NSE Knew Technology Flaws Can Allow Preferential Access, But Didn’t Act: Audit
NSE IT team did not react despite being aware of system issues.
The National Stock Exchange of India Ltd. was aware of the flaws in its technology backbone that allowed preferential access to high-frequency traders and yet failed to rectify them, an audit report by Deloitte said.
The technology architecture of the exchange was prone to manipulation and three brokers appeared to be the “first to connect to specific servers significantly more than others”, the report said.
The market regulator is also probing the alleged selective access, which has delayed the NSE’s Rs 10,000-crore initial public offering. Its vice-chairman Ravi Narain resigned earlier this month days after the Securities and Exchange Board of India served show-cause notices on the exchange and its 14 current and former employees, including former managing director Chitra Ramkrishna.
Deloitte was appointed by the NSE board on October 1 last year to audit the derivative segment after allegations of preferential access to certain brokers and participants through the co-location service. It allows traders and brokers to place servers in the NSE building and connect directly to the exchange’s trading systems. The auditor submitted the report to the exchange in December, a few days before the NSE filed its draft red herring prospectus with SEBI.
The audit was aimed at finding out...
- whether norms of fair access were breached, and
- whether some brokers were unduly benefited
- if so, whether this was because of any collusion/misconduct by NSE employees
The audit report was shared with BloombergQuint by an unverified Twitter handle. A senior NSE official confirmed that the report was authentic but didn’t want to come on record since the market regulator is also probing the matter based on the audit report. Emails sent to the NSE and Deloitte regarding the report didn’t elicit a response.
The NSE information technology team said that when the new servers were introduced in 2012, none of the internet protocol addresses mapped to the existing servers were migrated to these, according to the audit report.
However, we reviewed certain emails which indicated that some IPs of a few members who had multiple connections were distributed to TBTCOLO 26 when it was introduced in January 2012.Deloitte Audit Report On NSE’s Derivative Segment
The audit report indicated that the IT team of the exchange was aware of the flaws in the architecture, but did little to address them until April 2014, when the NSE moved to multicast tick-by-tick system.
….we came across documents that make us believe that the NSE IT Team had an opportunity to address some known architectural issues of the platform. We were not provided documents or reasons for the same not being implemented.Deloitte Audit Report On NSE’s Derivative Segment
Settle Via Consent
The NSE board last week approved to settle the co-location case through SEBI’s consent mechanism, said an exchange official seeking anonymity. The NSE is ascertaining the extent of gains the exchange made between 2010 and 2015, said the person cited above, adding that the consent application will be filed soon.