Market regulator Securities and Exchange Board of India (SEBI) has imposed a penalty of ₹5 lakh on Reliance Securities Ltd following a thematic inspection that uncovered serious lapses in the broker’s cyber security, system resilience and compliance framework. The inspection, covering the period from 1 April 2023 to 31 October 2024, found multiple violations of SEBI regulations and circulars issued by both SEBI and the National Stock Exchange (NSE).
Reliance Securities, a registered stockbroker and trading member of Bombay Stock exchange (BSE), NSE, Multi Commodity Exchange (MCX), and National Commodity and Derivatives Exchange (NCDEX), failed to provide adequate evidence of capacity planning for critical systems. SEBI noted that the broker did not maintain documentation on peak-load calculations, transaction growth and capacity projections. The installed system capacity was not demonstrably 1.5 times the observed peak load, while threshold alerts were set at 75% instead of the mandated 70%.
Although Reliance Securities claimed that its technology team monitored peak loads daily and that third-party monitoring tools were in place, SEBI found no documentary proof during the inspection period. Screenshots provided post-inspection could not verify compliance. SEBI held that this amounted to violations of clauses under the SEBI circular.
SEBI inspection also highlighted shortcomings in software testing and patch management. Reliance Securities conducted manual testing without an automated testing environment, lacked a traceability matrix for software functionalities and failed to provide evidence of periodic updates for servers, databases, OS (operating system), middleware and network devices. Claims of compliance post-inspection could not be verified, leading SEBI to conclude further regulatory violations.
A critical lapse identified was the absence of a business continuity plan (BCP) and disaster recovery site (DRS). Reliance Securities attributed this to an abrupt discontinuation of technology services by its parent company, RCap. SEBI clarified that brokers with substantial client bases are required to maintain BCP/DRS across different zones, conduct drills, and review policies quarterly.
Additionally, Reliance Securities did not classify data properly or maintain data leakage prevention (DLP) mechanisms. A test email containing sensitive information was sent externally without triggering alerts, indicating a lack of safeguards for personally identifiable information (PII). Evidence of corrective measures submitted post-inspection was considered insufficient to excuse the violations.
Evidence of corrective measures submitted post-inspection was considered insufficient to excuse the violations. SEBI’s action underscores the regulator’s insistence on stringent cyber security, compliance, and operational resilience standards for stockbrokers.
The ₹5 lakh penalty serves as a reminder to market intermediaries that maintaining robust technology frameworks, proper documentation, and proactive risk management is no longer optional but mandatory.
Apple Moves Delhi High Court against CCI’s Global Turnover Penalty Framework
Moneylife Digital Team
26 November 2025
Apple Inc has approached the Delhi High Court challenging India revised competition law provisions that allow the competition commission of India (CCI) to levy penalties based on a company’s global turnover, a move the tech giant...
The Paradox of High GDP Growth vs Muted Corporate Results
Debashis Basu,
21 November 2025
India’s economy continues to post headline numbers that would make most finance ministers envious. Gross domestic product (GDP) is forecast to grow 7.4% in FY25-26, according to the National Institute of Public Finance and Policy...
