𝐒𝐄𝐁𝐈 𝐅𝐫𝐚𝐦𝐞𝐰𝐨𝐫𝐤 𝐟𝐨𝐫 𝐌𝐨𝐧𝐢𝐭𝐨𝐫𝐢𝐧𝐠 𝐚𝐧𝐝 𝐒𝐮𝐩𝐞𝐫𝐯𝐢𝐬𝐢𝐨𝐧 𝐨𝐟 𝐒𝐭𝐨𝐜𝐤 𝐁𝐫𝐨𝐤𝐞𝐫𝐬’ 𝐒𝐲𝐬𝐭𝐞𝐦 𝐀𝐮𝐝𝐢𝐭𝐬

SEBI has introduced a technology-based framework to enhance the monitoring and supervision of system audits for stock brokers. This initiative aims to strengthen the audit process, mitigate emerging technology risks, and ensure audits are conducted in a standardized and transparent manner.

1.    Technology-Driven Monitoring of System Audits
Stock exchanges (SE’s) shall develop a web-based platform to monitor and supervise the entire system audit lifecycle of stock brokers. This online mechanism will facilitate real-time oversight of the audit process, ensuring that auditors conduct physical site visits by capturing their geolocation. Further, access to the platform will be restricted to authorized auditors or designated personnel of the audit firm through a secure OTP-based authentication system.

2.    Standardization of the Audit Process
SE’s shall implement a standardized system audit process through a web-based platform, ensuring real-time monitoring and uniform reporting. Before the audit, stock brokers must submit auditor details, audit plans, and relevant firm information via the portal. During the audit, auditors must log in from the stock broker’s premises using a secure OTP mechanism, with geolocation tracking to verify physical visits. Exchanges may conduct surprise inspections, particularly for QSBs. Auditors must assess virtual assets, ensure compliance with third-party certifications, and collect evidence through system testing and document reviews. Post-audit, a standardized report template will be used for comprehensive documentation, covering IT infrastructure, audit scope, and sample selection criteria. The system audit report and ATR to be submitted through the portal, with validation by the same auditor and approval from the stock broker’s governing body or relevant technology committee.

3.    Stronger Auditor Empanelment Criteria
SE’s to prescribe strict eligibility norms for system auditors, focusing on qualifications, experience, and independence. A cooling-off period of two years will be enforced after three consecutive years of audit engagement to prevent conflicts of interest.

4.    Enhanced Oversight & Compliance Measures
This includes reporting technical glitches and verification of capacity planning, disaster recovery preparedness, and Software testing. SE’s will conduct surprise visits to ensure adherence, and financial penalties may be imposed on brokers for serious lapses in compliance.

5.    Implementation & Timeline
SE’s must develop the web-based monitoring platform within six months, ensuring adequate technology and manpower resources for smooth implementation. The framework will come into effect for audits conducted in the financial year 2025-26.

Readers can share their views with Regstreet Law Advisors at info@regstreetlaw.com.