The Securities and Exchange Commission, SEC, is working on new guidelines that will enable investors in the capital market to be able to do virtually everything they need to do on their internet-enabled appliances and at their convenience, as Nigeria prepares for a fully digital Capital Market operations.
These are contained in a guideline on Minimum Operating Standards for Information Technology for capital Market Operators (CMOSs) recently exposed to the public.
According to the SEC, the new regulatory framework undergoing review seeks to mandate compulsory adoption of information and communication technology (ICT), particularly web-based applications and devices, for virtually capital market transactions.
The provisions of the document applies to all categories of CMOs unless in sections where reference is otherwise made to specific CMO categories. The purpose of the Guidelines is to establish a threshold of operational efficiency in the Nigerian Capital Market through the effective adoption of Information Technology in driving business operations and ensuring the security, confidentiality, integrity and reliability of Information Systems.
A draft copy of the framework indicates that the new framework, upon final approval, will apply to all capital market operations, with particular emphasis on investor-facing functions such as securities trading, fund management, share registration and clearing and custodial services, among others.
The new rules mandate all capital market operators to have well-secured and functional website as well as functional electronic mailing system, either hosted privately or using a cloud service provider, with domain name owned and registered by the capital market operator. Once the rules come into effect, the use of free email providers and private emails like Yahoomail, Gmail and Hotmail, among others, shall become unacceptable for official transactions.
Under the proposed framework, stockbrokers will be “required to have websites and web applications that allow investors to securely create and manage their equities accounts online, make enquiries and receive customer support using chat-bots or other interactive programmes from web browsers”. As the largest and main trade group, digitisation of stockbroking operations is expected to improve accessibility to the market for retail investors and to drive market penetration and inclusion.
According to the Guidelines, “All CMOs are required to have a functional website, websites shall contain correct, up-to-date, and relevant information, websites shall not display errors or system messages revealing information about the underlying configuration of web applications, websites shall use the HTTPS (not merely HTTP) network protocol and other measures to ensure secured interoperability, adequate security measures must be put in place to ensure protection against availability attacks (especially denial of service attacks), integrity attacks and confidentiality attacks as well as regular audits and vulnerability tests shall be conducted to identify and fix vulnerabilities in the underlying operating systems, databases, webservers and third party software/applications”.
“Applicable system and web application updates (patches) shall be regularly applied once they become available, access to databases and backend systems shall only be possible through front-end web applications and not directly from the internet, and shall only accord minimal privileges to databases and back-end systems, websites that allow file upload shall verify file types and scan for malicious code. the content management of websites shall be entirely domiciled in the CMO and not a third party and the development, hosting and maintenance of websites can involve third parties, in which case all the applicable requirements stated in this document to ensure availability, confidentiality and integrity of the website shall be included as mandatory elements of the terms of contract and SLA”.
Also, fund and asset managers, who run the country’s burgeoning collective investment schemes, will also be mandated to “have websites and web applications that allow investors to securely create and manage investment accounts online, make enquiries using chat-bots or other interactive programs from web browsers”.
Fund and asset managers are also “required to have mobile applications that provide free access to the full stack of their service offering and allow retail investors to securely create and manage investment accounts online, make enquiries and receive in-app customer support”.
In a major move that may finally bridge the gap fuelling unclaimed dividends, all registrars, central securities depositories and clearing houses will now be required to digitise their operations, as a regulatory requirement rather than optional service provision.
The Guideline also stipulates that all central securities depositories and clearing houses shall have databases integrated with APIs that registrars and brokers can feed from as approved by the SEC while all registrars, central securities depositories and clearing houses are required to have websites and web applications that allow investors to securely create and manage their profiles online, make enquiries and receive customer support using chat-bots or other interactive programmes from web browsers.
Also, custodians and trustees are required to have websites and web applications that allow their clients to securely create and manage their accounts online, make enquiries and receive customer support using chat-bots or other interactive programs from their web browsers.
While securities exchanges had made self-driven efforts to automate their systems, the new rules make it mandatory for all exchanges-including equities, debt, derivatives and commodities exchanges among others, to “have secure trading platforms with robust features that include real-time quotes, charting tools, news feeds, trade monitoring and premium research”. All exchanges are also required to “have a surveillance system that provides realtime monitoring of all trading activities”.
According to the SEC, the purpose of the new framework “is to establish a threshold of operational efficiency in the Nigerian capital market through the effective adoption of information technology in driving business operations and ensuring the security, confidentiality, integrity and reliability of Information Systems.
The SEC noted that given the increased dependence of financial services and related business operations on technology, there is urgent need to put in place rules that define the minimum operating standards for the use of information technology by all operators in the capital market.
“This will help operators harness the huge operational benefits derivable from the adoption of technology and also manage the attendant cybersecurity threats and other risks that accompany the use of technology. It would also positively impact on the effectiveness and efficiency of the Commission to monitor and regulate all capital market operators in the market,” the SEC stated.