Shiv Kumar Bhasin, CTO, NSE outlines how digital technologies at NSE could be critical for India’s economic growth.
What are your responsibilities as CTO of National Stock Exchange?
I own the complete technology shop over here which encompasses technology strategy, technolog, vision and one part of exchange and trade operations. These are the core pillars I own, and this is a very large statement of work because exchange is that business which runs totally on technology. Post mid 90s, all exchanges are now fully electronic. NSE since inception is an electronic exchange. We never had a floor reading like BSE.
As we move forward during pandemic, with various announcements coming from the government to grow the economy of the country, the trade volumes are growing tremendously. But it is just only 2% of a given population of the country that participates in the capital market. If we have to grow the economy by 2025, it needs to move from 2% to most likely 8- 10%. That means roughly 4-5 times the volume we are looking at, and we are already processing 200k orders per second which is the largest volume as compared to other global exchanges. We are the largest exchange in terms of derivative volume, across the globe. Given all these kind of business projections, that technology role is the key for the success of the exchange and the core pillar of the Indian economy because around 95 to 97% of the country’s trade volumes are processed by our exchange and given such large volumes, the main vain of the economy of the country is represented by the exchange and this exchange runs on technology.
The role of the technology team is very large, and it’ is a mission critical system where you cannt have even a single second of downtime or slightest glitch. In a very short amount of time that glitch will be out on the CNBC and it could impact adversely the Indian economy. There is a great responsibility on the shoulders of NSE and it is a national critical infrastructure as well.
For keeping the economy growing and keeping the economy vibrant, NSE has a great role to play.
What are the challenges you are facing and how you are planning to meet those challenges?
As business projections are very high because Government wants to grow the Indian economy into the top three economies of the world and given that goal which India has, our responsibility is keeping the systems resilient and scalable to be future ready for any kind of an exponential growths in the order volumes to be handled very smoothly.
For example, when we entered into that pandemic, in March this year, we were processing around 2 million orders in a day and as just a quarter down from March in June, we started processing 4 billion orders a day. In the last few months, the market has been very volatile and because of this volatility, the volumes go tremendously very high on the platform,. Being a mission critical system, the challenges are always like making the systems highly scalable keeping that headroom, having an exponential growth in a short amount of time. That keeps the performance engineering department always on our toes and keeping the infrastructure, with a cloud-like kind of flexibility, but we cannot unfortunately use cloud. Cloud does not support today’s low latency business processes. Once they start supporting that could be one of the options. However, the platforms which we use, we always keep, 3-4 years in future in mind. Hence we always keep sufficient head-rooms for any such spikes coming on the way. We should be able to handle them gracefully as well as whatever the mission critical software systems, which are running at a operating system, performance tuning, protocol level or even at the Silicon level while working with many large chip manufacturers to improve vertical scalability of the platform. Being very latency sensitive where every nanosecond counts, that is where it is important how big is the exchange trade platform. Low latency is one of the key and number of orders it can process, as well as how resilient it is without a single nano second of downtime. Even if there are any problems in getting encountered during the day, it should be seamlessly fixed without impacting the market. These are some of the key challenges when it comes to the trade platform.
The Other challenges in exchange was being one of the first in BFSI sector, which went in adopting technology in a major way, sometime in mid 90s
we became a little arrogant as well we were the leaders and we are going to remain a leader, like that around 20 years passed. As you know the cycle is reducing day by day, earlier any kind of transformation used happen in 20 years, 10 years or 5 years. Nowadays, actually it does come down to 3 -1 years basically. Most of the transformations are happening very fast. The stakeholder experience is one of the key challenges for us where various compliances and regulatory processes, we being the frontline regulator of the market as well.
We have to work towards the digitization of the processes where manual interventions can be reduced and they are straight through without manual intervention, without paper processing and improving the overall task from several days to, few minutes or real time is a mandate.
The Third challenge is that we are sitting on an enormous amount of corporate data. The entire countries corporate data is with us where regulations prohibit us for launching the data services, on a commercial basis because as per regulations all the data which we get from the market, belongs to the market. So it should be given back to the market free, that is the semi regulatory guidance while across the globe many institutions are making around 30% of the revenue out of that data.
We are working on adding some, advanced analytics, AI-ML based value added services which will be added or hosted on the cloud and those can be disseminated to the trading members based on subscription and those subscription will on chargeable basis.
What kind of thoughts you have when it comes to Bitcoins because this technology can majorly effect NSE?
It’s still not considered legal in India by RBI.
Other countries have accepted. Are we prepare if in coming future, let’s say by 20-25 the regulations changes. How is NSE going to be prepared for that?
Yes, actually we have one chapter card innovation sandbox, which we run along with the regulator. There we have been working on some of the shareable. It is not directly bitcoin, I will say. Today we have physical securities means all these equities, options and the derivatives are played in the physical market. We are looking at how these assets could be digitized so that they can be shareable. It is more on blockchain kind of a technology and there we are working with the regulator because of that capital regulator SEBI does not regularize the shareable assets. There are no regulations and all and how those assets will operate. Those deadlines still need to be worked out, uh, without marketing regulator to maintain fairness and equitable behavior of all the participants.
And how many equities or how many symbols will be ready to get themselves sold as a shareable or kind of into multi parts. That is another area,which I think we have not worked upon, but more as a technology POC, we have done where we come up with one of the market innovator, a startup based on Hyderabad.
We have worked with them on a coming up with shareable assets and looking at designing the trading and matching engine based on that. That part is work-in progress, I will say.
There is a fully digital exchange that started last year, one in. Switzerland and another somewhere in Europe. These are the two exchanges where they are looking at, all asset classes will be fully digital. There will be shareable assets and they can be partitioned. They could be various assets like you can have land parcels, real estate, so these are the asset classes also, those exchanges are looking at but so far in India, it has been technology POC. It has not been into the business so far.
There are various opportunities, there are commodity market specially with precious metal like gold, the prices are going very high. That is one of asset that can be sold using this blockchain technology or sharable as digital technologies.
We can with deal precious metal more effectively in increase their consumption.
What are the key technology solutions used by NSE and what are their use cases?
NSE has three role, trading, risk clearing and surveillance.
When you look at the trading, it’s mostly, system programming, which is largely of based on C, C++ programming where matching the gateways for low latencies, they all are dealing with how to do the kernel bypass, use latencies, use the faster templations with each CPO cycle.
If you see the clearing side, we are using lot of legacy technologies and we are going towards the modernization where clients server or technologies like we have a lot of legacy applications on 2 Tier architecture and C, C++ and databases.
We are now moving towards the container oriented commodities and database architectures, micro-services based architectures.
Surveillance is again a very critical area that deals with data where real-time analytics of all these 200k orders per second or those are very large volume order or throughput that we see need to be analyzed for any anomaly or any kind of restrictive trading practices, they need yo detected on real time basis need to reported to the regulator on real time basis. That’s where the advanced analytics is required and lot of in-memory calculations are getting done over there.
For surveillance, were looking at implementing data lake, real time processing which cancarry out in memory calculations, and reduce the latency for any kind of a surveillance analysis or surveillance alert gets ditected rather than persisting the database and the detecting the anomaly. We are trying to do that first keep the data in memory and detect anomalies.
Who are your technology partners?
TCS is the partner for our trading platform and for surveillance. For clearing, we have TCS, other partners as well as our own technologies from CIT. We worked with Cognizant, Infosys, IBM, they have helped in terms of resourcing needs, that skillset needs in some pockets because we were working on some niche area like API gateways, we work largely with the Google. Earlier we are using IBM and then now we are adopting some of the cloud SaaS products as well, or collaboration as well. When we are working remotely, we are using remote working tools which are hosted on the cloud and they are having multi level of security also enabled some cyber security firms behe Cisco, F5, Checkpoint they are aslo coming into our key OEMs list. VMware and Office 365 from Microsoft, these cloud partners. In terms of team collaboration and in terms of setting of CI/CD pipelines on the hybrid cloud as well as the virtual desktops across organizations in a shortest time git rolled out with help of VMware. Entire internet applications are published on the Workspace ONE.
We are using all these for higher productivity for the staff or members.
What was the support from technology partners, especially during COVID times?
We got excellent support. Being a front-line regulator for the capital market, as well as holding the various sensitive data of corporate, capital markets in India, we’re not having a practice for the remote working. Everybody has to come to office and connect to their desktops only. There were no laptops, no mobile devices enablement was there. That was one challenge we’re looking at. We sensed 2-3 weeks before the lockdown, because we were observing across the globe lockdowns were being called. We were thinking what if, India also gets into a similar situation? How will we go about it? It was a coincidence, like first week of March, we were discussing this with our one different partners by last week of March ndia got under lockdown and all these partners came forward like Cisco as well as VMware to set up the team collaboration tools, virtual desktops, to ensure that people have accesses with multiple level of securities, not just with user, ID password and not having just typical VPN, app based security like Cisco duo or a biometric securities. All those we got six weeks , from 1st March to 15th April. Our entire workforce having the remote, working enabled and from15th, we took around a month from there with the various trainings for the staff being conducted to how be productive in digital way of working because many people don’t know how to use whiteboards and connect to each other. That’s a big change management in the organization, actually we found that probably, it was a generational impact as well that people learn these things very fast.
Now the productivity also grear and we’re hoping that even in post pandemic era, 40% of people will in office and 50 to 60% staff will continue with the virtual operations.
I wish we get the vaccine very fast and the restrictions will go down. Lets see in those same circumstances, how people will behave, that will also determine how strongly leaders remote working models play. It is going to give a great mileage to the Indian industry, because so far, a lot of Indian managers were many physical touch and feel, and they wanted all the in the office. There were some handicaps as well that you could not tap the skill-set. But now with remote working identifying and hiring skilled people will be easier and it’ll great for Indian industry.
How are you maintaining those boundaries of data security?
We have implemented various cyber-security frameworks. Like we are using some of the cloud security providers, they have, one good line of defense at cloud level itself before any kind of interaction hits the perimeter of data centre. The application firewalls, the content management systems that DNS, all of those are available on the cloud. Then subsequently similiar layers, some similar walls are for that.
For end users, we have done cloud level multiple factor authentication , they’ve to come via the proxy through cloud as well as they have to use the app based authentication rather than VPN because VPN is also nowadays broken.
For some of the privileged user these app based authentication is getting carried out, using biometrics and even after biometrics, all these users are in the privileged identary management system.
On top of it, we have given to our monitoring staff, which is a security operation center staff remote connectivity of the dashboards so that they can monitor. As you would have seen recently, there was seven or eight, a strongest exchange were attacked during the pandemic and one of the strongest exchange was down for continuously five days because of a cyber security attack. So, we had taken a significant learning from those instances and we went ahead and implemented these
So, we ensured that we have the right controls in place and they’re all audited and reviewed again because audit processes also we have enhanced for ensuring the cyber security, tools are deployed.
Tell us more about your data center.
All data centres are owned by us, we don’t use co-location data centers. Those are maintained from civil engineering perspective, from an IP perspective all managed by us and our in-house staff. Similarly all locations be it productions, DR, BCP location, all three locations are managed by us.
Recently we’ve done of change where we have outsourced our infrastructure management, and services with one of the key partner Wipro. We have been looking at them to bring them more proficiency in the managing the best service SLA and being more agile. So these were the key requirements where we have moved on to the infrastructure services partner.
We decided to partner with these leading partners to have.more global presence. We are using O365. We partner with Microsoft and we are partnering with them for their Azure cloud for running our some of that data analytics services and similarly with AWS and GCP. All these innovation threats, we have started working with cloud service providers. We have gone for one or two data analytics services to be hosted on the Amazon cloud and with other cloud service providers, we are doing various POCs so that we can be ready for the cloud based architecture.
How is NSE leveraging on modern technologies like AI and ML?
To tide over the current COVID-19 crisis, we are doing a large digital transformation program where all the touch points of the exchange which are trading numbers, custodians, etc so we are moving them towards the modern application architecture, which is based out of microservices, commodities, containers, leveraging various web and mobile technologies which are anytime, anywhere, any device, based on that principle. Because we don’t want it to be lagging behind leveraging only legacy technology based clients and we want to move towards clients who are adaptable to all the devices. Be it the various mobile devices, tabs, iPads, laptops and desktops, of course, and multi browser support.
In this modernization and digital transformation, one of the key area is that not only just look at this technology modernization, but also business process, re-imagination, where long learning business processes could be brought down, leveraging that the technology again which is voice enabled chatbots or AI/ML based chatbots, OCR, RPA based processing of the paper documents and further doing AI, analytics.
As you’re aware, where companies companies go for listing, then publish their red hirring prospectors of 300 pages.
First, they submit to us. Al of those are going to proof read, audited by our bots. AI/ML based e bots which could be able to screen through that 300 and 400 pager document in a matter of a few minutes, which earlier department used to take somewhere 10 days to 20 days to come back to any kind of anomalies or any kind of review comments to the people who are trying to list their companies on to NSE
How has the prolonged WFH scenario changed the entire DR-BCP plans of organizations?
It has really tested our BCP strategy and it has been a great event to build multiple level of redundancies at every leg.
Like when the dynamic we went for very quickly booking the hotels near office premise, keeping some backup staff nearby. So there, if somebody gets unhealthy and they can be called from hotels. They are kept in a separate rooms or even separate hotels. So that if team A gets sick, team B can be brought in.
All those redundancies were planned within the same city and across cities.
We had four level of redundancy built in same city. We allowed people to work remotely as well while supporting this BCP. We have run four surprise mocks which used to start early in the morning at 4.30 am and by 5 am people where ready working from home to ensure when exchange opens at 9 am for market to be ready by 9.15. Now our BCO policies are well tested robust which gives us a multiple level of redundancies. We are now much better prepared that pre-pandemic times.
How has NSE planned out a Python-based trading platform with scalable architecture?
Our trading platform is totally indigenously developed in-house. As mentioned, our partner is TCS and all the design and architecture has been done in house by the NSE teams. Trading platform is a very sensitive area then any banking sectors. You can leverage a lot of modern technologies. As I said earlier, we are using loudly C C++ based on OS level and even bypassing the kurnel and writing that code in such a manner nanno seconds latencies could be achieved for end to end transaction.
We are working on multiple things like resilient architecture and scalability be it vertical scalability. That’s one of the key and the second is partitioning the asset classes based on business attributes which gives us horizontal scalability.
What are the cybersecurity challenges in the online trading market?
Whatever transaction is being pumped by the trading members to the exchange, the transaction integrity is the key. Each and every value that has been pumped has reached in a similar manner to us, or it has been manipulated on the way or met with an attack in the middle. Those mitigations are put in place already. Other challenges are while you’re carrying out these cybersecurity preventions, these should not be, or what had in the performance of their trading platform. They should not cause any kind of increase in latency for trade execution. And consequently, we have to remain nimble, secure and we have various levels of checks because we have our own proprietary network which we use which builds various levels of hardware based security, which keeps the integrity, confidentiality, non deputation of the transactions intact.