depository participantthat is connected live to the depository. This would adequately equip the infrastructure of

9


10/36

the depository participant branches so that the reach of the DPs could be increased and

the branches could serve the investors better, while ensuring that the branches have

adequate control systems. Every company is required to appoint the same registrars and share transfer agents for

both the depositories.

The registrars and share transfer agents are required to accept partial dematerialisationrequests and will not reject or send back the complete lot of dematerialisation request to

the DPs in cases where only a part of the request was to be rejected.

A Standing Committee co-chaired by the Managing Directors of NSDL and CDSL wasformed which will meet at least once a month to resolve issues between DPs, registrars

and depositories which may arise from time to time. The other members of the committee

are SHCIL, HDFC Bank, Standard Chartered Bank, Integrated Enterprises (I) Ltd., Karvy

Consultants, ICICI Ltd. and three persons from RAIN. If a DP has sent information about dematerialisation electronically to a Registrar but

physical shares are not received, the registrar will accept the dematerialisation request

and carry out dematerialization on the indemnity given by the DP and proof of dispatch

of document given by DP. CDSL and NSDL shall be required to persuade major DPs to open branches in cities

where DP services are not available. The broker DPs who are also registered with SEBI as share transfer agents, shall be

allowed to change their broker DP status to that of share transfer agent/Registrar DP.

The committee on dematerialisation of shares was also seized of various issues as

mentioned below : Standardization of various procedures related to trading in depository system:

Safety features and standards for depository operations:

Expansion of depository infrastructure and making the branch offices with 'live"connectivity:

Systemic tracking of delays at the hands of the depository participants, share

transfer/issuer companies and depositories: Adequacy/capability of the depository system and systemic changes necessary to cope

with the workload present as well as future:

One stage processing for transfer and dematerialisation: Reductions in the size of batch processing from the present level of 1000 requests per

batch:

Good/bad delivery norms to be made mandatory on the registrars.18

Chapter 5

18www.sebi.gov.in(21.01.09)

10
http://www.sebi.gov.in/http://www.sebi.gov.in/http://www.sebi.gov.in/http://www.sebi.gov.in/


11/36

SEBI to Set Rules for India internet Trading

Indian market regulator, the Securities and Exchange Board of India (SEBI)will create

stringent standards and practices for online trading, including disclaimers required to be

followed by the Internet sites relating to the capital market.

Indian market regulator, the Securities and Exchange Board of India (SEBI) will create

stringent standards and practices for online trading, including disclaimers required to befollowed by the Internet sites relating to the capital market.

The first meeting of the sub-group on surveillance and enforcement of Internet trading,

appointed by SEBI met Wednesday and discussed the need for further adaptation andchanges in the Internet environment.

"The need to effectively regulate financial advisory services on the Internet follows the

mushrooming activity of multiple services in terms of information and advice to investors

on the Net," said L.K. Singhvi, Senior Executive Director, SEBI. The sub-group willdefine a framework and guidelines for investment advisory services offered over the Net.

"Most developed nations like the U.S., Australia, Hong Kong, Malaysia have such

guidelines in place for investment advisors on the Net. Besides, as per Section 11 (2B) of

the SEBI Act, we are empowered to regulate investor advisors," Singhvi said.The group has also set up a sub-group to evolve a set of fair practices and obligations to

be followed by Web sites dealing with capital market related services.

To this end, members of the group will release a detailed paper suggesting standards for

content, community and commerce related activities.

In the area of surveillance and monitoring of activity on the Internet, the group hasrecommended that there was a need to have appropriate infrastructure, systems andtechnology support and modalities in this regard will be worked out by the group.

The Internet surveillance group also felt that there was a need to review some of the

existing regulations and by-laws of exchanges, which may have become redundant orobsolete with advent and adoption of this technology.

The group felt that investor education in the Internet environment is critical for investorprotection and would be instrumental in making investors aware of the precautions

required to be taken while availing of Internet services.

"Some of the members of the group will look into areas that an investor on the Net needsto know. Some of the by-laws and regulations may have become obsolete in the current

context. This group will identify and restructure any such inconsistent clauses," he

explained.The group also considered the mushrooming activity of providing advisory services on

the Internet. Although the SEBI Act empowers SEBI to register investment advisors at

present, there is no regulation in this area.

11


12/36

The Group on Enforcement and Surveillance of Internet Trading was convened by L.K.

Singhvi and include amongst its members, Sunil Chandiramani, chief executive officer,

Ernst & Young, Kalpathi S. Suresh, chief executive officer SSI, Nimish Kampani,Chairman, JM Financial and Investment, S. Ramadurai, chief executive officer of Tata

Consultancy Services, Dominic Price of J.P. Morgan, Albert Aboody of KPMG, Dhiren

Sheth, member BSE Board, Madhavi Puri Buch, chief executive officer of ICICIWebtrade and officials of the Bombay Stock Exchange(BSE) and the National Stock

Exchange (NSE).

SEBI clears decks for use of WAP for Net trading (Mumbai 2nd August)

THE SEBI-promoted committee on Internet-based securities trading and services today

cleared the decks for usage of wireless application protocol (WAP) for Internet tradingand derivatives trading on the Internet.

The regulator's decision is expected to further extend the reach of the markets and

increase the number of investor volumes and liquidity.

This is in keeping with the international trend and is the natural direction in whichmarkets will, over time, progress to,'' Mr. O.P. Gahrotra, Senior Executive Director,

SEBI, said.The regulator will issue formal instructions to the stock exchanges in about a week's time

on the decisions taken today.

The regulator, however, maintained that Internet trading via WAP will be in adherence of

all the requirements stipulated earlier by SEBI for Internet-based trading and theminimum security features laid down in this regard.

SEBI's decision will enable the WAP-enabled mobile device (mobile phones, personal

digital assistants, etc) users to trade in securities using their mobile sets.The regulator said the same minimum systems and operational requirements laid down

earlier for Net-based trading, will be applicable for derivative trading on the Internet.

``Once derivatives trading gains ground, this will be a logical extension,'' Mr. Gahrotraadded.

The technical committee, at its meeting today, also deliberated on issues pertaining to

interfacing between brokers, depositories and banks.It recommended adopting the messaging standards on the lines of the standards being

evolved by the RBI working group on Inter-Bank Messaging Standards.

Commenting on the decisions taken, Mr. Gahrotra said the regulator had not set a time

limit to how soon these measures need be implemented.``One cannot say whether it will come into effect in the next one or three months' time.

What we are looking at is that in the long-term, the markets should not feel inhibited in

anyway. We will put the system in place, let the market provide the feedbac k,'' heexplained.

National long distance phone norms finalised (NEW DELHI, Aug. 2)

THE Telecom Commission on Wednesday finalised the terms and conditions for opening

up the national long distance (NLD) telephony to private firms, ending the monopoly of

the incumbent Department of Telecom Services (DTS). The commission is also learnt to

12


13/36

have decided that the corporate entity of DTS will be a registered company under the

Companies Act, 1956.

The Telecom Commission Chairman, Mr. Shyamal Ghosh, told presspersons after thethree-hour long meeting, that the commission had decided on several key entry-related

issues such as entry fee, licence fee as revenue share and inter-circle carriage. He, ho

wever, declined to give comments as the decision will be forwarded to theCommunication Minister for his comments.

We have fixed entry fee at a very competitive level, in accordance with the provisions of

the National Telecom Policy, 1999,'' he said.Mr. Ghosh said the DTS would not get a statutory status, but would have to be registered

as a company under the Companies Act. Agency reports stated that the decision of the

commission was mostly in line with the recommendations of the Telecom Regulatory

Authority of India (TRAI). The regulator had suggested an entry fee of Rs. 500 croreswith a non-refundable component of Rs. 1 00 crores. The balance Rs. 400 crores was

refundable on the basis of roll-out obligations.

TRAI's recommendation of fixing an annual licence fee in the form of revenue share of

10 per cent and universal service obligation (USO) were also considered and resolved bythe commission, the agency report stated.19

Chapter 6

Committee for promote an internet based tradingA committee on corporate governance set up by the SEBI under the chairmanship of Shri

Kumar Mangalam Birla, member SEBI Board with the objective of strengthening and

promoting the standard of corporate governance of listed companies, had made severalrecommendations. Corporate governance is an important tool of investor protection. This

would be the first formal code of corporate governance in the country through the listing

agreement. It is expected that the introduction of these measures will raise the awarenessand make a good beginning for raising standard of functioning of corporate. The SEBIboard accepted the recommendations of the committee followed by a notification issued

to the concern agencies:

Major recommendations of Kumar Mangalam Birla Committee The board of directors of the company shall have an optimum combination of executive

and non-executive directors with not less than fifty percent of the board of directors

comprising of non-executive directors. All pecuniary relationship or transactions of the non-executive directors viz.-a-viz. the

company, should be disclosed in the Annual Report.

Board meeting shall be held atleast four times a year with a minimum time gap of

atleast four months between any two meetings. The Committee recommended the constitution of Audit Committee in a listed company.

The committee recommended that audit committee shall have minimum three members,

all being non-executive directors, with the majority of them being independent, and withat least one director having financial and accounting knowledge, the chairman of the

committee shall be an independent director.

19 www.emastersindia.net

13


14/36

The audit committee shall meet at least thrice a year. One meeting shall be held before

finalization of annual accounts and one every six months. The audit committee shall have

powers which should include to investigate any activity within its terms of reference, toseek information from any employee, to obtain outside legal or other professional advice,

to secure attendance of outsiders with relevant expertise, if it considers necessary.

The committee will review with the management, the external and internal auditors, theadequacy of internal control systems, the adequacy of internal audit function including

the structure of the internal audit department, staffing and seniority of the official heading

the department, reporting structure, discussion with internal auditors, reviewing thefindings of any internal investigations by the internal auditors, discussions with external

auditors.

The audit committee will review the companys financial and risk management policies

and will look into the reasons for substantial defaults in the payment to the depositors,debenture holders, shareholders (in case of non payment of declared dividends) and

creditors.

The committee has recommended that remuneration of directors including non-

executive directors will be decided by the board of directors. A director shall not be a member in more than 10 companies or act as chairman of more

than 5 companies in which he is a director. He will keep informed the company about thecommittee positions he occupies in other companies.

As part of the directors report or as an addition there to, a Management Discussion and

Analysis Report should form part of the annual report to the shareholders. The

management discussion and analysis will include industry structure and developments,opportunities and threats, segmentwise or product-wise performance, outlook, risks and

concerns, internal control systems and their adequacy, discussion on financial

performance with respect to operational performance, material developments in humanresources / industrial relations front, including number of people employed.

Disclosures must be made by the management to the board relating to all important

financial and commercial transactions. In case of the appointment of a new director or re-appointment of a director, the

shareholders must be provided with a brief resume of the director; nature of his expertise

in specific function areas ; and names of companies in which the proposed directors holdsdirectorship and the membership of committees of the board.

Information like quarterly results and presentation made by companies to analysts, shall

be put on companys web-site, or shall be sent in such a form so as to enable the stock

exchange on which the company is listed, to put it on its own web-site. A board committee under the chairmanship of a non-executive director shall be formed

to specifically look into the redressing of shareholders and investors complaints like

transfer of shares, non-receipt of balance sheet, non-receipt of declared dividends etc. To expedite the process of share transfers, the board of the company shall delegate the

power of share transfer to an officer or a committee or to the registrar and share transfer

agents. A company will have to include separate sections on corporate governance in its annual

report with details on compliance, non-compliance of any mandatory requirement. The

company will have to obtain a certificate from the auditors of the company regarding

compliance of conditions of corporate governance.

14


15/36

Almost all the companies listed on stock exchanges or seeking listing for the first time

will have to complete all mandatory corporate governance requirements in a phased

manner by March 31, 2003. The companies seeking listing for the first time will have tocomplete corporate governance at the time of listing.

Internet based securities tradingA Committee on internet based securities trading and services was set up by the SEBI to

develop regulatory parameters for use of internet in securities business and effective

enforcement of internet trading. The report of the Committee was approved by the Board.The Board decided that internet trading can take place in India within the existing legal

framework through the use of order-routing systems, which will route orders from clients

to brokers, for trade execution on registered stock exchanges. The Board also took note of

the recommended minimum technical standards for ensuring safety and security oftransactions between clients and brokers which will be enforced by the respective stock

exchanges.

Committee on internet based securities trading and services - firstreportInternet, the new medium that has emerged as a result of convergence betweentelecommunication and computers, is revolutionising the way business is done and is

making inroads into every conceivable area of business activity. The potential of e-

commerce is no longer a matter of debate. In fact, every forecast has been proved wrong,with actual figures far exceeding the forecast. The natural extension of e-commerce in the

securities market is Internet based trading and securities services and it has made a great

impact on the securities trading business. Issuers of securities, intermediaries, serviceproviders and investors are increasingly selling and dealing or providing securities

services on the Internet.

SEBI as the Capital Market Regulator in India, has twin objectives i.e. of regulating aswell as developing the market. Although, the Internet based trading and securitiesservices are at a nascent stage in India, the pace of growth predicted brings in an urgency

to address legal and policy issues that are associated with it. To examine and clarify

regulatory and other issues related to Internet based securities trading and services on acontinuous basis, SEBI has constituted a standing committee on Internet Based Securities

Trading and Services, chaired by Shri O.P. Gahrotra, Sr.Executive Director, SEBI. As the

Internet technology continues to evolve, the standing committee will assess newdevelopments and address relevant issues from time to time. The committee comprises of

the following members:

Prof. Deepak B Phatak, IIT, Mumbai.

Shri A.K.Sharma, DG Investigations - RegistrationsDr D.P.S.Seth, Sr.DDG(CS), Department of Telecommunication

Dr. R. H. Patil, Managing Director, NSE

Shri Anand Rathi, President, BSEShri S. Ramadorai, CEO, Tata Consultancy Services,

Shri C N Ram, Vice President (IT), HDFC Bank,

Shri LK Singhvi, Sr. ED, SEBIMs. DN Raval, ED,SEBI

15


16/36

The Committee would also like to acknowledge the commendable efforts made by Shri

Deepak Sanchety, Shri Ananta Barua, Division Chief, SEBI and Ms. Prarthna Awasthi,

Shri Ankit Sharma, Ms. Maninder Cheema and Shri Ebrahim Machhiwala, officers ofSEBI. The Committee held its first meeting on 18th Aug 1999. The Committee took

stock of the developments in the use of Internet in securities business at the international

level and within the country. In its deliberations the committee noted that a number ofissuers and information service providers have developed websites and are providing

information to investors in India. Similarly, many brokers have developed websites and

have started offering value added information to their clients. A number of websitesprovide price quotations from major stock exchanges, on almost real-time basis.

Technology development and related market innovation is growing at a fast pace. This

has in turn created an urgent need to address emerging legal and policy issues. If these

issues are not timely dealt with, it is bound to adversely affect the growth of the markets.Committee also appreciated that physical infrastructure in terms of Internet service

providers, connectivity etc., no matter how extensive or robust, is not sufficient in the

long run to sustain the high growth witnessed in the capital market. It is equally

important, therefore to create soft infrastructure through harmonisation of laws, rules,regulations, and policies. It is also necessary to clearly lay down the rights of investors

and the rights and responsibilities of all market participants and other agencies involvedin this exercise.

In India the policies related to telecommunication including connectivity between two

closed user groups and closed user group and Internet are governed by the Department of

Telecommunication (DoT), Government of India. Matters related to encryption ofmessages are also handled by the DoT. The Government has been concerned about the

issue of connectivity and a lot of debate has been generated on these issues. Recently

DoT has come out with guidelines of connectivity of independent networks.The Committee noted that Internet is already being used in developed securities markets

in the world. Some of the areas where its usage has become common have been described

below.

Internet Based Trading through Order Routing Systems

Internet based trading on conventional exchanges, uses the Internet as a medium for

communicating client orders to the exchanges, through broker web sites. Brokers websites may serve a variety of functions. These may include;

--allowing the clients to directly trade through internet;

--advertise the broker-dealers' services to potential investors;--offer market information and investment tools similar to those offered by information

vendor or SRO web sites;

--offer real-time or delayed quote information, continuously update quotes while the uservisits other sites, or allow investors to create a personal stock ticker;

--provide market summaries and commentaries, analyst reports and trading strategies and

market data on currencies, mutual funds, options, market indices and news; and--offer investors access to portfolio management tools and analytic programs;

--information on commissions and fees; and

--account information and research reports.

16


17/36

In an Order Routing System, a broker offering Internet trading facility provides an

electronic template for the customer to enter the name of the security, whether it is to be

bought or sold, the quantity and whether the order is a market or limit order.Once the brokers system receives this information, it is checked electronically against

the customer's account and is routed out by the broker to the appropriate exchange for

execution. After the order is executed, the customer receives a message confirming theorder. The customer's portfolio and ledger account may also be updated on-line to reflect

the transaction.

Use of Internet as Alternative Trading Systems (Provision for price discovery and

matching outside conventional exchanges)

In foreign jurisdictions, Alternative trading systems have been developing outside

conventional securities markets, which provide investors with additional proprietary

electronic trading facilities for securities that are traded principally on securitiesexchanges, or other organised markets. They have price discovery functions, matching

systems and crossing systems. The systems that are currently in use in outside

jurisdictions are closed systems and are not accessible to the general public through the

Internet.The securities markets regulators abroad have maintained flexible and open policies

designed to encourage innovation in the secondary securities markets. As a result, anumber of market participants, usually broker-dealers, have developed computerized

"alternative trading systems", by which the system centralise, display, match, cross or

otherwise execute trading interest.

Use of Internet for making Initial Public Offerings

Issuers of securities are using the Internet to communicate directly with their

shareholders, potential investors and analysts by disseminating corporate information. In

foreign jurisdictions, they are also using the Internet to communicate to the public for thefollowing:

--public offerings;

--private offerings; and--disclosure and communication.

Issuers are using the Internet to market themselves to potential investors. The Internet is

also being used for fulfilling necessary disclosure requirements, for disseminating theprospectus in electronic form and even for receiving share applications in public issues

electronically. In India, SEBI has taken initiative in permitting use of the network of

stock exchanges for collection of investor applications in public offerings by the issuer

companies.

Investment Advisory Services

Brokers as well as other service providers such as investment firms, research outfits etc.

are using the Internet for marketing and advertising purposes, for presenting informationon portfolio analysis and market information, and for communicating with and receiving

orders from potential investors. The services offered by the service providers to the

investors are generally the following:--advertising;

--providing investment information and investment advice;

--underwriting;

--communicating with the investors;

17


18/36

--customer orders; and

--record keeping.

Working Groups set up by the Committee Considering the present state of capitalmarkets in India and keeping in view the ongoing developments in Internet based

securities business, it was felt that SEBI as a regulator could strive to identify areas where

use of Internet in the capital market is possible within the existing legal framework. Onesuch area identified by the Committee, which is also the central theme of this report is the

area of Internet trading on existing electronic exchanges. In this area, though early

introduction of Cyber Laws would be highly desirable but their existence is not anecessary precondition.

To look into the existing regulatory scenario and to bring out some ground rules for use

of the medium of Internet, the Committee therefor constituted the following two working

groups to look into the areas of :i. security protocols and standardisation of interfaces for Internet based securities trading,

chaired by Prof. Deepak B. Phatak, IIT, Powai, Mumbai

ii. surveillance and monitoring related issues arising due to Internet based securities

trading, chaired by Shri L K Singhvi, Sr. ED, SEBIThe Committee also requested Ms D N Raval, Executive Director, SEBI to examine the

legality of introduction of Internet trading and the issue of Alternative Trading Systems.This report of the standing committee examines the regulatory and security requirements

regarding Internet Based Trading on Conventional Exchanges. Separate report(s) will

cover the other areas related to Internet applications in the securities markets.

The report of the first working group on security protocols and standardisation ofinterfaces has since been submitted and incorporated in this report as Annexure I. The

committee would like to place on record its sincere thanks to Dr. D.B.Phatak, Ms.D.N.

Raval and their team members.The global financial market is undergoing a transformation due to rapid technological

developments. It thus becomes imperative that for developing an effective regulatory

framework developments in other parts of the world should be studied and analysed.With nearly two million on-line investors, Internet trading in the United States is growing

by leaps and bounds. Internet trading is being facilitated by large brokerage houses, thus

changing the total concept of securities trading.A team comprising of members from stock exchanges and SEBI visited the United States

to study these developments and had interactions with brokerage houses, Internet service

providers and other agencies involved in facilitating Internet trading. The team also

discussed the developments in the emerging regulatory and supervisory framework inUnited States with the Securities and Exchange Commission officials. They were also

apprised of the various initiatives taken by SEC in this regard. These inputs have been

utilised while drafting this report.

Regulatory Approach

The Committee has worked on the premise that the order screening and subsequent

execution which is being done manually today is simply sought to be replaced by

electronic screening and execution through the brokers terminal in the proposed system

of Internet trading, the basic principles of regulation would remain the same, irrespective

18


19/36

of the medium of communication or delivery. The Committee seeks to encourage the

legitimate use of Internet in a uniform regulatory environment for trading on the Internet

in the already existing conventional automated screen based trading models.Further objective of the committee is to do the initial groundwork by laying down

standards which would help create an appropriate environment in which transition and

adoption of international standards in the regulation and communication technologybecomes easy at a future date.

Scope of the Report

As per the report at Annexure II, under the existing legal framework, Internet can be usedas an order routing system through registered stock brokers on behalf of clients for

execution of trades on recognised stock exchanges. At present, very few banks are

offering Internet based services. Depositories have not yet started offering services on

Internet. Because of this, interfacing securities trading with banking and depositoryservices may take longer.

Keeping this in view, as a first, the Committee has limited the scope of its present

recommendations to cover only those issues, which are directly related to Internet trading

through order routing systems.

Recommendations of the CommitteeApplication for Permission by Brokers

SEBI registered Stock Brokers interested in providing Internet based trading services will

be required to apply to the respective stock exchange for a formal permission. The stockexchange should grant approval or reject the application as the case may be, and

communicate its decision to the member within 30 calendar days of the date of completed

application submitted to the exchange. The stock exchange, before giving permission to

brokers to start Internet based services shall ensure the fulfillment of the followingminimum conditions:

Networth RequirementThe broker must have a minimum net worth of Rs.50 lacs if the broker is providing theInternet based facility on his own. However, if some brokers collectively approach a

service provider for providing the internet trading facility, net worth criteria as stipulated

by the stock exchange will apply. The net worth will be computed as per the SEBIcircular no FITTC/DC/CIR-1/98 dated June 16, 1998.

Operational and System Requirements

Operational Integrity: The Stock Exchange must ensure that the system used by the

broker has provision for security, reliability and confidentiality of data through use ofencryption technology. (Basic minimum security standards are enclosed in Annexure-I).

The Stock Exchange must also ensure that records maintained in electronic form by the

broker are not susceptible to manipulation.System Capacity: The Stock Exchange must ensure that the brokers maintain adequate

backup systems and data storage capacity. The Stock Exchange must also ensure that the

brokers have adequate system capacity for handling data transfer, and arranged foralternative means of communications in case of Internet link failure.

Qualified Personnel: The Stock Exchange must lay down the minimum qualification for

personnel to ensure that the broker has suitably qualified and adequate personnel to

19


20/36

handle communication including trading instructions as well as other back office work

which is likely to increase because of higher volumes.Written Procedures: Stock Exchange must develop uniform written procedures to handlecontingency situations and for review of incoming and outgoing electronic

correspondence.

Signature Verification/ Authentication: It is desirable that participants use authenticationtechnologies. For this purpose it should be mandatory for participants to use certification

agencies as and when notified by Government /SEBI. They should also clearly specify

when manual signatures would be required.

Client Broker Relationship

Know Your Client: The Stock Exchange must ensure that brokers have sufficient,

verifiable information about clients, which would facilitate risk evaluation of clients.Broker-Client Agreement: Brokers must enter into an agreement with clients spelling outall obligations and rights. This agreement should also include inter alia, the minimum

service standards to be maintained by the broker for such services specified by

SEBI/Exchanges for the internet based trading from time to time.

Exchanges will prepare a model agreement for this purpose. The broker agreement withclients should not have any clause that is less stringent/contrary to the conditions

stipulated in the model agreement. Investor Information: The broker web site providing the internet based trading facility

should contain information meant for investor protection such as rules and regulations

affecting client broker relationship, arbitration rules, investor protection rules etc. The

broker web site providing the Internet based trading facility should also provide anddisplay prominently, hyper link to the web site/page on the web site of the relevant stock

exchange(s) displaying rules/ regulations/circulars. Ticker/quote/order book displayed on

the web-site of the broker should display the time stamp as well as the source of suchinformation against the given information.

Order/Trade Confirmation: Order/Trade confirmation should also be sent to the investor

through email at clients discretion at the time period specified by the client in addition tothe other mode of display of such confirmations on real time basis on the broker web site.

The investor should be allowed to specify the time interval on the web site itself within

which he would like to receive this information through email. Facility for reconfirmationof orders which are larger than that specified by the members risk management system

should be provided on the internet based system.Handling Complaints by Investors: Exchanges should monitor complaints from investors

regarding service provided by brokers to ensure a minimum level of service. Exchangeshould have separate cell specifically to handle Internet trading related complaints. It is

desirable that exchanges should also have facility for on-line registration of complaints

on their web-site.

Risk Management

Exchanges must ensure that brokers have a system-based control on the trading limits ofclients, and exposures taken by clients. Brokers must set pre-defined limits on the

exposure and turnover of each client. The broker systems should be capable of assessing

the risk of the client as soon as the order comes in. The client should be informed of

acceptance/rejection of the order within a reasonable period. In case system based control

20


21/36

rejects an order because of client having exceeded limits etc., the broker system may have

a review and release facility to allow the order to pass through. Reports on margin

requirements, payment and delivery obligations, etc. should be informed to the clientthrough the system.

Contract Notes

Contract notes must be issued to clients as per existing regulations, within 24 hours of thetrade execution.

Cross Trades

As a matter of abundant precaution, the committee seeks to reiterate that as in the case ofexisting system, brokers using Internet based systems for routing client orders will also

not be allowed to cross trades of their clients with each other. All orders must be offered

to the market for matching.

It is emphasised that in addition to the requirements mentioned above, all existing

obligations of the broker as per current regulation will continue without changes.

Exchanges may also like to specify more stringent standards as they may deem fit forallowing Internet based trading facilities to their brokers.

EnforcementA separate working group has been set to look into the surveillance and enforcement

related issues arising due to Internet based securities trading. However, general anti-fraudprovisions (SEBI Fraudulent and Unfair Trade Practices Regulations, 1995) would apply

to all transactions involving securities or financial services, regardless of the medium.

Conclusion and Future Agenda

Under the existing legal and regulatory framework, SEBI registered brokers can offertrading on Internet through order is routing systems. However, with the rapid

development of the technology, we have to evolve further steps in this direction It is there

for proposed that as the next step link between the depositories and banks shall beestablished after the necessary regulations have been passed. This would reduce the

clearing and settlement time and would also minimise the risk of all the participants

involved in the transactions.We have to look forward towards achieving an ideal scenario where all the services

related to securities markets including marketing of initial public offers on internet,

providing investment advisory services to the clients, broking, clearing and settlementetc., are provided on the Internet by an intermediary. In a nutshell it can be said that

we are moving towards a one stop service centre.

Annexure I

Network Security Protocols and Interface Standards

At present the Indian laws are silent on the security of Internet information. However, the

draft E-Commerce Act focuses on this issue and prescribes the requirements like

electronic certification, digital signatures etc. which will play an important role on theauthenticity of such information gathered from the Internet. These requirements will also

have to be met by Internet traders using ORS on the stock exchanges.

Network Security

It is suggested that the following security measures should be made mandatory

i. User id

ii. First Level password (Private code)

21


22/36

iii. Automatic expiry of passwords at the end of a reasonable duration. Reinitialise access

on entering fresh passwords

iv. All transaction logs with proper audit facilities to be maintained in the system.v. Secured Socket Level Security for server access through Internet

vi. Suitable Firewalls between trading set-up directly connected to an Exchange trading

system and theInternet trading set-up.

Advanced Security products used for E-Commerce may be made optional. Some of these

are:a. Microprocessor based SMART cards

b. Dynamic Password (Secure ID Tokens)

c. 64 bit/128 bit encryption **

d. Second Level password (personal information e.g. village name,birth date etc.)

**DOT policy and regulations will govern the level of encryption.

Standards for Web Interfaces and Protocols

For Order Routing Systems to become operational in the existing scenario, interfacing oftrading systems with Banking Systems and Depositories is not immediately required and

may be considered after the E-Commerce Laws are in place. Similarly the Group believesthat Wireless Internet Interface has the potential of a very large penetration and the Group

will work towards interface standardisation in that area as well. Between a Trading Web

Server and Trading Client Terminals, Interfaces Standards as per recommendations of

IETF (Internet Engineering Task Force) and W3C (World Wide Web Consortium) maybe adopted. E.g.: HTTP Ver 4 or above HTML Ver 4/XML.

Systems Operations

a. Brokers should follow the similar logic/priorities used by the Exchange to treat clientorders

b. Brokers should maintain all activities/ alerts log with audit trail facility

c. Broker Web Server should have internally generated unique numbering for all clientorder/trades

d. Brokers should seek permission from the Exchange before commencement of Internet

trading facility after providing complete details of the features of implemented systems.e. Brokers should make periodic reporting to the Exchange as specified by the Exchange.

The committee strongly recommends that 128 bit encryption should be allowed to be

freely used by the Department of Telecommunications, Government of India to ensure

safety, security and integrity as well as for maintaining investor trust in the internet basedtrading system.20

Chapter 7

Transfer of cash through internet21

20 www.sebi.gov.in(21.01.09)21 Michael Simmons ,Securities operation , John Wiley & sons Ltd, Page 80

22


23/36

The following transaction types are typically used by Securities trading organization

involving cash :

1. repurchase(repo)

2. unsecured borrowing and lending

3. account transfer 4. foreign exchange

1. Repurchase (repo) Transaction

For completeness, repo transaction are listed here as a cash transaction type, as well as in

previous section as securities transaction type. Many ripo transactions are executed by

securities trading organizations from the perspective of the need to borrow cash, against

which securities are given as collateral.

The borrowing or lending of cash on a secured basis is very similar in structure to a repotransaction and so will not be specifically described within this section .

2. Unsecured cash Borrowing and Lending

The settlement of principle purchase by an securities trading organization will result in adebit of cash and usually a negative cash position on the securities trading organizations

nostro account at the custodian. As the rate of overdraft interest chard by a custodian may

be out of line with market rates, a securities trading organization will reduce its costs if itcan borrow cash more cheaply from another source.

Characteristics Unsecured cash Borrowing and Lending

Securities + cash, cash only? Cash only

Origin? Treasury department


External cash movement? Yes



Issue a settlement instruction Yes(one for opening value ,one for closing)

3. Account Transfer Transactions

23


24/36

Where an STO has an overdraft (or anticipated overdraft) at a custodian as a result of

settlement of trades and the STO wishes to cover that overdraft, one of the options open

to the STO is to transfer cash (in the same currency) from:

another account with the same custodian, or

an account held at another Bank

Where the accounts involved belong to the STO.

Characteristics Account Transfer Transactions

Securities + cash, cash only? Cash only

Origin? Treasury department or

Or back officeTrading position affected? No.




Issue a settlement instruction Yes (both paying andReceiving nostros)

4. Foreign Exchange Transactions

A further option for an STO to cover an over draft is to execute a foreign exchange(FX)transaction. Where the STO has a credit balance in a nostro account in one currency.(e.g.

Japanese Yen), but has an over draft in anther currency (e.g. US Dollar). The STO can

effect an FX transaction that sells the appropriate amount of Yen in exchange for therequired amount of Dollars.

It is important to note that an FX transaction is not a temporary loan or borrowing of

cash, but an outright sale of one currency and purchase of another, at an agreed exchangerate.

Characteristics Foreign Exchange Transactions

Securities + cash, cash only? Cash only (two currencies)

Origin? Back office or treasuryDepartment


24


25/36




Issue a settlement instruction Yes (both paying and

Receiving nostros)22

Chapter 8

Internet Banking in India Guidelines23

(June 14, 2001)

Reserve Bank of India had set up a Working Group on Internet Banking to examinedifferent aspects of Internet Banking (I-banking). The Group had focused on three major

areas of I-banking,i.e.,

(1) technology and security issues,(2) legal issues and

(3) regulatory and supervisory issues.

RBI has accepted the recommendations of the Group to be implemented in a phasedmanner. Accordingly, the following guidelines are issued for implementation by banks.

Banks are also advised that they may be guided by the original report, for a detailed

guidance on different issues.

I. Technology and Security Standards:

a. Banks should designate a network and database administrator with clearly defined

roles as indicated in the Groups report.

b. Banks should have a security policy duly approved by the Board of Directors. There

should be a segregation of duty of Security Officer / Group dealing exclusively with

information systems security and Information Technology Division which actuallyimplements the computer systems. Further, Information Systems Auditor will audit the

information systems.

c. Banks should introduce logical access controls to data, systems, application software,

utilities, telecommunication lines, libraries, system software, etc. Logical access control

techniques may include user-ids, passwords, smart cards or other biometric technologies.

d. At the minimum, banks should use the proxy server type of firewall so that there is no

direct connection between the Internet and the banks system. It facilitates a high level of

control and in-depth monitoring using logging and auditing tools. For sensitive systems, astateful inspection firewall is recommended which thoroughly inspects all packets of

22 Michael Simmons, Securities operation , John Wiley & sons Ltd, Page 80-8423 Naavi Na.Vijayashankar Cyber Laws For Every Netizen in India

25


26/36

information, and past and present transactions are compared. These generally include a

real time security alert.

e. All the systems supporting dial up services through modem on the same LAN as the

application server should be isolated to prevent intrusions into the network as this may

bypass the proxy server.

f. PKI (Public Key Infrastructure) is the most favoured technology for secure Internet

banking services.

However, as it is not yet commonly available, banks should use the following alternative

system during the transition, until the PKI is put in place:

1. Usage of SSL (Secured Socket Layer), which ensures server authentication and use ofclient side certificates issued by the banks themselves using a Certificate Server.

2. The use of at least 128-bit SSL for securing browser to web server communications

and, in addition, encryption of sensitive data like passwords in transit within the

enterprise itself.

g. It is also recommended that all unnecessary services on the application server such asFTP (File Transfer Protocol), telnet should be disabled. The application server should be

isolated from the e-mail server.

h. All computer accesses, including messages received, should be logged. Securityviolations (suspected or attempted) should be reported and follow up action taken should

be kept in mind while framing future policy. Banks should acquire tools for monitoring

systems and the networks against intrusions and attacks. These tools should be usedregularly to avoid security breaches. The banks should review their security infrastructure

and security policies regularly and optimize them in the light of their own experiences

and changing technologies. They should educate their security personnel and also the endusers on a continuous basis.

i. The information security officer and the information system auditor should undertakeperiodic penetration tests of the system, which should include:

1. Attempting to guess passwords using password-cracking tools.

2. Search for back door traps in the programs.

3. Attempt to overload the system using DDoS (Distributed Denial of Service) &DoS(Denial of Service) attacks.

4. Check if commonly known holes in the software, especially the browser and the emailsoftware exist.

5. The penetration testing may also be carried out by engaging outside experts (often

called Ethical Hackers).

26


27/36

j. Physical access controls should be strictly enforced. Physical security should cover all

the information systems and sites where they are housed, both against internal andexternal threats.

k. Banks should have proper infrastructure and schedules for backing up data. The backed-up data should be periodically tested to ensure recovery without loss of

transactions in a time frame as given out in the banks security policy. Business

continuity should be ensured by setting up disaster recovery sites. These facilities shouldalso be tested periodically.

l. All applications of banks should have proper record keeping facilities for legal

purposes. It may be necessary to keep all received and sent messages both in encryptedand decrypted form.

m. Security infrastructure should be properly tested before using the systems and

applications for normal operations. Banks should upgrade the systems by installing

patches released by developers to remove bugs and loopholes, and upgrade to newerversions which give better security and control.

II. Legal Issues

a. Considering the legal position prevalent, there is an obligation on the part of banks not

only to establish the identity but also to make enquiries about integrity and reputation of

the prospective customer.Therefore, even though request for opening account can be accepted over Internet,

accounts should be opened only after proper introduction and physical verification of the

identity of the customer.

b. From a legal perspective, security procedure adopted by banks for authenticating users

needs to be recognized by law as a substitute for signature. In India, the InformationTechnology Act, 2000, in Section 3(2) provides for a particular technology (viz., the

asymmetric crypto system and hash

function) as a means of authenticating electronic record. Any other method used by banksfor authentication should be recognized as a source of legal risk.

c. Under the present regime there is an obligation on banks to maintain secrecy and

confidentiality of customers accounts. In the Internet banking scenario, the risk of banksnot meeting the above obligation is high on account of several factors. Despite all

reasonable precautions, banks may be exposed to enhanced risk of liability to customers

on account of breach of secrecy, denial of service etc., because of hacking/ othertechnological failures. The banks should, therefore, institute adequate risk control

measures to manage such risks.

d. In Internet banking scenario there is very little scope for the banks to act on stop-

payment instructions from the customers. Hence, banks should clearly notify to the

customers the timeframe and the circumstances in which any stop-payment instructions

could be accepted.

27


28/36

e. The Consumer Protection Act, 1986 defines the rights of consumers in India and is

applicable tobanking services as well. Currently, the rights and liabilities of customers availing of

Internet banking services are being determined by bilateral agreements between the banks

and customers. Considering the banking practice and rights enjoyed by customers intraditional banking, banks liability to the customers on account of unauthorized transfer

through hacking, denial of service on account of technological failure etc. needs to be

assessed and banks providing Internet banking should insure themselves against suchrisks.

III. Regulatory and Supervisory Issues:

As recommended by the Group, the existing regulatory framework over banks will beextended to Internet banking also. In this regard, it is advised that:

1. Only such banks which are licensed and supervised in India and have a physical

presence in India will be permitted to offer Internet banking products to residents ofIndia. Thus, both banks and virtual banks incorporated outside the country and having no

physical presence in India will not, for the present, be permitted to offer Internet bankingservices to Indian residents.

2. The products should be restricted to account holders only and should not be offered in

other jurisdictions.

3. The services should only include local currency products.

4. The in-out scenario where customers in cross border jurisdictions are offered banking

services by Indian banks (or branches of foreign banks in India) and the out-in scenario

where Indian residents are offered banking services by banks operating in cross389border jurisdictions are generally not permitted and this approach will apply to Internet

banking also. The existing exceptions for limited purposes under FEMA i.e. where

resident Indians have been permitted to continue to maintain their accounts with overseasbanks etc., will, however, be permitted.

5. Overseas branches of Indian banks will be permitted to offer Internet banking services

to their overseas customers subject to their satisfying, in addition to the host supervisor,the home supervisor. Given the regulatory approach as above, banks are advised to

follow the following instructions:

a. All banks, who propose to offer transactional services on the Internet should obtain

prior approval from RBI. Banks application for such permission should indicate its

business plan, analysis of cost and benefit, operational arrangements like technologyadopted, business partners, third party service providers and systems and control

procedures the bank proposes to adopt for managing risks. The bank should also submit a

security policy covering recommendations made in this circular and a certificate from an

independent auditor that the minimum requirements prescribed have been met. After the

28


29/36

initial approval the banks will be obliged to inform RBI any material changes in the

services /products offered by them.

b. Banks will report to RBI every breach or failure of security systems and procedure and

the latter, at its discretion, may decide to commission special audit / inspection of such

banks.

c. The guidelines issued by RBI on Risks and Controls in Computers and

Telecommunications vide circular DBS.CO.ITC.BC. 10/ 31.09.001/ 97-98 dated 4th

February 1998 will equally apply to Internet banking. The RBI as supervisor will cover

the entire risks associated with electronic banking as a part of its regular inspections of

banks.

d. Banks should develop outsourcing guidelines to manage risks arising out of third party

service

providers, such as, disruption in service, defective services and personnel of service

providers gaining intimate knowledge of banks systems and miss utilizing the same, etc.,effectively.

e. With the increasing popularity of e-commerce, it has become necessary to set up Inter-

bank Payment Gateways for settlement of such transactions. The protocol for

transactions between the customer, the bank and the portal and the framework for setting

up of payment gateways as recommended by the Group should be adopted.

f. Only institutions who are members of the cheque clearing system in the country will be

permitted to participate in Inter-bank payment gateways for Internet payment. Eachgateway must nominate a bank as the clearing bank to settle all transactions. Payments

effected using credit cards, payments arising out of cross border e-commerce transactions

and all intra-bank payments (i.e., transactions involving only one bank) should beexcluded for settlement through an inter-bank payment gateway.)

g. Inter-bank payment gateways must have capabilities for both net and gross settlement.All settlement should be intra-day and as far as possible, in real time.

h. Connectivity between the gateway and the computer system of the member bank

should be achieved using a leased line network (not through Internet) with appropriatedata encryption standard. All transactions must be authenticated. Once, the regulatory

framework is in place, the transactions should be digitally certified by any licensed

certifying agency. SSL / 128 bit encryption must be used as minimum level of security.Reserve Bank may get the security of the entire infrastructure both at the payment

gateways end and the participating institutions end certified prior to making the facility

available for customers use.

i. Bilateral contracts between the payee and payees bank, the participating banks and

service provider and the banks themselves will form the legal basis for such transactions.

29


30/36

The rights and obligations of each party must be clearly defined and should be valid in a

court of law.

j. Banks must make mandatory disclosures of risks, responsibilities and liabilities of the

customers in doing business through Internet through a disclosure template. The banks

should also provide their latest published financial results over the net.

k. Hyperlinks from banks websites, often raise the issue of reputational risk. Such links

should not mislead the customers into believing that banks sponsor any particular productor any business24

Chapter 9

Legal issues in cyber banking 25

Banking was one of the earliest industries in the world to have adopted Internet into its

Business Model. Initially, the dot-com banks made significant progress in USA andelsewhere in the world just as Amazon.com made its presence felt as a virtual book seller.

Gradually the Brick and Mortar Banks joined the race and today they use Internet as ameans of communication not only for Customer transactions but also for Inter-branch

transactions and Inter-bank transactions. In India, the strict licensing regime in the

Banking industry has ensured that no Virtual bank could come up on the Net.However, the Commercial Banks entered the Cyber space initially with an information

website and later with limited online transactions. Today, without doubt ICICI Bank is

the leading Indian Bank on the Net with HDFC Bank, UTI Bank, SBI and others trying to

catch up with them.The Competitive environment in which Commercial bankers have to function today in

India has also placed a premium ono Reduction in Cost of Serviceo Innovation in Products

o Better Customer Service.

Technology Banking in the Internet era will therefore try to achieve these objectives bythe use of Internet. The legal issues confronting the Cyber Banks of India have to

beanalyzed with reference to the general legal regime prevailing in India and the specific

guidelines that have now been issued byReserve bank of India in this regard.

Building blocks of technology banking

Technology Banking in the Internet era will be characterized by

1. Establishing customer relationship on the Internet and maintaining them throughInternet for a true Any where, Any Time Banking service.

2. Interacting with the existing clients through Internet for communication.

24 Naavi Na.Vijayashankar, Cyber Laws For Every Netizen in India(Version 2004), Page 371

25 Naavi Na.Vijayashankar Cyber Laws For Every Netizen in India

30


31/36

3. Using Internet for structuring and delivering services that require automatic real time

responses such as the Foreign Exchange and Treasury Operations besides the Stock

Market Payment mechanisms.4. Inter Bank Fund Transfer and Clearing of cheques through Internet.

Legal issues

Digital Signatures:The Banker Customer relationship in the Internet era will revolve around the Digital

signatures as it now revolves round written signatures. In view of the Digital Signature

being a creation ofTechnology, The Banker would be heavily dependent on technology for

"Authentication", "Storage" and "Recovery" of information.

Customer Relation Establishment:

In the Meta society Banking, opening of accounts are always done with the Customer andthe Introducer being present before an authorized Bank officer. With the passage of the

Information

Technology Act, a natural question that will come up is whether an Account can be

opened through Electronic Documents only. For records sake, the RBI guidelines onInternet Banking released

on June 14, 2001 has indicated that Banks should open accounts only after physicalverification of signatures. This implies that the guideline is over ruling the spirit of

Section 4 and 5 of the

Information Technology Act 2000 according to which an electronic application madewith a digital signature covered by the Digital Certificate from an approved Certifying

authority should be a legally valid application for starting a Banker-Customer Contractual

relationship. .

The action can be legally justified only by extending the provisions of Section 9 of theITA-2000 to RBI . However Section 9 was meant to provide a discretion to the

Government and some of the Government agencies not to adopt EGovernance measuresenunciated in sections 6, 7 and 8. It is doubtful if the legislative intent was to exempt RBIfrom these provisions.

Presently, RBI is has become a Certifying Authority itself through its technology

arm IDRBT (Institute of Development and Research in Banking Technology). RBI alsohas initiated amendments to Negotiable Instruments Act 1881 and the ITA- 2000 itself to

provide recognition to electronic form of cheques. It is time therefore for RBI to review

its Internet Banking guideline and withdraw the ban on opening new accounts through

digitally signed application forms.

Rights of Lien and Setoff:Banking law and practice have developed some exclusive laws applicable to Bankers

particularly in the areas of Lien and Set off. While "Lien" refers to physical property,

"Set off" refers tomoneys due. In the Internet banking era, the Virtual Properties and Virtual Balances

come to the forefront. The established Banking law and practice will have to therefore

modify itself to accept lien of a virtual property and set off on virtual money.

Negotiable Instruments and the ITA-2000:

31


32/36

Law and Practice of Indian Banking have been developed on the basis of English law and

are fairly well established. The Negotiable Instruments such as the Cheque, Bill of

Exchange and the Promissory Note have a legal history of their own. With the advent ofInternet into Banking, many of these need to undergo a change.

When Information Technology Act-2000 was originally passed, it stated in its first

section itself that the Act shall not apply to a Negotiable Instruments. Now this restrictionhas been confined to Negotiable Instruments other than a Cheque meaning the

Promissory Note and the Bill of Exchange. The Negotiable Instruments Amendment Act

2002 (NIAA-2002) has introduced two types of Electronic Instruments called theElectronic Cheq

SECURITIES AND CYBER LAWS

Documents

Transcript of SECURITIES AND CYBER LAWS