Over the last few months, markets regulator SEBI has been chasing a set of serious cases of insider trading involving leaks of vital financial information over WhatsApp about a few leading stocks. News stories give the impression that while they have conducted raids and seized plenty of evidence, they have hit a wall because of the strong encryption that WhatsApp offers, and Facebook's unwillingness to cooperate. Apparently, the data that social apps capture is just for allowing the companies to target ads, and not for catching criminals. Anyhow, it certainly does seem that genuine advanced information about financial results has been circulating over WhatsApp because the regulator has directed these companies to investigate the matter and to tighten internal controls, some of them being Tata Motors, HDFC Bank and Bata.
While the leak of insider information is a serious matter, a far greater problem is the unchecked mass circulation of unsolicited trading tips on SMS. Over the last year or so, the volume of such SMSs has become manifold. There's no way of aggregating this, but everyone I know who used to get these SMSs in ones or twos, now gets them multiple times a day, every day. However, that's just one part of the problem.
One pattern that has emerged is that SMSs from apparently diverse sources now focus on a single stock. For example, somewhere around January, everyone started getting SMSs about the stock of a particular microcap company which seems to have little business activity but has the word 'finance' in its name. The stock too had little activity but ran up considerably in the weeks before the SMSs started arriving. Anyone who is even roughly familiar with the equity markets can see what is going on. This is just one instance I have picked up because it is the most recent that I am directly aware of.
The biggest problem here is that the senders of these SMSs, despite coming from what look like authentic SMS sender codes, are likely to be masquerading as large brokerages. And yet, the receiver has no easy way of checking anything. For example, in the above example, a colleague of mine received an SMS on 30th January that came from the sender code 'AD-ICISEC'. The SMS text was as follows: ON THE BASIS OF OUR RESEARCH REPORT ON "XXXXXX FINANCE" WE STRONGLY RECOMMEND BUY 6200 SHARES IN BSE (539679) @ 35. TGT 85++ IN 1 MONTH WWW.ICICSEC.COM.
Clearly, this SMS purports to be from ICICI Securities. However, the domain name does not belong to ICICI Securities. A Whois query shows that the domain owner hides behind a 'privacy service' located at Room 701A, Building A, Haiwei Science and Technology Park, Zhengzhou, Henan Province, China. Good luck with following that up.
However, that turns the spotlight on to the failure of the Indian telecom and financial regulators. TRAI has failed to provide an easy way for end-users to identify the real senders behind an SMS code. These SMS codes are assigned after a lot of documentation and authentication is done. I know that first hand because my company has one. However, the recipient has no way of accessing this information.
Contrast this with the global certification system for identifying the publishers of a website with 'HTTPS' authentication. On any HTTPS web page, any user can click on the green lock in the URL bar and read the authenticated details. If such a system can be implemented voluntarily for the globally distributed internet, why can't it be mandated for a closed, heavily regulated system like Indian telecom? Specially when the details are already being taken from the senders? Why can't users tap the sender code and read the authenticated name of the sending organisation?
Apart from this ICISEC, whatever it is, I have with me such SMSs from sender codes like HP-KOTSEC, HP-EDELBK, HP-KARVYB, AM-KARVYV and AD-HDFSAC. Anyone would take these to have originated from big names in the investments industry. But did they? Are these companies worried about their brand? Or were these market-manipulating SMSs actually sent by these big names? There's no easy way that the end-user has of finding out unless a transparent, instantly accessible information system is put into place.
However, the default response of someone just beginning to learn about investing would be to trust the names, and get into the dangerous world of trading on the basis of anonymous tips. The financial and telecom regulators need to fix this to save people from being exploited.