The SEBI (Securities and Exchange Board of India) is gearing up to protect privileged company information following a leak of UPSI (unpublished price-sensitive information) through WhatsApp groups.
The market regulator initiated investigations into the matter after a media report emerged about the circulation of UPSI relating to different companies in private WhatsApp groups.
Preliminary findings suggested that the UPSI-related figures matched several firms’ quarterly financial results. Following this, SEBI conducted search and seizure operations at different locations.
Policy modifications recommended
Last year, the regulator set up a ‘fair market conduct’ panel led by former law secretary T.K. Viswanathan, with four subcommittees to assess its directive on insider trading and unfair trading practices. The panel issued measures to companies for safeguarding sensitive information following the UPSI leak.
Recommended measures included policy modifications to handle UPSI and its communication to stakeholders, thorough background checks on employees handling sensitive information, share price change monitoring before earning releases or other such important events, information exchange to external parties on a need-to-know basis and separation of workspaces of persons dealing with price-sensitive information.
24 companies under investigation
Based on a statement released earlier this year, close to 24 companies were under investigation. Of these, the regulator had passed orders against Tata Motors Ltd, Bata India Ltd, Axis Bank Ltd and HDFC Bank Ltd.
It was found that the leaked information had mirrored results in all four cases.
This led to the possibility that the leaks could be the result of a systemic issue and not necessarily a company-specific one.
The panel was also considering modifying its model code of conduct, which includes the principles to be followed by companies to prevent leaks of sensitive information and insider trading. The changes in this rule are said to be all the more important since the companies had not identified the source of the leaks.
Based on its 2018–19 proposals, the regulator will be seen strengthening its directives that govern insider trading. It is also said to be making amendments to the Prohibition of Insider Trading Regulations and Prohibition of Fraudulent and Unfair Trade Practices Regulations.
Market intermediaries such as stock exchanges and brokers will be required to survey their client-trading activity under tweaks to legal frameworks being considered by the SEBI.
Sources state that the SEBI has been using analytical and statistical tools – even artificial intelligence – to understand the connection between the transfer of sensitive information and its trading. Social media platforms are also scanned to apprehend users benefiting from insider trading.
The parties investigated included auditors, brokers, analysts and investment advisers, besides the company executives.
The market regulator is almost through with its probe now and will soon be taking action against market operators and senior staff from leading companies.
Indian organisations must adopt an ISO 27001-compliant ISMS
Companies need information security management protocols to minimise harm from a cyber security breach.
ISO 27001 is the international standard that describes best practice for an ISMS (information security management system).
Achieving accredited certification to ISO 27001 demonstrates than an organisation is taking a comprehensive approach to information security.
For blue-chip companies, an ISMS instils faith in stakeholders regarding the security of sensitive information.
IT Governance’s ISO 27001 ISMS Documentation Toolkit provides easy-to-use templates, customisable worksheets, policies and expert guidance from ISO 27001 practitioners.