NEPSE Introduces ‘IT Audit Guidelines 2026’, Makes Technology Audit Mandatory for Broker Companies

As Nepal’s stock market becomes fully technology-driven, Nepal Stock Exchange (NEPSE) has introduced the “IT Audit Guidelines 2026” to strengthen investor data protection and trading system security. Under the new directive, all member broker companies are now required to conduct mandatory Information Technology (IT) audits. NEPSE stated that the guideline has been implemented to address growing cybersecurity risks associated with increasing digital transactions and to ensure the protection of all stakeholders in the capital market. The guideline brings broker systems including Trade Management Systems (TMS), back-office platforms, customer data management systems, servers, databases, network infrastructure, websites, and mobile applications under compulsory security assessment. It also enforces strict standards related to data encryption, regular backups, KYC verification, user access control, and password security. According to the provision, brokers must conduct an IT audit at least once every two years, while newly licensed brokers must complete their first audit within six months of commencing operations. Audits must be led by certified professionals holding internationally recognized credentials such as CISA, CISM, or CISSP. NEPSE has warned that brokers failing to comply or submit audit reports within the stipulated timeline will face regulatory action. The initiative is expected to enhance transparency, cybersecurity, and investor confidence, helping position Nepal’s stock market as a more secure and internationally reliable digital marketplace.