The dematerialisation and automation of trading and capital market processes has played a big role in the rapid growth of Indias capital market over the past decade. But mandatory dematerialisation (as against immobilisation of shares, as was preferred by the US) comes with enormous responsibility, since these automated systems now hold all the evidence of peoples investments. The primary responsibility of running a secure depository system and water-tight audit trails and inspections to ensure data safety vests primarily with Sebi. After all the depositories are merely regulated entities.
The good news, if one can call it that, from the demat scam is that it served as a loud and timely warning to check depository systems and processes before more serious damage occurred. Although Roopalben Panchal and Purshottam Budhwanis demat accounts captured the public imagination, the main damage was a loss of reputation for the players involved. The financial loss is notional and spread across thousands of potential investors.
What needs to be fixed to eliminate systemic risks A market insider writes to me saying, In order to perform the type of data quality assessment required to verify and remediate NSDL master data, Sebi must develop an objective method of utilising tools and techniques to assess NSDL/ CDSL enterprise systems holistically and aggregate the results into a meaningful summary. This complicated piece of jargon means that there are well established, international security systems that lay down an automated drill to validate the source of data coming into the depository, including the date and code. These can be presented through flow diagrams to detect systemic holes.
The drill includes a check for structural integrity of the system, compliance with legal and business rules and testing to check the integrity of information that is transmitted to depository participants (DPs) and other depositories. Several of these checks are already in place, but our source says that there are severe problems in data transfer and validation between various systems, because systemic checks of various data fields were not proper. This led to the IPO scam and it will require the re-working of certain key software in order to allow it to weed out multiple accounts, both at the creation level and again at the allotment level.
The demat scam was a loud and timely warning on what needs fixing
There are established systems to validate the source of depository data
The system has to also be reconfigured to allow multiple fraud checks
Finally, there is the finance ministry plan to fix the multiple account issue in the near future, by making it mandatory to quote Permanent Account Numbers (PAN) for all investments. There are several issues with this. Sources say that PAN is an important, but non-mandatory, field in depository systems today, with no cross-verification with the income tax, UTISL or TIN database. Once the PAN number is made mandatory, the depository system has to be re-configured to incorporate PAN as a mandatory field and to allow multiple points of validation for quick detection of fraud.
The bigger problem is the sanctity of PAN numbers themselves. The income tax department has now admitted to at least a million duplicate/fake PAN numbers. My sources believe the number is much larger. The finance ministrys solution of preventing demat fraud by making PAN numbers mandatory would become meaningless unless this problem is thoroughly corrected by incorporating dedupe software or similar tools.
Also, instead of internal investigations by the IT department into the issue of duplicate or fake PAN cards, the government needs to order a security and systems audit through competent people in the National Informatics Centre or security experts from outside. Once the PAN card issuance is fully secure and fraud-free, security experts must be asked to certify its integration into the depository system in order to make the PAN number meaningful. The PAN can and must then evolve as the unique identification number for all business, banking and investment transactions.