Data theft at exchanges: SEBI’s scandalous inefficiency

Instead of conducting a deeper investigation to unravel the full nexus for data theft that took place at MCX, SEBI has asked MCX itself to do its own ‘internal assessment.’

Instead of conducting a deeper investigation to unravel the full nexus for data theft that took place at MCX, SEBI has asked MCX itself to do its own ‘internal assessment.’
Instead of conducting a deeper investigation to unravel the full nexus for data theft that took place at MCX, SEBI has asked MCX itself to do its own ‘internal assessment.’

The joke is on India’s retail investors. Pitifully ludicrous as it would be but a ‘gang of data thieves’ are rejoicing the level of inefficiency on display by SEBI…

The joke is on India’s retail investors. Pitifully ludicrous as it would be but a ‘gang of data thieves’ are rejoicing the level of inefficiency on display by Securities and Exchange Board of India (SEBI) – the very beholder of retail investor faith in India’s capital market.

The stage is now being set ‘to let go’ of those who stole ‘crucial trade data’ from Multi Commodity Exchange (MCX) and used it for unfair access. Instead of conducting a deeper investigation to unravel the full nexus and hold the accused to a fair trial for data theft that took place at MCX in 2016-17, SEBI has asked MCX itself to do its own ‘internal assessment.’[1] Basically, the MCX data scandal, too, is going to be dumped into a bin.

PGurus has learnt that MCX is preparing its own report that would highlight certain internal procedural and systematic flaws in sharing of ‘data’ with ‘specific and external elements’ and close down the case. Mrugank Paranjape, the former Managing Director (MD) and the Chief Executive Officer (CEO) of MCX and a few other officials would be held responsible for the ‘minor’ procedural lapse, given a ‘pat on the back’ and case closed.

How are Mrugank Paranjape, Susan Thomas and Chirag Anand getting away with this? Who is sheltering them?

Familiar script?

Is the script familiar? A parallel can be drawn with ‘unfair system access scandal’ at the National Stock Exchange (NSE) and the way it was handled by SEBI. Who are these SEBI officials that want the MCX case to be closed in such a poor manner?

Is there anyone who can deny ‘theft of data from MCX by a Doctor of Philosophy (Ph. D.) scholar and professor of Indira Gandhi Institute of Developmental Research (IGIDR) Susan Thomas and her associate, a Delhi based Algo software developer, Chirag Anand? Not when you read the report of external auditor T R Chaddha and Co. and go into the history of Thomas and Anand.

Yet, instead of going deep into the nexus to unravel the full ramifications of the scandal and hold an independent and fair trial, SEBI is brazenly trying to shut the case. For two years now, SEBI has already put the case in cold storage. Whom is it trying to protect? All this is due to the fact that SEBI has no accountability. Even elected governments have to face public trial every five years. But where is such a remedy available for investors to hold corrupt regulatory officials by their collar?

Sources say SEBI’s narrative to the government is that an investigation into these scandals can cause market chaos and litigations. Such arguments are the last resort of a scoundrel. Is it mainly the large and powerful shareholders of MCX who seem to be dictating the terms to SEBI? Is that why dishonesty goes unnoticed?

Before going into the details of how blatantly ‘trading data was stolen from MCX,’ it is necessary to note that the idea of SEBI in the early 90s was born out of market scandals. And it is these market scandals and fraudsters that SEBI officials are now protecting by not acting against them that would lead to the regulator’s death.

MCX Data Theft: A Criminal Conspiracy and Deceit Now Passed As A Civil Matter

Mrugank Paranjape, the former MCX boss has said that ‘data sharing’ with Susan Thomas was done based on an agreement and a separate undertaking. Everybody is taking his statement at ‘face-value’ when the fact pointed out by T R Chaddha audit is that the so-called ‘separate undertaking’ was illegal and nobody legally vetted the agreement[2]. How many people were aware of such an agreement between MCX and Thomas in the exchange? Sources have told PGurus that both never existed and were created in a backdated manner. Nobody knows the need for data sharing by MCX with Thomas in the first place. Who sanctioned it? There is an email from former MCX official V Shunmugam that clearly says that Paranjape gave an end of the day ‘data pipeline’ to Thomas.[3]

Officials in the legal department at MCX have told the auditor that neither the “agreement” nor the “private undertaking” was presented to them for a review. IGIDR where Thomas works were not even aware of the “separate undertaking.” The agreement signed with IGIDR was not subjected to any vetting by the legal team as per the forensic audit report.  What will any investigator make of this?

The auditors have reported that data shared was not required for the said project and the goals of the project were not even achieved. How are Mrugank Paranjape, Susan Thomas and Chirag Anand getting away with this? Who is sheltering them?[4] Since the agreements are questionable and they cannot be held legal. It is “Data Theft, a grave criminal act and not a civil matter.” Harshad Mehta and Ketan Parekh were sent to prison and questioned. Why is Thomas (her entire network), Anand and Paranjape out and not being questioned? Does anyone remember how Susan Thomas her husband Ajay Shah and Anand managed to get exclusive data from NSE too?[5]

Similar assignments with regard to study in the area of commodity transaction tax were given to IIT Kharagpur and ISI Kolkata. The catch: they used data which was already in the public domain and no direct data sharing was done by MCX with respect to these entities.

A Professional Job: Masking of The Data Shared

The audit report goes on to state that certain data shared with the IGIDR/Researcher had price sensitive information and ‘live data’. The audit investigation says that it seemed that the researcher wanted to gain access to data which would otherwise be not available to other traders.

It was also found from the IIS logs of the MCX FTP server that the data used to be retrieved by IGIDR around 9 AM, i.e. shortly before the opening of commodity markets and since data was shared prior to market hours and hence contains some of the live sensitive data, it might have resulted in being used for purposes not intended in the agreement. Do not forget Chirag Anand a close associate of Susan Thomas and Ajay Shah is an Algo trading software developer.[6]

The auditor has also revealed that the logs were ‘not kept’ according to the company policy of keeping them for a period of three years. The details of data shared with IGIDR, therefore, were not available for the entire period – it seems as though the server kept just the data of the last 7 to 10 days and overwrote the older data! This makes it difficult to verify if the data was masked before sending it to IGIDR! Susan Thomas merely sent emails directing MCX to share data with Chirag Anand, at that time did not even work with IGIDR.

Rahi Racharla, another MCX official, has admitted that he was not aware of the masking policy. Similarly, Chandresh Bhatt, another officer named in the report has also said that he could not recollect if there is a data masking policy. The report also reveals that additional fields that were not required to be provided have been provided and there is an admission that no masking process was applied to these fields.

The forensic auditor has also revealed that data that was shared by MCX with IGIDR/ Researcher, on the face of it seems unnecessary to share on a daily basis and historical daily data on a periodic basis would have sufficed for the needs of the researcher. Moreover, no specific deliverables with concrete timelines have been documented and the research topic was kept open and generic. The report also reveals that none of the four purposes mentioned as uses by the researcher/IGIDR, shared by MCX on a daily basis has been used, which indicates the possibility of use of the data for some other purposes.

What did the Algo Trader want?

Chirag Anand asked for more than 100 data fields, which prima facie indicates that the object behind seeking these details seems more related to develop Algo strategy than the underlying deliverables as per agreement/undertaking.”

Four additional fields viz. client identity flag, trading member ID (masked), volume filled today and spread combination type were also shared with IGIDR though this was not part of the undertaking. Nor the undertaking was amended subsequently when MCX agreed to give additional data fields. As per MCX, this was done in pursuance of discussions with IGIDR to “reconstruct live market conditions,” however, no written record was mentioned. No documents, instructions were shown to reflect the need for sharing such additional data.

  1. There was no need to share on a daily basis as per the undertaking/agreement most of the data that was shared.
  2. In none of the data uses mentioned in the agreement/undertaking, the data shared by MCX was used, which indicates the possibility of usage of data for some other purpose.

Similar assignments with regard to study in the area of commodity transaction tax were given to IIT Kharagpur and ISI Kolkata. The catch: they used data which was already in the public domain and no direct data sharing was done by MCX with respect to these entities.

The joke is on India’s retail investors. Pitifully ludicrous as it would be but a ‘gang of data thieves’ are rejoicing the level of inefficiency on display by SEBI…

References:

[1] SEBI seeks clarification from MCX on forensic audit findings in IGIDR case May 08, 2019, MoneyControl.com

[2] India’s Algo trading scandal: a Tale of Two Exchanges and One Somnolent Regulator (SEBI)Apr 26, 2019, PGurus.com

[3] MCX-IGIDR agreement had many gaps, reveals forensic audit reportApr 25, 2019, BusinessLine.com

[4] Why CBI should probe MCX data theftSep 10, 2019, PGurus.com

[5] MCX data scandal: Tip of an iceberg or case closed for SEBI?May 15, 2019, PGurus.com

[6] Forensic auditors indicate IGIDR used data shared by MCX to develop an ‘Algo-trading strategy’Apr 24, 2019, BusineeLine.com

Team PGurus

We are a team of focused individuals with expertise in at least one of the following fields viz. Journalism, Technology, Economics, Politics, Sports & Business. We are factual, accurate and unbiased.
Team PGurus

9 COMMENTS

  1. MCX Job chaos
    35 people transffered by PS Reddy.. Law background given job of Business Development. CA qualification people given job of Business Development. Business Development ppl given job in legal. All chaos.

  2. Sunday killings:
    PS Reddy is in office every Sunday now. He calls a senior HR executive to office every Sunday. V Shanumugam has been mentioned as former executive by PG in the story. He is currently working with MCX and not left and part of the chain to be probed. But Reddy will not do anything as his frequent lunch trips with the formed boss could be the key. Also, SAT is hearing the NSE co-location case today.

  3. Rahi Racharla former key MCX executive and Chandresh Bhat another MCX technology department employee has written “explosive email” to MCX chairman Saurabh Chandra giving out full details of who should be blamed in the data scandal and software development scam. This email was forwaded by MCX Chairman to PS Reddy, who has now supressed the issue. Reddy has regular lunch meetings with one of the masterminds of the data scandal and hence everything is being burried. Don’t stop these stories. go on.

  4. Deepak Mehta, who headed Agri & looked after Cotton, is also said to have quit. He is most probably joining IEX as Senior VP.

  5. It is also learnt that Sanjay Wadhwa, MCX CFO who also headed its legal team has resigned and will be relieved next week. He was the one who negotiated with the London-based software supplier to whom Rs 18 crore was paid without any deliverables!

  6. Sad to read this. Was expecting some stern action against the culprits as the Forensic Audit report reproduced earlier by Pgurus had disclosed glaring issues in the MCX scandal.

  7. Disgraceful and unbecoming of a regulator. It is extremely disturbing to see the damage being done to MCX by way of this fraud, in stark comparison to its vision and achievements before being snatched away from its creator. Technical glitches, frauds, preferential access have become a norm at MCX. No wonder, MCX is on the same road as NSE for the benefit of a handful few. very unfortunate for India. The blinkered approach of SEBI is both, disgraceful and beyond comprehension!

  8. Nice article but what we small investors always believe that there is a watch dog called SEBI who monitors the quasi regulatory body but we are surprise that some time they fail in their duty due to vested interest of some of the officials. As shareholder of Metropoli Stock Exchange we have also received small shareholders complains to SEBI which states that the financial irregulatories and fraud being established in forensic audit ordered by SEBI which is concluded in Nov-18 and as per MOF release, SEBI has already commenced proceedings under securities market laws against the alleged MD&CEO and other KMPs but no fact findings are released till date keeping shareholders in dark. What are PID doing? which might be due to high profile involvements in fraud. What is going on? May b PGurus can find out more…. Regards

LEAVE A REPLY

Please enter your comment!
Please enter your name here