Did you know that your trusted stockbroker might not have the security systems in place to protect your sensitive information?
A recent SEBI order against Reliance Securities Limited has exposed some serious lapses in how the company was handling its cybersecurity and unauthorised trading penalties.
This isn’t just about technical jargon, but it’s about your money, your data, and whether your broker is trustworthy enough to handle your investments.
Let’s break down what happened, why SEBI came down hard on them, and what this means for you as an investor.
Reliance Securities SEBI Order
Think of this SEBI order as a formal complaint and punishment notice.
On November 26, 2025, SEBI’s Adjudicating Officer Amit Kapoor issued an order against Reliance Securities Limited. It is one of the major stock brokers in India.
But this wasn’t about the broker stealing money or running away with investments.
Instead, it was about something more serious: failing to protect the very systems that handle your trades and personal data.
Between April 2023 and October 2024, SEBI inspected to check if Reliance Securities was following cybersecurity rules and maintaining proper technical systems.
The inspection uncovered seven major failures, and for each of these failures, Reliance Securities violated SEBI’s strict guidelines on how brokers should operate.
What Violations Were Done by Reliance Securities?
Here’s the thing: when you place an order to buy shares through a broker’s website or app, your data travels through multiple systems. These systems handle everything like
- Your login password
- Your bank details
- Your personal information
- Your trading instructions
If these systems aren’t secure, if they crash unexpectedly, or if data leaks out, it’s not just embarrassing for the broker—it’s dangerous for you.
SEBI issued strict rules in 2022 and 2023 to ensure every broker has rock-solid technology.
But Reliance Securities?
They either didn’t follow these rules or took their time implementing them.
Here are the seven main reasons SEBI penalized them:
First, they failed at capacity planning
In simple words, a broker needs to make sure their trading servers can handle the traffic. This is necessary during busy trading hours when thousands of investors are buying and selling simultaneously.
Reliance Securities didn’t have proper documentation showing they monitored peak load and didn’t maintain servers that were 1.5 times stronger than this peak load.
They also didn’t set the right warning thresholds (70% capacity usage) that would alert them when systems were getting overloaded. Only after the inspectors pointed it out did they change their threshold from 75% to 70%.
Second, they were testing software the old-fashioned way
Modern brokers should use automated testing tools. Think of these as robots that check thousands of scenarios automatically to catch bugs before traders experience them.
Reliance Securities was still doing most of this testing manually, like checking things by hand. This is slow, inefficient, and prone to errors.
Third, they failed to properly log important data
The SEBI circular required brokers to implement a monitoring system called LAMA, which tracks the health of critical systems in real-time.
Reliance Securities delayed implementing this for over 450 days from when it was supposed to start (April 2023) to when they actually started (June 2024).
That’s more than a year of not monitoring what was happening inside their trading systems!
Fourth, they didn’t have a backup plan when disaster struck
Every major broker should have a disaster recovery site, essentially a backup office with all systems running in parallel. So that if the main office goes down, trading continues without interruption.
Reliance Securities didn’t have one during the inspection period.
Why?
Because their parent company, Reliance Capital, faced financial troubles and stopped funding such infrastructure.
Fifth, their data protection was incomplete
Only 371 out of 707 employee computers were covered under their Data Leakage Prevention (DLP) system.
This means if someone wanted to send out sensitive company information through email, the DLP on those uncovered computers wouldn’t catch it or block it.
Sixth, they had no proper system to classify and protect sensitive data
Without knowing which data is sensitive and which isn’t, you can’t protect it properly.
It’s like having a treasure chest but not labeling which items are valuable.
Seventh, their email security was broken
When inspectors sent a test email containing sensitive information (like a fake Aadhar document) to an external address, it went through without any warning or blocking.
This is a critical failure because your personal details could have been accidentally leaked by an employee.
SEBI Penalty on Reliance Securities?
SEBI imposed a penalty of Rs 5 lakh (Rs 500,000) on Reliance Securities.
The company has 45 days to pay this amount through SEBI’s online portal. If they don’t pay, SEBI can initiate recovery proceedings, which can include freezing bank accounts and selling off company assets.
Now, is Rs 5 lakh a significant punishment?
For a mid-sized broker, yes. But here’s the interesting part: SEBI noted that Reliance Securities didn’t gain any unfair advantage from these lapses, and no investors suffered direct financial loss from these security failures during the inspection period.
There’s no evidence that trading systems crashed, causing losses, or that customer data was actually stolen. So while the violations were serious, the penalty reflects the severity of the rule-breaking rather than compensation for victim losses.
What Does This Order Mean for Investors Like You?
This SEBI order should raise a few important questions in your mind:
First, how secure is my broker’s system?
The violations at Reliance Securities like:
- Delayed monitoring
- No disaster recovery
- Incomplete data protection
They could have impacted you during a market crisis.
Imagine a major tech glitch during an important market event. Without proper capacity planning and disaster recovery, your broker might not be able to execute your orders, or worse, your orders might get stuck in limbo. You’d lose time and potentially money.
Second, is my personal information safe?
The data leakage prevention failures mean that employees at a broker could accidentally (or intentionally) forward your Aadhar number, PAN card, or bank account details to external email addresses without any alert or blocking.
This is a major privacy risk in an era of increasing identity theft and fraud.
Third, should I move to a different broker?
This is a fair question. However, remember that Reliance Securities has since been acquired by IndusInd International Holdings (in March 2025), and this acquisition brought new management and resources.
The company has also taken corrective steps after the inspection, like:
- They’ve implemented LAMA
- Set up a disaster recovery site
- Improved their data protection systems
So while their past was problematic, their future might be different.
Fourth, what should I look for in a broker?
This order teaches us that you shouldn’t just look at a broker’s popularity or trading fees.
Ask questions about their cybersecurity certifications, their data protection measures, whether they have a disaster recovery site, and if they’ve ever faced SEBI penalties.
Some brokers publish such information voluntarily; for others, you need to dig through SEBI’s enforcement orders database.
Finally, how often does this happen?
SEBI conducts these “thematic inspections” regularly, where they pick a theme (like cyber security) and inspect all brokers systematically.
This order against Reliance Securities suggests that other brokers might also have similar vulnerabilities. SEBI’s penalty is meant to deter other brokers from taking shortcuts on cybersecurity.
Need Help?
If you have faced similar issues with your broker, and want to know how to complaint in SEBI, you can reach out to us.
We are a team that specialises in recovering money that is lost to scams and fraud. Our team makes sure that your concern is genuinely conveyed and addressed.
Conclusion
What Happened Matters, But Change Also Matters!
Reliance Securities violated seven critical security and compliance requirements that could have harmed investors.
They failed to properly monitor trading system capacity, inadequately protect data, set up inadequate disaster recovery systems, and implement required monitoring tools on time.
However, what’s most important is that the company acknowledged most of these violations, took corrective actions, and is now under new ownership with presumably better management oversight.
This doesn’t erase the past failures, but it suggests the company understood the gravity of the situation.
In investing, trust is paramount, and trust is built on transparency and proven compliance with regulations.
Reliance Securities failed that test once, but they’re now trying to rebuild. Whether they succeed depends on how seriously they take these lessons going forward.
