By Tony Obiechina, Abuja
In a bid to fully digitalise operations of the Nigerian capital market, the Securities and Exchange Commission is proposing some guidelines that will enable investors in the capital market to be able to do virtually everything they need to do on their internet-enabled appliances and at their convenience.
These are contained in a guideline on Minimum Operating Standards for Information Technology for capital Market Operators (CMOSs) recently exposed to the public.
According to the SEC, the new regulatory framework undergoing review seeks to mandate compulsory adoption of information and communication technology (ICT), particularly web-based applications and devices, for virtually capital market transactions.
The provisions of the document applies to all categories of CMOs unless in sections where reference is otherwise made to specific CMO categories. The purpose of the Guidelines is to establish a threshold of operational efficiency in the Nigerian Capital Market through the effective adoption of Information Technology in driving business operations and ensuring the security, confidentiality, integrity and reliability of Information Systems.
A draft copy of the framework indicates that the new framework, upon final approval, will apply to all capital market operations, with particular emphasis on investor-facing functions such as securities trading, fund management, share registration and clearing and custodial services, among others.
The new rules mandate all capital market operators to have well-secured and functional website as well as functional electronic mailing system, either hosted privately or using a cloud service provider, with domain name owned and registered by the capital market operator.
Once the rules come into effect, the use of free email providers and private emails like Yahoomail, Gmail and Hotmail, among others, shall become unacceptable for official transactions.
Under the proposed framework, stockbrokers will be “required to have websites and web applications that allow investors to securely create and manage their equities accounts online, make enquiries and receive customer support using chat-bots or other interactive programmes from web browsers”.
As the largest and main trade group, digitisation of stockbroking operations is expected to improve accessibility to the market for retail investors and to drive market penetration and inclusion.
According to the Guidelines, “All CMOs are required to have a functional website, websites shall contain correct, up-to-date, and relevant information, websites shall not display errors or system messages revealing information about the underlying configuration of web applications, websites shall use the HTTPS (not merely HTTP) network protocol and other measures to ensure secured interoperability, adequate security measures must be put in place to ensure protection against availability attacks (especially denial of service attacks), integrity attacks and confidentiality attacks as well as regular audits and vulnerability tests shall be conducted to identify and fix vulnerabilities in the underlying operating systems, databases, webservers and third party software/applications”.
“Applicable system and web application updates (patches) shall be regularly applied once they become available, access to databases and backend systems shall only be possible through front-end web applications and not directly from the internet, and shall only accord minimal privileges to databases and back-end systems, websites that allow file upload shall verify file types and scan for malicious code.
The content management of websites shall be entirely domiciled in the CMO and not a third party and the development, hosting and maintenance of websites can involve third parties, in which case all the applicable requirements stated in this document to ensure availability, confidentiality and integrity of the website shall be included as mandatory elements of the terms of contract and SLA”.