BSEC launches IT audit of stock exchanges
The move follows multiple technical glitches in the country's stock exchanges during securities trading
The Bangladesh Securities and Exchange Commission (BSEC) has initiated an audit of the IT operations of the Dhaka and Chittagong stock exchanges to assess their strengths, weaknesses, and potential threats. This audit aims to ensure effective services in the operation and trading of securities.
The stock market regulator formed a six-member inspection committee for this purpose in May this year, according to an internal order.
The committee has begun its work, and in June, it requested information from the stock exchanges regarding their IT system's SWOT (strengths, weaknesses, opportunities, and threats) analysis and mitigation strategies.
The committee also asked the bourse to provide a comprehensive analysis of their IT systems, focusing specifically on aspects such as data security, confidentiality, backup and restore procedures, and log management.
In addition to other responsibilities, the primary role of stock exchanges is to facilitate the buying and selling of securities, heavily reliant on information technology.
In recent years, the Dhaka Stock Exchange (DSE), the country's premier bourse, experienced several technical glitches during securities trading. Following these incidents, both the exchange and the regulator formed inquiry committees to investigate the issues, but the findings were not made public.
In March, an operational glitch occurred at the Dhaka bourse, which kept investors in the dark for the whole trading session as its website showed wrong information about the indices.
Previously in 2022, stock trading at DSE was halted for three hours owing to technical glitches.
A BSEC official, seeking anonymity, told TBS that the securities regulator has taken the initiative to solve these issues permanently.
If any deficiencies or issues are identified, the commission will take appropriate measures to ensure the smooth operation and trading of IT systems, he added.
Tasks of the committee
The inspection committee will conduct a complete IT audit annually and a partial audit of critical information handling of exchanges operating in Bangladesh, as per the BSEC office order.
In case of any material significant event or incident detected, which may affect trading, operation of the market or its indices, during any audit, the committee will submit an interim report to the commission regarding the particular incident.
Sheikh Mahbub Ur Rahman, the Director-General of BSEC, serves as the convener of the committee, with Md Yasin Rahman, Assistant Director of BSEC, acting as the committee's secretary.
According to the stock market regulator, the committee will conduct an IT audit of the affairs of IT infrastructure, data server and software handling related issues of the exchanges and submit a report to the commission within 30 working days of completion of each financial year.
Meanwhile, on the quarterly IT audit on critical information handling by the stock exchange officials, the committee will audit trading data, shareholding information etc, and report to the commission within 10 working days of the completion of each quarter of the financial year, the order reads.
The order reads the scope of the annual IT will be determined by the committee from time to time with information to the concerned department of the committee.
Issues to inspect include compliance, category, physical security, network security, data backup and recovery, hardware and software inventory, change management, environmental controls, access control, physical infrastructure, incident response, monitoring logging, vendor management and other related issues.