Guidelines for BCP of Market Infrastructure Institutions
Guidelines for Business Continuity Plan (BCP) and Disaster Recovery (DR) of Market Infrastructure Institutions (MIIs)
- SEBI vide circular SEBI/HO/MRD/DMS1/CIR/P/2019/43 dated March 26, 2019 prescribed framework for Business Continuity Plan (BCP) and Disaster Recovery Site (DRS) for Stock Exchanges, Depositories and Clearing Corporations.
2. With advancement in technology and improved automation of processes, it was felt that the extant framework needs to be re-examined with a view to reducing the time period specified for moving from Primary Data Centre(PDC) to DRS.
3. Upon examination and based on consultation with MIIs and Technical Advisory Committee (TAC) of SEBI, the modified framework for BCP and DR shall be as under:
- Stock Exchanges, Clearing Corporations and Depositories (collectively referred as Market Infrastructure Institutions – MIIs) shall have in place BCP and DRS so as to maintain data and transaction integrity.
- Apart from DRS, all MIIs including Depositories shall also have a Near Site (NS) to ensure zero data loss.
- The DRS should preferably be set up in different seismic zones and in case due to certain reasons such as operational constraints, change of seismic zones, etc., minimum distance of 500 kilometer shall be ensured between PDC and DRS so that both DRS and PDC are not affected by the same disaster.
- The manpower deployed at DRS/NS shall have the same expertise as available at PDC in terms of knowledge/ awareness of various technological and procedural systems and processes relating to all operations such that DRS/NS can function at short notice, independently. MIIs shall have sufficient number of trained staff at their DRS so as to have the capability of running live operations from DRS without involving staff of the PDC.
- All MIIs shall constitute an Incident and Response team (IRT)/ Crisis Management Team (CMT), which shall be chaired by the Managing Director (MD) of the MII or by the Chief Technology Officer (CTO), in case of non- availability of MD. IRT/ CMT shall be responsible for the actual declaration of disaster, invoking the BCP and shifting of operations from PDC to DRS whenever required. Details of roles, responsibilities and actions to be performed by employees, IRT/ CMT and support/outsourced staff in the event of any Disaster shall be defined and documented by the MII as part of BCP-DR Policy Document.
- The Technology Committee of the MIIs shall review the implementation of BCP- DR policy approved by the Governing board of the MII on a quarterly basis.
- MIIs shall conduct periodic training programs to enhance the preparedness and awareness level among its employees and outsourced staff, vendors, etc. to perform as per BCP policy.
4. Configuration of DRS/NS with PDC
- Hardware, system software, application environment, network and security devices and associated application environments of DRS / NS and PDC shall have one to one correspondence between them.
- MIIs should develop systems that do not require configuration changes at the end of trading members/ clearing members/ depository participants for switchover from the PDC to DRS. Further, MIIs should test such switchover functionality by conducting unannounced live trading from its DRS for at least 1 day in every six months. Unannounced live trading from DRS of MIIs shall be done at a short notice of 45 minutes after 90 days from the date of this circular.
- In the event of disruption of any one or more of the ‘Critical Systems’ (as defined below), the MII shall, within 30 minutes of the incident, declare that incident as ‘Disaster’ and take measures to restore operations including from DRS within 45 minutes of the declaration of ‘Disaster’. Accordingly, the Recovery Time Objective(RTO)- the maximum time taken to restore operations of ‘Critical Systems’ from DRS after declaration of Disaster- shall be 45 minutes, to be implemented within 90 days from the date of the circular. ‘Critical Systems’ for an Exchange/ Clearing Corporation shall include Trading, Risk Management, Collateral Management, Clearing and Settlement and Index computation. ‘Critical Systems’ for a Depository shall include systems supporting settlement process and inter-depository transfer system.
- MIIs to also ensure that the Recovery Point Objective (RPO) – the maximum tolerable period for which data might be lost due to a major incident- shall be 15 minutes.
- Solution architecture of PDC and DRS / NS should ensure high availability, fault tolerance, no single point of failure, zero data loss, and data and transaction integrity.
- Any updates made at the PDC should be reflected at DRS/ NS immediately (before end of day) with head room flexibility without compromising any of the performance metrics.
- Replication architecture, bandwidth and load consideration between the DRS / NS and PDC should be within stipulated RTO and ensure high availability, right sizing, and no single point of failure.
- Replication between PDC and NS should be synchronous to ensure zero data loss whereas, the one between PDC and DRS and between NS and DRS may be asynchronous.
- Adequate resources (with appropriate training and experience) should be available at all times to handle operations at PDC, NS or DRS, as the case may be, on a regular basis as well as during disasters.
5. DR drills/Testing
- DR drills should be conducted on a quarterly basis. In case of Exchanges and Clearing Corporations, these drills should be closer to real life scenario (trading days) with minimal notice to DRS staff involved.
- During the drills, the staff based at PDC should not be involved in supporting operations in any manner.
- The drill should include running all operations from DRS for at least 1 full trading day.
- Before DR drills, the timing diagrams clearly identifying resources at both ends (DRS as well as PDC) should be in place.
- The results and observations of these drills should be documented and placed before the Governing Board of Stock Exchanges /Clearing Corporations/ Depositories. Subsequently, the same along with the comments of the Governing Board should be forwarded to SEBI within a month of the DR drill.
- The System Auditor while covering the BCP – DR as a part of mandated annual System Audit should check the preparedness of the MII to shift its operations from PDC to DRS unannounced and also comment on documented results and observations of DR drills.
- ‘Live’ trading sessions from DR site shall be scheduled for at least two consecutive days in every six months. Such live trading sessions from the DRS shall be organized on normal working days (i.e. not on weekends / trading holidays). The Stock Exchange/ Clearing Corporation/ Depository shall ensure that staff members working at DRS have the abilities and skills to run live trading session independent of the PDC staff.
- Stock Exchanges, Clearing Corporations and Depositories shall include a scenario of intraday shifting from PDC to DRS during the mock trading sessions in order to demonstrate its preparedness to meet RTO/RPO as stipulated above.
- MII should undertake and document Root Cause Analysis (RCA) of their technical/ system related problems in order to identify the causes and to prevent reoccurrence of similar problems.
6. BCP – DR Policy Document
- MIIs shall put in place a comprehensive BCP-DR policy document outlining the following:
- Broad scenarios that would be defined as a Disaster for an MII (in addition to definition provided in para 4 (c) of the circular).
- Standard Operating Procedure to be followed in the event of Disaster.
- Escalation hierarchy within the MII to handle the Disaster.
- Clear and comprehensive Communication Protocols and procedures for both internal and external communications from the time of incident till resumption of operations of the MII.
- Documentation policy on record keeping pertaining to DR drills.
- Scenarios demonstrating the preparedness of MIIs to handle issues in Critical Systems that may arise as a result of Disaster.
- Preparedness of Depositories to handle any issue which may arise due to trading halts in Stock Exchanges.
- Framework to constantly monitor health and performance of Critical Systems in normal course of business.
- The BCP-DR policy document of MII should be approved by Governing Board of the MIIs after being vetted by Technology Committee and thereafter communicated to SEBI. The BCP-DR policy document should be periodically reviewed at least once in six months and after every occurrence of disaster.
- In case a MII desires to lease its premise at the DRS to other entities including to its subsidiaries or entities in which it has stake, the MII should ensure that such arrangements do not compromise confidentiality, integrity, availability, targeted performance and service levels of the MII’s systems at the DRS. The right of first use of all the resources at DRS including network resources should be with the MII. Further, MII should deploy necessary access controls to restrict access (including physical access) of such entities to its critical systems and networks.
7. Considering the above, Stock Exchanges, Clearing Corporations and Depositories are advised to submit their revised BCP–DR policy to SEBI within 3 months from the date of this circular. Further, they should also ensure that clause 5(f) and 6(a)(v) mentioned above is also included in the scope of System Audit.
8. This circular is being issued in exercise of powers conferred under Section 11 (1) of the Securities and Exchange Board of India Act, 1992 to protect the interests of investors in securities and to promote the development of, and to regulate the securities market.
9. This circular shall supersede earlier circular no. SEBI/HO/MRD/DMS1/CIR/P/2019/43 dated March 26, 2019 issued on BCP-DR Policy of MIIs.
Read More on SEBI