India’s Bombay Stock Exchange (BSE) has issued a directive to market participants mandating the adoption of encryption for specific messages sent to its trading platforms using its Enhanced Trading Interface (ETI). This move, surprisingly not already in place, will cover requests for price quotes and is aimed at enhancing security.
Background and Implementation
The ETI, BSE’s interface for traders, sent out the encryption directive last Monday. According to BSE’s notice, all messages exchanged between member applications and the trading engine must be encrypted by the sender and decrypted by the receiver.
While most communications between BSE and brokers were already encrypted, the new policy specifically targets brokers’ requests for price quotes. This data is particularly sensitive as it indicates potential trades that could influence market movements. The absence of encryption for these requests until now was unexpected.
Regulatory Mandate and Encryption Protocol
This move follows a mandate from India’s Securities and Exchange Board, which requires encryption for communications with stock exchanges under its jurisdiction. BSE will use the AES 256 encryption algorithm for these messages. The protocol was tested starting March 28, with both encrypted and non-encrypted channels available in parallel. The original discontinuation date for non-encrypted channels was May 13, but it was extended to June 8 to allow more time for compliance.
Transition and Compliance
BSE has advised market participants to migrate to the encrypted channel without delay. Applications using the non-encrypted channel will be unable to connect to the simulation after June 8, 2024. Those who met the first deadline were encouraged to continue developing encrypted channels to avoid disruption.
Industry Insights
“Encryption is important for trading because it keeps your data confidential between your company and the exchange,” said Jo Finnigan, co-founder of commodity trading platform Topaz. She highlighted the risks of unencrypted data, which can be manipulated en route by attackers. Finnigan noted that encryption is standard practice in stock exchange and commodity trading to protect sensitive information.
Existing Security Measures and Challenges
BSE’s existing ETI manual from December 2023 indicates that some encryption measures, like TLS encrypted payload connections for low frequency (LF) sessions, were already in place. These sessions typically handle order management, market data access, and trade confirmation. However, the responsibility for encrypting all message components lies with BSE, as Deutsche Börse, the developer of the Xetra ETI platform behind BSE’s ETI, clarified.
Industry insiders pointed out that processing time required for encryption and decryption has been a significant deterrent to implementing full encryption until now. Nonetheless, the new encryption mandate aims to mitigate these risks and enhance overall trading security.
Leave a Reply