From its humble beginnings in 1994, when India’s market capitalization stood at about $100 billion, the National Stock Exchange (NSE) has become one of the world’s largest exchanges. Its market cap of listed companies now exceeds $5.2 trillion, making India the fourth-largest capital market in the world. On peak days, the NSE processes 20 billion orders and about 300 million transactions within a trading window of six and a half hours—almost a million messages per second. The exchange manages nearly half of world trade-clearing and represents one-third of India’s wealth. Some 120 million investors hold 230 million investor accounts in the NSE today.
This remarkable growth is founded on customer trust, which in turn is underpinned by resilience in technology, engineering, monitoring, and culture. To maintain and deepen this trust, in 2022, the NSE embarked on a comprehensive effort to boost its resilience even further through technological innovations and reforms that strengthen its systems, operations, processes, and people. The program was designed to be a sustained transformation, not just a project.
Recently, McKinsey Senior Partner Akash Lal sat down with Ashishkumar “Ashish” Chauhan, a founding member of the NSE and its current managing director and CEO, to discuss how the exchange built a resilient tech platform while managing evolving risks and addressing the challenges of the future. The following is a summary version of that conversation.
Akash Lal: How has resilience helped the NSE to grow since its founding?
Ashish Chauhan: Resilience has always been a cornerstone of the NSE’s operations and growth. From its inception in 1994, the NSE has focused on the resilience of its platform; in fact, the reliability and flexibility of our platform has been one of our key differentiators in winning market participants’ trust.
Akash Lal: Three years ago, the NSE started a focused program to further strengthen its resilience across the organization. What prompted this effort?
Ashish Chauhan: With our phenomenal growth—just in the last ten years, the National Stock Exchange’s average daily trade volume in cash markets has seen a tenfold growth—comes the responsibility to ensure our infrastructure remains not only robust but also agile enough to meet future demands and regulatory requirements.
Given its significant role in India’s financial markets, the NSE must continue to provide best-in-class, fair, efficient, transparent, orderly, and continuous markets. For this, we needed to evaluate all areas of the NSE’s technology and consider strengthening or revamping some areas, including processes, people, performance, and platform.
Akash Lal: How is the NSE taking an enterprise-wide approach to resilience?
Ashish Chauhan: While resilience has always been a focus at the NSE, we recognized the benefit of taking a more structured, enterprise-wide approach. We knew from the start that resilience couldn’t be tackled in isolation; it requires a coordinated, cross-functional strategy. So we took a holistic approach by identifying the most consequential areas at the NSE and then developing a resiliency strengthening program that addressed all of them—ensuring alignment across people, process, technology systems, business operations, and decision-making frameworks.
Impact Summary: The McKinsey–National Stock Exchange collaboration
In this excerpt from the interview, Ashish Chauhan reflects on the NSE’s work with McKinsey.
Akash Lal: Which areas of the organization are included in the resiliency strengthening program?
Ashish Chauhan: McKinsey’s diagnostics resulted in 82 recommendations covering five dimensions across the organization: people, culture, processes, platforms, and our operating model. The recommendations apply to four enterprise-wide areas—IT operations, software development life cycle, architecture governance, and infrastructure—as well as two discrete areas: talent and vendor management.
We took a gradual approach by rolling out the recommendations across our tier 1 applications with McKinsey’s oversight during implementation. Having learned from that experience, the recommendations were further fine-tuned and then rolled out at scale across the enterprise for tier 2 and tier 3 applications. This has transformed the way our tech function operates.
Once we brought all these elements together, we were able to create a structured, end-to-end strategy that enhances reliability while maintaining agility.
Akash Lal: What has the resilience program accomplished so far?
Ashish Chauhan: In all areas, we’re not only modernizing some of our legacy systems but also strengthening our processes to meet today’s demands and enable future-ready capabilities that we can scale across the organization. We’ve completed 65 [resilience-strengthening] actions and are actively working on eight more. We aim to finish those by the end of 2025. Some longer-term initiatives will move to the business-as-usual stage until 2026.
- In processes, we’ve enabled a centralized, updated view by reviewing and consolidating our processes for IT. We continue to update the overall monitoring and observability landscape by adopting an enterprise observability stack for visibility into the performance and health of NSE’s IT systems across the entire organization.
- In platforms, we have expanded our test automation to catch potential failures earlier, streamlined platforms to improve reliability, and introduced automated infrastructure management for better visibility and control. One of the biggest shifts has been enhancing the traceability of all changes in the production environment across the SDLC [software development life cycle] and, along with that, strengthening change management and control.
- In people and culture, we’ve refined our hiring processes, upskilled teams, and embedded knowledge-sharing practices. For IT and infrastructure operations specifically, we have assessed the talent pool deployed across critical applications to ensure they have the right skills to make decisions and solve problems.
- For our operating model, we have strengthened governance and performance management mechanisms for third-party providers to confirm that they align with our resilience objectives. And we’ve improved operations and incident management to more quickly and effectively detect and resolve issues.
Akash Lal: What about the NSE’s IT infrastructure? Have you made significant changes there?
Ashish Chauhan: We’ve undertaken a major transformation of our IT infrastructure to reinforce the NSE’s position as a global technology leader in capital markets.
A cornerstone of this effort has been the expansion of our ultralow-latency co-location facility, which now houses about 1,400 racks, making it one of the largest in the world and ensuring that participants have faster, more reliable access. We plan to add another 400 to 500 racks by the end of the year and potentially up to 2,000 more over the next few years—based on demand—taking the total to 4,000-plus racks. This will help us meet heightened demand from high-frequency and algorithmic trading firms. The exchange will be able to handle surging volumes while preserving ultralow-latency access, and it will support HFT, or high-frequency trading.
We’ve also built one of Asia’s largest in-house private clouds within our data center, along with fault-tolerant infrastructure for capital markets to foster scalability, observability, and seamless orchestration of mission-critical workloads. Our infrastructure now operates with industry-leading automation to ensure performance at scale without compromising resilience.
Additionally, we have strengthened our disaster recovery data center so that if a natural disaster occurs we can replicate data in real time with near-zero data loss, and we can switch over trading systems in less than 45 minutes. We conduct regular drills and simulations to test the effectiveness of our disaster recovery protocols.
Akash Lal: Cybersecurity is a crucial part of a resilient technology infrastructure. How has the NSE strengthened its defense against cyberattacks?
Ashish Chauhan: The NSE experiences a substantial number of cyberattacks; for instance, during a 20-minute period recently, we sustained nearly 400 million hits from over 120 countries on our website. Even so, we have managed to maintain our operations without significant disruptions. We use continuous monitoring to detect and respond to potential threats, and we test and retest our systems constantly.
To fortify our defense, we have deployed best-in-class processes, tools, and technologies across our defense layers and ensured proactive risk assessments and timely mitigation of identified risks. Cybersecurity controls spanning prevention, detection, response, and recovery have been implemented to ensure cyber-resilient systems. The NSE follows a secure-by-design principle—in which we integrate security into the entire development process—to ensure that all applications, products, and services rendered by the exchange have inherent security elements embedded.
Additionally, the NSE has established a 24/7 security operations center for monitoring and immediately thwarting threats. A formal cybersecurity committee, over and above our standing committee on technology, meets periodically to review cybersecurity and resilience policies, assess IT vulnerabilities, and push forward improvements. An architecture review board is also in place to look at all big shifts in technology architecture and security.
Akash Lal: A true transformation needs to be sustained, which requires effective change management. How did you prepare your teams for this shift, and what are you doing to maintain momentum?
Ashish Chauhan: We created end-to-end teams around seven themes we identified across 82 areas, with team leaders who ensure effective execution on the ground. We established governance and oversight to support teams with guidance and entry and exit criteria. These steps helped everyone to have a shared objective and goals and to role model building an engineering-led culture.
Resilience is as much about human capital as it is about systems. One of our focus areas has been strengthening our tech talent pipeline to hire the best talent, including hiring from top management and technology institutes, while also upskilling existing teams through targeted training programs and knowledge-sharing initiatives. We emphasize knowledge management—where we identify, document, organize, maintain, and distribute critical collective knowledge—and effective documentation, and we have structured knowledge transfers—planned events and processes for sharing expertise or insights. These practices facilitate continuity and scalability.
By investing in our people, we ensure that the transformation was not just a one-time initiative but an embedded part of our culture.
Akash Lal: What measurable results has the resilience program seen so far?
Ashish Chauhan: [We have built] a more resilient infrastructure. We have not experienced any major outages in the past several years, so our operational stability is clearly strong.
We have reengineered a lot of our processes, design, and engineering capabilities so they are sustainable and leading indicators of potential issues related to resilience. Our incident response times have improved from hours to minutes.
To continue and expand on this success, we have established the Resilience Index, a composite metric that tracks key resilience indicators, enabling the monitoring of services and constantly enhancing the tech operations strategy. The index will allow us to monitor our progress, stay on track, continuously improve, and constantly refine our strategy.
This transformation has earned global recognition. The NSE was featured in Forrester’s global blog as a benchmark in fault-tolerant, ultra-scalable infrastructure and nanosecond-level latency tuning. We received a Red Hat APAC Innovation Award for Automation and were named “Best of the Best” by Asia Asset Management for Best Infrastructure Platform in Asia in 2024 and 2025.
Akash Lal: What’s next on the horizon for the NSE in building resilience?
Ashish Chauhan: Resilience is a journey and not a destination. It is a practice that needs to be part of the organizational DNA. Now and in the future, every decision or trade-off needs to be looked at through a resilience lens. Often people believe that resilience is only a tech issue, but for us, resilience requires a holistic approach. It must continue to be driven from top to bottom; it cannot be left as a side activity.
Also, resilience cannot be based on perception but needs to be measured scientifically. Quantification using the Resilience Index we created will allow us to focus on the key areas where intervention is required. The index covers around 25 different attributes encompassing technology, process, people/culture, and operating model.
We have been experimenting with AI on how it can improve resilience. One of the initiatives that we are attempting is using LLM-based detection within legacy code around tech debt. Resilience will continue to have my personal attention.
Akash Lal: What advice would you give to other technology and business leaders contemplating a transformation like this one?
Ashish Chauhan: I would offer two key pieces of advice. First, resilience requires a holistic approach and not shortcuts. It has to be an enterprise-wide effort and driven at every level. Second, it requires difficult decisions that will be hard to implement and will need support from the top. Third, this effort is not merely rewiring, whereby symptoms are addressed, but a more involved engineering process where the root cause will need to be fixed. That fix could go beyond the ambit of a technical fix. Last, the resilience initiative shouldn’t be a perception-based effort; it must be quantified and measured scientifically to ensure that it’s focusing on the right areas.
Again, resilience is a journey, not a destination, and it must be steered by the highest levels of an organization.
