SEBI fines NSE Data & Analytics for repeated regulatory violations

The Securities and Exchange Board of India (SEBI) has imposed a fine of Rs 12 lakh on NSE Data & Analytics Limited (formerly DotEx International) following an audit that revealed numerous regulatory violations. The audit, which took place in September 2023, focused on the company’s role as a KYC Registration Agency (KRA) and covered its practices from April 2022 to July 2023.

SEBI identified several irregularities, including the lack of an independent company policy on disaster recovery and business continuity. NSE Data & Analytics used a common policy with its parent company NSE until January 2024, which SEBI found inconsistent with its regulations.

It also found that in 61 cases, the company delayed sending thank-you letters to investors, beyond the 10-day limit required by SEBI.

Additionally, SEBI flagged cybersecurity lapses, noting that vulnerabilities identified during audits were not remedied within the required timescales.

Read also: : SEBI Board Meeting LIVE: Take a look at the key regulatory changes on the agenda

The audit also found that NSE Data & Analytics did not properly maintain access logs to its data center, a key requirement under SEBI’s cybersecurity framework. Moreover, the company has not included clauses to report cyber attacks within six hours as per SEBI regulations.

NSE Data & Analytics defended itself by citing infrastructure shared with NSE and delays from third-party vendors, but SEBI rejected these arguments, emphasizing that the company is a separate legal entity responsible for its own compliance.

The violations fall under SEBI’s intermediary and KRA regulations, and the regulator found that NSE Data & Analytics did not adhere to required standards. The fine imposed reflects the seriousness of the company’s lapses in cybersecurity, KYC processing and corporate governance.