Mr. Rakesh Tokarkar
Head - Compliance at NJ Group
Cyber Crime - A Legal Perspective
As being part of India's dynamic financial services industry we operate in one of the most trust-sensitive industries in the country and privileged to serve in a sector that not only empowers wealth building but also thrives on one of the most valuable assets in business that is "Trust".
In today's digital financial landscape, trust is built not just on performance, but also on security. With rapid technology adoption, online platforms, and paperless onboarding the opportunities are endless so are the risks and the consequences go beyond technology, they extend to regulatory compliance, client relationships, and organisational reputation.
The Growing Threat Landscape
As the Financial Services sector continues to advance technological innovations, financial fraud is also on the rise, with scammers employing various deceptive tactics to obtain sensitive information and money from individuals.
Below are some common methods of these scams:
-
Investment Frauds and Get Rich Quick Schemes: Fraudsters lure individuals with promises of unrealistic or quick returns through Ponzi schemes and providing fraudulent stock tips.
-
Impersonation of Financial Intermediaries: Misusing the identities of registered financial intermediaries or its employees, directors, or any affiliated group companies on websites, mobile applications, emails, or WhatsApp/telegram groups to solicit funds or mislead investors.
-
Unauthorised Use of Intellectual Property: Fraudulent entities exploit the logos, images, trademarks, or domain names of legitimate financial institutions to create a false sense of authenticity.
-
Phishing and fake mobile application: Developing replica websites or mobile applications, often infringing intellectual property rights, to mislead and exploit investors.
-
Mule Accounts & Money Laundering: Fraudsters often route stolen investor money through "mule accounts" bank accounts opened or rented under false pretenses.
In an industry where millions of transactions occur daily, even a single breach can cause significant financial loss, reputational damage, and regulatory repercussions.
Why Cybersecurity Is a Legal Imperative
From a legal standpoint, cybercrime in financial services is not just an operational hazard, it is a legal and compliance obligation. Intermediaries such as stock brokers, depository participants, and mutual fund distributors are governed by strict frameworks laid down by SEBI, AMFI, stock exchanges, and depositories.
The legal responsibilities extend to:
-
Ensuring Regulatory Compliance: Incident reporting to regulators within prescribed timelines.
-
Preserving Admissible Evidence: Securing logs, communication records, and digital footprints for potential proceedings.
-
Coordinating with Law Enforcement: Filing FIRs, engaging with cyber cells and CERT-In.
-
Mitigating Legal Exposure: Advising on client communications, assessing contractual obligations, and addressing liability issues.
-
Supporting Recovery & Enforcement: Pursuing recovery actions and initiating legal proceedings when necessary.
-
Awareness: Creating and disseminating awareness among the general public about such fraudulent practices through multiple channels, including print media, digital platforms, and other outreach initiatives.
Building a Cyber-Resilient Financial Ecosystem
In the same way that investing depends on consistent prospecting, business sustainability in financial services depends on consistent cyber vigilance.
Measures that strengthen our defence against cyber threats:
1. Proactive Awareness & Training
Investor awareness programs are not limited to financial literacy; it must also cover cyber safety. Educating investors on secure login, recognising fraud, and using only official channels can drastically reduce risk. Regular awareness campaigns through emails authorised communication channels help keep investors vigilant and informed.
2. Third-Party Engagements
Ensuring all third-party service providers meet strict cybersecurity standards, with contractual clauses covering data protection and breach liability.
3. Incident Readiness & Response
Maintain a robust incident response plan that includes legal, cybersecurity, and business continuity teams. Time is critical both for containment and regulatory reporting.
4. Regulatory Alignment
Staying up to date with SEBI, NSE/BSE, AMFI, and Depositories issued cybersecurity circulars. Compliance is not a one-time checklist, it's an ongoing commitment.
The Road Ahead
As our sector grows with increasing digital adoption, expanding investor bases, and greater financial participation cyber resilience will be as important as product innovation or market strategy.
In a world where investors are looking for not just capable advisors but secure partners, cybersecurity is not optional, it's fundamental.
To conclude, we wish all industry participants and partners a secure, compliant, and prosperous future in financial services. Let us safeguard not just wealth, but also the trust that sustains it.
Stay Alert. Stay Protected. Stay Compliant.