January 2: An inspection conducted by the Securities Board of Nepal (SEBON) has found that the online system currently operated by NEPSE, the secondary market of securities, is at risk.
The board conducted an on-site inspection of the effectiveness of NEPSE's online system, which has more than 1.8 million users/investors. After the on-site inspection of information technology of NEPSE, the study committee formed under the coordination of Saroj Lamichhane, an information technology expert of the board, has prepared a report and submitted it to SEBON’s management committee.
SEBON had handed a letter to the study committee on September 24 to conduct an on-site inspection and supervision of NEPSE’s technical infrastructure, systems and human resources to ensure effective transaction and operation of the secondary market and to evaluate the market.
As per the instructions of the letter, the study committee conducted the on-site inspection and prepared a report on the issues related to information technology of NEPSE.
The report mentions that the committee studied the information technology policy, contracts with various stakeholders, contracts with service providers and standards adopted for system operation, configuration, operational guidelines among others during the inspection.
The study committee said that study was focused on prevention of unauthorized activities in information technology infrastructure and system and to ensuring the integrity of information technology infrastructure.
Based on the assessment made after the supervision, the study committee has concluded that it has found weaknesses in the IT governance framework of NEPSE, due to which the sustainability and reliability of its operation may be compromised, the study committee pointed out.
The study committee has identified the lack of good governance structures within NEPSE, including the good governance committee and strategy committee, which are necessary to oversee and guide the decision-making process related to information technology.
The study committee also included in the report the risk seen in the organization's operational stability and business security due to NEPSE's high dependence on third party service providers to manage vital services related to information technology.
In addition, the study committee has pointed out the inadequacy of vital software and its manuals required to operate the information technology infrastructure. The study committee believes that this will hamper NEPSE's ability to promptly resolve technical issues and ensure continuity of operations in the event of disruption.
The report concluded that NEPSE should immediately establish a strong IT governance framework to address these urgent concerns. The study committee also found it necessary to establish a steering committee to provide political guidance and oversight for the development of a strong framework related to information technology. In addition, the study committee also emphasized that NEPSE should give priority to the development of internal human resource.
