MUMBAI: After the CBI and ED registered cases against him, retired Mumbai police chief Sanjay Pandey in a conversation with TOI had said payments received by iSec Services Pvt Ltd from the National Stock Exchange were accounted for and income tax paid on it. Pandey said the firm he was linked to received less than Rs 5 crore from NSE for a “cyber vulnerability assignment” and around Rs 10 lakh for a security audit. “These payments are for a period of around 10 years,” he said.
Pandey said NSE had approached iSec in 2009 to analyze calls coming to and made by employees on its internal network and provide reports based on exceptions noted in the calls besides monitoring emails and providing exception reports. Stock exchanges and other financial institutions are known to mount surveillance on employees during trading hours.
“As per the proposal, NSE would provide a hard drive containing the calls they recorded on their systems. Our job was to listen to data provided by NSE on a weekly basis and submit a report. The idea was to identify calls being suspicious based on the content and whether employees were trying to leave the company or indulging in personal work during office hours. Pandey said NSE chose to call it ‘cyber vulnerability’ instead of electronic monitoring. Pandey said NSE already had a system for recording these calls. “iSEC would listen to the data on the hard drive offline at its premises and submit a report.”
Later when NSE’s surveillance systems got outdated, it asked iSec to arrange new hardware and software, he said. NSE paid for it, he said. The server, software, data and hardware were always on NSE’s premises under their control and supervision, he said. Calls of the trading floor were never plugged into the system installed at NSE’s premises, he said. He denied that iSec monitored any live calls. “It was not our mandate,” he said.
Pandey said iSec was empaneled to conduct audits of NSE brokers along with several other companies in 2013 on the basis of SEBI guidelines. The audits were limited to the premises of brokers. It was to verify whether the co-location server was sub-let to anyone else by the broker, he said. “Besides iSec, there were many other auditors who followed the same process while auditing brokers.”