SEC Directs Capital Market Operators To Digitise Operations  

The Securities and Exchange Commission has proposed guidelines that will help capital market operators carry out transactions on their internet-enabled devices.

The SEC made the disclosure in the guideline on the ‘Minimum Operating Standard for Information Technology for Capital Market Operators’.

Advertisement

The guideline is aimed at establishing a threshold of operational efficiency in the Nigerian capital market through Information Technology adoption.

The SEC said in a statement on Monday that upon approval, the guideline will apply to all operations in the capital market including security trading, fund management, share registration and custodial services.

The regulator said the “new rules mandate all capital market operators to have a dependable and useful website as well as a working electronic mailing system, either hosted privately or using a cloud service provider, with domain names owned and registered by the capital market operator. Once the rules come into effect, the use of free email providers and private emails like Yahoo mail, Gmail, and Hotmail, among others, shall become unacceptable for official transactions.

“Stockbrokers will be required to have websites and web applications that allow investors to securely create and manage their equities accounts online, make inquiries and receive customer support using chatbots or other interactive programs from web browsers.  

Advertisement

“As the largest and main trade group, digitization of stockbroking operations is expected to improve accessibility to the market for retail investors and drive market penetration and inclusion.

The SEC said all operators in the capital market are required to have a functional website.

“Websites shall contain correct, up-to-date, and relevant information, websites shall not display errors or system messages revealing information about the underlying configuration of web applications, websites shall use the HTTPS (not merely HTTP) network protocol and other measures to ensure secured interoperability, adequate security measures must be put in place to ensure protection against availability attacks (especially denial of service attacks), integrity attacks and confidentiality attacks as well as regular audits and vulnerability tests shall be conducted to identify and fix vulnerabilities in the underlying operating systems, databases, web servers, and third party software/applications,” the regulator said.

It added, “Applicable system and web application updates (patches) shall be regularly applied once they become available, access to databases and backend systems shall only be possible through front-end web applications and not directly from the internet, and shall only accord minimal privileges to databases and back-end systems, websites that allow file upload shall verify file types and scan for malicious code. 

“The content management of websites shall be entirely domiciled in the CMO and not a third-party and the development, hosting and maintenance of websites can involve third parties, in which case all the applicable requirements stated in this document to ensure availability, confidentiality, and integrity of the website shall be included as mandatory elements of the terms of contract and SLA.”

Advertisement

 Part of the requirement also demand funds and asset managers, who run the country’s burgeoning collective investment schemes to have websites and web applications that allow investors to securely create and manage investment accounts online, make inquiries using chat-bots or other interactive programs from web browsers.

Fund and asset managers are also  “required to have mobile applications that provide free access to the full stack of their service offering and allow retail investors to securely create and manage investment accounts online, make inquiries and receive in-app customer support.”

Leave a comment

Advertisement