MASTER CIRCULAR

SEBI/HO/MRD2/DDAP/CIR/P/2021/18 February 05, 2021

To,

All Depositories

Dear Sir / Madam,

Subject: Master Circular for Depositories

1. Securities and Exchange Board of India (SEBI), from time to time, has been
issuing various circulars/directions to Depositories. In order to enable the
users to have access to all the applicable circulars/directions at one place,
Master Circular for Depositories has been prepared.

2. This Master Circular is a compilation of the relevant circulars/communications

pertaining to Depositories issued by SEBI up to October 31, 2020 and shall
come into force from the date of its issue. References in the Master Circular to
the Statutes/Regulations which now stand repealed, have been suitably
updated.

3. In case of any inconsistency between the Master Circular and the applicable
circulars, the content of the applicable/ relevant circular shall prevail.

4. The Master Circular consists of four sections i.e. Beneficial Owner (BO)
Accounts, Depository Participants (DP) Related, Issuer related and
Depositories Related. Efforts have been made to include provisions of
circulars/ communications relevant to each sections. However, cross
referencing of circulars/ communications amongst the sections may exist.
Users may refer other sections also for compliance to provisions applicable to
them.

5. This Master Circular shall supersede previous Master Circular

SEBI/HO/MRD/DP/CIR/P/118 dated October 25, 2019 and is available on
SEBI website at www.sebi.gov.in.

Yours faithfully

Rishi Barua
Deputy General Manager

1
 Table of Contents

Section - 1: Beneficial Owner (BO) Accounts

1.1 Opening of BO Account by non-body corporates
1.1.1 Proof of Identity (PoI)
1.1.2 Proof of Address (PoA)
1.1.3 Clarification on voluntary adaptation of Aadhaar based e-KYC
process
1.1.4 SARAL Account Opening Form for resident individuals
1.1.5 Clarifications with regard to KYC requirement for eligible Foreign
Investors
1.1.6 Acceptance of third party address as correspondence address
1.2 Exemptions from and clarifications relating to mandatory requirement of
PAN
1.3 Simplification of demat account opening process
(DP-BO Rights and Obligation Document)
1.4 Opening of demat account in case of HUF
1.5 Operation of minor’s demat account
1.6 Facility for a Basic Services Demat Account (BSDA)
1.7 Change of Name in the Beneficial Owner (BO) Account
1.8 Fees/Charges to be paid by BO
1.9 Safeguards on transfer of securities in dematerialized mode
1.10 Delivery Instruction Slip (DIS) Issuance and Processing
1.11 Transmission of shares
1.12 Execution of Power of Attorney (PoA) by the Client in favour of the Stock
Broker/ Stock Broker and Depository Participant
1.13 SMS alerts for demat accounts operated by Power of Attorney
1.14 Exemption from sending quarterly statements of transactions by depository
participants (DPs) to clients in respect of demat accounts with no
transactions and no security balances
1.15 Discontinuation of sending transaction statements by depository
participants to clients
1.16 Exemption to Depository Participants (DPs) from providing hard copies of
transaction statements to BOs
1.17 Transfer of funds and securities from Clearing Member pool account to BO
Account
1.18 Consolidated Account Statement (CAS) for all securities assets
1.19 Review of Dividend option(s) / Plan(s) in case of Mutual Fund Schemes
1.20 Procedure for filing and redressal of investor grievances using SCORES
1.21 Framework for the process of accreditation of investors for the purpose of
Innovators Growth Platform
1.22 Common Application Form for Foreign Portfolio Investors
1.23 Permitting Foreign Portfolio Investors (FPI) to invest in Municipal Bonds

Section - 2: Depository Participants (DP) Related

2.1 Online Registration Mechanism for Securities Market Intermediaries
2.2 Supervision of branches of depository participants
2
 2.3 Incentivisation to Depositories Participants (DPs)
2.4 Implementation of the Multilateral Competent Authority Agreement and
Foreign Account Tax Compliance Act
2.5 Printing of Grievances Redressal Mechanism on Delivery Instruction Form
Book
2.6 Operationalisation of Central KYC Records Registry (CKYCR)
2.7 e-KYC Authentication facility under section 11A of the Prevention of Money
Laundering Act, 2002 by Entities in the securities market for Resident
Investors and Entities permitted to undertake e-KYC Aadhaar
Authentication service of UIDAI in Securities Market
2.8 Clarification on Know Your Client (KYC) Process and Use of Technology
for KYC
2.9 Recording of Non Disposal Undertaking(NDU)in the Depository System
2.10 Recording of all types of Encumbrances in Depository system
2.11 Cyber Security & Cyber Resilience framework for Depository Participants
2.12 Reporting for Artificial Intelligence (AI) and Machine Learning (ML)
applications and systems offered and used by market intermediaries
2.13 Flashing a link to SCOREs on the dashboard of Demat Accounts
2.14 Displaying of information regarding SEBI Complaint Redress System
(SCORES) in the website

Section - 3: Issuer related

3.1 Charges to be paid by Issuers
3.2 Activation of International Securities Identification Number (ISIN) in case of
IPOs and additional issue of shares/ securities
3.3 Streamlining the Process of Rights Issue
3.4 Registrar and Share Transfer Agents
3.5 Mandatory admission of debt instruments on both the Depositories
3.6 Specifications related to International Securities Identification Number
(ISINs) for debt securities issued under the SEBI (Issue and Listing of
Debt Securities) Regulations, 2008.
3.7 American Depository Receipts (ADRs)/Global Depository Receipts
(GDRs)
3.8 Framework for issue of Depository Receipts (DRs)
3.9 Issuance, listing and trading of Perpetual Non-Cumulative Preference
Shares (PNCPS) and Innovative Perpetual Debt Instruments (IPDIs)/
Perpetual Debt Instruments (PDIs) (commonly referred to as Additional
Tier 1 (AT 1) instruments)
3.10 Electronic Clearing System (ECS) facility
3.10.1 Use of ECS for refund in public/ rights issues
3.10.2 Usage of electronic payment modes for making cash payment to
the investors
3.11 Withdrawal by issuers from the depository
3.12 Further issue of shares under Section 86 of Companies Act and Companies
(Issue of Share capital with Differential Voting Rights) Rules, 2001
3.13 Streamlining issuance of SCORES Authentication for SEBI registered
intermediaries
3
 3.14 Clarification on applicability of regulation 40(1) of SEBI (Listing Obligations
and Disclosure Requirements) Regulations, 2015 to open offers, buybacks
and delisting of securities of listed entities
3.15 Continuous disclosures and compliances by listed entities under SEBI (Issue
and Listing of Municipal Debt Securities) Regulations, 2015
3.16 Non-compliance with certain provisions of the SEBI (Listing Obligations
and Disclosure Requirements) Regulations, 2015 and the Standard
Operating Procedure for suspension and revocation of trading of specified
securities
3.17 Investor grievances redressal mechanism – Handling of SCORES
complaints by stock exchanges and Standard Operating Procedure for non-
redressal of grievances by listed companies
3.18 Automation of Continual Disclosures under Regulation 7(2) of SEBI
(Prohibition of Insider Trading) Regulations, 2015 - System driven
disclosures
3.19 System-Driven Disclosures (SDD) under SEBI (SAST) Regulations, 2011
3.20 Streamlining the Process of Public Issue of Equity Shares and convertibles-
implementation of Phase II of Unified Payments Interface with Application
Supported by Blocked Amount
3.21 Standardization of timeline for listing of securities issued on a private
placement basis

Section - 4: Depositories Related

4.1 Online Registration Mechanism and Filing System for Depositories
4.2 Activity schedule for depositories for T+2 rolling Settlement
4.3 Settlement of transactions in case of holidays
4.4 Deadline time for accepting non pay-in related instructions
4.5 Approval of amendments to Bye Laws / Rules of Stock Exchanges and
Depositories
4.6 Preservation of Records
4.7 Facilitating transaction in Mutual Fund schemes through the Stock
Exchange Infrastructure
4.8 Pledge of Shares through depository system
4.9 Margin obligations to be given by way of Pledge/ Re-pledge in the
Depository System
4.10 Foreign investments in infrastructure companies in securities markets
4.11 Designated e-mail ID for regulatory communication with SEBI
4.12 Designated e-mail ID for redressal of investor complaints
4.13 Redressal of complaints against Stock Exchanges and Depositories through
SEBI Complaints Redress System (SCORES)
4.14 Limitation period for filing an arbitration reference
4.15 Disclosure of investor complaints and arbitration details on Depository
website
4.16 Disclosure of regulatory orders and arbitration awards on Depository
website
4.17 Guideline for websites of depositories

4
4.18 Arbitration / Appellate Arbitration fees on the remanded back matter for
fresh arbitration proceedings
4.19 Establishment of connectivity by Clearing House / Clearing Corporation
(CH/CC) with the Depository – Clarification
4.20 Computing and monitoring of the Aggregate Value of Portfolio of Securities
(AVPS) of the BOs held in dematerialised form by Stock Broker DPs
4.21 Rajiv Gandhi Equity Savings Scheme, 2012 (RGESS)
4.22 Principles of Financial Market Infrastructures (PFMIs)
4.23 Annual System Audit of Depositories
4.24 Guidelines for Business Continuity Plan (BCP) and Disaster Recovery(DR)
4.25 (Information Technology) IT Governance for Depositories
4.26 Guidelines for inspection of Depository Participants (DPs) by Depositories
4.27 Activity of Demat of warehouse receipts
4.28 Voting rights in respect of securities held in pool account
4.29 Risk Management Policy at the Depositories
4.30 Outsourcing by Depositories
4.31 Cyber Security and Cyber Resilience framework of Depositories
4.32 Recommendations of high powered steering Committee
4.33 Database for Distinctive Number (DN) of Shares
4.34 Ticker on Website - For Investor awareness
4.35 Separate mobile number/ email id for the clients of Depository Participants
(DPs)
4.36 Investor Protection Fund (IPF) of Depositories
4.37 Enhanced Supervision of Depository Participant
4.38 Amendment pursuant to comprehensive review of Grievance Redressal
Mechanism
4.39 Digital Mode of Payment
4.40 Framework for Innovation Sandbox
4.41 Framework for Regulatory Sandbox
4.42 Monitoring of Foreign Investment limits in listed Indian companies
4.43 Disclosure of performance of CRAs on Stock Exchange and Depository
website
4.44 Handling of Clients’ Securities by Trading Members/Clearing Members
4.45 Early Warning Mechanism to prevent diversion of client securities
4.46 Standard Operating Procedure in the cases of Trading Member / Clearing
Member leading to default
4.47 Mapping of Unique Client Code (UCC) with demat account of the clients
4.48 Reporting for Artificial Intelligence(AI) and Machine Learning (ML)
applications and systems offered and used by Market Infrastructure
Institutions (MIIs)
4.49 Measures to expedite Dematerialisation of securities
4.50 Capacity Planning Framework for the Depositories
4.51 Enhanced Due Diligence for Dematerialization of Physical Securities
4.52 Committees at Market Infrastructure Institutions (MIIs)
4.53 Operational Guidelines for FPIs & DDPs under SEBI (Foreign Portfolio
Investors), Regulations 2019 and for Eligible Foreign Investors and

5
 Exemption from clubbing of investment limit for foreign Government
agencies and its related entities and Write-off of shares held by FPIs
4.54 Operational framework for transactions in defaulted debt securities post
maturity date/ redemption date under provisions of SEBI (Issue and Listing
of Debt Securities) Regulations, 2008
4.55 Stealing of Customers data registered with NSE/ BSE
4.56 Advisory regarding remote access and telecommuting
4.57 Standard Operating Procedure (SOP) for Reporting of Technical Glitches by
MIIs and Imposition of “Financial Disincentive
4.58 Standard Operating Procedure (SOP) for Reporting of Cyber Security
Incidents/ breaches/ deficiencies by MIIs and Imposition of “Financial
Disincentive
4.59 Implementation of Cyber Capability Index

SCHEDULE
List of Circulars & Communications

6
 Section 1: Beneficial Owner (BO) Accounts

1.1 Opening of BO Account by non body corporates

1.1.1 Proof of Identity (PoI)

i. Permanent Account Number (PAN) to be the sole identification number for

all transactions in the securities market1

With effect from July 02, 2007, PAN is the sole identification number for all
transactions in the securities market, irrespective of the amount of transaction. A
copy of the PAN card with photograph may be accepted as Proof of Identity. In
this regard, intermediaries shall:-

a. Put necessary systems in place so that the databases of the clients and their
transactions are linked to the PAN details of the client.
b. Build necessary infrastructure to enable accessibility and query based on
PAN thereby enabling retrieval of all the details of the clients.
c. Collect copies of PAN cards issued to the existing as well as new clients by
the Income Tax Department and maintain the same in their record after
verifying with the original.
d. Cross-check the aforesaid details collected from their clients with the details
on the website of the Income Tax Department i.e.
http://incometaxindiaefiling.gov.in/challan/enterpanforchallan.jsp . 2

List of documents admissible as Proof of Identity3

a. Unique Identification Number (UID) (Aadhaar)/ Passport/ Voter ID card/

Driving license.
b. PAN card with photograph.
c. Identity card/ document with applicant’s Photo, issued by any of the
following: Central/State Government and its Departments,
Statutory/Regulatory Authorities, Public Sector Undertakings, Scheduled
Commercial Banks, Public Financial Institutions, Colleges affiliated to
Universities, Professional Bodies such as ICAI, ICWAI, ICSI, Bar Council
etc., to their Members; and Credit cards/Debit cards issued by Banks.
d. e-KYC service launched by UIDAI shall also be accepted as a valid process
for KYC verification. The information containing the relevant client details
and photograph made available from UIDAI as a result of e-KYC process
shall be treated as a valid proof of Identity.4
e. With a view to bring about operational flexibility and in order to ease the
PAN verification process, the intermediaries may verify the PAN of their

1 Reference: Circular MRD/DoP/Cir-5/2007 dated April 27, 2007

2 Income Tax Department since changed the link for verification to:
https://incometaxindiaefiling.gov.in/e-Filing/Services/KnowYourPanLink.html
3 Reference: Circular MIRSD/SE/Cir-21/2011 dated October 05, 2011
4 Reference: Circular SEBI/MIRSD/09/2013 dated October 08, 2013

7
 clients online at the Income Tax website without insisting on the original
PAN card, provided that the client has presented a document for Proof of
Identity other than the PAN card.5

1.1.2 Proof of Address (PoA)6

List of documents admissible as Proof of Address:

(*Documents having an expiry date should be valid on the date of submission.)
a. Passport/ Voters Identity Card/ Ration Card/ Registered Lease or Sale
Agreement of Residence/ Driving License/ Flat Maintenance bill/ Insurance
Copy.
b. Utility bills like Telephone Bill (only land line), Electricity bill or Gas bill -
Not more than 3 months old.
c. Bank Account Statement/Passbook -- Not more than 3 months old.
d. Self-declaration by High Court and Supreme Court judges, giving the new
address in respect of their own accounts.
e. Proof of address issued by any of the following: Bank Managers of
Scheduled Commercial Banks/Scheduled Co-Operative Bank/Multinational
Foreign Banks/Gazetted Officer/Notary public/ elected representatives to
the Legislative Assembly/Parliament/Documents issued by any Govt. or
Statutory Authority.
f. Identity card/document with address, issued by any of the following:
Central/State Government and its Departments, Statutory/Regulatory
Authorities, Public Sector Undertakings, Scheduled Commercial Banks,
Public Financial Institutions, Colleges affiliated to Universities and
Professional Bodies such as ICAI, ICWAI, ICSI, Bar Council etc., to their
Members.
g. For FII/sub account, Power of Attorney given by FII/sub-account to the
Custodians (which are duly notarized and/or apostiled or consularised) that
gives the registered address should be taken.
h. The proof of address in the name of the spouse may be accepted.
i. Aadhaar Letter issued by UIDAI shall be admissible as Proof of Address in
addition to Proof of Identity.7
j. e-KYC service launched by UIDAI shall also be accepted as a valid process
for KYC verification. The information containing the relevant client details
and photograph made available from UIDAI as a result of e-KYC process
shall be treated as a valid proof of address.8

DP shall ensure that all documents pertaining to proof of identity and proof of
address are collected from all the account holders.9 Submission of the aforesaid
documents is the minimum requirement for opening a BO Account. DPs must
verify the copy of the aforementioned documents with the original before

5 Reference: Circular SEBI/MIRSD/01/2013 dated January 04, 2013

6Reference: Circular MIRSD/SE/Cir-21/2011 dated October 05, 2011
7Reference: Circular MIRSD/09/2012 dated August 13, 2012
8 Reference: Circular SEBI/MIRSD/09/2013 dated October 08, 2013
9 Reference: Circular MRD/DoP/Dep/Cir-29/2004 dated August 24, 2004

8
 accepting the same as valid. While opening a BO Account, DPs shall exercise
due diligence10while establishing the identity of the person to ensure the safety
and integrity of the depository system.

1.1.3 Clarification on voluntary adaptation of Aadhaar based e-KYC process11

SEBI has enabled Aadhaar based e-KYC service offered by UIDAI for KYC
verification. Intermediaries have sought clarifications from SEBI on certain
operational aspects of the same. It is clarified that for accessing the details
enabling client identification and authentication from UIDAI based on client
authorisation, on voluntary basis, intermediaries who utilize the services of
KYC Service Agencies (KSAs) would be registered as KYC User Agencies (KUA)
with UIDAI.12

i. For entering into account based relationship, the client may provide the
following information to the intermediary:
a) Name
b) Aadhaar number
c) Permanent Account Number (PAN)
ii. The above information can be provided by the client electronically including
through any web enabled device.
iii. The intermediary shall perform verification of the client with UIDAI through
biometric authentication (fingerprint or iris scanning). Mutual Funds can also
perform verification of the client with UIDAI through One Time password
(OTP) received on client’s mobile number or on e-mail address registered with
UIDAI provided, the amount invested by the client does not exceed Rs. 50,000
per financial year per Mutual Fund and payment for the same is made through
electronic transfer from the client’s bank account registered with that Mutual
Fund.
iv. PAN of such client is to be verified from the income tax website.
v. After due validation of Aadhaar number provided by the client, the
intermediary (acting as KUA) shall receive the KYC information about the
client from UIDAI through KSA.
vi. The information downloaded from UIDAI shall be considered as sufficient
information for the purpose of KYC verification. The intermediary shall upload
this KYC information on the KRA system in terms of KRA Regulations.
vii. In case material difference is observed either in the name (as observed in the
PAN vis-a-vis Aadhaar) or photograph in Aadhaar is not clear, the

10 Reference: Point 5 of part II on ‘Customer Due Diligence’of master circular no. ISD/AML/CIR-
1/2008 dated December 19, 2008
11Reference: Circular SEBI/MIRSD/09/2013 dated October 08, 2013
12
Reference: Circular: CIR/MIRSD/29/2016 dated January 22, 2016
9
 intermediary shall carry out additional due diligence and maintain a record of
the additional documents sought pursuant to such due diligence.
viii. The records of KYC information so received shall be maintained by the
intermediary as per the SEBI Act, Regulations and various circulars issued
thereunder.

1.1.4 SARAL Account Opening Form for resident individuals13

i. It is gathered that a majority of new investors in the securities market begin

with participation in the cash segment without obtaining various other facilities
such as internet trading, margin trading, derivative trading and use of power of
attorney.

ii. The account opening process can be simplified for such individual investors.
With a view to encourage their participation, it is, therefore, decided that such
individual investors can open a trading account and demat account by filling
up a simplified Account Opening Form ('AOF') termed as 'SARAL AOF' given
at Annexure A. This form will be separately available with the intermediaries
and can also be downloaded from the Exchanges' and Depositories' website.
The investors who open account through SARAL AOF will also have the
option to obtain other facilities, whenever they require, on furnishing of
additional information as per prescribed regulations/circulars.

iii. The standard set of documents viz. Rights and Obligations document, Uniform
Risk Disclosure Document and Guidance Note and documentary proof related
to identity and address as specified in SEBI Circulars dated August 22, 2011
and October 5, 2011 shall continue to remain applicable. It is further clarified
that the provisions laid down under the PML Act, PML Rules, SEBI Master
Circular on AML dated December 31, 2010 and SEBI Circular on AML dated
March 12, 2014 shall also continue to remain applicable for set of individual
investors mentioned in paragraph (ii) above.

iv. For these set of individual investors, it has been decided to simplify the
requirement of submission of ‘proof of address’. The matter has been examined
in the light of amendment to the PML Rules, 2005 and accordingly, the
requirement of submission of ‘proof of address’ is as follows:

a. Henceforth, individual investor may submit only one documentary proof of

address (either residence/correspondence or permanent) while opening a
trading account and / or demat account or while undergoing updation.
b. In case the proof of address furnished by the said investor is not the address
where the investor is currently residing, the intermediary may take a
declaration of the residence/correspondence address on which all
correspondence will be made by the intermediary with the investor. No proof

13 Reference Circular MIRSD/1/2015 dated March 04, 2015

10
 is required to be submitted for such correspondence/residence address. In
the event of change in this address due to relocation or any other reason,
investor may intimate the new address for correspondence to the
intermediary within two weeks of such a change. The residence/
correspondence address and any such change thereof may be verified by the
intermediary through ‘positive confirmation’ such as (i) acknowledgment of
receipt Welcome Kit/ dispatch of contract notes / any periodical statement,
etc. (ii) telephonic conversation; (iii) visits, etc.

1.1.5 Clarifications with regard to KYC requirement for eligible Foreign

Investors14

i. SEBI has received representations regarding operational issues in the

implementation of SEBI circulars No CIR/MIRSD/16/2011 dated August 22,
2011 and MIRSD/SE/Cir-21/2011 dated October 5, 2011 on know your client
norms for the securities market SEBI Circulars in case of foreign investors viz.
Foreign Institutional Investors, Sub Accounts and Qualified Foreign Investors.
In consultation with the Stock Exchanges, Depositories and Intermediaries,
certain clarifications are issued, as given in Annexure A, with respect to these
investors.

ii. Eligible foreign investors investing under Portfolio Investment Scheme ('PIS')
route shall be classified as Category I, II and III as provided in Annexure B. The
intermediary shall follow risk based Know Your Client norms. Accordingly,
certain clarifications are hereby issued, as given in Annexure C, based on the
category of these investors.

iii. Eligible foreign investors investing under PIS route shall be subject to KYC
review as and when there is any change in material information / disclosure.

Annexure A

Sr Relevant requirements on Clarifications for Foreign

No. KYC Form Investors viz. FIIs,
as per SEBI Circulars dated Sub Accounts and QFIs
August
22, 2011 and October 5, 2011

1. Authorized signatories list with If the client has authorized the

specimen signatures to be Global Custodian - an entity
submitted. regulated by an appropriate foreign
regulatory authority or Local
Custodian registered with SEBI as a
signatory by way of a Power of
Attorney ('PoA') to sign on its

14Reference CIR MIRSD/11/2012 dated September 05, 2012 and CIR MIRSD/07/2013 dated September
12, 2013
11
 behalf, such PoA may be accepted.
2. Intermediary has to get the The Global Custodian or the Local
KYC form filled from the Custodian may fill the KYC form, if
clients. authorized through the PoA.
3. PAN to be taken for individual Not applicable.
promoters holding control -
either directly or indirectly,
Partners/Trustees, whole time
directors/two directors in
charge of day to day operations
and persons authorized to deal
in securities on behalf of
company/firm/others.
4. For foreign nationals, (allowed Proof of Identity document duly
to trade subject to RBI and attested by the entities authorized
FEMA guidelines), copy of for the same as per SEBI Circular
passport/PIO Card/OCI Card dated October 5, 2011 or authorised
is mandatory. signatories as mentioned at point 1
above may be adequate in lieu of
the passport copy.
5. For foreign entities, CIN is CIN no. is provided as an example
optional; and in the absence of and requires the client’s registration
DIN no. for the directors their number in its respective country. If
passport copy should be given. the foreign entity does not have
CIN, the equivalent registration
number of the entity may be
mentioned. If it does not have any
registration number, then SEBI
Registration number may be
mentioned.

In case the directors (as per point 3

above), of the client do not have an
equivalent of DIN in the client’s
respective jurisdiction, "Not
Applicable" may be stated. Copy of
the Passport may not be provided.
6. It shall be mandatory for all the In person verification is not
Intermediaries addressed in applicable for a non-individual
this circular to carry out In Client.
person verification of their
clients. In case of QFI – Individual Client,
IPV shall be carried out by SEBI
registered intermediary asper SEBI
Circular dated August 22, 2011.
7. Copies of all the documents In the absence of originals for

12
 submitted by the applicant
should be self-attested and
accompanied by originals for
verification.
In case the original of any
document is not produced for
verification, then the copies
should be properly attested by
entities authorized for attesting
the documents, as per the list
mentioned in the circular dated
Aug 22, 2011.
8. A. Copy of the balance sheets
for the last 2 financial years (to
be submitted every year),
annual gross income and net
worth details.
B. Copy of latest share holding
pattern including list of all
those holding control, either
directly or indirectly, in the
company in terms of SEBI
takeover Regulations, duly
certified by the company
secretary/Whole time
director/MD (to be submitted
every year).
POI and POA of individual
promoters holding control -
either directly or indirectly.
9. Name, residential address,
photograph, POI and POA of
Partners/Trustees, whole time
directors/two directors in
charge of day to day operations
and individual promoters
holding control -either directly
or indirectly.
13
verification, documents may be
attested as per SEBI Circulars dated
August 22, 2011 and October5, 2011
or authorised signatories as
mentioned at point 1 above.
A. Though it is not mandatory, the
intermediaries shall carry out due
diligence asper the PMLA and SEBI
Master Circular on AML about the
financial position of the client.
B. List of beneficial owners with
shareholding or beneficial interest
in the client equal to or above 25%
to be obtained. If Global Custodian
/Local Custodian provides an
undertaking to submit these details,
then intermediary may take such
undertaking only. Any change in
the list to be obtained based on risk
profile of the client.
A. Not required if Global Custodian
/Local Custodian gives an
undertaking to provide the
following documents as and when
requested for by intermediary:
1 A resolution from the Board of
Directors and power of attorney
granted to its managers, officers
or employees to transaction its
behalf; and
2 An officially valid document in
respect of managers, officers or
employees holding an attorney
to transact on its behalf.
B. If Global Custodian/Local
Custodian does not provide such

10. Copy of SEBI registration
certificate to be provided.
11. Every client has to provide the
trading account related details,
as required by Annexure 3 to
the SEBI circular dated August
22, 2011.
undertaking as stated in A above,
intermediary shall take required
details from Foreign Investors.
Custodian shall verify the SEBI
registration certificate copy with
the originals or with the details
available on SEBI website and
provide duly certified copy of such
verified SEBI registration certificate
to the intermediary.
Annexure 3 to the circular dated
August 22,2012 pertaining to
trading account related details is
not applicable for FIIs and Sub
Accounts.

However, Intermediaries are

required to update details of any
action taken or proceedings
initiated against the entity by the
foreign regulators or SEBI/ Stock
exchanges.

For QFI, the intermediary shall

collect the
following details from Annexure 3:
 Bank Account details
 Depository account
 Regulatory Actions as
mentioned above
12. Intermediary shall provide a Intermediary shall display these
set of all the executed standard documents prescribed by
documents to the client, free of SEBI on its web site, intimate the
charge. clients regarding the link and email
a copy of the same to the client.
13. Place of incorporation If place of incorporation is not
available, Intermediary should take
Registered office address/ principal
place of business of entity.
14. Date of commencement of Not applicable
business

14
15. Copies of the Memorandum If FII or Sub Account does not have
and Articles of Association and certificate of Incorporation or
certificate of incorporation Memorandum and Articles of
Association, then any reasonable
equivalent legal document
evidencing formation of entity may
be allowed.
16. Copy of the Board Resolution Not applicable.
for investment in securities
market.

Exemptions -
In case of Sovereign Wealth Fund, Foreign Governmental Agency, Central
bank, International or Multilateral organization and Central or State
Government Pension Fund, the intermediary shall satisfy itself about their
status and thereafter, only provisions at point 9 above shall be applicable.
Further, these entities shall also be a part of KRA centralised system of KYCs.

Annexure B

Category Eligible Foreign Investors

I. Government and Government related
foreign investors such as Foreign Central
Banks, Governmental Agencies,
Sovereign Wealth Funds, International/
Multilateral Organizations/ Agencies.

15
II. a) Appropriately regulated broad based
funds such as Mutual Funds,
Investment Trusts, Insurance /
Reinsurance Companies, Other Broad
Based Funds etc.

b) Appropriately regulated entities such

as Banks, Asset Management
Companies, Investment Managers/
Advisors, Portfolio Managers etc.

c) Broad based funds whose investment

manager is appropriately regulated.

d) University Funds and Pension Funds

e) University related Endowments

already registered with SEBI as
FII/Sub Account

III. All other eligible foreign investors

investing in India under PIS route not
eligible under Category I and II such as
Endowments, Charitable Societies/Trust,
Foundations, Corporate Bodies, Trusts,
Individuals, Family Offices, etc.

Annexure C

Document Category – I Category – Category – III

Type II
Entity level Constitutive Required Required Required
Docs

Proof of Required Required Required

Address Power of Power of - Address
Attorney, Attorney, proof other
mentioning mentioning than
the address, the Power of
is address, Attorney
acceptable is should
as address acceptable be submitted.
16
 proof as
address
proof
PAN Card Required Required Required
Financials Exempt Exempt Risk based
- Financial
data
sufficient.
SEBI Required Required Required
Registration
Certificate
Board Exempt Required Required
Resolution
KYC Form Required Required Required
Senior List Required Required Required
Management Proof Of Exempt Exempt Entity declares
(Whole Time Identity on
Directors/ letterhead -
Partners/ full name,
Trustees/ nationality
etc.) and DoB OR
Photo-identity
proof'
Proof of Exempt Exempt Declaration on
Address letter head
Photographs Exempt Exempt Exempt
Authorized List & Required Required Required
Signatories Signatures - List of - List of GC
Global signatories
Custodian can be
('GC') given in
signatories case of
can be POA to GC
given in
case of POA
to
GC
Proof Of Not Not Not required
Identity required required
Proof of Not Not Not required
Address required required
Photographs Not Not Required
required required
Ultimate List Exempt Required Required
Beneficial - Can
Owner declare "no
17
 ('UBO') UBO
over 25%"
Proof Of Exempt Exempt Required
Identity
Proof of Exempt Exempt Exempt
Address
Photographs Exempt Exempt Exempt

1.1.6 Acceptance of third party address as correspondence address15

i. SEBI has no objection to a BO authorizing the capture of an address of a third

party as a correspondence address, provided that the Depository Participant
(DP) ensures that all prescribed ‘Know Your Client’ norms are fulfilled for the
third party also. The DP shall obtain proof of identity and proof of address for
the third party. The DP shall also ensure that customer due diligence norms as
specified in Rule 9 of Prevention of Money Laundering Rules, 2005 are complied
with in respect of the third party.

ii. The depository participant should further ensure that the statement of
transactions and holding are sent to the BO’s permanent address at least once in
a year.

iii. However, the above provision shall not apply in case of PMS (Portfolio
Management Services) clients.

1.2 Exemptions from and clarifications relating to mandatory requirement of PAN

1.2.1 Mandatory requirement of Permanent Account Number (PAN)16

The demat accounts for which PAN details have not been verified are
“suspended for debit” until the same is verified with the Depository Participant
(DP). With effect from August 16, 2010 such PAN non-compliant demat
accounts were also "suspended for credit" other than the credits arising out of
automatic corporate actions. It was clarified that other credits including credits
from IPO/FPO/Rights issue, off-market transactions or any secondary market
transactions would not be allowed into such accounts.

1.2.2 Central and State Government and officials appointed by Courts17

PAN card may not be insisted upon in case of transactions undertaken on behalf
of Central Government and/or State Government and where transactions are

15 Reference: Circular CIR/MRD/DP/37/2010 dated December 14, 2010

16 Reference: Circular MRD/DP/22/2010dated July 29, 2010
17 Reference: Circular MRD/DoP/Cir-20/2008 dated June 30, 2008

18
 conducted by officials appointed by Courts e.g. Official liquidator, Court
receiver etc.18

However DPs, before implementing the above exemption, shall verify the
veracity of the claim of the organizations by collecting sufficient documentary
evidence in support of their claim for such an exemption.

1.2.3 Investors in Sikkim19

Investors residing in the state of Sikkim are exempted from the mandatory
requirement of furnishing PAN card details for their demat accounts.20 DPs
shall verify the veracity of the claim of the investors that they are residents of
Sikkim, by collecting sufficient documentary evidence in support of their
address

1.2.4 UN entities and multilateral agencies exempt from paying taxes/ filling tax
returns in India21

UN entities/ multilateral agencies exempt from paying taxes/filing tax returns

in India are also exempt from the mandatory requirement of submitting their
PAN card details, subject to the DPs collecting documentary evidence in
support of such claims.

1.2.5 FIIs/Institutional Clients22

Custodians shall verify the PAN card details of institutional clients with the
original PAN card and provide duly certified copies of such verified PAN
details to the brokers. This requirement is applicable in respect of institutional
clients, namely, FIIs, MFs, VCFs, FVCIs, Scheduled Commercial Banks,
Multilateral and Bilateral Development Financial Institutions, State Industrial
Development Corporations, Insurance Companies registered with IRDA and
Public Financial Institution as defined under section 4A of the Companies Act,
1956.

1.2.6 HUF, Association of Persons (AoP), Partnership Firm, unregistered Trust,

Registered Trust, Corporate Bodies, minors, etc.15

The BO account shall be in the name of natural persons, PAN card details of the
respective HUF, AoP, Partnership Firm, Unregistered Trust, etc shall be
obtained. The PAN number of Registered Trust, Corporate Bodies and minors
shall be obtained when accounts are opened in their respective names.

18 Reference: Rule 114C (1)(c) of Income Tax Rules

19 Reference: Circular MRD/DoP/Dep/Cir-09/06 dated July 20, 2006
20 Reference: Hon’ble High Court of Sikkim judgment dated March 31, 2006
21 Reference: Circular MRD/DoP/Dep/Cir-09/06 dated July 20, 2006

22 Reference: Circular MRD/DoP/Dep/SE/Cir-13/06 dated September 26, 2006

19
 1.2.7 Difference in maiden name and current name of investors.15

DPs can collect the PAN card proof as submitted by the account holder subject
to the DPs verifying the veracity of the claim of such investors by collecting
sufficient documentary evidence in support of the identity of the investors.23

1.2.8 NRI/PIOs24

Citizens of India residing outside India, foreign citizens and other persons (like
companies/ trusts/ firms) having no office of their own in India may obtain
PAN card based on the copy of their passport as ID proof and a copy of
passport/ bank account in the country of residence as address proof, based on
the Directorate of Income Tax (Systems) guidelines.25

1.2.9 Foreign Portfolio Investors26

PAN verification process at the time of account opening of FPIs, it is decided

that the intermediaries can verify the PAN of FPIs online from website
authorised by Income Tax department at the time of account-opening for FPIs.
However, FPIs need to provide the copy of PAN card within 60 days of
account-opening or before remitting funds out of India, whichever is earlier to
their intermediaries.

Central Board of Direct Taxes (CBDT) has recently introduced a facility of

E-PAN (electronic PAN card) vide press release dated April 11, 2017.
Accordingly it is clarified that E-PAN issued by CBDT can also be produced by
FPI for KYC compliance.27

1.3 Simplification of demat account opening process28

i. SEBI has taken a number of steps in the recent past to simplify the Account
opening and KYC process in the securities markets. In continuation of the
efforts in the same direction, it has now been decided in consultation with both
the Depositories and Associations of stock brokers and Depository Participants
to further simplify and rationalize the demat account opening process.

ii. The existing Beneficial Owner-Depository Participant Agreements shall be

replaced with a common document “Rights and Obligations of the Beneficial
Owner and Depository Participant”. The document annexed herewith shall be

23 Reference: Circular MRD/DoP/Dep/Cir-29/2004 dated August 24, 2004

24 Reference: Circular MRD/DoP/Dep/SE/Cir-17/06 dated October 27, 2006
25 Reference: Income Tax (Systems) PAN Circular No. 4 dated October 11, 2006
26
Reference: Circular CIR/IMD/FPIC/123/2016 dated November 17, 2016
27
Reference: Circular SEBI/HO/IMD/FIIC/CIR/P/2017/068 dated June 30, 2017
28 Reference: Circular SEBI/MIRSD/ 12/2013 dated December 04, 2013

20
 mandatory and binding on all the existing and new clients and depository
participants. This will harmonize the account opening process for trading as
well as demat account. This will also rationalise the number of signatures by
the investor, which he is required to affix at present on a number of pages.

iii. The Depository Participant shall provide a copy of Rights and Obligations
Document to the beneficial owner and shall take an acknowledgement of the
same. They shall ensure that any clause in any voluntary document neither
dilutes the responsibility of the depository participant nor it shall be in conflict
with any of the clauses in this Document, Rules, Bye-laws, Regulations,
Notices, Guidelines and Circulars issued by SEBI and the Depositories from
time to time. Any such clause introduced in the existing as well as new
documents shall stand null and void.

iv. In consultation with market participants, with a view to simplify the account
opening kit, SEBI has decided that Depository Participant shall make available
this document “Rights and Obligations of the Beneficial Owner and Depository
Participant” to the clients, either in electronic or physical form, depending
upon the preference of the client as part of account opening kit. In case the
documents are made available in electronic form, Depository Participant shall
maintain the logs of the same. It is also reiterated that Depositories/Depository
participant shall continue to make the aforesaid document available on their
website and keep the clients informed about the same.29

ANNEXURE

Rights and Obligations of Beneficial Owner and Depository Participant as

prescribed by SEBI and Depositories

General Clause
1. The Beneficial Owner and the Depository participant (DP) shall be bound by the
provisions of the Depositories Act, 1996, SEBI (Depositories and Participants)
Regulations, 1996, Rules and Regulations of Securities and Exchange Board of
India (SEBI), Circulars/Notifications/Guidelines issued there under, Bye Laws
and Business Rules/Operating Instructions issued by the Depositories and
relevant notifications of Government Authorities as may be in force from time to
time.
2. The DP shall open/activate demat account of a beneficial owner in the
depository system only after receipt of complete Account opening form, KYC
and supporting documents as specified by SEBI from time to time.
Beneficial Owner information

29
Reference: CircularCIR/MIRSD/64/2016 dated July 12, 2016
21
 3. The DP shall maintain all the details of the beneficial owner(s) as mentioned in
the account opening form, supporting documents submitted by them and/or
any other information pertaining to the beneficial owner confidentially and shall
not disclose the same to any person except as required by any statutory, legal or
regulatory authority in this regard.
4. The Beneficial Owner shall immediately notify the DP in writing, if there is any
change in details provided in the account opening form as submitted to the DP
at the time of opening the demat account or furnished to the DP from time to
time.
Fees/Charges/Tariff
5. The Beneficial Owner shall pay such charges to the DP for the purpose of
holding and transfer of securities in dematerialized form and for availing
depository services as may be agreed to from time to time between the DP and
the Beneficial Owner as set out in the Tariff Sheet provided by the DP. It may be
informed to the Beneficial Owner that "no charges are payable for opening of
demat accounts”
6. In case of Basic Services Demat Accounts, the DP shall adhere to the charge
structure as laid down under the relevant SEBI and/or Depository
circulars/directions/notifications issued from time to time.
7. The DP shall not increase any charges/tariff agreed upon unless it has given a
notice in writing of not less than thirty days to the Beneficial Owner regarding
the same.
Dematerialization
8. The Beneficial Owner shall have the right to get the securities, which have been
admitted on the Depositories, dematerialized in the form and manner laid down
under the Bye Laws, Business Rules and Operating Instructions of the
depositories.
Separate Accounts
9. The DP shall open separate accounts in the name of each of the beneficial
owners and securities of each beneficial owner shall be segregated and shall not
be mixed up with the securities of other beneficial owners and/or DP’s own
securities held in dematerialized form.
10. The DP shall not facilitate the Beneficial Owner to create or permit any pledge
and /or hypothecation or any other interest or encumbrance over all or any of
such securities submitted for dematerialization and/or held in demat account
except in the form and manner prescribed in the Depositories Act, 1996, SEBI
(Depositories and Participants) Regulations, 1996 and Bye-Laws/Operating
Instructions/Business Rules of the Depositories.
22
Transfer of Securities
11. The DP shall effect transfer to and from the demat accounts of the Beneficial
Owner only on the basis of an order, instruction, direction or mandate duly
authorized by the Beneficial Owner and the DP shall maintain the original
documents and the audit trail of such authorizations.
12. The Beneficial Owner reserves the right to give standing instructions with
regard to the crediting of securities in his demat account and the DP shall act
according to such instructions.
Statement of account
13. The DP shall provide statements of accounts to the beneficial owner in such
form and manner and at such time as agreed with the Beneficial Owner and as
specified by SEBI/depository in this regard.
14. However, if there is no transaction in the demat account, or if the balance has
become Nil during the year, the DP shall send one physical statement of holding
annually to such BOs and shall resume sending the transaction statement as and
when there is a transaction in the account.
15. The DP may provide the services of issuing the statement of demat accounts in
an Electronic mode if the Beneficial Owner so desires. The DP will furnish to the
Beneficial Owner the statement of demat accounts under its digital signature, as
governed under the Information Technology Act, 2000.However, if the DP does
not have the facility of providing the statement of demat account in the
electronic mode, then the Participant shall be obliged to forward the statement
of demat accounts in physical form.
16. In case of Basic Services Demat Accounts, the DP shall send the transaction
statements as mandated by SEBI and/or Depository from time to time.
Manner of Closure of Demat account
17. The DP shall have the right to close the demat account of the Beneficial Owner,
for any reasons whatsoever, provided the DP has given a notice in writing of
not less than thirty days to the Beneficial Owner as well as to the Depository.
Similarly, the Beneficial Owner shall have the right to close his/her demat
account held with the DP provided no charges are payable by him/her to the
DP. In such an event, the Beneficial Owner shall specify whether the balances in
their demat account should be transferred to another demat account of the
Beneficial Owner held with another DP or to rematerialize the security balances
held.
18. Based on the instructions of the Beneficial Owner, the DP shall initiate the
procedure for transferring such security balances or rematerialize such security
balances within a period of thirty days as per procedure specified from time to
23
 time by the depository. Provided further, closure of demat account shall not
affect the rights, liabilities and obligations of either the Beneficial Owner or the
DP and shall continue to bind the parties to their satisfactory completion.
Default in payment of charges
19. In event of Beneficial Owner committing a default in the payment of any
amount provided in Clause 5 & 6 within a period of thirty days from the date of
demand, without prejudice to the right of the DP to close the demat account of
the Beneficial Owner, the DP may charge interest at a rate as specified by the
Depository from time to time for the period of such default.
20. In case the Beneficial Owner has failed to make the payment of any of the
amounts as provided in Clause 5&6 specified above, the DP after giving two
days notice to the Beneficial Owner shall have the right to stop processing of
instructions of the Beneficial Owner till such time he makes the payment along
with interest, if any.
Liability of the Depository
21. As per Section 16 of Depositories Act, 1996,
a. Without prejudice to the provisions of any other law for the time being in
force, any loss caused to the beneficial owner due to the negligence of the
depository or the participant, the depository shall indemnify such beneficial
owner.
b. Where the loss due to the negligence of the participant under Clause (1)
above, is indemnified by the depository, the depository shall have the right
to recover the same from such participant.
Freezing/ Defreezing of accounts
22. The Beneficial Owner may exercise the right to freeze/defreeze his/her demat
account maintained with the DP in accordance with the procedure and subject
to the restrictions laid down under the Bye Laws and Business Rules/Operating
Instructions.
23. The DP or the Depository shall have the right to freeze/defreeze the accounts of
the Beneficial Owners on receipt of instructions received from any regulator or
court or any statutory authority.
Redressal of Investor grievance
The DP shall redress all grievances of the Beneficial Owner against the DP within a
period of thirty days from the date of receipt of the complaint.
Authorized representative
24. If the Beneficial Owner is a body corporate or a legal entity, it shall, along with
the account opening form, furnish to the DP, a list of officials authorized by it,
24
 who shall represent and interact on its behalf with the Participant. Any change
in such list including additions, deletions or alterations thereto shall be
forthwith communicated to the Participant.
Law and Jurisdiction
25. In addition to the specific rights set out in this document, the DP and the
Beneficial owner shall be entitled to exercise any other rights which the DP or
the Beneficial Owner may have under the Rules, Bye Laws and Regulations of
the respective Depository in which the demat account is opened and
circulars/notices issued there under or Rules and Regulations of SEBI.
26. The provisions of this document shall always be subject to Government
notification, any rules, regulations, guidelines and circulars/ notices issued by
SEBI and Rules, Regulations and Bye-laws of the relevant Depository, where the
Beneficial Owner maintains his/her account, that may be in force from time to
time.
27. The Beneficial Owner and the DP shall abide by the arbitration and conciliation
procedure prescribed under the Bye-laws of the depository and that such
procedure shall be applicable to any disputes between the DP and the Beneficial
Owner.
28. Words and expressions which are used in this document but which are not
defined herein shall unless the context otherwise requires, have the same
meanings as assigned thereto in the Rules, Bye-laws and Regulations and
circulars/notices issued there under by the depository and/or SEBI.
29. Any changes in the rights and obligations which are specified by
SEBI/Depositories shall also be brought to the notice of the clients at once.
30. If the rights and obligations of the parties hereto are altered by virtue of change
in Rules and regulations of SEBI or Bye-laws, Rules and Regulations of the
relevant Depository, where the Beneficial Owner maintains his/her account,
such changes shall be deemed to have been incorporated herein in modification
of the rights and obligations of the parties mentioned in this document.
1.4 Opening of demat account in case of HUF30

It is noted that as per law, in case of HUF, shares can be held in the name of
Existing Karta on behalf of HUF. Therefore, HUF demat accounts can be
opened in the name of Existing Karta but not in the name of Deceased Karta
and HUF entity.
After examined the issues regarding difference in opening of HUF demat
account and procedure adopted in the event of death of Karta of HUF, it has

30Reference: SEBI/ MRD/CDSL/ 149156 /2009 dated January 01, 2009

25
 been decided that opening of HUF demat account and procedure adopted in
the event of death of Karta of HUF shall be as per the following guidelines31:

1.1 Opening of HUF Demat Account

a) The Demat account shall be opened in the name of HUF entity as the
name of entity appears on the PAN Card. The PAN details of both the
HUF entity and Karta of HUF shall be submitted to the Depository
Participant (DP).

1.2 Death of Karta

a) In the event of death of Karta of HUF, the name of the deceased
Karta in the Beneficial Owner (BO) account shall be replaced by the new
Karta appointed by the member of the HUF who in such a case shall be
senior most member of the family, except married daughters.

b) The new Karta shall submit the new list of members, a notarized copy of
death certificate of the deceased Karta and a no objection from the
surviving members of the HUF for him/her to act as Karta of the HUF.

c) In the event of death of Karta of HUF, the existing BO account need not to
be closed and the same account may continue. The death of Karta shall
not mean that the securities lying in the BO account of the HUF is deemed
to have divided among coparceners as if the partition has taken place.

1.3 Partition of HUF

a) A total or partial partition shall be recognized only if a claim to that effect
is made by one or more coparceners.

b) An intimation of a total or partial partition shall be accompanied by a

signed letter mentioning the names of the members and their
confirmation of a partition having taken place.

c) In case of partial partition of the HUF, if desired by one or more

coparceners, the new Karta shall transfer shares to the said coparceners
who seek partition and the BO account of the HUF shall continue. The
account of such coparceners shall be treated as their individual accounts.

d) In case of full partition of the HUF, the shares shall be divided amongst all
the coparceners in the manner specified by the applicant subject to

31
Reference: SEBI letter No. SEBI/HO/MRD/DP/OW/2016/25739/1 & 25740/1 dated September 14, 2016
26
 fulfillment of clause 1.3(b) above and the HUF account shall cease to exist.

1.5 Operation of minor’s demat account32

Under [The] Hindu Minority and Guardianship Act, 1956, permission of Court
is required in the case of transfer by a natural guardian of immovable property
of a minor. However, shares are not immovable properly. Section 2(7) of Sale
of Goods Act, 1930 includes shares within the definition of "goods''. Neither
the Indian Contract Act nor the Sale of Goods Act provide for transfer by sale
or otherwise by guardian /natural guardian of goods/movable property in the
name of minor to the effect that permission of court is required in the matter of
such transfer. In the case of accounts of minor in banks also, the guardian is
entitled to open, operate and even close the account also. The DP account can,
therefore, be operated by a natural guardian without any order from the court
though the same is neither expressly permitted nor prohibited.

1.6 Facility for a Basic Services Demat Account (BSDA)33,34

1.6.1 All depository participants (DPs) shall make available a "Basic Services Demat
Account" (BSDA) with limited services as per terms specified herein.

1.6.2 Eligibility: Individuals shall be eligible to opt for BSDA subject to the
following conditions-
i. All the individuals who have or propose to have only one demat account
where they are the sole or first holder.
ii. Individuals having any other demat account/s where they are not the first
holder shall be eligible for BSDA in respect of the single demat account
where they are sole or first holder.
iii. The individual shall have only one BSDA in his/her name across all
depositories.
iv. Value of securities held in the demat account shall not exceed Rupees Two
Lakhs at any point of time.

1.6.3 Option to open BSDA: The DP shall give option:

i. To open BSDA to all eligible individuals who open a demat account after
the date of applicability of this circular;
ii. To all the existing eligible individuals to convert their demat account into
BSDA on the date of the next billing cycle based on value of holding of
securities in the account as on the last day of previous billing cycle.
iii. In order to facilitate the eligible individuals to avail the benefits of BSDA,
DPs are advised to convert all such eligible demat accounts into BSDA
unless such Beneficial Owners (BOs) specifically opt to continue to avail the
facility of a regular demat account.

1.6.4 Charges:

32 Reference: SMDRP/NSDL/4615 /2000 dated March 13, 2000

27
 To further boost participation in Debt Market and based on representation
received from market participants, the structure of charges for debt securities as
defined in SEBI (Issue and Listing of Debt Securities) Regulations, 2008 is given
below:
i. The charge structure may be on a slab basis as indicated below33:
a. No Annual Maintenance Charges (AMC) shall be levied if the value of
holdings of debt securities is up to Rs. 1 lakh and a maximum AMC of
Rs. 100 shall be levied if the value of holdings of debt securities is
between Rs. 1,00,001 and Rs.2,00,000.
No AMC shall be levied if the value of holdings other than debt
securities is below Rs. 50,000 and a maximum AMC of Rs. 100 shall be
levied if the value of holdings other than debt securities is between
Rs.50,001 and Rs.2,00,000.

ii. The value of holding shall be determined by the DPs on the basis of the
daily closing price or NAV of the securities or units of mutual funds, as the
case may be. Where such price is not available the last traded price may be
taken into account and for unlisted securities other than units of mutual
funds, face value may be taken in to account. The value of suspended
securities may not be considered for the purpose of determining eligibility
of demat account as BSDA.

iii. If the value of holding in such BSDA exceeds the prescribed criteria at any
date, the DPs may levy charges as applicable to regular accounts (non
BSDA) from that date onwards.

iv. The DPs shall assess the eligibility of the BOs at the end of the current
billing cycle and convert eligible demat accounts into BSDA.

1.6.5 Services for Basic Services Demat Accounts:

i. Transaction statements:
a. Transaction statements shall be sent to the BO at the end of each quarter.
If there are no transactions in any quarter, no transaction statement may
be sent for that quarter.
b. If there are no transactions and no security balance in an account, then
no further transaction statement needs to be provided.
c. Transaction statement shall be required to be provided for the quarter in
which the account became a zero balance account.

ii. Holding Statement:

a. DP shall send atleast one annual physical statement of holding to the
stated address of the BO in respect of accounts with no transaction and
nil balance even after the account has remained in such state for one

33Reference Circular MRD/DoP2DSA2/CIR/P/2019/51 dated April 10, 2019

28
 year. The DP shall inform the BO that the dispatch of the physical
statement may be discontinued if the account continues to remain zero
balance even after one year.
b. One annual statement of holding shall be sent in respect of remaining
accounts in physical or electronic form as opted for by the BO.

iii. Charges for statements: Electronic statements shall be provided free of cost.
In case of physical statements, the DP shall provide at least two statements
free of cost during the billing cycle. Additional physical statement may be
charged at a fee not exceeding Rs.25/- per statement.

iv. All BOs opting for the facility of BSDA, shall register their mobile number
for availing the SMS alert facility for debit transactions.

v. At least Two Delivery Instruction Slips (DIS) shall be issued at the time of
account opening.

vi. All other conditions as applicable to regular demat accounts, other than the
ones mentioned in this circular shall continue to apply to basic services
demat account.

1.6.6 Rationalisation of services with respect to regular accounts.

In partial modification of the earlier directions, the following rationalisation

measures shall be available for regular demat accounts:

i. Accounts with zero balance and nil transactions during the year: DP shall
send atleast one annual physical statement of holding to the stated address
of the BO in respect of accounts with no transaction and nil balance even
after the account has remained in such state for one year. The DP shall
inform the BO that if no Annual Maintenance Charge (AMC) is received by
the DP, the dispatch of the physical statement may be discontinued for the
account which continues to remain zero balance even after one year.

ii. Accounts which become zero balance during the year: For such accounts, no
transaction statement may be sent for the duration when the balance
remains nil. However, an annual statement of holding shall be sent to the
BO.

iii. Accounts with credit balance: For accounts with credit balance but no
transactions during the year, half yearly statement of holding for the year
shall be sent to the BO.

1.7 Change of Name in the Beneficial Owner (BO) Account34

34 Reference Circular CIR/MRD/DP/27/2012 dated November 01, 2012

29
 1.7.1 In order to simplify the procedure of change of name in individual Beneficial
Owner’s (BO) account, it has been decided that an individual BO may be
allowed to change his/ her name, subject to the submission of following
documents at the time of change of name of the individual in the BO account.
i. In case of change in name on account of marriage following documents
shall be submitted:
Marriage Certificate or copy of Passport showing husband’s name or
publication of name change in official gazette.

ii. In case of change in name on account of reasons other than marriage

Publication of name change in official gazette.

In case of change of name of an individual residing in the State of Karnataka

and Punjab, for reasons other than marriage, the same may be allowed for
the individual in the BO account subject to the submission of following
documents35:
a) Request letter for change of name;
b) Sworn affidavit executed before the Notary Public/ Magistrate of First
Class/ Executive Magistrate mentioning the reason for change of name
and his complete address;
c) Paper publication in one local newspaper and one national newspaper;
and
d) KYC in changed name

iii. In case of change in father’s name:

Publication of name change in official gazette.

1.7.2 The Depository Participants (DPs) shall collect the self-attested copies of above
documents and maintain the same in their records after verifying with the
original document.

1.8 Fees/Charges to be paid by BO

1.8.1 Account opening, custody and credit of securities36

With effect from February 1, 2005

i. No investor shall pay any charge towards opening of a Beneficial Owner (BO)
Account except for statutory charges as applicable;
ii. No investor shall pay any charge for credit of securities into his/her BO
account; and
iii. No custody charge shall be levied on any investor who is opening a BO
account.

35
Reference: Circular CIR/MRD/DP/158/2018 dated December 27, 2018
36 Reference Circular MRD/DoP /SE/Dep/Cir-4/2005 dated January 28, 2005
30
1.8.2 Account Closure37

No Account closure charges shall be levied on BO on the closure of any

account.

1.8.3 Inter Depository Transfer38

Inter-depository transfer of shares does not attract Stamp duty and it does not
require compliance with section 108 of the Companies Act 1956.

1.8.4 Transfer of a BO Account39

With effect from January 09, 2006

No charges shall be levied by a depository on any DP and by a DP on any BO

when the BO transfers all the securities lying in his account to another branch
of the same DP or to another DP under the same depository or another
depository, provided the BO Account(s) at transferee DP and at transferor DP
are one and the same, i.e. identical in all respects. In case the BO Account at
transferor DP is a joint account, the BO Account at transferee DP should also be
a joint account in the same sequence of ownership.

1.8.5 Account Maintenance Charges collected upfront on annual/ half yearly basis
on demat accounts40

i. In the event of closing of the demat account or shifting of the demat account
from one DP to another, the AMC collected upfront on annual/half yearly
basis by the DP, shall be refunded by the DP to the BO for the balance of the
quarter/s. For instance, in case annual AMC has been paid by the BO and if the
BO closes/shifts his account in the first quarter, he shall be refunded the
amount of the balance 3 quarters i.e. 3/4th of the AMC. Likewise, if a BO
closes/shifts his account in the third quarter, he shall be refunded the amount
for the balance one quarter i.e. 1/4th of the AMC.

ii. For the purpose of the above requirement the year shall begin from the date of
opening of the account in quarterly rests.

iii. The above requirements shall be applicable to all existing and new accounts
held with DPs which collect annual/half yearly upfront AMC. It is clarified
that the above requirements shall not be applicable to those DPs who collect
quarterly/ monthly AMC.

37 Reference Circular D&CC/FITTC/CIR - 12/2002 dated October 30, 2002

38 Reference Circular SMDRP/Policy/Cir-29/99 dated August 23, 1999
39 Reference Circular MRD/DoP/Dep/Cir-22 /05 dated November 9, 2005
40 Reference Circular MRD/DP/20/2010 dated July 1, 2010

31
 1.8.6 Dissemination of tariff/charge structure of DPs on the website of
depositories 41

i. DPs shall submit to their depository the tariff/charge structure every year,
latest by 30th April, and also inform the depository the changes in their
tariff/charge structure as and when they are effected with a view to enabling
the BOs to have a comparative analysis of the tariff/charge structure of various
DPs.

ii. For this purpose depositories shall put in place necessary systems and
procedures including formats, periodicity, etc. for collection of necessary data
from the DPs and dissemination of the same on their website which would
enable the investors to have a comparative analysis of the tariff/charge
structure of various DPs.

1.9 Safeguards to address the concerns of the investors on transfer of securities in

dematerialized mode42

Following safeguards shall be put in place to address the concerns of the

investors arising out of transfer of securities from the BO Accounts:

i. The depositories shall give more emphasis on investor education particularly

with regard to careful preservation of Delivery Instruction Slip (DIS) by the
BOs. The Depositories may advise the BOs not to leave “blank or signed” DIS
with the Depository Participants (DPs) or any other person/entity.

ii. The DPs shall not accept pre-signed DIS with blank columns from the BO(s).

iii. If the DIS booklet is lost / stolen / not traceable by the BO, then the BO shall
immediately intimate the DP in writing about the loss. On receipt of such
intimation, the DP shall cancel the unused DIS of the said booklet.

iv. The DPs shall not issue more than 10 loose DIS to one accountholder in a
financial year (April to March). The loose DIS can be issued only if the BO(s)
come in person and sign the loose DIS in the presence of an authorised DP
official

v. The DP shall also ensure that a new DIS booklet is issued only on the strength
of the DIS instruction request slip (contained in the previous booklet) duly
complete in all respects, unless the request for fresh booklet is due to loss, etc.,
as referred to in clause (c) above

41Reference Circular MRD/Dep/Cir- 20/06 dated December 11, 2006

42Reference Circular SEBI/MRD/Dep/Cir-03/2007 dated February 13, 2007 and Circular
SEBI/MRD/Dep/Cir-03/2008 dated February 28, 2008
32
 vi. The DPs shall put in place appropriate checks and balances with regard to
verification of signatures of the BOs while processing the DIS.

vii. The DPs shall cross check with the BOs under exceptional circumstances before
acting upon the DIS.

viii. The DPs shall mandatorily verify with a BO before acting upon the DIS, in case
of an account which remained inactive i.e., where no debit transaction had
taken place for a continuous period of 6 months, whenever all the ISIN
balances in that account (irrespective of the number of ISINs) are transferred at
a time. However, in case of active accounts, such verification may be
mandatory only if the BO account has 5 or more ISINs and all such ISIN
balances are transferred at a time. The authorized official of the DP verifying
such transactions with the BO, shall record the details of the process, date, time,
etc., of the verification on the instruction slip under his signature.

1.10 Delivery Instruction Slip (DIS) Issuance and Processing43

Standardization of DIS

i. Depositories shall ensure that the DIS is standardized across all DPs in terms
of:
a. Serial Numbering of Delivery Instruction Slips so as to enable system level
checks by the depositories.
b. Layout and size of DIS so as to facilitate scanning and easy retrievability of
records

ii. The DIS must bear a pre-printed serial number, DP ID, and a pre-printed/pre
stamped Beneficial Owner (BO) ID. The depositories shall prescribe a standard
method of serial numbering and ensure that serial numbers issued by a DP are
unique within the DP-ID.

iii. DPs shall ensure that

a. same DIS shall not be used for giving both market and off-market
instructions
b. a single DIS shall not be used for transactions with multiple execution dates.

Monitoring of DIS

iv. Upon issuance of DIS booklets or loose slips to BO, the DPs shall make
available immediately the following details of the DIS to the depository system
electronically:
a. the DIS serial number
b. BO ID
c. date of issuance, and

43 Circular SEBI/MRD/DOP/01/2014 dated January 07, 2014

33
 d. any other relevant details as decided by the depository

v. At the time of execution of DIS, DPs shall enter the serial number of DIS in the
depository system for validation. The depositories shall make provisions in
their systems to facilitate the same.

vi. In respect of all the transfer instructions on a DIS, Depositories shall validate
the serial number of DIS and shall ensure that no instructions accompanied by
a used DIS or unissued DIS are processed.

Scanning of DIS

vii. DPs shall scan every DIS executed during a day along with all Annexures/
Computer printouts, if any, by the end of the next working day in the manner
specified by the depository.

viii. The depositories shall ensure that their DPs have adequate infrastructure,
systems and processes to implement scanning, storage and transfer of the
scanned DIS in the manner specified by the depositories.

ix. The depositories shall ensure that the systems set up by the DPs maintain
proper records of all scanned DIS images including audit trails for changes
made, if any and put in place adequate checks and procedures to prevent
unauthorized changes to scanned DIS.

x. Depositories shall utilize the archived scanned images for off-site inspection.

xi. Provisions of this circular shall not be applicable for the instructions received
from the clients by the DPs electronically in a manner approved by the
Depository.

xii. Once a new DIS booklet is issued to a BO as per provisions of this circular, old
DIS issued to such a BO shall not be accepted by the DP. A period of one
month may be given for receipt of DIS by the BOs. The DPs may accept old
DIS during this transit period.44 All DIS issued prior to this circular shall be
phased out within a period of 2 years from the date of this circular. The
measures listed above under the head 'Monitoring of DIS' shall be made
applicable to the DIS issued as per the provisions of this circular.

1.11 Transmission of shares45,46

1.11.1 In cases of transmission of shares of a deceased security holder, where the

shareholding in the BO account of the deceased member, as calculated on the

44 Reference: CIR/MRD/DP/22/2014 dated July 04, 2014

45 Reference: MRD/DoP/Dep/VM/182963/2009 dated November 12, 2009
46 Reference: CIR/MIRSD/10/2013 dated October 28, 2013

34
 date of application for transmission, is within the threshold limit of Rupees
Five lakh in value, the DPs shall not insist on additional documents other than
any one or more of the documents mentioned below.

i. Affidavit – to the effect of the claim of legal ownership of the shares

ii. Deed of indemnity – indemnifying the depository and DP

iii. NOC from other legal heir(s), wherever applicable, along with the Claim
Form/TRF and copy of death certificate duly notarized/ attested by a Gazetted
officer or Family Settlement Deed as an alternate to the NOC duly executed by
all the legal heirs of the deceased Beneficial Owner, provided that:

a. The Family Settlement Deed clearly vests the securities in favour of the
person seeking transmission in his/ her name.
b. Vesting of securities in favour of the person seeking transmission in his/
her name is not contingent upon any other onerous conditions in such
Family Settlement Deed.

Note: If the division of shares as per the Family Settlement Deed is amongst
more than one person, then the Family Settlement Deed can be considered
as an NOC for transmission of shares to each legal heirs applying for
transmission. However, if DPs still have problems in comprehending the
contents of the Family Settlement Deed, they should refer the matter to
Depositories for necessary advice on case-to-case basis.

1.11.2 DP(s) shall automatically open new account in the name of the surviving
members(s), in the same order as in the original account, on an application by
the surviving member(s) based on existing documents required as per the
KYC norms. Submission of new account opening form shall not be insisted
upon.

1.11.3 A uniform time frame of 7 days, after receipt of all requisite documents, shall
be prescribed for processing of Transmission requests.

1.11.4 In case of multiple successors, NOC of non-applicants shall be recorded on the

TRF of the applicant instead of insisting separate TRF from each of the
successors.

1.11.5 Nomination facility shall be encouraged by the Depositories specifically

targeting BOs who have not opted for nomination. As regards new accounts, it
shall be provided for at the account opening stage itself. In case the person
(both an existing and new account holder) is not interested to nominate, then
such person would have to give a positive declaration to that effect.

35
 1.11.6 The depositories may permit upto three nominees with respect to a demat
account.47

1.11.7 In case of transmission of securities held in physical mode:

i. Where the securities are held in single name with a nominee, STAs/issuer
companies shall follow the standardized documentary requirement as given in
Annexure A.

ii. Where the securities are held in single name without a nominee, the
STAs/issuer companies shall follow, in the normal course, the simplified
documentation as given in Annexure A, for a threshold limit of Rs. 2,00,000
(Rupees Two lakh only) per issuer company. However, the Issuer companies,
at their discretion, may enhance the value of such securities.

1.11.8 The timeline for processing the transmission requests for securities held in
dematerialized mode and physical mode shall be 7 days and 21 days
respectively, after receipt of the prescribed documents.

1.11.9 To improve the awareness of nomination facility, all Registrars to an Issue and
Share Transfer Agents shall publicize nomination as an additional right
available to investors, while sending communications to the investors.

1.11.10 In terms of Securities and Exchange Board of India (Listing Obligations

and Disclosure Requirements) (Sixth Amendment) Regulations,
2018,succession certificate or probate of will or will or letter of
administration or court decree, as may be applicable in terms of Indian
Succession Act, 1925 has been prescribed as documentary requirement for
transmission of securities held in physical mode.48

1.11.11 With regard to transmission of securities held in dematerialized mode, the

same is dealt in terms of bye laws of the Depositories. In order to harmonize
the procedures for transmission of securities in dematerialized mode with that
of transmission of securities in physical mode, it has been decided that
transmission of securities held in dematerialized mode shall be dealt in line
with Securities and Exchange Board of India (Listing Obligations and
Disclosure Requirements) (Sixth Amendment) Regulations, 2018.

Annexure A

Documentary requirement for securities held in physical mode

47
Reference: SEBI Letter No. MRD//DP/OW/23881/2015 dated August 24, 2015 regarding multiple nominations
in demat accounts
48
Reference Circular SEBI/HO/MIRSD/DOP/CIR/P/2019/05 dated January 04, 2019
36
1 For securities held in single name with a nominee:

i. Duly signed transmission request form by the nominee.

ii. Original or Copy of death certificate duly attested by a Notary Public or by a
Gazetted Officer.
iii. Self attested copy of PAN card of the nominee. (Copy of PAN card may be
substituted with ID proof in case of residents of Sikkim after collecting address proof)

2 For securities held in single name without a nominee, following additional

documents may be sought:

i. Affidavit made on appropriate non judicial stamp paper – to the effect of

identification and claim of legal ownership to the securities
ii. For value of securities upto Rs.2,00,000 (Rupees Two lakh only) per issuer
company as on date of application, one or more of the following documents:
a. No objection certificate [NOC] from all legal heir(s) who do not object to such
transmission (or) copy of Family Settlement Deed duly notarized or attested by
a Gazetted Officer and executed by all the legal heirs of the deceased holder.
b. Indemnity made on appropriate non judicial stamp paper – indemnifying the
STA/Issuer Company.

iii. For value of securities more than Rs.2,00,000 (Rupees Two lakh only) per issuer
company as on date of application:
a. Succession certificate (or) Probate of will (or) Letter of Administration (or)
Court decree.

End of Annexure A

37
1.12 Execution of Power of Attorney (PoA) by the Client in favour of the Stock
Broker/ Stock Broker and Depository Participant49

1.12.1 SEBI, vide circular no. CIR/MRD/DMS/13/2010 dated April 23, 2010, issued
Guidelines for execution of Power of Attorney (PoA) by the client favouring
Stock Broker / Stock Broker and Depository Participant (hereinafter referred
to as “Guidelines”). Certain clarifications were issued later vide circular no.
CIR/MRD/DMS/28/2010 dated August 31, 2010.

1.12.2 Paragraph 5 of the circular dated April 23, 2010, specified the following:

“Standardizing the norms for PoA must not be construed as making the PoA a
condition precedent or mandatory for availing broking or depository participant
services. PoA is merely an option available to the client for instructing his broker or
depository participant to facilitate the delivery of shares and pay-in/pay-out of funds
etc. No stock broker or depository participant shall deny services to the client if the
client refuses to execute a PoA in their favour.”

1.12.3 Further, paragraph 12 – 20 of the Guidelines in SEBI circular dated April 23,
2010, also specified that the PoA shall not facilitate the stock broker to do the
following:

3.1. Transfer of securities for off market trades.

3.2. Transfer of funds from the bank account(s) of the Clients for trades
executed by the clients through another stock broker.
3.3. Open a broking / trading facility with any stock broker or for opening a
Beneficial Owner account with any Depository Participant.
3.4. Execute trades in the name of the client(s) without the client(s) consent.
3.5. Prohibit issue of Delivery Instruction Slips (DIS) to beneficial owner
(client).
3.6. Prohibit client(s) from operating the account.
3.7. Merging of balances (dues) under various accounts to nullify debit in any
other account.
3.8. Open an email ID / email account on behalf of the client(s) for receiving
statement of transactions, bills, contract notes etc. from stock broker /
depository participant.
3.9. Renounce liability for any loss or claim that may arise due to any blocking
of funds that may be erroneously instructed by the stock broker to the
designated bank.

1.12.4 However, it has been observed that PoA is invariably obtained from the
investors as part of the KYC and account opening process. Such PoA executed
by clients has further found to have been misused by the stock brokers by

49
Reference: SEBI/HO/MIRSD/DOP/CIR/P/2020/158 dated August 27, 2020
38
 taking authorization even for activities as specified in paragraph 1.12.3 above.
In this regard, it is reiterated that:

4.1. PoA is optional and should not be insisted upon by the stock broker / stock
broker depository participant for opening of the client account.
4.2. PoA executed in favour of stock broker / stock broker depository
participant by the client shall be utilized
4.2.1. For transfer of securities held in the beneficial owner accounts of the
client towards Stock Exchange related deliveries / settlement
obligations arising out of trades executed by clients on the Stock
Exchange through the same stock broker.
4.2.2. For pledging / re-pledging of securities in favour of trading member
(TM) / clearing member (CM) for the purpose of meeting margin
requirements of the clients in connection with the trades executed by
the clients on the Stock Exchange.
4.2.3. For the limited purposes as specified in paragraph 1(iii) and 2 of the
Guidelines.

4.3. Paragraph 1(i) and 1(ii) of the Guidelines stands modified in accordance
with paragraph 4.2.1 and 4.2.2 above. Stock Exchanges and Depositories
shall ensure that PoA is not used by TM/CM/DPs for any purpose other
than as specified above and in SEBI circulars dated April 23, 2010 read with
SEBI circular dated August 31, 2010.

1.12.5 All off-market transfer of securities shall be permitted by the Depositories only
by execution of Physical Delivery Instruction Slip (DIS) duly signed by the
client himself or by way of electronic DIS. The Depositories shall also put in
place a system of obtaining client’s consent through One Time Password (OTP)
for such off market transfer of securities from client’s demat account.

1.12.6 All other provisions specified in SEBI circular dated April 23, 2010 read with
SEBI circular dated August 31, 2010 shall continue to remain applicable.

1.13 SMS alerts for demat accounts operated by Power of Attorney50

Subscription to SMS Alert facility for depository accounts operated through

Power of Attorney (POA) would be mandatory except in case of accounts held
by non-individuals, foreign nationals, and NRIs.

1.14 Exemption from sending quarterly statements of transactions by depository

participants (DPs) to clients in respect of demat accounts with no transactions
and no security balances51

50 Reference: SEBI/MRD/DEP/VM/169784 /09 dated July 15, 2009

51 Reference: MRD/CDSL/VM/155773/2009 dated February 27, 2009, MRD/DoP/NSDL/VM/168994
/2009 dated July 07, 2009 and MRD/CDSL/VM/168989 /2009 dated July 07, 2009
39
 i. SEBI has provided exemption to Depository Participants from sending
quarterly transaction statements to the clients in respect of demat accounts with
no transactions and no security balances subject to the following conditions:

a. Client is informed in advance that it will not be receiving Transaction

Statements for such accounts till there are any transactions or security
holdings in the demat account.
b. KYC and PAN requirement in respect of all such depository accounts are
complied.
c. No Annual Maintenance Charges are levied for such an account.
d. Information which is required to be disseminated by Participants by way
of a note in the Transaction Statements will be required to be
communicated to such Clients separately.
e. The Internal Auditor of the Participant shall comment in its internal audit
report on compliance of the aforesaid requirements.

ii. Further, depository may like to consider whether, DPs should send a
consolidated Transaction Statements for the entire financial year in case of the
BOs to whom quarterly Transaction Statements are not sent.

1.15 Discontinuation of sending transaction statements by depository

participants to clients52

SEBI allowed discontinuation of sending transaction statements by depository

participants to clients subject to the following conditions:

i. Transaction statements were returned undelivered on three consecutive

occasions.
ii. The depository participant (DP) maintains proof that the transaction statements
were returned undelivered.
iii. The transaction statements were returned undelivered for the reasons which
clearly establish that the client no longer resides at the given address (i.e. party
shifted, etc.) and not for other reasons (i.e. residence/office closed, address
incorrect, address incomplete, etc.).
iv. The DP informs such clients through alternative means (such as outbound call,
SMS or email) that their transaction statements are returned undelivered and
they need to communicate the proper (new) address.
v. The DP ensures that on receipt of request for address modification from the
client as per the stipulated procedure, the dispatch of transaction statements is
immediately started. Further, the DP ensures that transaction statements that
were not delivered and dispatched due to discontinuation are also dispatched
immediately without any additional cost to the clients.

1.16 Exemption to Depository Participants (DPs) from providing hard copies of

52 Reference: MRD/NSDL/VM/158886 /2009 dated March 30, 2009

40
 transaction statements to BOs53

DPs are permitted to provide transaction statements and other documents to

the BOs under Digital signature, as governed under the Information
Technology Act, 2000, subject to the DP entering into a legally enforceable
arrangement with the BO for the said purpose. While such practice in the
aforesaid manner shall be deemed to be in compliance of the provisions of the
Regulation 60 of SEBI (Depositories & Participants) Regulations, 2018; if the BO
is still desirous of receiving statements in hard copy, DPs shall be duty bound
to provide the same.

1.17 Transfer of funds and securities from Clearing Member pool account to BO
Account54

i. Clearing members shall transfer the funds and securities from their respective
pool account to the respective beneficiary account of their clients within 1
working day after the pay-out day. The securities lying in the pool account
beyond the stipulated period shall attract a penalty at the rate of 6 basis point
per week on the value of securities. The penalty so collected by the depositories
shall be credited to a separate account with the depository and earmarked for
defraying the expenses in connection with the investors’ education and
awareness programs conducted by the depository.

ii. The securities lying in the pool account beyond the above period shall not be
eligible either for delivery in the subsequent settlement(s) or for pledging or
stock lending purpose, until the same are credited to the beneficiary accounts.

iii. The securities lying in the Clearing member’s pool account beyond the
specified time period shall be identified based on the settlement number. The
clearing corporation/houses of the stock exchanges shall provide the
settlement-wise details of securities to the depositories and the depositories
shall maintain the settlement-wise records for the purpose.

iv. Further, stock exchanges shall execute direct delivery of securities to the
investors. Clearing corporation/clearing house (CC/CH) shall ascertain from
each clearing member, the beneficial account details of their respective clients
due to receive pay out of securities. Based on this, the CC/CH shall send pay
out instructions to the depositories so that the client receives pay out of
securities directly to the extent of instructions received from the respective
clearing members. To the extent of instruction not received, the securities shall
be credited to the CM pool account.

53 Reference Circular MRD/DoP/Dep/Cir-27/2004 dated August 16, 2004

54Reference Circular SMDRP/Policy/Cir-05/2001 dated February 1, 2001 &Circular
SEBI/MRD/Policy/AT/Cir-19/2004 dated April 21, 2004
41
1.18 Consolidated Account Statement (CAS) for all securities assets 55

i. Pursuant to the Interim Budget announcement in 2014 to create one record for
all financial assets of every individual, it has been decided to enable a single
consolidated view of all the investments of an investor in Mutual Funds (MF)
and securities held in demat form with the Depositories.
ii. The Depositories and the Asset Management Companies (AMCs)/ MF-RTAs
shall put in place systems to facilitate generation and dispatch of single
Consolidated Account Statements (CAS) for investors having MF investments
and holding demat accounts. AMCs/ RTAs shall share the requisite
information with the Depositories on monthly basis to enable generation of
CAS.
iii. Consolidation of account statement shall be done on the basis of PAN. In case
of multiple holding, it shall be PAN of the first holder and pattern of holding.
Based on the PANs provided by the AMCs/MF-RTAs, the Depositories shall
match their PAN database to determine the common PANs and allocate the
PANs among themselves for the purpose of sending CAS. For PANs which are
common between depositories and AMCs, the Depositories shall send the CAS.
In other cases (i.e. PANs with no demat account and only MF units holding),
the AMCs/ MF-RTAs shall continue to send the CAS to their unit holders as is
being done presently in compliance with the Regulation 36(4) of the SEBI
(Mutual Funds) Regulations.
iv. In case investors have multiple accounts across the two depositories, the
depository having the demat account which has been opened earlier shall be
the default depository which will consolidate details across depositories and
MF investments and dispatch the CAS to the investor. However, option shall be
given to the demat account holder by the default depository to choose the
depository through which the investor wishes to receive the CAS.
v. The CAS shall be generated on a monthly basis. The AMCs /MF-RTAs shall
provide the data with respect to the common PANs to the depositories within
three days from the month end. The depositories shall then consolidate and
dispatch the CAS within ten days from the month end.
vi. Where statements are presently being dispatched by email either by the Mutual
Funds or by the Depositories, CAS shall be sent through email. However,
where an investor does not wish to receive CAS through email, option shall be
given to the investor to receive the CAS in physical form at the address
registered in the Depository system.
vii. A proper grievance redressal mechanism shall be put in place by the
depositories and the AMCs/MF-RTAs which shall also be communicated to the
investors through CAS. AMCs/MF-RTAs would be accountable for the
authenticity of the information provided through CAS in respect of MF
investments and timely sharing of such information with Depositories. The

55Circular CIR/MRD/DP/31/2014 dated November 12, 2014

42
 Depositories would be responsible for the timely dispatch of CAS to the
investors serviced by them and the demat account information.
viii. The depositories and the AMCs/ MF-RTAs shall ensure data integrity and
confidentiality in respect of the shared information. The depositories shall
utilise the shared data only for the purpose of providing CAS and shall not
share the same with their Depository Participants. Where Depositories are
required to share such information with unregulated entities like third party
printers, the depositories shall enter into necessary data confidentiality
agreements with them.
ix. The CAS shall be implemented from the month of March 2015 with respect to
the transactions carried out during the month of February 2015.
x. If an investor does not wish to receive CAS, an option shall be given to the
investor to indicate negative consent. Depositories shall accordingly inform
investors in their statements from the month of January 2015 about the facility
of CAS and give them information on how to opt out of the facility if they do
not wish to avail it.
xi. Where such an option is exercised, the concerned depository shall inform the
AMC/MF-RTA accordingly and the data with respect to the said investor shall
not be shared by the AMC/MF-RTA with the depository.
xii. If there is any transaction in any of the demat accounts of the investor or in any
of his mutual fund folios, then CAS shall be sent to that investor on monthly
basis. In case there is no transaction in any of the mutual fund folios and
demat accounts then CAS with holding details shall be sent to the investor on
half yearly basis. However, in case of demat accounts with nil balance and no
transactions in securities and in mutual fund folios, the requirement to send
physical statement shall be applicable as specified at para 1.6.5 and 1.6.6 of this
chapter.
xiii. Further, the holding statement dispatched by the DPs to their BOs with respect
to the dormant demat accounts with balances shall also be dispatched half-
yearly.
xiv. The dispatch of CAS by the depositories to BOs would constitute compliance
by the Depository Participants with requirement under Regulation 60 of SEBI
(Depositories and Participants) Regulations, to provide statements of account
to the BOs as also compliance by the MFs with the requirement under
Regulation 36(4) of SEBI (Mutual Funds) Regulations.

1.19 Review of Dividend option(s) / Plan(s) in case of Mutual Fund Schemes 56

1.19.1 The Ninth and Eleventh Schedule of SEBI (Mutual Funds) Regulations, 1996
and SEBI circular No. SEBI/IMD/CIR No 18 / 198647 /2010 dated March 15,
2010 to be referred, which provide the accounting policies to be followed for
determining distributable surplus and accounting the sale and repurchase of

56
Reference Circular SEBI/HO/IMD/DF3/CIR/P/2020/194 dated October 05, 2020
43
 units in the books of the Mutual Fund.

1.19.2 The aforesaid regulatory requirements, inter-alia, mandates that when units are
sold, and sale price (NAV) is higher than face value of the unit, a portion of sale
price that represents realized gains shall be credited to an Equalization Reserve
Account and which can be used to pay dividend.

1.19.3 There is a need to clearly communicate to the investor that, under dividend
option of a Mutual Fund Scheme, certain portion of his capital (Equalization
Reserve) can be distributed as dividend.

1.19.4 Based on the recommendations of Mutual Funds Advisory Committee

(MFAC), the following is stipulated:

1.19.4.1 All the existing and proposed Schemes of Mutual Funds shall name /
rename the Dividend option(s) in the following manner:

Option / Plan Name

Dividend Payout
Dividend Re-investment
Dividend Transfer Plan
Payout of Income Distribution cum
capital withdrawal option
Reinvestment of Income Distribution
cum capital withdrawal option
Transfer of Income Distribution cum
capital withdrawal plan

1.19.4.2 Offer documents shall clearly disclose that the amounts can be
distributed out of investors capital (Equalization Reserve), which is part
of sale price that represents realized gains. Further, AMCs shall ensure
that the said disclosure is made to investors at the time of subscription of
such options/plans.

1.19.4.3 AMCs shall ensure that whenever distributable surplus is distributed, a

clear segregation between income distribution (appreciation on NAV)
and capital distribution (Equalization Reserve) shall be suitably
disclosed in the Consolidated Account Statement provided to investors
as required under Regulation 36(4) of SEBI (Mutual Funds) Regulations,
1996 and SEBI Circular No. CIR/MRD/ DP/ 31/2014 dated November
12, 2014.

1.19.5 The aforesaid changes shall not be treated as Fundamental Attribute Change in
terms of Regulation 18 (15A) of SEBI (Mutual Funds) Regulations, 1996.

1.19.6 All other conditions specified in this regard shall remain unchanged.

1.19.7 The provisions mentioned under paragraph 1.19.4 shall be effective from April
01, 2021.
44
1.20 Procedure for filing and redressal of investor grievances using SCORES57

i. Investors who wish to lodge a complaint on SCORES are requested to register

themselves on www.scores.gov.in by clicking on “Register here”. While filing the
registration form, details like Name of the investor, PAN, Contact details,
Email id, Aadhaar card number(optional), CKYC ID(optional) etc. (Annexure
A) may be provided for effective communication and speedy redressal of the
grievances. Upon successful registration, a unique user id and a password
shall be communicated to the investor through an acknowledgement email /
SMS.
ii. An investor shall use login credentials for lodging complaint on SCORES
(“Login for registered user” section). Details on how to lodge a complaint on
SCORES is at Annexure B.
iii. The complainant may use SCORES to submit the grievance directly to
companies / intermediaries and the complaint shall be forwarded to the entity
for resolution. The entity is required to redress the grievance within 30 days,
failing which the complaint shall be registered in SCORES
iv. Presently, the limitation period for filing an arbitration reference with stock
exchanges is three year. In line with the same and in order to enhance ease,
speed &accuracy in redressal of investor grievance, the investor may lodge a
complaint on SCORES within three years from the date of cause of complaint,
where;
Investor has approached the listed company or registered intermediary for
redressal of the complaint and,
The concerned listed company or registered intermediary rejected the
complaint or,
The complainant does not receive any communication from the listed company
or intermediary concerned or,
The complainant is not satisfied with the reply given to him or redressal action
taken by the listed company or an intermediary.
Annexure A
Details to be provided while registering on SCORES with effect from August
01, 2018:
i. Name of the complainant*
ii. Pan Number*
iii. Aadhaar Number (Optional)
iv. CKYCID(Optional)
v. DP id & Client Id
vi. Postal address for communication*
vii. Contact number –Mobile* : Landline

57
Reference Circular SEBI/HO/OIAE/IGRD/CIR/P/2018/58 dated March 26, 2018
45
viii. Email id* –For receipt of acknowledgement letter / updates of
complaints on SCORES.
ix. Bank account details –To facilitate direct credit of benefits to investor.
x. Client id as given by Broker / Stock Exchange.
Note: * are mandatory fields.
Annexure B
How to lodge a complaint on SCORES with effect from August 01, 2018.

SCORES Portal
http://www.scores.gov.in/

CLICK

User Registration
(Under “Register Here”)

Press submit to complete the registration.

An Email/ SMS informing User ID and Password will be sent
to investor.

CLICK

(As per nature of

complaint) Login to SCORES and
Click on
“Complaint Registration”

Enter Details like Period of cause of event, Date of grievance taken up with the
entity, address of direct complaint to the entity, Share certificate number /
folio number etc.

TYPE
Complaint details in brief (1000 characters)

46
 Upload supporting documents (upto 2 MB in PDF format)

CLICK
Add

Enter Character shown in image

CLICK
Submit

Complaint Registration Number is generated and sent to email id and to mobile

number of the complainant.

47
1.21 Framework for the process of accreditation of investors for the purpose of Innovators
Growth Platform58
1.21.1 Accredited Investors (AIs) for the limited purpose of Innovators Growth
Platform (“IGP”), are investors whose holding in the Issuer Company, is
eligible for the computation of at least 25% of the pre-issue capital in
accordance with Regulation 283.(1) of the SEBI (Issue of Capital & Disclosure
Requirements) Regulations, 2018 (“ICDR Regulations”).

1.21.2 Accordingly, the framework for the process of accreditation of investors is

detailed below:

A. Eligibility

The following entities shall be eligible to be considered as AIs:

i. Any individual with total gross income of ₹ 50 lakhs annually and who has
minimum liquid net worth of ₹ 5 crores; or

ii. Any body corporate with net worth of ₹ 25 crores.

B. Procedure for accreditation

(a) Responsibility of Stock Exchanges/Depositories

The investor, having a demat account with a Depository, will make an
application to the Stock Exchanges/Depositories in the manner prescribed by
them for recognition as an AI. The Stock Exchanges /Depositories may use the
services of Brokers/Depository participants respectively for such purpose.
However, Stock Exchanges/Depositories shall be responsible for verification and
maintenance of the AI data.

(b) Documentation Detailed Documentation required for accreditation is provided

at Annexure ‘A’.

1.21.3 Validity of Accreditation

The accreditation granted by the Stock Exchange/Depository shall be valid for
a period of three years from the date of issue of such accreditation unless the AI
becomes ineligible due to change in his/her/its financial status in which case
such AI shall inform the Stock Exchange/Depository of such ineligibility.

1.21.4 Responsibility of Merchant Bankers at the time of listing on IGP with regard
to AIs

At the time of application by a Company for listing on IGP, the merchant

bankers shall ensure due diligence with regard to eligibility of AIs and that

Reference Circular SEBI/HO/CFD/DIL2/CIR/P/2019/67 dated May 22, 2019

58

48
their holding in the Company desirous of listing on IGP is in accordance with
the Regulation 283.(1) of the ICDR Regulations.

Annexure-A

For accreditation as an Accredited Investor for the purpose of Innovators

Growth Platform, the investor having a demat account with a Depository shall
submit the following documents with the Exchanges/Depositories or
Brokers/Depository Participants:

I. In case of Individual / HUF

i) Copy of PAN Card.

ii) Copy of Aadhaar Card or Copy of Valid Passport.
iii) Income tax return of last 3 financial years
iv) Certificate from practicing chartered accountant stating total gross
income (annually) and liquid net worth as on date of application.
Working of Liquid Net worth shall be given as an Annexure to the
certificate. The same shall be calculated as follows:
Capital + Free Reserves
Less: non-allowable assets
(a) Fixed assets
(b) Pledged Securities
(c) Non-allowable securities (unlisted securities)
(d) Doubtful debts and advances*
(e) Prepaid expenses, losses
(f) Intangible assets
(g) 30% value of marketable securities
* Explanation – Includes debts/advances overdue for more than
three months or given to associates and to related parties.
v) Where the individual has been debarred or disciplinary action has been
taken against investor by SEBI, RBI or any other regulatory body, then the
debarment period or disciplinary action should be over. In case of an Non
Resident Indian, he or she shall confirm that he or she has not been
restricted from accessing securities market by the country of jurisdiction
where he or she resides.
vi) Declaration from investor which will state that:
(i) he/she/it, is not a wilful defaulter as defined under Regulation
2(1)(III) of SEBI (ICDR) Regulations, 2018.
(ii) he/she/it, is not a fugitive economic offender as defined under
Regulation 2(1)(p) of SEBI (ICDR) Regulations, 2018.
(iii) he/she/it, is not in violation of Regulation 24 of SEBI (Delisting of
Equity Shares) Regulation, 2009.
(iv) he/she/it, is not in violation of the restrictions imposed by SEBI
under SEBI circular no. SEBI/HO/ MRD/DSA/CIR/P/2017/92
dated August 01, 2017.
(v) he/she/it, is in compliance with RBI regulations, if applicable.
49
 (vi) that the investment in the Companies are in compliance with RBI
norms, if applicable.
(vii) that the submissions made to the Exchange/Depository are true
and correct and if found incorrect, the Exchange/Depository
reserves the right to reject the application and take necessary
action.
(viii) that in case of ineligibility due to change in the financial status of
the Accredited Investor, he/she/it shall inform the Stock
Exchange/Depository of such ineligibility.

II. In case of body corporate (including LLP)

i) Certificate of Incorporation.
ii) If the body corporate is registered with any regulatory body such
as RBI, IRDA, etc., then certificate of such valid registration from
such regulatory body.
iii) Copy of PAN card of body corporate.
iv) Copies of Financial Statements of last 3 financial years.
v) Copies of Income tax return of last 3 financial years.
vi) Certificate from statutory auditor of the body corporate stating
net worth as on date of application. Working of Net worth shall be
given as Annexure to the certificate.
vii) Certified copy of Board Resolution to make application for
Accredited Investor as per IGP norms.
viii) Declaration from Managing Director/Designated
Partner/authorized person that:
(i) the body corporate or its promoters/partners or directors are
not wilful defaulter as defined under Regulation 2(1)(lll) of
SEBI (ICDR) Regulations, 2018.
(ii) the promoters/partners or directors of the body corporate
are not a fugitive economic offender as defined under
Regulation 2(1)(p) of SEBI (ICDR) Regulations, 2018.
(iii) the body corporate or its promoters/partners or whole-time
directors should not be in violation of the provisions of
Regulation 24 of the SEBI Delisting Regulations, 2009.
(iv) the body corporate or its promoters/partners, its directors
should not be in violation of the restrictions imposed by
SEBI under SEBI circular no. SEBI/HO/
MRD/DSA/CIR/P/2017/92 dated August 01, 2017.
(v) the body corporate is in compliance with RBI Regulations, if
applicable.
(vi) that the investment made in the Companies are within the
limit prescribed by the RBI and if investments exceed the
prescribed limit, then approval of RBI for the same has been
obtained, in case the same is applicable.
(vii) that the submissions made to the Exchange/Depository are
true and correct and if found incorrect, the
50
 Exchange/Depository reserves the right to reject the
application and take necessary action.
(viii) that in case of ineligibility due to change in the financial
status of the Accredited Investor, it shall inform the Stock
Exchange/Depository of such ineligibility.

1.22 Common Application Form for Foreign Portfolio Investors59

1.22.1 The Government of India vide notification number F. No. 4/15/2016-ECB

dated January 27, 2020 notified the Common Application Form (CAF) for the
purpose of (a) registration of Foreign Portfolio Investors (FPIs) with Securities
and Exchange Board of India, (b) allotment of Permanent Account Number
(PAN) and (c) carrying out of Know Your Customer (KYC) for opening of Bank
& Demat Account.

1.22.2 The applicants seeking FPI registration shall be required to duly fill CAF and
‘Annexure to CAF’ and provide supporting documents and applicable fees for
SEBI registration and issuance of PAN. The other intermediaries dealing with
FPIs may rely on the information in CAF for the purpose of KYC.

1.22.3 DDP may continue to accept in–transit FPI registration applications, for a
period of 60 days from date of issuance of these provisions, received in the
form prescribed in operational guidelines issued on November 05, 2019.

Enclosed: 1. CAF notified by Government of India

2. Annexure to CAF (Declarations and Undertakings)
3. Operational guidelines for FPIs & DDPs and FPIs

1.23 Permitting Foreign Portfolio Investors (FPI) to invest in Municipal Bonds60

1.23.1 RBI vide A.P. (DIR Series) Circular No. 33 dated April 25, 2019 has permitted
FPIs to invest in municipal bonds.

1.23.2 In accordance with the provisions of Regulation 21(1)(p) of SEBI (Foreign

Portfolio Investors) Regulations, 2014, FPIs are, henceforth, permitted to invest
in municipal bonds.

59 Reference: Circular IMD/FPI&C/CIR/P/2020/022 dated February 04, 2020

60
Reference: Circular No. IMD/FPIC/CIR/P/2019/62 dated May 08, 2019
51
 Section 2: Depository Participants Related

2.1 Online Registration Mechanism for Securities Market Intermediaries61

i. SEBI Intermediary Portal (https://siportal.sebi.gov.in)has been operationalized

for the intermediaries to submit all the registration applications
online. The SEBI Intermediary Portal includes online application for
registration, processing of application, grant of final registration,
application for surrender/ cancellation, submission of periodical reports,
requests for change of name / address / other details etc.
ii. All applications for registration/surrender/other requests shall be made
through SEBI Intermediary Portal only. The application in respect of stock
brokers/sub-broker and depository participants shall continue to be made
through the Stock Exchanges and Depositories respectively.
iii. The applicants will be separately required to submit relevant documents viz.
declarations/undertakings, in physical form, only for records without
impacting the online processing of applications for registration.
iv. Where applications are made through the Stock Exchanges / Depositories, the
hard copy of the applications made by their members shall be preserved by
them and shall be made available to SEBI, as and when called for.

2.2 Supervision of branches of DPs62

v. To ensure compliance with Regulation 63 of the SEBI (Depositories and

Participants) Regulations, 2018, and Clause 19 of the Code of Conduct for
Participants contained in the Third Schedule to the Regulations the DP shall
ensure that it has satisfactory internal control procedure in place, inclusive of
their branch offices. DPs are therefore required in terms of these provisions to
put in place appropriate mechanisms to ensure that their branches are carrying
on the operations in compliance with the applicable regulations, bye-laws, etc.
DPs are also required to put in p lace suitable internal control systems to ensure
that all branches exercise due diligence in opening accounts, complying with
KYC requirements, in ensuring systems safety in complying with client
instructions, manner of uploading client instructions, in verifying signatures

61
Reference Circular No. SEBI/HO/MIRSD/MIRSD1/CIR/P/2017/38 dated May 02, 2017
62Reference Circular MIRSD/DPS-III/Cir-9/07 dated July 3, 2007
52
 and maintaining client records, etc. DPs shall also ensure that the branches are
suitably integrated.

vi. Depositories shall examine the adequacy of the above mechanisms during their
inspections of DPs. The Depositories shall also carry out surprise inspections/
checks of the DP branches apart from the regular inspection of the DPs.
Depositories shall also put in place appropriate mechanisms for monitoring
opening of branches by DPs.

2.3 Incentivisation to Depositories Participants (DPs)63

i. In order to compensate the DPs towards the cost of opening and maintaining
Basic Services Demat Accounts (BSDA), the depositories shall pay an incentive
of Rs. 100/- for every new BSDA opened by their participants in other than the
top 15 cities. The name of the top 15 cities is given in following table:
Top 15 Cities
Sr. Name of the City
No.
1. MUMBAI
2. DELHI
3. AHMEDABAD
4. BANGALORE
5. CHENNAI
6. PUNE
7. KOLKATA
8. THANE
9. HYDERABAD
10. SURAT
11. JAIPUR
12. VADODARA
13. SECUNDARABAD
14. RAJKOT
15. INDORE

ii. The incentive shall be provided at the end of the financial year only with
respect to the new BSDA opened during the financial year and which displayed
at least one credit in the account during the Financial Year.

iii. Further to the above, in order to incentivize the DPs to promote holdings in the
BSDA, the depositories may pay an amount of Rs. 2 per folio per ISIN to the
respective depository participant (DP), in respect of the ISIN positions held in
Basic Service Demat Accounts (BSDA). This incentive may be provided with
respect to all the BSDA in the depository system.

63 Reference Circular CIR/MRD/DP/18/2015 dated December 09, 2015

53
 iv. The reimbursement to DPs shall be made on an annual basis at the end of the
financial year. The depositories shall set aside 20% of the incremental revenue
received from the Issuers to manage the aforementioned incentive schemes.
Any surplus after reimbursement of DPs may be utilized by the depositories to
incentivize the DPs for promoting financial inclusion, encouraging investors to
hold Mutual Fund Units in demat account and familiarizing the investors on
the OFS mechanism, etc.

v. The incentive scheme may be reviewed after a period of two years.

2.4 Implementation of the Multilateral Competent Authority Agreement and

Foreign Account Tax Compliance Act64

i. It is brought to the attention of all the intermediaries that India has joined the
multilateral competent Authority Agreement (MCAA) on Automatic Exchange
of Financial Account Information on June 3, 2015. In terms of the MCAA, all
countries which are a signatory to the MCAA, are obliged to exchange a wide
range of financial information after collecting the same from financial
institutions in their country/jurisdiction.

ii. Further, on July 9, 2015 the Governments of India and United States Of
America (USA) have signed an agreement to improve International tax
compliance and to implement the Foreign Account Tax Compliance Act
(FATCA) in India. The USA has enacted FATCA in 2010 to obtain information
on accounts held by U.S taxpayers in other countries. As per the aforesaid
agreement, foreign financial institutions (FFIs) in India will be required to
report tax information about U.S account holders/taxpayers directly to the
Indian Government which will, in turn, relay that information to the U.S
Internal Revenue Services (IRS).

iii. For implementation of the MCAA and agreement with USA, the Government
of India has made necessary legislative changes to section 285BA of the Income-
tax Act, 1961. Further the Government of India has notified Rules 114F to 114H
(herein after referred as “the Rules”) under the Income Tax Rules, 1962 and
form No. 61B for furnishing of statement of reportable account as specified in
the Rules. The Rule is available at

http://www.incometaxindia.gov.in/communications/notification/notification
%20no.%2062%20dated%2007-08-2015.pdf

iv. All registered intermediaries are advised to take necessary steps to ensure
compliance with the requirements specified in the aforesaid Rules after
carrying out necessary due diligence.
2.5 Printing of Grievances Redressal Mechanism on Delivery Instruction Form
Book 65

64Circular No. CIR/MIRSD/2/2015 dated August 26, 2015

54
 To promote investor awareness regarding mechanism for redressing investor
grievances, the information placed below shall be printed on the inside back
cover of the Delivery Instruction Form (DIF) Book issued by all Depository
Participants.

In case you have grievances against a listed company or intermediary registered

with SEBI, you should first approach the concerned company or intermediary
against whom you have grievance.If you are not satisfied with their response,
you may approach SEBI or other regulatory bodies. You can approach SEBI for
following type of grievances.

Listed Companies Brokers and stock exchanges

 Refund / Allotment/ Bonus/ Dividend/  Stock Brokers
Rights/ Redemption/ Interest  Sub brokers
 Prelisting offer documents (shares)  Portfolio managers
 Prelisting offer documents (debentures  Stock exchanges
and bonds)
 Delisting of Securities
 Buyback of Securities
 Takeover and Restructuring
 Corporate Governance and Listing
conditions

Registrar and Transfer Agents Other entities

Collective Investment Schemes
Mutual Funds Debenture Trustees
Merchant Bankers
Depository and Depository Participants Bankers to Issue
Credit Rating Agencies
Information to SEBI: Custodian of Securities
 Price Manipulation Foreign Institutional Investors
 Insider trading Underwriters
Venture Capital Funds
KYC Registration Agency(KRA)
Alternative Investment Fund

You can file your complaints online at http://scores.gov.in or alternately send

your complaints to Office of Investor Assistance and Education of SEBI at
Mumbai or Regional Offices at the following addresses:

Address of SEBI Offices

65Circular No. SEBI/MRD/DP/25/2012 dated September 21, 2012

55
  Office of Investor Assistance and Education, SEBI Bhavan,
Plot No.C4-A, 'G' Block, Bandra Kurla Complex, Bandra (E), Mumbai 400
051 Tel: 022-26449188 / 26449199 (http://scores.gov.in)

 SEBI, Northern Regional Office, 5th Floor, Bank of Baroda Building, 16,
Sansad Marg, New Delhi -110001 Tel: 011-23724001-05 ([email protected])

 SEBI, Eastern Regional Office, L&T Chambers, 3rd Floor, 16, Camac Street,
Kolkata - 700 016 Tel: 033-23023000. ([email protected])

 SEBI, Southern Regional Office, 7th Floor, Overseas Towers, 756-L, Anna
Salai Chennai 600 0102 Tel: 044-24674000/ 24674150 ([email protected])

 SEBI, Ahmedabad Regional Office, Unit No: 002, Ground Floor, SAKAR I,
Near Gandhigram Railway Station, Opp. Nehru Bridge Ashram Road,
Ahmedabad - 380 009 Tel : 079-26583633-35 ([email protected])

For more information visit our website - http://scores.gov.in

2.6 Operationalisation of Central KYC Records Registry (CKYCR)66

1. Government of India has authorized the central Registry of Securitization and

Asset Reconstruction and Security interest of India (CERSAI), set up under
sub-section (1) of Section 20 of Securitisation and Reconstruction of Financial
Assets and Enforcement of Security Interest Act, 2002, to act as, and to perform
the functions of, the Central KYC Records Registry under the PML Rules 2005,
including receiving, storing, safeguarding and retrieving the KYC records in
digital form of a client.

2. As per the 2015 amendment to PML (Maintenance of Records) Rules, 2005 (the
rules), every reporting entity shall capture the KYC information for sharing with
the Central KYC Records Registry in the manner mentioned in the Rules, as per
the KYC template for “individuals” finalised by CERSAI.

3. Accordingly, the KYC template finalised by CERSAI shall be used by the

registered intermediaries as Part I of AOF for individuals. The KYC template for
“individuals” and the “Central KYC Registry Operating Guidelines 2016” for
uploading KYC records on CKYCR finalised by CERSAI. In this regard, it is
clarified that the requirement for Permanent Account Number (PAN) would
continue to be mandatory for completing the KYC process.

2.7 e-KYC Authentication facility under section 11A of the Prevention of Money
Laundering Act, 2002 by Entities in the securities market for Resident

66
Reference Circular CIR/MIRSD/ 66 /2016 dated July 21, 2016
56
 Investors67 and Entities permitted to undertake e-KYC Aadhaar Authentication
service of UIDAI in Securities Market68

2.7.1 SEBI simplified the account opening process for investors vide Circular No.
CIR/MIRSD/16/2011 dated August 22, 2011. Further, SEBI vide circular
MIRSD/SE/Cir- 21/2011 dated October 05, 2011 issued guidelines for
uniform KYC requirements for investors while opening accounts with any
intermediary in the securities market.

2.7.2 SEBI vide Circular No. CIR/MIRSD/09/2012 dated August 13, 2012 clarified
that after consultation with Unique Identification Authority of India
(UIDAI), Government of India, it was decided that the Aadhaar Letter issued
by UIDAI shall be admissible as Proof of Address in addition to its being
recognized as Proof of Identity.

2.7.3 Subsequently, vide circular No. CIR/MIRSD/09/2013 dated October 08,

2013, SEBI clarified that in consultation with UIDAI and the market
participants, it was decided to accept e-KYC service launched by UIDAI also,
as a valid process for KYC verification. The information containing relevant
client details and photograph made available from UIDAI as a result of e-
KYC process shall be treated as sufficient Proof of identity and Address of
the client. Also vide circular No. CIR/MIRSD/29/2016 dated January 22,
2016, SEBI clarified that the usage of Aadhaar card as issued by the UIDAI is
voluntary.

2.7.4 Hon’ble Supreme Court, in its judgement dated September 26, 2018, had
struck down Section 57 of the Aadhaar Act as “unconstitutional” which
means that no company or private entity can seek Aadhaar identification
from clients or investors.

2.7.5 The Aadhaar and Other Laws (Amendment) Ordinance, 2019 was
promulgated on March 02, 2019 through which a new Section 11A was
inserted in chapter IV of the Prevention of Money-Laundering Act, 2002. The
Aadhaar and Other Laws (Amendment) Act, 2019 was notified in the
Gazette of India on July 24, 2019.

2.7.6 The Department of Revenue (DoR), Ministry of Finance issued a circular

dated May 09, 2019 on procedure for processing of applications under
section 11A of the Prevention of Money Laundering Act, 2002 (“PMLA”), for
use of Aadhaar authentication services by entities other than the Banking
companies. In terms of the said circular, if the Central Government is
satisfied with the recommendations of the Regulator and Unique
Identification Authority of India (“UIDAI”) and reporting entity complies
with such standards of privacy and security under the Aadhaar (Targeted

67
Circular No. SEBI/HO/MIRSD/DOP/CIR/P/2019/123 dated November 05, 2019
68
Circular No. SEBI/HO/MIRSD/DOP/CIR/P/2020/80 dated May 12, 2020
57
 Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016
(“Aadhaar Act”), and it is necessary and expedient to do so, it may by
notification, permit such entity to carry out authentication of the Aadhaar
number of clients using e-KYC authentication facility.

2.7.7 The said circular also inter-alia specified that, applications by the concerned
entities under Section 11A of the PMLA for use of Aadhaar authentication
services shall be filed before the Regulator, who after scrutiny shall forward
the applications to UIDAI along with its recommendation. UIDAI shall
scrutinize the applications received and send its recommendation to the
Department of Revenue for notification under Section 11A of the PML Act.
The Central Government, if satisfied with the recommendations of the
Regulator and the UIDAI that the applicant fulfils all conditions under
Section 11A, may by notification permit such applicant to perform
authentication under clause (a) of sub-section (1) of Section 11A. At any
point, after issue of such notification, based on a report of the appropriate
Regulator or UIDAI or otherwise, if it is found that the reporting entity no
longer fulfils the requirements for performing authentication under clause
(a) of sub-section (1) of section 11A, the Central Government may withdraw
the notification after giving an opportunity to the reporting entity.

2.7.8 Accordingly, entities in the securities market, as may be notified by the

Central Government, shall be allowed to undertake Aadhaar Authentication
under section 11A of the PMLA. SEBI Registered intermediaries for reasons
such as online on-boarding of clients, customer convenience, increased
efficiency and reduced time for client on- boarding would prefer to use
Aadhaar based e-KYC facility to complete the KYC of the client.

Government of India, DoR, vide Gazette Notification No. G.S.R. 261(E) dated
April 22, 2020 has notified nine reporting entities as per the recommendation
by UIDAI and SEBI to undertake Aadhaar authentication service of the
UIDAI under section 11A of the Prevention of Money-laundering Act, 2002.
In view of the same, the following entities shall undertake Aadhaar
Authentication service of UIDAI subject to compliance of the conditions as
laid down in this regard:
I. Bombay Stock Exchange Limited
II. National Securities Depository Limited
III. Central Depository Services (India) Limited
IV. CDSL Ventures Limited
V. NSDL Database Management Limited
VI. NSE Data and Analytics Limited
VII. CAMS Investor Services Private Limited
VIII. Computer Age Management Services Private Limited
IX National Stock Exchange of India Limited69

69
Circular No. SEBI/HO/MIRSD/DOP/CIR/P/2020/167 dated September 08, 2020
58
 (Government of India, Department of Revenue (DoR), vide Gazette
Notification No. G.S.R. 516(E) dated August 20, 2020, notified “National
Stock Exchange of India Limited” (NSE) as per the recommendation by
Unique Identification Authority of India (UIDAI) and SEBI to undertake
Aadhaar authentication service of the UIDAI under section 11A of the
Prevention of Money-laundering Act, 2002. In view of the same, National
Stock Exchange of India Limited shall undertake Aadhaar Authentication
service of the UIDAI subject to compliance of the conditions as laid down in
this regard)

2.7.9 These entities shall get registered with UIDAI as KYC user agency (“KUA”)
and shall allow SEBI registered intermediaries / mutual fund distributors to
undertake Aadhaar Authentication of their clients for the purpose of KYC
through them.

2.7.10 The SEBI registered intermediaries / mutual fund distributors, who want to
undertake Aadhaar authentication services through KUAs, shall enter into
an agreement with any one KUA and get themselves registered with UIDAI
as sub-KUAs. The agreement in this regard shall be as may be prescribed by
UIDAI.

2.7.11 Upon notification by the Central Government / registration with UIDAI, the
KUAs and sub-KUAs shall adopt the following process for Aadhaar e-KYC
of investors (resident) in the securities market and as may be prescribed by
UIDAI from time to time.

A. Online Portal based Investor (Resident) e-KYC Process (Aadhaar as an

OVD)

a. Investor visits portal of KUA or the SEBI registered intermediary which is

also a Sub-KUA to open account/invest through intermediary.
b. For Aadhaar e-KYC, investor is redirected to KUA portal. Investor enters the
Aadhaar Number or Virtual Id and provides consent on KUA portal.
Adequate controls shall be in place to ensure that Aadhaar Number is not
stored anywhere by the Sub-KUA or KUA.
c. Investor will receive OTP in mobile number registered with Aadhaar.
Investor enters the OTP sent by UIDAI on KUA portal for Aadhaar e-KYC.
d. KUA will receive the e-KYC details from UIDAI upon successful Aadhaar
authentication which will be further forwarded to Sub-KUA in encrypted
format (using KUAs own encryption key) and will be displayed to the
investor on portal. Sharing of e-KYC data by the KUA with Sub-KUA may
be allowed under Regulation 16(2) of Aadhaar (Authentication) Regulation,
2016. Sub-KUA shall clearly specify the name of the KUA and Sub- KUA,
and details of sharing of data among KUA and Sub-KUA while capturing
investor consent.
e. Investor will fill the additional detail as required under KYC format.
f. SEBI registered Intermediary will upload additional KYC details to the KUA.
59
 B. Assisted Investor (Resident) e-KYC process (Aadhaar as an OVD)

a. Investor approaches any of the SEBI Registered Entity/ Sub-KUAs i.e.

Mutual Fund Distributors or appointed persons for e-KYC through Aadhaar.
b. SEBI registered entities (Sub-KUAs) will perform e-KYC using registered /
Whitelisted devices with KUAs.
c. KUA will ensure that all devices and device operators of Sub-KUA are
registered / whitelisted devices with KUA.
d. Investor will enter Aadhaar No. or Virtual Id and provides consent on the
registered device.
e. Investor provides biometric on the registered device.
f. SEBI registered intermediary (Sub-KUA) fetches the e-KYC details through
the KUA from UIDAI which will be displayed to the investor on the
registered device.
g. Investor will also provide the additional detail as required.

2.7.12 The KUA/ sub-KUA while performing the Aadhaar authentication shall also
comply with the following:

a. For sharing of e-KYC data with Sub-KUA under Regulation 16(2) of Aadhaar
(Authentication) Regulations, 2016, KUA shall obtain special permission
from UIDAI by submitting an application in this regard. Such permissible
sharing of e- KYC details by KUA can be allowed with their associated Sub-
KUAs only.
b. KUA shall not share UIDAI digitally signed e-KYC data with other KUAs.
However, KUAs may share data after digitally signing it using their own
signature for internal working of the system.
c. e-KYC data received as response upon successful Aadhaar authentication
from UIDAI will be stored by KUA and Sub-KUA in the manner prescribed
by Aadhaar Act/Regulations and circulars issued by UIDAI time to time.
d. KUA/Sub-KUA shall not store Aadhaar number in their database under any
circumstances. It shall be ensured that Aadhaar number is captured only
using UIDAI`s Aadhaar Number Capture Services (ANCS).
e. The KUA shall maintain auditable logs of all such transactions where e-KYC
data has been shared with sub-KUA, for a period specified by the Authority.
f. It shall be ensured that full Aadhaar number is not stored and displayed
anywhere in the system and wherever required only last 4 digits of Aadhaar
number may be displayed.
g. As per Regulation 14(i) of the Aadhaar (Authentication) Regulation, 2016,
requesting entity shall implement exception-handling mechanisms and
backup identity authentication mechanism to ensure seamless provision of
authentication services to Aadhaar number holders.
h. UIDAI may conduct audit of all KUAs and Sub KUAs as per the Aadhaar
Act, Aadhaar Regulations, AUA/KUA Agreement, Guidelines, circulars etc.
issued by UIDAI from time to time.

60
 i. Monitoring of irregular transactions - KUAs shall develop appropriate
monitoring mechanism to record irregular transactions and their reporting to
UIDAI.
j. Investor Grievance Handling Mechanism - Investor may approach KUA for
their grievance redressal. KUA will ensure that the grievance is redressed
within the timeframe as prescribed by UIDAI. KUA will also submit report
on grievance redressal to UIDAI as per timelines prescribed by UIDAI.

2.7.13 Onboarding process of KUA/Sub-KUA by UIDAI:

a. As provided in the DoR circular dated May 09, 2019, SEBI after scrutiny of
the application forms of KUAs shall forward the applications along with its
recommendation to UIDAI.
b. For appointment of SEBI registered intermediary / MF distributors as Sub-
KUAs, KUA will send list of proposed Sub-KUAs to SEBI and SEBI would
forward the list of recommended Sub-KUAs to UIDAI for onboarding. An
agreement will be signed between KUA and Sub-KUA, as prescribed by
UIDAI. Sub-KUA shall also comply with the Aadhaar Act Regulations,
circulars, Guidelines etc. issued by UIDAI from time to time.
c. Each sub-KUA shall be assigned a separate Sub-KUA code by UIDAI.

2.7.14 The KUA/sub-KUA shall be guided by the above for use of Aadhaar
authentication services of UIDAI for e-KYC.

2.7.15 For non-compliances if any observed on the part of the reporting entities
(KUAs/ Sub- KUAs), SEBI may take necessary action under the applicable
laws and also bring the same to the notice of DoR / FIU for further necessary
action, if any. Reporting entity (KUAs/Sub-KUAs) shall also adhere to the
continuing compliances and standards of privacy and security prescribed by
UIDAI to carry out Aadhaar Authentication Services under section 11A of
PMLA. Based on a report from SEBI / UIDAI or otherwise, if it is found that
the reporting entity no longer fulfills the requirements for performing
authentication under clause (a) of section 11A(1) of PMLA, the Central
Government may withdraw the notification after giving an opportunity to
the reporting entity.

2.8 Clarification on Know Your Client (KYC) Process and Use of Technology for
KYC70

2.8.1 Know Your Customer (KYC) and Customer Due Diligence (CDD) policies
as part of KYC are the foundation of an effective Anti-Money Laundering
process. The KYC process requires every SEBI registered intermediary
(hereinafter referred to as ‘RI’) to collect and verify the Proof of Identity
(PoI) and Proof of Address (PoA) from the investor.

70
Reference circular number SEBI/HO/MIRSD/DOP/CIR/P/2020/73 dated April 24, 2020
61
2.8.2 The provisions as laid down under the Prevention of Money-Laundering
Act, 2002, Prevention of Money-Laundering (Maintenance of Records)
Rules, 2005, SEBI Master Circular on Anti Money Laundering (AML) dated
October 15, 2019 and relevant KYC / AML circulars issued from time to
time shall continue to remain applicable. Further, the SEBI registered
intermediary shall continue to ensure to obtain the express consent of the
investor before undertaking online KYC.

2.8.3 SEBI, has issued various circulars to simplify, harmonize the process of
KYC by investors / RI. Constant technology evolution has taken place in
the market and innovative platforms are being created to allow investors to
complete KYC process online. SEBI held discussions with various market
participants and based on their feedback and with a view to allow ease of
doing business in the securities market, it is decided to make use of
following technological innovations which can facilitate online KYC:

a. eSign service is an online electronic signature service that can facilitate

an Aadhaar holder to forward the document after digitally signing the
same provided the eSign signature framework is operated under the
provisions of Second schedule of the Information Technology Act and
guidelines issued by the controller.
b. In terms of PML Rule 2 (1) (cb) “equivalent e-document” means an
electronic equivalent of a document, issued by the issuing authority of
such document with its valid digital signature, including documents
issued to the Digital Locker account of the investor as per Rule 9 of the
Information Technology (Preservation and Retention of Information by
Intermediaries Providing Digital Locker Facilities) Rules, 2016.
c. Section 5 of the Information Technology Act, 2000 recognizes electronic
signatures (which includes digital signature) and states that where any
law provides that information or any other matter shall be
authenticated by affixing the signature or any document shall be signed
or bear the signature of any person then such requirement shall be
deemed to have been satisfied, if such information or matter is
authenticated by means of a digital signature affixed in such manner as
prescribed by the Central Government. Therefore, the eSign mechanism
of Aadhaar shall be accepted in lieu of wet signature on the documents
provided by the investor. Even the cropped signature affixed on the
online KYC form under eSign shall also be accepted as valid signature.

2.8.4 In order to enable the Online KYC process for establishing account based
relationship with the RI, Investor’s KYC can be completed through online
/ App based KYC, in-person verification through video, online
submission of Officially Valid Document (OVD) / other documents under
eSign, in the following manner:

i. The investor visits the website/App/digital platform of the RI and

62
 fills up the online KYC form and submits requisite documents
online.
ii. The name, photograph, address, mobile number, email ID, Bank
details of the investor shall be captured online and OVD / PAN /
signed cancelled cheque shall be provided as a photo / scan of the
original under eSign and the same shall be verified as under:

a. Mobile and email is verified through One Time Password

(OTP) or other verifiable mechanism. The mobile number/s of
investor accepted as part of KYC should preferably be the one
seeded with Aadhaar. (the RI shall ensure to meet the
requirements of the mobile number and email as detailed
under SEBI circular no. CIR/MIRSD/15/2011 dated August 02,
2011)
b. Aadhaar is verified through UIDAIs authentication /
verification mechanism. Further, in terms of PML Rule 9 (16),
every RI shall, where the investor submits his Aadhaar
number, ensure that such investor to redact or blackout his
Aadhaar number through appropriate means where the
authentication of Aadhaar number is not required under sub-
rule (15). RI shall not store/ save the Aadhaar number of
investor in their system. e-KYC through Aadhaar
Authentication service of UIDAI or offline verification through
Aadhaar QR Code/ XML file can be undertaken, provided the
XML file or Aadhaar Secure QR Code generation date is not
older than 3 days from the date of carrying out KYC. In terms
of SEBI circular No. CIR/MIRSD/29/2016 dated January 22,
2016 the usage of Aadhaar is optional and purely on a
voluntary basis by the investor.
c. PAN is verified online using the Income Tax Database.
d. Bank account details are verified by Penny Drop mechanism or
any other mechanism using API of the Bank. (Explanation:
based on bank details in the copy of the cancelled cheque
provided by the investor, the money is deposited into the bank
account of the investors to fetch the bank account details and
name.) The name and bank details as obtained shall be verified
with the information provided by investor.
e. Any OVD other than Aadhaar shall be submitted through
Digiocker / under eSign mechanism.

iii. In terms of Rule 2 (d) of Prevention of Money-Laundering

(Maintenance of Records) Rules, 2005 (PML Rules) “Officially Valid
Documents” means the following:
a. the passport,
b. the driving licence,
c. proof of possession of Aadhaar number,
d. the Voter's Identity Card issued by Election Commission of
63
 India,
e. job card issued by NREGA duly signed by an officer of the
State Government and
f. the letter issued by the National Population Register containing
details of name, address, or any other document as notified by
the Central Government in consultation with the Regulator.

iv. Further, Rule 9(18) of PML Rules states that in case OVD furnished
by the investor does not contain updated address, the document as
prescribed therein in the above stated Rule shall be deemed to be
the OVD for the limited purpose of proof of address.

v. PML Rules allows an investor to submit other OVD instead of

PAN, however, in terms of SEBI circular No. MRD/DoP/Cir-
05/2007 dated April 27, 2007 the requirement of mandatory
submission of PAN by the investors for transaction in the securities
market shall continue to apply.

vi. Once all the information as required as per the online KYC form is
filled up by the investor, KYC process could be completed as
under:

a. The investor would take a print out of the completed KYC form
and after affixing their wet signature, send the scanned copy /
photograph of the same to the RI under eSign, or
b. Affix online the cropped signature on the filled KYC form and
submit the same to the RI under eSign.

vii. The RI shall forward the KYC completion intimation letter through
registered post/ speed post or courier, to the address of the
investor in cases where the investor has given address other than as
given in the OVD. In such cases of return of the intimation letter for
wrong / incorrect address, addressee not available etc, no
transactions shall be allowed in such account and intimation shall
also sent to the Stock Exchange and Depository.

viii. The original seen and verified requirement under SEBI circular no.
MIRSD/SE/Cir-21/2011 dated October, 5 2011 for OVD would be
met where the investor provides the OVD in the following manner:

i. As a clear photograph or scanned copy of the original OVD,

through the eSign mechanism, or;
ii. As digitally signed document of the OVD, issued to the
DigiLocker by the issuing authority.

ix. SEBI vide circular no. MIRSD/Cir- 26 /2011 dated December 23,

64
 2011 had harmonized the IPV requirements for the intermediaries.
In order to ease the IPV process for KYC, the said SEBI circular
pertaining to IPV stands modified as under:
i. IPV/ VIPV would not be required when the KYC of the investor
is completed using the Aadhaar authentication / verification of
UIDAI.
ii. IPV / VIPV shall not be required by the RI when the KYC form
has been submitted online, documents have been provided
through digilocker or any other source which could be verified
online.

2.8.5 Features for online KYC App of the RI - SEBI registered intermediary
may implement their own Application (App) for undertaking online KYC
of investors. The App shall facilitate taking photograph, scanning,
acceptance of OVD through Digilocker, video capturing in live
environment, usage of the App only by authorized person of the RI. The
App shall also have features of random action initiation for investor
response to establish that the interactions not pre-recorded, time
stamping, geo-location tagging to ensure physical location in India etc is
also implemented. RI shall ensure that the process is a seamless, real-time,
secured, end-to-end encrypted audiovisual interaction with the customer
and the quality of the communication is adequate to allow identification
of the customer beyond doubt. RI shall carry out the liveliness check in
order to guard against spoofing and such other fraudulent manipulations.
The RI shall before rolling out and periodically, carry out software and
security audit and validation of their App. The RI may have additional
safety and security features other than as prescribed above.

2.8.6 Feature for Video in Person Verification (VIPV) for Individuals – To

enable ease of completing IPV of an investor, intermediary may undertake
the VIPV of an individual investor through their App. The following
process shall be adopted in this regard:

i. Intermediary through their authorised official, specifically trained for

this purpose, may undertake live VIPV of an individual customer, after
obtaining his/her informed consent. The activity log along with the
credentials of the person performing the VIPV shall be stored for easy
retrieval.
ii. The VIPV shall be in a live environment.
iii. The VIPV shall be clear and still, the investor in the video shall be easily
recognisable and shall not be covering their face in any manner.
iv. The VIPV process shall include random question and response from the
investor including displaying the OVD, KYC form and signature or
could also be confirmed by an OTP.
v. The RI shall ensure that photograph of the customer downloaded
through the Aadhaar authentication / verification process matches

65
 with the investor in the VIPV.
vi. The VIPV shall be digitally saved in a safe, secure and tamper-proof,
easily retrievable manner and shall bear date and time stamping.
vii. The RI may have additional safety and security features other than as
prescribed above.

2.9 Recording of Non Disposal Undertaking (NDU) in the Depository System71

SEBI (Substantial Acquisition of Shares and Takeovers) Regulations, 2011,

requires promoters of a company to disclose details of their encumbered shares
including NDUs by promoters which are covered under the scope of
disclosures of 'Encumbrances'. It has been observed that some shareholders,
primarily promoters, enter into non-disposal agreements/non-disposal
undertaking (NDU) for borrowing funds from various lenders. NDUs are
typically undertakings given by a shareholder not to transfer or otherwise
alienate the securities and are in the nature of negative lien given in favour of
another party, usually a lender.
i. Depositories shall develop a separate module/ transaction type in their system
for recording NDUs.
ii. Both parties to the NDU shall have a demat account with the same depository
and be KYC compliant.
iii. Pursuant to entering the NDU, the Beneficial Owner (BO) along with the other
party shall make an application through the participant (where the BO holds
his securities) to the depository, for the purpose of recording the NDU
transaction.
iv. The application shall necessarily include details of BO ID, PAN, email-
id, signature(s), name of the entity in whose favor such NDU is entered and the
quantity of securities. Such entity in whose favor NDU is entered shall also
authorize the participant of the BO holding the shares, to access the signatures
as recorded in that entity’s demat account.
v. The participant after being satisfied that the securities are available for NDU
shall record the NDU and freeze for debit the requisite quantity of securities
under NDU in the depository system.
vi. The depositories shall make suitable provisions for capturing the details of BO
ID and PAN of the entity in whose favor such NDU is entered by the
participant. The depositories shall also make available to the said participant,
the details of authorized signatories as recorded in the demat account of the
entity in whose favor such NDU is entered.
vii. On creation of freeze in the depository system, the depository/ participant of
the BO holding shares, shall inform both parties of the NDU regarding creation
of freeze under NDU.
viii. The depositories shall make suitable provisions for capturing the details of
company/ promoters if they are part of the NDU.

71
Reference circular number CIR/MRD/DP/56/2017 dated June14, 2017
66
 ix. In case if the participant does not create the NDU, it shall intimate the same to
the parties of the NDU along with the reasons thereof.
x. Once the freeze for debits is created under the NDU for a particular quantity of
shares, the depository shall not facilitate or effect any transfer, pledge,
hypothecation, lending, rematerialisation or in any manner alienate or
otherwise allow dealing in the shares held under NDU till receipt of
instructions from both parties for the cancellation of NDU.
xi. The entry of NDU made as per para 4.34 (v) above may be cancelled by the
depository/participant of the BO through unfreeze of specified quantity if
parties to the NDU jointly make such application to the depository
through the participant of the BO.
xii. On unfreeze of shares upon termination/cancellation of NDU, the depository
shall inform both parties of the NDU in the form and manner agreed upon at
the time of creating the freeze. The unfreeze shall be effected in the depository
system after a cooling period of 2 clear business days but no later than 4 clear
business days.
xiii. The freeze and unfreeze instructions executed by the Participant for recording
NDUs will be subject to 100% concurrent audit.
xiv. The DPs shall not facilitate or be a party to any NDU outside the depository
system as outlined herein.

2.10 Recording of all types of Encumbrances in Depository system72

2.10.1 SEBI (Substantial Acquisition of Shares and Takeover) Regulations, 2011

requires promoters of a company to disclose details of their encumbered
shares. Apart from pledge, hypothecation and non-disposal
undertakings(NDUs), there is no framework to capture the details of other
types of encumbrances in the depository system.

2.10.2 In this regard, Depositories shall put in place a system for capturing and
recording all types of encumbrances, which are specified under Regulation
28(3) of SEBI (Substantial Acquisition of Shares and Takeovers) Regulations,
2011, as amended from time to time. Towards this end, Depositories shall
follow processes and other norms similar to that stipulated for the purpose
of capturing and recording NDUs in Depository system. This is apart from
pledge and hypothecation, whose processes and specific norms are
separately provided in SEBI (Depositories & Participants) Regulations, 2018
and circulars issued thereon.

2.10.3 The freeze and unfreeze instructions executed by the Participant for
recording all encumbrances will be subject to 100% concurrent audit.

2.10.4 The Depository Participant shall not facilitate or be party to any type of
encumbrance outside the Depository system as outlined herein.

72
Reference circular number SEBI/HO/MRD2/DDAP/CIR/P/2020/137 dated July 24, 2020
67
2.11 Cyber Security & Cyber Resilience framework for Depository Participant73
i. Rapid technological developments in securities market have
highlighted the need for maintaining robust cyber security and cyber
resilience framework to protect the integrity of data and guard against breaches
of privacy.
ii. Since depository participants perform significant functions in providing
services to holders of securities, it is desirable that these entities have robust
cyber security and cyber resilience framework in order to provide essential
facilities and perform systemically critical functions relating to securities
market.
iii. Accordingly, after discussions with Exchanges, Depositories and Stock
Brokers’ and Depository Participants’ associations, a framework on cyber
security and cyber resilience has been designed, which is placed at Annexure 1.
The framework would be required to be complied by all Depository
Participants registered with SEBI.

Annexure -1
1. Cyber-attacks and threats attempt to compromise the Confidentiality,
Integrity and Availability(CIA)of the computer systems, networks and
databases (Confidentiality refers to limiting access of systems and information
to authorized users, Integrity is the assurance that the information is reliable
and accurate, and Availability refers to guarantee of reliable access to the
systems and information by authorized users).Cyber security framework
includes measures, tools and processes that are intended to prevent cyber-
attacks and improve cyber resilience. Cyber Resilience is an
organization’s ability to prepare and respond to a cyber-attack and to
continue operation during, and recover from, a cyber-attack.

Governance
2. As part of the operational risk management framework to manage risk to
systems, networks and databases from cyber-attacks and threats,
Depository Participants should formulate a comprehensive Cyber Security
and Cyber Resilience policy document encompassing the framework
mentioned hereunder. In case of deviations from the suggested framework,
reasons for such deviations, technical or otherwise, should be provided in
the policy document.

The policy document should be approved by the Board / Partners /

Proprietor of the Stock Broker / Depository Participants. The policy document
should be reviewed by the aforementioned group at least annually with the
view to strengthen and improve its Cyber Security and Cyber Resilience
framework.

73
Reference circular SEBI/HO/MIRSD/CIR/PB/2018/147 dated December 03, 2018 and
SEBI/HO/MIRSD/DOP/CIR/P/2019/109 dated October 15, 2019
68
 3. The Cyber Security Policy should include the following process to identify,
assess, and manage Cyber Security risk associated with processes,
information, networks and systems:
a. ‘Identify’ critical IT assets and risks associated with such assets.
b. ‘Protect’ assets by deploying suitable controls, tools and measures.
c. ‘Detect’ incidents, anomalies and attacks through appropriate monitoring
tools/processes.
d. ‘Respond’ by taking immediate steps after identification of the incident,
anomaly or attack.
e. ‘Recover’ from incident through incident management and other
appropriate recovery mechanisms.
4. The Cyber Security Policy of Stock Brokers trading through APIs based
terminal / Depository Participants should consider the principles prescribed
by National Critical Information Infrastructure Protection Centre (NCIIPC)
of National Technical Research Organization (NTRO), Government of India
(titled ‘Guidelines for Protection of National Critical Information
Infrastructure’) and subsequent revisions, if any, from time to time.
5. Stock Brokers trading through APIs based terminal / Depository Participants
may refer to best practices from international standards like ISO 27001,
COBIT 5, etc., or their subsequent revisions, if any, from time to time.
6. Depository Participants should designate a senior official or management
personnel (henceforth, referred to as the “Designated Officer”) whose function
would be to assess, identify, and reduce security and Cyber Security
risks, respond to incidents, establish appropriate standards and controls,
and direct the establishment and implementation of processes and
procedures as per the Cyber Security Policy.
7. The Board / Partners / Proprietor of the Depository Participants shall
constitute an Technology Committee74 comprising experts. This Technology
Committee should on a half yearly basis review the implementation of
the Cyber Security and Cyber Resilience policy approved by their Board /
Partners / Proprietor, and such review should include review of their current
IT and Cyber Security and Cyber Resilience capabilities, set goals for a
target level of Cyber Resilience, and establish plans to improve and
strengthen Cyber Security and Cyber Resilience. The review shall be
placed before the Board / Partners / Proprietor of the Stock Brokers /
Depository Participants for appropriate action.
8. Depository Participants should establish a reporting procedure to facilitate
communication of unusual activities and events to the Designated Officer in a
timely manner.
9. The Designated officer and the technology committee of the Depository
Participants should periodically review instances of cyber-attacks, if any,
domestically and globally, and take steps to strengthen Cyber Security
and cyber resilience framework.

74
Reference Circular CIR/HO/MIRSD/DOS2/CIR/PB/2019/038 dated March 15, 2019 - in Para 7, the words
“Internal Technology Committee” stands replaced as “Technology Committee”.
69
10. Depository Participants should define responsibilities of its employees,
outsourced staff, and employees of vendors, members or participants and
other entities, who may have privileged access or use systems / networks of
Depository Participants towards ensuring the goal of Cyber Security.

Identification

11. Depository Participants should identify critical assets based on their

sensitivity and criticality for business operations, services and data
management. To this end, Depository Participants should maintain up-to-date
inventory of its hardware and systems and the personnel to whom these
have been issued, software and information assets (internal and
external), details of its network resources, connections to its network and
data flows.
12. Depository Participants should accordingly identify cyber risks (threats and
vulnerabilities) that it may face, along with the likelihood of such threats and
impact on the business and thereby, deploy controls commensurate to the
criticality.

Protection

Access controls

13. No person by virtue of rank or position should have any intrinsic right
to access confidential data, applications, system resources or facilities.
14. Any access to Depository Participants systems, applications, networks,
databases, etc., should be for a defined purpose and for a defined period.
Depository Participants should grant access to IT systems, applications,
databases and networks on a need-to-use basis and based on the
principle of least privilege. Such access should be for the period when the
access is required and should be authorized using strong authentication
mechanisms.
15. Depository Participants should implement an access policy which addresses
strong password controls for users’ access to systems, applications,
networks and databases. Illustrative examples for this are given in Annexure C.
16. All critical systems of the Depository Participant accessible over the internet
should have two-factor security (such as VPNs, Firewall controls etc.)
17. Depository Participants should ensure that records of user access to critical
systems, wherever possible, are uniquely identified and logged for audit
and review purposes. Such logs should be maintained and stored in a secure
location for a time period not less than two (2) years.
18. Depository Participants should deploy controls and security measures to
supervise staff with elevated system access entitlements (such as admin
or privileged users) to Stock Broker/ Depository Participant’s critical
systems. Such controls and measures should inter-alia include restricting
the number of privileged users, periodic review of privileged users’
activities, disallow privileged users from accessing systems logs in which
70
 their activities are being captured, strong controls over remote access by
privileged users, etc.
19. Employees and outsourced staff such as employees of vendors or service
providers, who may be given authorized access to the Depository
Participants critical systems, networks and other computer resources, should be
subject to stringent supervision, monitoring and access restrictions.
20. Depository Participants should formulate an Internet access policy to
monitor and regulate the use of internet and internet based services such
as social media sites, cloud-based internet storage sites, etc. within the
Depository Participant’s critical IT infrastructure.
21. User Management must address deactivation of access of privileges of users
who are leaving the organization or whose access privileges have been
withdrawn.

Physical Security

22. Physical access to the critical systems should be restricted to minimum

and only to authorized officials. Physical access of outsourced staff/visitors
should be properly supervised by ensuring at the minimum that outsourced
staff/visitors are accompanied at all times by authorized employees.
23. Physical access to the critical systems should be revoked immediately if the
same is no longer required.
24. Depository Participants should ensure that the perimeter of the critical
equipments room, if any, are physically secured and monitored by employing
physical, human and procedural controls such as the use of security
guards, CCTVs, card access systems, mantraps, bollards, etc. where
appropriate.

Network Security Management

25. Depository Participants should establish baseline standards to facilitate

consistent application of security configurations to operating systems,
databases, network devices and enterprise mobile devices within their IT
environment. The LAN and wireless networks should be secured within the
Depository Participants’ premises with proper access controls.
26. For algorithmic trading facilities, adequate measures should be taken to isolate
and secure the perimeter and connectivity to the servers running algorithmic
trading applications.
27. Depository Participants should install network security devices, such as
firewalls, proxy servers, intrusion detection and prevention systems (IDS) to
protect their IT infrastructure which is exposed to the internet, from security
exposures originating from internal and external sources.
28. Adequate controls must be deployed to address virus / malware /
ransomware attacks. These controls may include host / network / application
based IDS systems, customized kernels for Linux, anti-virus and anti-malware
software etc.

71
 Data security

29. Critical data must be identified and encrypted in motion and at rest by using
strong encryption methods. Illustrative measures in this regard are given in
Annexure A and B.
30. Depository Participants should implement measures to prevent unauthorized
access or copying or transmission of data / information held in contractual or
fiduciary capacity. It should be ensured that confidentiality of information is
not compromised during the process of exchanging and transferring
information with external parties. Illustrative measures to ensure security
during transportation of data over the internet are given in Annexure B.
31. The information security policy should also cover use of devices such as mobile
phones, faxes, photocopiers, scanners, etc., within their critical IT
infrastructure, that can be used for capturing and transmission of sensitive
data. For instance, defining access policies for personnel, and network
connectivity for such devices etc.
32. Depository Participants should allow only authorized data storage devices
within their IT infrastructure through appropriate validation processes.

Hardening of Hardware and Software

33. Depository Participants should only deploy hardened hardware / software,

including replacing default passwords with strong passwords and disabling or
removing services identified as unnecessary for the functioning of the system.

34. Open ports on networks and systems which are not in use or that can be
potentially used for exploitation of data should be blocked and measures taken
to secure them.

Application Security in Customer Facing Applications

35. Application security for Customer facing applications offered over the Internet
such as IBTs (Internet Based Trading applications), portals containing sensitive
or private information and Back office applications (repository of financial and
personal information offered by Brokers to Customers) are paramount as they
carry significant attack surfaces by virtue of being available publicly over the
Internet for mass use. An illustrative list of measures for ensuring security in
such applications is provided in Annexure C.

Certification of off-the-shelf products

36. Depository Participants should ensure that off the shelf products being used for
core business functionality (such as Back office applications) should bear
Indian Common criteria certification of Evaluation Assurance Level 4. The
Common criteria certification in India is being provided by (STQC)
Standardisation Testing and Quality Certification (Ministry of Electronics and
Information Technology). Custom developed / in-house software and
72
 components need not obtain the certification, but have to undergo intensive
regression testing, configuration testing etc. The scope of tests should include
business logic and security controls.

Patch management

37. Depository Participants should establish and ensure that the patch
management procedures include the identification, categorization and
prioritization of patches and updates. An implementation timeframe for each
category of patches should be established to apply them in a timely manner.
38. Depository Participants should perform rigorous testing of security patches
and updates, where possible, before deployment into the production
environment so as to ensure that the application of patches do not impact other
systems.

Disposal of data, systems and storage devices

39. Depository Participants should frame suitable policy for disposal of storage
media and systems. The critical data / Information on such devices and
systems should be removed by using methods such as crypto shredding /
degauss / Physical destruction as applicable.
40. Depository Participants should formulate a data-disposal and data- retention
policy to identify the value and lifetime of various parcels of data.

Vulnerability Assessment and Penetration Testing (VAPT)

41. Depository Participants should regularly conduct vulnerability assessment to

detect security vulnerabilities in their IT environments exposed to the internet.
42. Depository Participants with systems publicly available over the internet
should also carry out penetration tests, at-least once a year, in order to conduct
an in-depth evaluation of the security posture of the system through
simulations of actual attacks on its systems and networks that are exposed to
the internet.
In addition, Depository Participants should perform vulnerability scanning and
conduct penetration testing prior to the commissioning of a new system that is
accessible over the internet.
43. In case of vulnerabilities discovered in off-the-shelf products (used for core
business) or applications provided by exchange empanelled vendors,
Depository Participants should report them to the vendors and the exchanges
in a timely manner.
44. Remedial actions should be immediately taken to address gaps that are
identified during vulnerability assessment and penetration testing.

Monitoring and Detection

45. Depository Participants should establish appropriate security monitoring

systems and processes to facilitate continuous monitoring of security events /
73
 alerts and timely detection of unauthorised or malicious activities,
unauthorised changes, unauthorised access and unauthorised copying or
transmission of data / information held in contractual or fiduciary capacity, by
internal and external parties. The security logs of systems, applications and
network devices exposed to the internet should also be monitored for
anomalies.
46. Further, to ensure high resilience, high availability and timely detection of
attacks on systems and networks exposed to the internet, Stock Brokers /
Depository Participants should implement suitable mechanisms to monitor
capacity utilization of its critical systems and networks that are exposed to the
internet, for example, controls such as firewalls to monitor bandwidth usage.

Response and Recovery

47. Alerts generated from monitoring and detection systems should be suitably
investigated in order to determine activities that are to be performed to prevent
expansion of such incident of cyber-attack or breach, mitigate its effect and
eradicate the incident.
48. The response and recovery plan of the Depository Participants should have
plans for the timely restoration of systems affected by incidents of cyber-attacks
or breaches, for instance, offering alternate services or systems to Customers.
Stock Brokers / Depository Participants should have the same Recovery Time
Objective (RTO) and Recovery Point Objective (RPO) as specified by SEBI for
Market Infrastructure Institutions vide SEBI circular CIR/MRD/DMS/17/20
dated June 22, 2012 as amended from time to time
49. The response plan should define responsibilities and actions to be performed
by its employees and support / outsourced staff in the event of cyber-attacks or
breach of Cyber Security mechanism.
50. Any incident of loss or destruction of data or systems should be thoroughly
analyzed and lessons learned from such incidents should be incorporated to
strengthen the security mechanism and improve recovery planning and
processes.
51. Depository Participants should also conduct suitable periodic drills to test the
adequacy and effectiveness of the aforementioned response and recovery plan.

Sharing of Information

52. Quarterly reports containing information on cyber-attacks and threats

experienced by Depository Participants and measures taken to mitigate
vulnerabilities, threats and attacks including information on bugs /
vulnerabilities / threats that may be useful for other Depository Participants
should be submitted to Depositories.

In this regard, following guidelines are for submission of report / information

and the timelines:
i. A format for submitting the reports is attached as Annexure.

74
 ii. Effective from quarter ending on December 31, 2019, the time period for
submission of the report shall be 15 days after the end of the quarter.
iii. The mode of submission of such reports by the depository participants
may be prescribed by Depositories.

Training and Education

53. Depository Participants should work on building Cyber Security and basic
system hygiene awareness of staff (with a focus on staff from non-technical
disciplines).
54. Depository Participants should conduct periodic training programs to enhance
knowledge of IT / Cyber Security Policy and standards among the employees
incorporating up-to-date Cyber Security threat alerts. Where possible, this
should be extended to outsourced staff, vendors etc.
55. The training programs should be reviewed and updated to ensure that the
contents of the program remain current and relevant.

Systems managed by vendors

56. Where the systems (IBT, Back office and other Customer facing applications, IT
infrastructure, etc.) of a Stock Brokers / Depository Participants are managed
by vendors and the Stock Brokers / Depository Participants may not be able to
implement some of the aforementioned guidelines directly, the Depository
Participants should instruct the vendors to adhere to the applicable guidelines
in the Cyber Security and Cyber Resilience policy and obtain the necessary self-
certifications from them to ensure compliance with the policy guidelines.

Systems managed by MIIs

57. Where applications are offered to customers over the internet by MIIs (Market
Infrastructure Institutions), for e.g.: NSE’s NOW, BSE’s BEST etc., the
responsibility of ensuring Cyber Resilience on those applications reside with
the MIIs and not with the Depository Participant. The Depository Participant is
exempted from applying the aforementioned guidelines to such systems
offered by MIIs such as NOW, BEST, etc.

Periodic Audit

58. The Terms of Reference for the System Audit of Stock Brokers specified vide
circular no. CIR/MRD/DMS/34/2013 dated November 06, 2013, shall
accordingly stand modified to include audit of implementation of the
aforementioned areas.

i. Further, auditors qualified in following certifications can audit the

systems of depository participants and stock brokers to check the
compliance of Cyber Security and Cyber Resilience provisions:

75
 a. CERT-IN empanelled auditor, an independent DISA (ICAI)
Qualification, CISA (Certified Information System Auditor) from
ISACA, CISM (Certified Information Securities Manager) from ISACA,
CISSP (Certified Information Systems Security Professional) from
International Information Systems Security Certification Consortium
(commonly known as (ISC)2).

ii. The periodicity of audit for the purpose of compliance with Cyber
Security and Cyber Resilience provisions for depository participants shall
be annual. The periodicity of audit for the compliance with the provisions
of Cyber Security and Cyber Resilience provisions for stock brokers,
irrespective of number of terminals and location presence, shall be as
under:

Type of stock broker as specified in SEBI circular Periodicity

CIR/MRD/DMS/34/2013 dated November 06, 2013
Type I Annual
Type II Annual

Type III Half-yearly

Annexure

Incident Reporting Form

1.Letter/ Report Subject-

Name of the Member / Depository
Participant -
Name of the Stock Exchange/
Depository-
Member ID/DPID-
2. Reporting Periodicity
Year-

 Quarter1 (Apr-Jun)  Quarter3 (Oct-Dec)

 Quarter2 (Jul-Sep)  Quarter4 (Jan-Mar)
3. Designated Officer (Reporting Officer details) -
Name: Organization: Title:

Phone / Fax No: Mobile: Email:

76
Address:

Cyber-attack/ breach observed in Quarter:

(If yes, please fill Annexure I)

(If no, please submit the NIL report)

Date & Time Brief information on the Cyber-attack/ breached observed

Annexure I

1. Physical location of affected computer /network and name of ISP-

2.Date and time incident occurred -
Date: Time:

77
3. Information of affected system-
IP Address: Computer Operating System Last Hardware
/Host (incl. Ver. / release Patched/ Vendor/
Name: No.): Updated: Model:

4. Type ofincident -

Phishing Spam Website

Network scanning Bot/Botnet Intrusion
/Probing Break- Email Spoofing Social
in/Root Denial of Service (DoS) Engineering
Compromise Distributed Denial of Technical
Virus/Malicious Service (DDoS) Vulnerability
Code User Account  IP Spoofing
Website Compromise Ransomware
Defacement Other
 System Misuse

5. Description of incident-

6.Unusual behavior/symptoms(Tick the symptoms)-

System crashes Anomalies
New user accounts/ Accounting Suspicious probes
discrepancies  Suspicious browsing New
Failed or successful social engineering files
attempts Changes in file lengths or
 Unexplained, poor system performance dates
Unaccounted for changes in the DNS Attempts to write to system
tables, router rules, or firewall rules Data modification or deletion
Unexplained elevation or use of Denial of service
privileges Operation of a program or Door knob rattling
sniffer device to capture network traffic; Unusual time of usage
An indicated last time of usage of a user Unusual usage patterns
account that does not correspond to the Unusual log file entries
actual last time of usage for that user Presence of new setuid or
A system alarm or similar indication from setgid files Changes in
an intrusion detection tool system directories and files
Altered home pages, which are usually the Presence of cracking utilities
intentional target for visibility, or other Activity during non-working
pages on the Webserver hours or holidays
Other (Please specify)
7.Details of unusual behavior/symptoms -

78
8.Has this problem been experienced earlier? If yes, details-

9.Agencies notified-
Law Enforcement Private Agency Affected Product Vendor Other

10. IP Address of apparent or suspected source-

Source IP address: Other information available:

11. How many host(s)are affected-

1 to10 10 to100 More than 100

12. Details of actions taken for mitigation and any preventive measure applied-

59. The Depository Participants and Type I Stock Brokers ( as defined in

CIR/MRD/DMS/34/2013 dated November 06, 2013) shall arrange to have their
systems audited on an annual basis by a CERT-IN empanelled auditor or an
independent CISA/CISM qualified auditor to check compliance with the above
areas and shall submit the report to Stock Exchanges / Depositories along with the
comments of the Board / Partners / Proprietor of Stock Broker/ Depository
Participant within three months of the end of the financial year.

Annexure A
Illustrative Measures for Data Security on Customer Facing Applications

1. Analyse the different kinds of sensitive data shown to the Customer on the
frontend application to ensure that only what is deemed absolutely necessary is
transmitted and displayed.
2. Wherever possible, mask portions of sensitive data. For instance, rather than
displaying the full phone number or a bank account number, display only a
portion of it, enough for the Customer to identify, but useless to an unscrupulous
party who may obtain covertly obtain it from the Customer’s screen. For instance,
if a bank account number is “123 456 789”, consider displaying something akin to

79
 “XXX XXX 789” instead of the whole number. This also has the added benefit of
not having to transmit the full piece of data over various networks.
3. Analyse data and databases holistically and draw out meaningful and “silos”
(physical or virtual) into which different kinds of data can be isolated and
cordoned off. For instance, a database with personal financial information need not
be a part of the system or network that houses the public facing websites of the
Stock Broker. They should ideally be in discrete silos or DMZs.
4. Implement strict data access controls amongst personnel, irrespective of their
responsibilities, technical or otherwise. It is infeasible for certain personnel such as
System Administrators and developers to not have privileged access to databases.
For such cases, take strict measures to limit the number of personnel with direct
access, and monitor, log, and audit their activities. Take measures to ensure that
the confidentiality of data is not compromised under any of these scenarios.
5. Use industry standard, strong encryption algorithms (eg: RSA, AES etc.) wherever
encryption is implemented. It is important to identify data that warrants
encryption as encrypting all data is infeasible and may open up additional attack
vectors. In addition, it is critical to identify the right personnel to be in charge of,
and the right methodologies for storing the encryption keys, as any compromise to
either will render the encryption useless.
6. Ensure that all critical and sensitive data is adequately backed up, and that the
backup locations are adequately secured. For instance, on servers on isolated
networks that have no public access endpoints, or on-premise servers or disk
drives that are off-limits to unauthorized personnel. Without up-to-date backups, a
meaningful recovery from a disaster or cyber-attack scenario becomes increasingly
difficult.

Annexure B

Illustrative Measures for Data Transport Security

1. When an Application transmitting sensitive data communicates over the Internet

with the Stock Brokers’ systems, it should be over a secure, encrypted channel to
prevent Man- In-The-Middle (MITM) attacks, for instance, an IBT or a Back office
communicating from a Customer’s web browser or Desktop with the Stock
Brokers’ systems over the internet, or intra or inter organizational communications.
Strong transport encryption mechanisms such as TLS (Transport Layer Security,
also referred to as SSL) should be used.
2. For Applications carrying sensitive data that are served as web pages over the
internet, a valid, properly configured TLS (SSL) certificate on the web server is
mandatory, making the transport channel HTTP(S).

80
3. Avoid the use of insecure protocols such as FTP (File Transfer Protocol) that can be
easily compromised with MITM attacks. Instead, adopt secure protocols such as
FTP(S), SSH and VPN tunnels, RDP (with TLS) etc.

Annexure C
Illustrative Measures for Application Authentication Security
1. Any Application offered by Stock Brokers to Customers containing sensitive,
private, or critical data such as IBTs, SWSTs, Back office etc. referred to as
“Application” hereafter) over the Internet should be password protected. A
reasonable minimum length (and no arbitrary maximum length cap or character
class requirements) should be enforced. While it is difficult to quantify password
“complexity”, longer passphrases have more entropy and offer better security in
general. Stock Brokers should attempt to educate Customers of these best practices.
2. Passwords, security PINs etc. should never be stored in plain text and should be
one-way hashed using strong cryptographic hash functions (e.g.: bcrypt, PBKDF2)
before being committed to storage. It is important to use one-way cryptographic
hashes to ensure that stored password hashes are never transformed into the
original plaintext values under any circumstances.
3. For added security, a multi-factor (e.g.: two-factor) authentication scheme may be
used (hardware or software cryptographic tokens, VPNs, biometric devices, PKI
etc.).
In case of IBTs and SWSTs, a minimum of two-factors in the authentication flow
are mandatory.
4. In case of Applications installed on mobile devices (such as smartphones and
tablets), a cryptographically secure biometric two-factor authentication mechanism
may be used.
5. After a reasonable number of failed login attempts into Applications, the
Customer’s account can be set to a “locked” state where further logins are not
possible until a password and authentication reset is performed via an out-of-band
channel validation, for instance, a cryptographically secure unique link that is sent
to the Customer’s registered e-mail, a random OTP (One Time Password) that is
sent as an SMS to the Customer’s registered mobile number, or manually by the
Broker after verification of the Customer’s identity etc.
6. Avoid forcing Customers to change passwords at frequent intervals which may
result in successive, similar, and enumerated passwords. Instead, focus on strong
multi-factor authentication for security and educate Customers to choose strong
passphrases. Customers may be reminded within reasonable intervals to update
their password and multi-factor credentials, and to ensure that their out-of-band
authentication reset information (such as e-mail and phone number) are up-to-
date.
7. Both successful and failed login attempts against a Customer’s account may be
logged for a reasonable period of time. After successive login failures, it is
81
 recommended that measures such as CAPTCHAs or rate-limiting be used in
Applications to thwart manual and automated brute force and enumeration attacks
against logins.

2.12 Reporting for Artificial Intelligence (AI) and Machine Learning (ML) applications
and systems offered and used by market intermediaries75

Background

1. There is increasing usage of AI (Artificial Intelligence) and ML (Machine

Learning) as product offerings by market intermediaries and participants (eg:
“robo advisors”) in investor and consumer facing products. SEBI is
conducting a survey and creating an inventory of the AI / ML landscape in the
Indian financial markets to gain an in-depth understanding of the adoption of such
technologies in the markets and to ensure preparedness for any AI / ML policies
that may arise in the future.
2. As most AI / ML systems are black boxes and their behavior cannot be easily
quantified, it is imperative to ensure that any advertised financial benefit
owing to these technologies in investor facing financial products offered by
intermediaries should not constitute to misrepresentation

Scope definition
3. Any set of applications / software / programs / executable / systems
(computer systems) –cumulatively called application and systems,
1. that are offered to investors (individuals and institutions) by market
intermediaries to facilitate investing and trading,
OR
2. to disseminate investments strategies and advice,
OR
3. to carry out compliance operations / activities,
where AI / ML is portrayed as a part of the public product offering or under
usage for compliance or management purposes, is included in the scope of this
circular. Here, “AI” / “ML” refers to the terms “Artificial Intelligence” and
“Machine Learning” used as a part of the product offerings. In order to
make the scope of this circular inclusive of various AI and ML technologies in
use, the scope also covers Fin-Tech and Reg-Tech initiatives undertaken by
market participants that involves AI and ML

4. Technologies that are considered to be categorized as AI and ML technologies

in the scope of this circular, are explained in Annexure B.

75
Reference Circular SEBI/HO/MIRSD/DOS2/CIR/P/2019/10 dated Jan 04, 2019
82
 Regulatory requirements

5. All registered Stock Brokers / Depository Participant offering or using applications

or systems as defined in Annexure B, should participate in the reporting process
by completing the AI / ML reporting form (see Annexure A).
6. With effect from quarter ending March 2019, registered Stock Brokers / Depository
Participant using AI / ML based application or system as defined in Annexure B,
are required to fill in the form(Annexure A) and make submissions on quarterly
basis within 15 calendar days of the expiry of the quarter.
7. Stock Exchanges and Depositories have to consolidate and compile a report, on AI
/ ML applications and systems reported by registered Stock Brokers/
Depository Participants in the reporting format (Annexure C) on quarterly
basis. The said report (Annexure C) shall be submitted in soft copy only at
[email protected] (for Stock Exchange) /[email protected] (for Depositories)to
SEBI within 30 calendar days of the expiry of the quarter, starting from quarter
ending March 2019.

Annexure A - Form to report on AI and ML technologies – To be submitted quarterly

Intimation to Stock Exchange / Depository for the use of the AI and ML
application and systems

S No. Head Value

1 Entity SEBI registration number
2 Registered entity category
3 Entity name
4 Entity PAN no.
5 Application / System name
6 Date from when the Application / System was
used
7 Type of area where AI or ML is used <order execution /
Advisory services / KYC /
AML / Surveillance /
compliance/others (please
specify in 256 characters)>
7.a Does the system involve order initiation, routing <Yes / NO>
and execution?
7.b Does the system fall under discretionary <Yes / NO>
investment or Portfolio management activities?
7.c Does the system disseminate invest mentor <Yes / NO>
trading advice or strategies?
83
 7.d Is the application/system used in area of Cyber <Yes / NO>
Security to detect attacks
7.e What claims have been made regarding AI and <free text field>
ML
Application / System – if any?
8 What is the name of the Tool / Technology that <free text field>
is categorized as AI and ML system /
Application and submissions are declared vide
this response
9 How was the AI or ML project implemented <Internally / through
solution provider / Jointly
with a solution provider or
third party>
10 Are the key controls and control points in your <free text field>
AI or ML application or systems in accordance
to circular of SEBI that mandate cyber security
control requirements
11 Is the AI / ML system included in the system <Yes / NO / NA>
audit, if applicable?
12 Describe the application / system and how it <free text field>
uses
AI / ML as portrayed in the product offering
13 What safeguards are in place to prevent <free text field>
abnormal
behavior of the AI or ML application / System

Annexure B–Systems deemed to be based on AI and ML technology

Applications and Systems belonging but not limited to following categories or
a combination of these:
1. Natural Language Processing (NLP), sentiment analysis or text mining systems that
gather intelligence from unstructured data –In this case, Voice to text, text to
intelligence systems in any natural language will be considered in scope. Eg: robo chat
bots, big data intelligence gathering systems.
2. Neural Networks or a modified form of it –In this case, any systems that uses a
number of nodes (physical or software simulated nodes) mimicking natural neural
networks of any scale, so as to carry out learning from previous firing of the
nodes will be considered in scope. Eg: Recurrent Neural networks and Deep
Learning Neural Networks
3. Machine learning through supervised, unsupervised learning or a combination of
both. In this case, any application or systems that carry out knowledge
representation to form a knowledge base of domain, by learning and creating its
outputs with real world input data and deciding future outputs based upon the
84
 knowledge base. Eg: System based on Decision tree, random forest, K mean, Markov
decision process, Gradient boosting Algorithms.
4. A system that uses statistical heuristics method instead of procedural algorithms
or the system / application applies clustering or categorization algorithms to
categorize data without a predefined set of categories
5. A system that uses a feedback mechanism to improve its parameters and bases
it subsequent execution steps on these parameters.
6. A system that does knowledge representation and maintains a knowledge base
Annexure C –Consolidated Quarterly Reporting Form

Consolidated Quarterly report to SEBI of all registered intermediaries with Stock

Exchange/ Depositories using AI and ML application and systems for the Quarter
Ended DD/MM/YYYY

To be filled if System Audit is

applicable
If system audit report is If system audit report
submitted by entity later is submitted with
than “date used from” adverse remarks and
Stock
Exchange/Depositorie
s is entitled
to inspect the entity
Entity Type of area Does system Is there Was the entity If
Ent Ent Applica Dat
registr where AI or ML audit report any inspected in inspect
ity ity tion e
ati on is used comply to adverse past 1 year ed was
na PA / use
numb me N Sy d circular no comment any
er
no. stem fro SEBI/HO/MI in
name m the irregula
RS
System rity
audit noted
report
D/DOS2/CIR
/P
/2019/10
dated January
4, 2019 of SEBI

<order <Yes / NO/> <Yes / <Yes / NO> <Yes /

execution / NO/> NO>
Advisory
services / KYC
/ AML /
Surveillance /
85
 compliance/ot
hers (please
specify in 256
characters)>

Add separate rows for each system or application.

2.13 Flashing a link to SCOREs on the dashboard of Demat Accounts76

1. A study was conducted under aegis of Quality Council of India (QCI) to
understand some of the root causes of grievances / complaints on securities market
related issues lodged on Centralised Public Grievance Redressal and Monitoring
System (CPGRAMS) portal and the measures suggested to address the issues
included providing a link to SCORES portal within Demat/Trading Account
Dashboard of the Clients/ investors to make it easier to lodge grievances.
2. The suggestion has been examined and it has been decided to implement the same.
Accordingly, stock exchanges and depositories are advised to issue necessary
directions to stock brokers/depository participants to ensure that the Demat /
Trading Account Dashboard of clients / investors provides a link to SCORES
portal.

2.14 Displaying of information regarding SEBI Complaint Redress System (SCORES) in

the website77

2.14.1 SEBI has commenced processing of complaints through SCORES since June,
2011.

2.14.2 With a view to make the complaint redressal mechanism through SCORES more
efficient, all Depository Participants are directed to display the following
information on their websites:

Filing complaints on SCORES – Easy & quick

a. Register on SCORES portal

b. Mandatory details for filing complaints on SCORES:
i. Name, PAN, Address, Mobile Number, Email ID
c. Benefits:
i. Effective communication
ii. Speedy redressal of the grievances
76
Reference: SEBI letter MIRSD2/DB/AEA/OW/2018/7292 dated March 07, 2018
77 SEBI Letter no. SEBI/MIRSD/16742/2019 dated July 03, 2019

86
2.14.3 Further, all the Depository Participants to include procedure for filing of
complaints on SCORES and benefits for the same in the welcome kit to be given
to the investors at the time of their registration with them.

2.14.4 The Depositories are advised to bring the contents to the notice of Depository
Participants for necessary action.

87
 SECTION 3: Issuer Related

3.1 Charges paid by Issuers 78,79

i. With effect from April 27, 2011 depositories may levy and collect the charges
towards custody from the issuers, on the basis of average no. of folios (ISIN
position) during the previous financial year, as per the details given below:

ii. Issuers to pay @ Rs.11.00 (*) per folio (ISIN position) in the respective depositories,
subject to a minimum as mentioned below:
Nominal value of admitted Annual Custodial Fee
securities (Rs.) payable by an Issuer to
each Depository (Rs.) (*)
Upto 5 crore 9,000
Above 5 crore and upto 10 crore 22,500
Above 10 crore and upto 20 crore 45,000
Above 20 crore 75,000
* Plus service tax as applicable

iii. The average no. of folios (ISIN positions) for an Issuer may be arrived at by
dividing the total number of folios for the entire financial year by the total number
of working days in the said financial year.

iv. Temporary ISIN shall not be considered for the purpose of computing the annual
issuer charges.

v. If the issuer fails to make the payment, Depositories may charge penal interest
subject to a maximum of 12% per annum.

3.2 Activation of ISIN in case of IPO and additional issue of shares/ securities

Depositories shall activate the ISINs only on the date of commencement of trading
on the stock exchanges in case of IPOs for both the equity and debt securities.80

78 Reference Circular MRD/DoP/SE/Dep/Cir-2/2009 dated February 10, 2009 and Circular

SEBI/MRD/SE/DEP/Cir-4/2005 dated January 28, 2005
79Reference Circular CIR/MRD/ DP/05/2011 dated April 27, 2011 and Circular CIR/MRD/DP/18/2015

dated December 09,2015

80 Reference Circular SEBI/MRD/DEP/Cir-2/06 dated January 19, 2006 and Circular CIR/MRD/DP/ 21
/2012 dated August 02, 2012 and DDHS email dated February 20, 2020
88
 i. Further, in order to curtail the transfer of additional issue of shares/ securities
including by way of further public offerings, rights issue, preferential allotment,
bonus issue etc of the listed company, prior to receipt of final listing / trading
approval, the depositories shall devise a mechanism so that such new securities
created shall be frozen till the time final listing/ trading permission is granted by
the exchange.81

ii. In order to achieve the above, the Depositories are advised to allot such additional
shares/securities under a new temporary ISIN which shall be kept frozen. Upon
receipt of the final listing/ trading permission from the exchange for such
additional shares/ securities, the shares/securities credited in the new temporary
ISIN shall be debited and the same would get credited in the preexisting ISIN for
the said security. Thereafter, the additional securities shall be available for trading.

iii. The stock exchanges are advised to provide the details to the depositories
whenever final listing / trading permission is given to securities. Further, in case of
issuance of equity shares by a company, listed on multiple stock exchanges, the
concerned stock exchanges shall synchronize their effective dates of listing /
trading approvals and intimate the same to depositories in advance.

iv. In similar lines, depositories are advised to follow similar process as provided
above even in case of units of REITs/InvITs as securities of a listed company.

3.3 Streamlining the Process of Rights Issue82

3.3.1 SEBI simplified the rights issue process to make it more efficient and effective,
by amending the SEBI (Issue of Capital and Disclosure Requirements)
Regulations, 2018 (“ICDR Regulations”) and SEBI (Listing Obligations and
Disclosure Requirements) Regulations, 2015 (“LODR Regulations”).
Accordingly, following changes are made with respect to the Rights Issue
process:

1.1 The period for advance notice to stock exchange(s) under Regulation 42(2) of
LODR Regulations has been reduced from at least 7 working days to at least
3 working days (excluding the date of intimation and the record date), for
the purpose of rights issue.

1.2 Issuance of newspaper advertisement disclosing date of completion of

dispatch and intimation of same to the stock exchanges for dissemination on
their websites, as per Regulation 84 (1) of ICDR Regulations, shall be

81 Reference Circular CIR/MRD/DP/24/2012 dated September 11, 2012

82Reference Circular SEBI/HO/CFD/DIL2/CIR/P/2020/13 dated January 22, 2020
89
 completed by the issuer at least 2 days before the date of opening of the
issue.

1.3 Introduction of dematerialized Rights Entitlements (REs) –

1.3.1 In the letter of offer and the abridged letter of offer, the issuer shall
disclose the process of credit of REs in the demat account and
renunciation thereof.
1.3.2 REs shall be credited to the demat account of eligible shareholders in
dematerialized form.
1.3.3 In REs process, the REs with a separate ISIN shall be credited to the
demat account of the shareholders before the date of opening of the
issue, against the shares held by them as on the record date.
1.3.4 Physical shareholders shall be required to provide their demat
account details to Issuer / Registrar to the Issue for credit of REs not
later than two working days prior to the issue closing date, such that
credit of REs in their demat account takes place at least one day
before the issue closing date.

1.4 Trading of dematerialized REs on stock exchange platform –

1.4.1 REs shall be traded on secondary market platform of Stock exchanges,

with T+2 rolling settlement, similar to the equity shares. Trading in
REs on the secondary market platform of stock exchanges shall
commence along with the opening of the issue and shall be closed at
least four days prior to the closure of the rights issue.
1.4.2 Investors holding REs in dematerialized mode shall be able to
renounce their entitlements by trading on stock exchange platform or
off-market transfer. Such trades will be settled by transferring
dematerialized REs through depository mechanism, in the same
manner as done for all other types of securities.

1.5 Payment mode - Application for a rights issue shall be made only through
ASBA facility.

1.6 No withdrawal of application shall be permitted by any shareholder after

the issue closing date.

3.3.2 The detailed procedures on the Rights Issue process are given at Annexure I for
due compliance.

90
3.3.3 These provisions shall be applicable for all rights issues and fast track rights
issue where Letter of Offer (LoF) is filed with the stock exchanges on or after
February 14, 2020.
3.3.4 All entities involved in the Rights Issue process are advised to take necessary
steps to ensure compliance with these provisions including the procedures
stated at Annexure I.

Annexure I

Procedures on the Rights Issue process

A. Application Form

a. The issuer shall dispatch a common application form to its

shareholders as on the record date. Along with application form, the
issuer shall also send the details of the rights entitlements of the
shareholder separately.
b. This application form can be used both by shareholder or renouncee.
c. Registrar to the issue shall also upload the application forms on its
website.
d. Applicants can use application form available on the website of
registrar to the issue or printed forms sourced from the issuer,
merchant bankers or registrars to the issue.
e. In terms of Regulation 78 of the ICDR Regulations, investor also has
option to make an application in writing on a plain paper.

B. Credit of Rights Entitlements (“REs”) in dematerialized form

a. The depositories shall put necessary procedures in place for issue and
credit of REs in demat mode.
b. The issuer making a rights issue of specified securities shall ensure
that it has made necessary arrangements with depositories to issue
and credit the REs in demat mode in the demat accounts of
shareholders holding shares as on the record date.
c. A separate ISIN shall be obtained by the issuer for credit of REs.
d. Issuer shall specify the ISIN for REs while announcing the record
date. However, for issues where the record date is announced before
February 14, 2020, and the letter of offer is filed with the stock
exchanges on or after February 14, 2020, the Issuer shall file the letter
of offer with the stock exchanges only after it has obtained ISIN for
REs.
91
 e. Based on the rights entitlement ratio, the issuer shall credit REs in
dematerialized mode through corporate action to shareholders
holding shares as on record date. The ISIN of REs shall be kept frozen
(for debit) in the depository system till the date of opening of the
issue.
f. Physical shareholders shall be required to provide their demat
account details to Issuer / Registrar to the Issue for credit of REs not
later than two working days prior to issue closing date, such that
credit of REs in their demat account takes place at least one day
before issue closing date.
g. In case of fractional entitlements of REs, the fractional part shall be
ignored by rounding down the entitlement.
h. The issuer shall submit details of total REs credited to the stock
exchanges immediately after completing the corporate action for the
same and shall obtain requisite trading approval from the stock
exchanges.
i. The details with respect to shareholder entitlement shall be made
available on the website of the Registrar to the issue and the investors
shall be able to check their respective entitlements on the website of
the Registrar by keying their details, after adequate security controls
to ensure that investors’ information is made available only to the
particular investor. Issuer shall also carry these links on their website.
j. If the demat account of a shareholder is frozen or demat account
details are not available, including shares held in unclaimed suspense
account or in the account of IEPF Authority, then REs shall be
credited in a suspense escrow demat account of the Company and an
intimation should be sent to such shareholder by the issuer /Registrar
to the issue.
k. The issuer shall intimate issue closing date to the depositories at least
one day before the issue closing date, and the depositories shall
suspend the ISIN of REs for transfers, from issue closing date.
l. REs which are neither renounced nor subscribed by the shareholders,
shall be lapsed after closure of the Rights Issue.
m. Issuer Company shall ensure that REs which are lapsed are
extinguished from the depository system once securities are allotted
pursuant to Rights Issue. Once allotment is done, the ISIN for REs
shall be permanently deactivated in the depository system by the
depositories.

C. Renunciation process and trading of REs on stock exchange platform:

92
 a. The stock exchanges shall put necessary procedures in place for
trading of REs on stock exchange platform.
b. REs credited to demat account can be renounced either by sale of REs
using stock exchanges platform or off-market transfer and such trades
will be settled by transferring dematerialized REs through depository
mechanism in the same manner as done for all other types of
securities.
c. For sale of REs through stock exchange, investors can place order for
sale of REs only to the extent of REs available in the demat account of
the investor. Trading in REs on the secondary market platform of
Stock exchanges will happen electronically on T+2 rolling settlement
basis where T being the date of trading. The transactions will be
settled on trade-for-trade basis.
d. Issuer shall inform the dates of issue opening and closing to the stock
exchanges and the depositories at the time of filing the letter of offer
with the stock exchanges.
e. Trading in REs shall commence on the date of opening of the issue
and shall be closed at least four days prior to the closure of rights
issue.

D. Submission of Application form in Rights Issue

a. All investors (including renouncee) shall submit application forms

using ASBA facility through the Self Certified Syndicate Banks (SCSB)
network during the issue period.
b. Investor shall submit only one application form for REs available in a
particular demat account.

E. Allotment process in the rights issue

a. Facility for correction of bid data as collated by the SCSBs after issue
closing shall be provided for period of one day i.e. on next working
day after issue closing.
b. Registrar shall obtain demographic details of all applicants from
depositories.
c. Registrar shall obtain details of holders of REs as on issue closing
date, from the depositories.
d. After reconciliation of valid ASBA applications, funds blocked and
REs demat holding list, the registrar shall finalise allocation of
securities offered through rights offering.
e. Registrar shall credit the shares to the respective demat accounts of
the applicants based on basis of allotment approved by the
93
 designated stock exchange and shall issue instructions to unblock
bank accounts wherever necessary.

3.4 Registrar and Share Transfer Agent

3.4.1 Appointment of a single agency for share registry work83

All work related to share registry pertaining in terms of both physical and electronic
shares shall be maintained at a single point i.e. either in-house by the company or by a
SEBI registered Registrar and Transfer Agent.

3.4.2 Inter-Depository transfers84

In case of inter-Depository transfers of securities, the Registrars shall communicate
the confirmation of such transfers within two hours, failing which such transfers
shall be deemed to have been confirmed. The Registrars shall not reject inter-
Depository transfers except where

i. A Depository does not have adequate balance of securities in its account or

ii. there is mismatch of transfer requests from the Depositories.

3.4.3 Common Registrars and Share Transfer agents85

Every company shall appoint the same Registrars and Share Transfer agents for
both the depositories.

3.4.4 Dematerialisation requests86

i. Registrars and Share Transfer agents shall accept partial dematerialisation

requests and will not reject or return the entire dematerialization request where
only a part of the request had to be rejected. In cases where a DP has already
sent information about dematerialisation electronically to a Registrar but
physical shares have not yet been delivered, the Registrar shall accept the demat
request and carry out dematerialization on an indemnity given by the DP and
proof of dispatch of document given by DP.

ii. It is clarified that the above provision shall be applicable to all the securities like
scrips, bonds, debentures, debenture stock or other marketable securities eligible

83 Reference Circular D&CC/FITTC/Cir-15/2002 dated December 27, 2002

84 Reference Circular no. SMDRP/Policy/Cir-28/99 dated August 23, 1999
85 Reference Circular SMDRP/Policy/Cir-28/99 dated August 23, 1999
86 Reference: D&CC/ 1099 / 2002 dated November 01, 2002

94
 to be held in dematerialised form in a depository as defined in Regulation 42 of
the SEBl (Depository and Participants) Regulations, 2018.

3.5 Mandatory admission of debt instruments on both the Depositories87

Debt instruments shall necessarily be admitted on both the Depositories.

3.6 Specifications related to International Securities Identification Number

(ISINs) for debt securities issued under the SEBI (Issue and Listing of
Debt Securities) Regulations, 200888

3.6.1 International Securities Identification Number (ISINs):

3.6.1.1 A maximum number of 17International Securities Identification Numbers
(ISINs) maturing in any financial year shall be allowed. Additionally 12
ISINs shall also be available for the issuance of the capital gains tax
debt securities by the authorized issuers under section 54EC of the Income
Tax Act 1961 on private placement basis.
3.6.1.2 Out of 17 ISINs maturing in a financial year, the bifurcation of ISINs
shall be as under:
i. A maximum of 12 ISINs maturing per financial year shall be allowed
only for plain vanilla debt securities. Further, within these 12 ISINs,
the issuer can issue both secured and unsecured debt securities
ii. A maximum of 5 ISINs (i.e. for structured debt securities such as debt
securities with call and/or put option, etc.)maturing per financial year
shall be allowed only for structured products/market linked debt
securities issued under the SEBI circular Cir/IMD/DF/17/2011dated
September 28, 2011, relating to issue and listing of structured/market
linked debt securities.
3.6.1.3 An issuer issuing only structured/market linked debt securities, may utilise
the entire bucket of 12 ISINs in a financial year only for structured/market
linked debt securities. However, in such a scenario, the additional 5 ISINs as
mentioned in paragraph 3.6.1.2ii above shall not be available to an issuer
for utilization, either for structured debt securities or for plain vanilla
debt securities.
3.6.1.4 In case of structured /market linked debt securities which have embedded
options viz. call and/or put option, the maturity of ISINs shall be
reckoned on basis of original maturity date of debt securities.
For example, if a structured debt securities having maturity of 5 years,
which is callable after 3 years and thereafter every year until its

87Reference Circular D&CC/FITTC/Cir-13/2002 dated November 1, 2002 and Circular

MRD/DoP/SE/Dep/Cir-36/04 dated October 27, 2004
88
Reference Circular CIR/IMD/DF-1/67/2017 dated June 30,2017
95
 redemption, then the debt securities shall be grouped in the bucket of 5
years maturity period which is its original maturity period even though it
may be callable after a period of 3 years.
3.6.1.5 The provisions of this circular shall be applicable for debt securities
issued in the financial year (FY) 2017-18 i.e. after the date of this circular
and shall not be applicable to the ISINs maturing in respect of the debt
securities issued prior to the FY 2017-18. However, post FY 2017-18,
whatever issuances are made by the issuer, the issues shall be grouped and
consolidated under the ISIN maturing in the same FY.

3.6.2 Exemptions from applicability of ISINs:

The following classes of debt securities issued for raising regulatory capital
are exempted from the applicability of provisions of this circular:

3.6.2.1 Tier II bonds issued by Housing Finance Companies (HFCs), the

maturity period of which is not less than five years issued as per “Master
Circular-The Housing Finance Companies (NHB) Directions, 2010” dated
July 01, 2016;
3.6.2.2Tier II bonds issued by the standalone Primary dealers, with minimum
maturity of five years issued as per “Standalone primary Dealers (Reserve
Bank) Directions, 2016”dated August 25, 2016;
3.6.2.3 Subordinated debt issued by insurance companies, which is either
perpetual or the maturity period of which is not less than ten years for
life, general and reinsurance companies and seven years for health
insurance companies issued as per the “IRDAI (Other forms of Capital)
Regulations, 2015” dated November 13, 2015;
3.6.2.4 Additional Tier 1 bonds, which are perpetual, issued by banks under Basel
III norms and Tier II bonds, having minimum maturity period of five
years, issued by banks under the Basel III norms as per the “Master
Circular-Basel III Capital Regulations” dated July 01, 2015.
3.6.2.5 Bonds issued by banks to raise resources for lending to long term
infrastructure sub-sectors and affordable housing, which have a minimum
maturity of seven years issued as per RBI circular dated July 15, 2014 on
“Issue of Long Term bonds by banks-Financing of infrastructure and
affordable housing”.
3.6.2.6 Perpetual debt instrument issued by Systemically Important Non-Deposit
taking Non-Banking Financial Companies issued as per RBI circular
dated October 29, 2008 on “Enhancement of NBFCs’ capital raising option
for capital adequacy purposes”;
3.6.2.7 Tier II bonds issued by Non-Systemically Important Non-Deposit taking
Non-Banking Financial Company issued as per RBI“ Master Direction-
Non-Banking Financial Company-Non-Systemically Important Non-
96
 deposit taking Company (Reserve Bank) Directions, 2016”dated
September 01, 2016.

3.6.3 Mechanism for honouring debt obligations arising out of capping of ISINs :
3.6.3.1 An issuer may honour its debt obligations/liabilities, arising out of
such ISIN restriction, in the manner as deemed feasible to them i.e. the
issuer can make staggered repayments or bullet maturity re-payments or in
any other manner deemed so.
3.6.3.2 An issuer may offer different type of payment options to different category
of investors subject to such disclosures being made in the information
memorandum in order to manage their asset liability mismatch.
For e.g. an insurance company may be offered staggered redemption,
however mutual fund may be offered bullet payment.
3.6.3.3 Also, in case of any modification in terms or structure of the issue viz.
change in terms of payment, change in interest pay-out frequency etc. the
issuer may make such modification by following procedure as has been laid
out in Regulation 59 of the SEBI (Listing Obligations and Disclosure
Requirements) Regulations, 2015.
3.6.3.4 Record Date: There may be cases where multiple record dates would arise
on account of staggered payment or other cases viz. frequency of payment
etc. In such a case, when announcing multiple record dates, the issuer has
to disclose clearly to the stock exchanges the basis of payment to the
investors viz. pro-rata, first cum basis etc.

3.6.4 Time limit for carrying out necessary changes to the Articles of Association
(AOA)/charter/constitution of the issuer:
In order to comply with the provisions of clause (a) of Regulation 20A of the SEBI
(ILDS) regulations, the issuer shall have a time period of six months from the date
of this circular to make an enabling provision in its Articles of Association to carry
out consolidation and re-issuance of debt securities.

3.6.5 Reporting and Monitoring:

3.6.5.1 Issuers:
i. All the issuers who have made private placement of debt securities
under the SEBI (Issue and Listing of Debt Securities) Regulations, 2008,
shall within fifteen working days of issue of this circular submit a
statement containing data in the format as prescribed below:

Nam ISIN Issuanc Maturit Coupo Payment Embedde Amoun Amount

e of numbe e date y date n rate frequenc d option if t issued outstandin
the r y any g

97
issue
r

ii. Also, an issuer shall within fifteen working days from the end of every half
year, submit a statement, to the recognized stock exchange, where its debt
securities are listed, as well as to the depository containing data in the
format as prescribed above.
iii. In case there is any modification in terms or structure of the issue viz.
change in terms of payment, change in interest pay-out frequency etc.as
specified in paragraph 3.6.3.3 above, the issuer shall, forthwith, inform the
same to the depository.
iv. An issuer shall within thirty working days from end of six months from the
date of this circular submit a confirmation certificate to Stock Exchanges
with respect to compliance with para 3.6.4 above.

3.6.5.2 Depositories:
i. Upon receipt of the report as specified in paragraph3.6.5.1ii and
3.6.5.1iii above, the depository shall upload the same on the
centralized database for corporate bonds/debentures as per SEBI circular
CIR/IMD/DF/17/2013 dated October 22, 2013 as well as the Integrated
trade Repository for corporate bonds.
ii. The RSE shall within five working days of the expiry of the period as
specified in paragraph 3.6.5.1ii above, send the reports received by it to
the depositories for the purposes of their reconciliation.
iii. The depositories shall thereafter within five working days of receipt of
reports from the recognised stock exchanges, send a status report to the
latter regarding utilization of ISINs by the issuers.

Based on the queries and representations received from time to time, certain
clarifications are issued:89
i. It is clarified that structured products/market linked debt securities as
mentioned in paragraph 3.6.1.2ii of the master circular refer to the
structured products/market linked debentures as per the SEBI circular
Cir/IMD/DF/17/2011 dated September 28, 2011.
ii. With respect to paragraph 3.6.1.3 of the master circular, it is clarified that
in case of debt securities, where call and/or put option is exercised, the
issuer, if so desires, may issue additional debt securities for the balance
period viz. remaining period of maturity of earlier debt securities. For
example, if an issuer has issued debt securities in the month of August 2017

89
Reference circular CIR/DDHS/P/59/2018 dated March 28, 2018
98
 having maturity period of three years and callable after one year, then in
such a scenario if the call option is exercised in the month of August 2018,
then for the balance two years period viz (September 2018-August 2020) the
issuer may issue additional debt securities maturing in August 2020, under
the same ISIN.
Provided that the aforesaid additional issue shall be subject to the
condition that the aggregate count of outstanding ISINs maturing in the
financial year in which the original issue of debt securities (bearing call
and/or put option) is due for expiring, shall not exceed the prescribed
limit of ISINs.
iii. With respect to paragraph 3.6.1.5 of the master circular, it is clarified that
for all the debt securities issued in the financial year (FY) 2017-18 on or
after July 01, 2017, all the ISINs corresponding to these issues, maturing in
any financial year, shall adhere to the limit of 12/5 ISINs.
iv. Additionally, it may be noted that in case of conversion of partly paid debt
securities to fully paid debt securities, such conversion shall not be
counted as an additional ISIN under paragraph 3.6.1.2 of the master
circular.
v. With respect to Paragraph 3.6.2 of the master circular, it is clarified that
the exemption as granted under paragraph 3.6.2.5 of the master circular
shall also be available to All India Term Lending and Refinancing
Institutions (AITLRI) as notified by RBI and Infrastructure Debt Funds
registered as Non-Banking Finance Companies subject to them issuing
debt securities with minimum five years maturity.
vi. All the exemption from the applicability of ISIN circular, as have been
outlined in paragraph 3.6.2 of the master circular and paragraph v above
shall be available only till June 30, 2020 and shall not continue beyond
that period. Thus, no exemption from the applicability of ISIN circular
shall be available to any issuer for debt securities issued on or after July 01,
2020.
It is further clarified that for the class of entities, mentioned in paragraph
3.6.2 of the master circular and paragraph v above, for whom exemption is
available, the said exemption shall be applicable only from paragraph 3.6.1
and 3.6.3 of the master circular.
vii. With respect to paragraph 3.6.3 of the master circular, it is clarified that
the issuer shall, while making an issue of debt securities, disclose
upfront in the Information Memorandum/Disclosure Document that
further issuances may be made under the same ISIN. However, if such a
disclosure is not made by the issuer then compliance shall have to be
made with regulation 59 of the SEBI (Listing Obligations and
Disclosure Requirements) Regulations, 2015.

99
 viii. With respect to paragraph 3.6.5.1ii of the master circular, it is clarified that
the statement to be submitted to the stock exchanges shall be submitted
half yearly on the basis of the financial year i.e. latest by April 15 and
October 15 of each financial year.

3.7 American Depository Receipts (ADRs)/Global Depository Receipts (GDRs)

3.7.1 Delivery of underlying shares of GDRs/ADRs in dematerialised form90

Underlying shares of GDRs/ADRs shall be compulsorily delivered in

dematerialised form. Pursuant to RBI directions in this regard, a non-resident
holder of ADRs/GDRs issued by a company registered in India, on surrender of
such ADRs/GDRs, can acquire the underlying shares when such shares are
released by the Indian Custodian of the ADR/GDR issue. Further, the company
whose shares are so released, or a Depository shall enter in the register or books,
wherein such securities are registered or inscribed, an address outside India of the
non-resident holder of shares.

3.7.2 Tracking of underlying shares of GDRs/ADRs91

To ensure easy tracking of the underlying shares released on conversion of the

“depositories receipts” all such shares shall be credited to a separate Depository
Receipts (DRs) account of the respective investor. In this regard, Depositories shall
ensure that the following information is provided to the domestic custodian
holding the underlying shares on a regular basis:

i. Total number of shares at the beginning of the month

ii. Number of shares transferred into the account (credited) during the month
iii. Number of shares transferred out of the account (debited) during the month.
iv. Balance at the end of the month.

This service can be availed of only by foreign investors other than the OCBs.

3.8 Framework for issue of Depository Receipts (DRs)92

90 Reference Circular SMDRP/Policy/Cir-9/99 dated May 6, 1999

91Reference Circular D&CC/FITTC/Cir-09/2002 dated July 4, 2002 and Circular D&CC/FITTC/Cir-

10/2002 dated September 25, 2002
92
SEBI/HO/MRD/DOP1/CIR/P/2019/106 dated October 10, 2019,
SEBI/HO/MRD2/DCAP/CIR/P/2019/146 dated November 28, 2019 and
SEBI/HO/MRD/DCAP/CIR/P/2020/190 dated October 01, 2020
100
3.8.1 There are three circulars pertaining to aforesaid subject viz.
SEBI/HO/MRD/DOP1/CIR/P/2019/106 dated October 10, 2019,
SEBI/HO/MRD2/DCAP/CIR/P/2019/146 dated November 28, 2019 and
SEBI/HO/MRD/DCAP/CIR/P/2020/190 dated October 01, 2020.

3.8.2 Reference is drawn to Section 41 of the Companies Act, 2013, Companies

(Issue of Global Depository Receipts) Rules, 2014 (‘GDR Rules’), the
Depository Receipts Scheme, 2014 (‘DR Scheme’), Reserve Bank of India
(‘RBI’)notification dated December 15, 2014, Central Government notification
dated September 18, 2019 and Central Government notification dated October
07, 2019.

3.8.3 Only ‘a company incorporated in India and listed on a Recognized Stock

Exchange in India’ (‘Listed Company’) may issue Permissible Securities or
their holders may transfer Permissible Securities, for the purpose of issue of
DR, subject to compliance with the following requirements:

Eligibility
i. Listed Company is in compliance with the requirements prescribed under
SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015
and any amendments thereof.
ii. Listed company shall be eligible to issue Permissible Securities, for the
purpose of issue of DRs, if:
(a) the Listed Company, any of its promoters, promoter group or directors or
selling shareholders are not debarred from accessing the capital market by
SEBI;
(b) any of the promoters or directors of the Listed Company is a promoter or
director of any other company which is not debarred from accessing the
capital market by SEBI;
(c) the listed company or any of its promoters or directors is not a wilful
defaulter;
(d) any of its promoters or directors is not a fugitive economic offender.

iii. Existing holders shall be eligible to transfer Permissible Securities, for the
purpose of issue of DRs, if:
(a) the Listed Company or the holder transferring Permissible Securities are not
debarred from accessing the capital market by SEBI;
(b) the Listed Company or the holder transferring Permissible Securities is not a
wilful defaulter;
(c) the holder transferring Permissible Securities or any of the promoters or
directors of the Listed Company are not a fugitive economic offender.

101
 Explanation 1: The restrictions at Paragraph (ii) and (iii) above shall not
apply to the persons or entities mentioned therein, who were debarred in the
past by SEBI and the period of debarment is already over as on the date of
filing of the document as referred at Paragraph (xiii).

Explanation 2: DR means a foreign currency denominated instrument, listed

on an international exchange, issued by a foreign depository in a permissible
jurisdiction on the back of permissible securities issued or transferred to a
domestic custodian and includes ‘global depository receipt’ as defined in
section 2(44) of the Companies Act, 2013.

Explanation 3: ‘Foreign Depository’ means a person which:

(a) is not prohibited from acquiring permissible securities;
(b) is regulated in any of the Permissible Jurisdiction as defined here; and
(c) has legal capacity to issue DRs in the Permissible Jurisdiction where issue
of DRs is proposed.

Explanation 4: ‘transfer of permissible securities by existing holders’ means

deposit of existing Permissible Securities of the Listed Company with a
Domestic Custodian, for the purpose of issue of DRs, pursuant to formal
agreement(s) among the Listed Company and the Foreign Depository. For
this purpose, the Listed Company may also enter into arrangement(s) with,
Indian Depository, Domestic Custodian and existing Permissible Securities
holder(s), as may be necessary.

iv. For the purpose of an initial issue and listing of DRs, pursuant to ‘transfer by
existing holders’, the Listed Company shall provide an opportunity to its
equity shareholders to tender their shares for participation in such listing of
DRs.

v. Subsequent issue and listing of DRs, pursuant to ‘transfer by existing

shareholders’ may take place subject to the limits approved pursuant to a
special resolution in terms of GDR Rules.

vi. A company proposing to make a public offer and list on a Recognized Stock
Exchange, and also simultaneously proposing to issue Permissible Securities
or transfer Permissible Securities of existing holders, for the purpose of issue
of DRs and listing such DRs on an International Exchange, may seek in-
principle and final approval from Recognized Stock Exchange as well as
International Exchange. However, such issue or transfer of Permissible
Securities for the purpose of issue of DRs shall be subsequent to, the receipt
of trading approval from the Recognized Stock Exchange for the public offer.
102
 Permissible Jurisdictions and International Exchanges
vii. Listed Company shall be permitted to issue Permissible Securities or transfer
Permissible Securities of existing holders, for the purpose of issue of DRs,
only in Permissible Jurisdictions and said DRs shall be listed on any of the
specified International Exchange(s) of the Permissible Jurisdiction.

Explanation 1: ‘Permissible Jurisdiction’ shall mean jurisdictions as may be

notified by the Central Government from time to time, pursuant to
notification no. G.S.R. 669(E) dated September 18, 2019 in respect of sub-rule
1 of rule 9 of Prevention of Money-Laundering (Maintenance of Records)
Rules, 2005.

Explanation 2: ‘International Exchange(s)’ shall mean exchange(s) as may be

notified by SEBI from time to time.

The Central Government vide notification dated November 28, 2019, notified
the list of Permissible Jurisdictions in pursuance of notification dated
September 18, 2019. Accordingly, for the purpose of Para vii above, a list of
Permissible Jurisdictions and International Exchange(s) is placed at
Annexure A.

Annexure A
List of Permissible Jurisdictions and International Exchanges

1. United States of America - NASDAQ, NYSE

2. Japan - Tokyo Stock Exchange
3. South Korea - Korea Exchange Inc.
4. United Kingdom excluding British Overseas Territories- London Stock
Exchange
5. France - Euronext Paris
6. Germany - Frankfurt Stock Exchange
7. Canada - Toronto Stock Exchange
8.International Financial Services Centre in India - India International
Exchange, NSE International Exchange

viii. Listing of DRs on specified International Exchange shall meet the highest
applicable level / standards for such listing by foreign issuers.

Explanation: Examples of DR listing programs that would qualify for the aforesaid
criteria:

103
 Issuer-sponsored Level III ADR programs listed on Nasdaq or the NYSE, DRs listed
on the Main Board of the Hong Kong Stock Exchange, Global Depositary Receipts
admitted to the Standard Segment of the Official List of the FCA and to trading on
the London Stock Exchange.

Obligations of Listed Company

ix. Listed Company shall ensure compliance with extant laws relating to
issuance of DRs, including, requirements prescribed here, the Companies
Act, 2013, the Foreign Exchange Management Act, 1999 (‘FEMA’), Prevention
of Money-Laundering Act, 2002, and rules and regulations made thereunder.
For this purpose, Listed Company may also enter into necessary
arrangements with Custodian, Indian Depository and Foreign Depository.

x. Listed Company shall ensure that DRs are issued only with Permissible
Securities as the underlying.
Explanation: ‘Permissible Securities’ shall mean equity shares and debt
securities, which are in dematerialized form and rank pari passu with the
securities issued and listed on a Recognized Stock Exchange.

xi. Listed Company shall ensure that the aggregate of Permissible Securities
which may be issued or transferred for the purpose of issue of DRs, along
with Permissible Securities already held by persons resident outside India,
shall not exceed the limit on foreign holding of such Permissible Securities
under the applicable regulations of FEMA:

Provided that within the above limit, the maximum of aggregate of

Permissible Securities which may be issued by the Listed Company or
transferred by the existing holders, for the purpose of issue of DRs, shall be
such that the Listed Company is able to ensure compliance with the
minimum public shareholding requirement, after excluding the Permissible
Securities held by the depository for the purpose of issue of DRs.

xii. Listed Company shall ensure that the agreement entered with the Foreign
Depository, for the purpose of issue of DRs, provides that the Permissible
holder, including its Beneficial Owner(s), shall ensure compliance with
holding limits prescribed under Paragraph (xix).

xiii. Listed Company shall, through an intermediary, file with SEBI and the
Recognized Stock Exchange(s), a copy of the initial document, by whatever
name called, for initial issue of DRs issued on the back of Permissible
Securities.

104
 (a) SEBI shall endeavor to forward its comments, if any, to the Recognized Stock
Exchange(s) within a period of 7 working days from the receipt of the
document and in the event of no comments being issued by SEBI within such
period, it shall be deemed that SEBI does not have comments to offer.

(b) Recognized Stock Exchange(s) shall take into consideration the comments of
SEBI while granting in-principle approval to the Listed Company and decide
on the approval within 15 working days of receipt of application and
required documents.

Further, final document for such initial issue shall be filed with Recognized
Stock Exchange(s) and SEBI for record purpose.

xiv. Listed Company shall ensure that any public disclosures made by the Listed
Company on International Exchange(s) in compliance with the requirements
of the Permissible Jurisdiction where the DRs are listed or of the
International Exchange(s), are also filed with the Recognized Stock Exchange
as soon as reasonably possible but not later than twenty-four hours from the
date of filing.

Permissible holder
xv. Permissible holder means a holder of DR, including its Beneficial Owner(s),
satisfying the following conditions:

(a) who is not a person resident in India;

(b) who is not a Non-Resident Indian (NRI)

Explanation 1:‘Beneficial Owner’ shall have the same meaning as provided in

proviso to sub-rule 1 of rule 9 of Prevention of Money-Laundering
(Maintenance of Records) Rules, 2005, as amended by the Central
Government vide notification no. G.S.R. 669(E) dated September 18, 2019.

Explanation 2: The Permissible holder, including its Beneficial Owner(s), shall

be responsible for ensuring compliance with this requirement.

Voting rights
xvi. Listed Company shall ensure that the agreement entered between the holder
of DRs, the Listed Company and the Depository provides that the voting
rights on Permissible Securities, if any, shall be exercised by the DR holder
through the Foreign Depository pursuant to voting instruction only from
such DR holder.

105
 Pricing
xvii. In case of a simultaneous listing of, Permissible Securities on Recognised
Stock Exchange(s) pursuant to a public offer / preferential allotment /
qualified institutions placement under Securities and Exchange Board of
India (Issue of Capital and Disclosure Requirements) Regulations, 2018,
and DRs on the International Exchange, the price of issue or transfer of
Permissible Securities, for the purpose of issue of DRs by Foreign
Depository, shall not be less than the price for the public offer /
preferential allotment / qualified institutions placement to domestic
investors under the applicable laws.

xviii. Where Permissible Securities are issued by a Listed Company or

‘transferred by the existing holders’, for the purpose of issue of DRs by the
Foreign Depository, the same shall be issued at a price, not less than the
price applicable to a corresponding mode of issue of such Permissible
Securities to domestic investors under the applicable laws.

Obligations of Indian Depository, Foreign Depository and Domestic

Custodian
xix. Indian Depositories, in consultation with each other, shall develop a system
to ensure that aggregate holding of DR holders along with their holding, if
any, through offshore derivative instruments and holding as a Foreign
Portfolio Investor belonging to same investor group shall not exceed the limit
on foreign holding under the FEMA and applicable SEBI Regulations. For
this purpose, Indian Depositories shall have necessary arrangement with the
Domestic Custodian and / or Foreign Depository.

Based on discussion with market participants, the broad operational

guidelines for the above purpose are placed at Annexure below. Indian
Depositories, in consultation with each other and market participants, may
prescribe the formats and other details, as may be necessary to operationalize
the above.

Explanation- For the purposes of Paragraph (xix), the term ‘investor group’
shall have the meaning as prescribed to such term in the Securities and
Exchange Board of India (Foreign Portfolio Investors) Regulations, 2019 or
amendments thereof.

xx. Domestic Custodian shall maintain records in respect of, and report to,
Indian depositories all transactions in the nature of issue and cancellation of
depository receipts, for the purpose of monitoring limits.

106
 xxi. Indian Depositories shall coordinate among themselves and with Domestic
Custodian to disseminate:
(a) the outstanding Permissible Securities against which the DRs are
outstanding; and,
(b) the limit up to which Permissible Securities can be converted to DRs.

xxii. The Foreign Depository shall not issue or pre-release the DRs unless the
Domestic Custodian has confirmed the receipt of underlying Permissible
Securities.

3.8.4 Words and expressions used and not defined here but defined in the DR
Scheme, Securities Contracts (Regulation) Act, 1956 or the Securities and
Exchange Board of India Act, 1992 or the Depositories Act, 1996 or the
Companies Act, 2013 or the Reserve Bank of India Act, 1934 or the Foreign
Exchange Management Act, 1999 or Prevention of Money-Laundering Act,
2002, and rules and regulations made thereunder shall have the meanings
respectively assigned to them, as the case may be, in those Acts, unless the
context requires otherwise.

Power to remove difficulties

3.8.5 In case of any difficulties in the application or interpretation or to relax strict
enforcement of the aforesaid requirements, the Board may issue clarifications
through guidance notes or circulars after receipt of request from the issuer.

3.8.6 The above provisions shall be applicable only to DR issuance by a Listed

Company after the effective date i.e. October 10, 2019.

Annexure

1. Listed Company shall appoint one of the Indian Depository as the Designated
Depository for the purpose of monitoring of limits in respect of Depository Receipts.

2. The Designated Depository in co-ordination with Domestic Custodian, other

Depository and Foreign Depository (if required) shall compute, monitor and
disseminate the Depository Receipts (DRs) information as prescribed in the framework.
The said information shall be disseminated on website of both the Indian Depositories.
For this purpose, the Designated Depository shall act as a Lead Depository and the
other depository shall act as a Feed Depository.

3. Domestic Custodian shall:

107
 i. Provide one-time details of DRs in the format and manner as may be prescribed by
the Indian Depositories.

ii. Provide the requisite information as may be prescribed by Designated Depository

for the purpose of computation of information in respect of Depository Receipts as
and when requested.

iii. Ensure that the underlying permissible securities, pertaining to a listed company,
against which DRs are issued in the Permissible Jurisdiction, are held in a demat
account, under a separate Type & Sub-Type as prescribed by the Indian
Depositories for the purpose of issue of DRs.

iv. Provide certificate / declaration / information, to the Designated Depository in the

prescribed format upon termination/cancellation of DR program. For this, the
issuer or Foreign Depository shall be required to report such termination /
cancellation to the Domestic Custodian.

4. Procedure for the purpose of monitoring of limits

i. The Designated Depository shall forward the list of such companies (ISINs) for
which it will be monitoring the DR issuance to Feed Depository. For any addition
or deletion of ISINs, the Designated Depository shall communicate to the Feed
Depository regarding the same through Incremental information sent on a periodic
basis.

ii. Feed Depository shall provide the ISIN wise demat holdings of investors tagged
with separate sub-type to the Designated Depository on a daily basis.

iii. The Designated Depository shall ascertain the details of holdings pertaining to
Foreign Depository lying under demat account(s) tagged under such separate Type
& Sub-Type as well as other investors with ‘DR’ sub type held at both depositories
and consolidate such holdings to arrive at the outstanding Permissible Securities
against which the DRs are outstanding.

iv. Calculation of headroom i.e. ‘the limit up to which Permissible Securities can be
converted to DRs’, may be undertaken in the following manner:
108
 Particulars

(A) Number of DRs originally issued including corporate action

(B) Outstanding Permissible Securities against which the DRs are

outstanding

(C) Re-issuance approval granted by Domestic Custodian

(unutilized) at End of Day

Headroom = A – the limit up to which Permissible Securities can be converted

(B + C) to DRs

v. The Indian Depositories shall exchange with each other their respective list of
companies, for dissemination of DR headroom related information, which shall be
consolidated by both depositories and thereafter published on their respective
websites.

5. Re-issuance mechanism

i. For the purpose of re-issuance of permissible securities, a Foreign Investor shall

request SEBI registered Broker with requisite quantity of securities (based on
available headroom) required for re-issuance of depository receipts which shall be
forwarded to the Domestic Custodian.

ii. Based on last available headroom disseminated by Designated Depository, the

Domestic Custodian shall grant approval (T- day where T is date of approval
granted by Domestic Custodian) to such request received from SEBI registered
Broker for re-issuance purpose which shall be valid for a period of 3 trading days
(T+3) from the date of approval of request granted by Domestic Custodian.

iii. The Domestic Custodian shall report such request approvals along with requisite
quantity granted to Designated Depository on same day (i.e. T day) and based on
which the Designated Depository shall block the quantity for the purpose of
calculation of Headroom.

109
 iv. The Domestic Custodian shall report the status of utilisation of such approved
request to the Designated Depository upon receipt of securities in the demat
account of Foreign Depository for the purpose of calculation of Headroom. The
domestic custodian shall report the final utilisation status of such approved request
with respect to receipt of securities on D+1 basis (where D is a date of credit of
security in the Foreign Depository’s account) before such time as may be
prescribed by Designated Depository. In case of non-receipt of securities within the
specified timeline, Custodian shall unblock the requisite quantity of approval
granted and report the same to Designated Depository.

6. Monitoring of Investor group limits

i. FPI shall report the details of all such FPIs forming part of the same investor group
as well as Offshore Derivative Instruments (ODI) subscribers and / or DR holders
having common ownership, directly or indirectly, of more than fifty percent or on
the basis of common control, to its Designated Depository Participant (DDP). The
investor group may appoint one such FPI to act as a Nodal entity for reporting the
aforesaid grouping information to its DDP in the format enclosed at Annexure A.
Further, such Nodal FPI shall report the investment holding in the underlying
Indian security as held by ODI subscriber and / or as DR holder, including
securities held in the Depository Receipt account upon conversion (‘DR conversion’
account), to its Domestic Custodian on a monthly basis (by the 10th of every
month) in the format enclosed at Annexure B. Similarly, the FPIs who do not
belong to the same investor group shall report such investment holding details in
the underlying Indian security as ODI subscriber and / or as DR holder, including
securities held in the ‘DR conversion’ account, to its Custodian in the aforesaid
format on a monthly basis (by 10th of the month).

ii. The DDP shall report FPI grouping information as reported by Nodal FPI to such
Indian Depository (by 17th of the month) where FPI group demat accounts are held
in the manner and format as specified by such Indian Depository. Similarly, the
Custodian of Nodal entity (who also happen to be the DDP) shall report the
investment holdings in the underlying Indian security as held by the ODI
subscriber and / or DR holder in respect of the aforesaid FPI group on monthly
basis to such Indian Depository (by 17th of the month) where FPI group demat
accounts are held in the manner and format as specified by such Indian Depository.

110
 iii. The Depository which monitors the FPI group limits shall club the investment
pertaining to DR holding, ODI holding and FPI holding of same investor group
and monitor the investment limits as applicable to FPI group in a Listed Indian
company on a monthly basis. However, in respect of FPIs which do not belong to
the same investor group, responsibility of monitoring the investment limits of FPI
shall be with the respective DDP / Custodian. The Custodian of such FPIs not
forming part of investor group shall club the investment as held by FPIs as well as
investment as held by such FPI in the capacity of ODI subscriber and / or DR
holder and monitor the investment limits as applicable to single FPI. In case where
the investment holding breaches the prescribed limits, the Indian Depository /
Custodian, as the case may be, shall advise the concerned investor / investor
group, to divest the excess holding within 5 trading days similar to requirement
prescribed under SEBI Circular dated November 05, 2019 on ‘Operational
Guidelines for FPIs & DDPs under SEBI (Foreign Portfolio Investors), Regulations
2019 and for Eligible Foreign Investors.

Annexure – A

Sr. Name Registrati Name of Type of Registrati LEI No. If ODI Jurisdi
N of on No. of FPI / Client on No. of of entity subscrib c tion
o. reporti Reporting ODI viz. FPI FPI mention er, /
ng FPI FPI Subscrib or ODI mentione ed at please Count
(Nodal (Nodal er with subscrib d at Column mention ry of
Entity) Entity) whom er or DR Column D (for name of entity
mentione the holder D ODI dealing menti
d in applican subscrib FPI on ed
column B t shares, er or DR at
ownersh holder) Colum
ip of nD
more
than
50%
common
control
A B C D E F G H I

111
 Annexure – B

Sr. Name Registrat Name of LEI ISIN ISIN Quantit Value As on

No of io n No. ODI No. of of the Descrip y of of date
. reporti of Subscrib ODI Indian ti on or securiti securit (DD-
ng Reportin er or DR subscri Securit name es held ie s MM
FPI g FPI holder b er or y of the (in ratio held M-
(Noda (Nodal having DR securit as YYYY
l Entity) investme holder y being )
Entity) mention nt in mentio held in
ed in Indian n ed at India)
column Securitie Colum
B s nD
through
ODI or
DR route
A B C D E F G H I J

Note
1. Reference ISIN No. – ISIN of the underlying Indian Security (ISINs issued by NSDL for
underlying security).
2. The quantity of securities in the requisite ISIN / or Indian Security shall be reported in
the ration as being held in India.
3. The securities shall be reported as at the end of the month.
4. For the purpose of valuation, the closing price of such security as at the end of the
month in India be considered for the computation of value of securities held.

3.9 Issuance, listing and trading of Perpetual Non-Cumulative Preference Shares

(PNCPS) and Innovative Perpetual Debt Instruments (IPDIs)/ Perpetual Debt
Instruments (PDIs) (commonly referred to as Additional Tier 1 (AT 1)
instruments)93

3.9.1 Perpetual Non-Cumulative Preference Shares (PNCPS’) and Innovative Perpetual

Debt Instruments (IPDIs) / Perpetual Debt Instruments (PDIs) (commonly referred
to as AT 1 instruments) are essentially non-equity regulatory instruments, forming
part of a bank’s capital, governed by Reserve Bank of India (RBI) guidelines and
issued under the issuance and listing framework given under Chapter VI of the

93
Reference: Circular No. SEBI/HO/DDHS/CIR/P/2020/199 dated October 6, 2020
112
 SEBI (Issue and Listing of Non-Convertible Redeemable Preference Shares)
Regulations, 2013 (“NCRPS Regulations”).

3.9.2 These instruments have certain unique features which, inter-alia, grant the issuer
(i.e. banks, in consultation with RBI) a discretion in terms of writing down the
principal / interest, to skip interest payments, to make an early recall etc. without
commensurate right for investors to legal recourse, even if such actions of the
issuer might result in potential loss to investors.

3.9.3 Given the nature and contingency impact of these AT 1 instruments and the fact
that full import of the discretion is available to an issuer, may not be understood in
the truest form by retail individual investors, the matter was discussed in SEBI’s
advisory committee on the development of corporate bond market in India viz.
Corporate Bonds and Securitization Advisory Committee (CoBoSAC). Based on the
recommendations of the CoBoSAC, the following shall be the additional
framework related to issuance, listing and trading of PNCPS and IPDIs which are
proposed to be listed:

a. Manner of Issuance:

i. The issuance of AT1 instruments shall be done mandatorily on the Electronic Book
Provider (EBP) platform irrespective of the issue size in terms of SEBI Circulars
SEBI/HO/DDHS/CIR/P/2018/05 dated January 05, 2018 and
SEBI/HO/DDHS/CIR/P/2018/122 dated August 16, 2018.

ii. “Securities” as defined in clause 1.1.8 of Schedule A of SEBI circular

SEBI/HO/DDHS/CIR/P/2018/05 dated January 05, 2018, shall include:

i) Perpetual non-cumulative preference shares (PNCPS)

ii) Innovative perpetual debt instruments (IPDIs) and
iii) Perpetual debt instruments (PDIs)

b. Investors

Issuers and Stock Exchanges shall ensure that only QIBs are allowed to participate in
the issuance of AT1 instruments.

c. Allotment size

The minimum allotment of AT1 instruments shall not be less than Rs.1 crore.

d. Trading lot size

113
 The minimum trading lot size for AT1 instruments shall be Rs.1 crore.

e. Other requirements:
Issuers, in addition to making disclosures as per Schedule I of the SEBI NCRPS
Regulations, shall comply with the following:

i. Disclosures as specified in Annex I.

ii. Provisions of circulars as specified in Annex II.
iii. Specific disclosures about:
a) Details of all the conditions upon which the call option will be exercised by them
for AT1 instruments, in the Information /Private Placement Memorandum.
b) Risk factors, to include all the inherent features of these AT1 instruments
highlighted above.
c) Point of Non Viability (PONV) clause: The absolute right, given to the RBI, to
direct a bank to write down the entire value of its outstanding
AT1instruments/bonds, if it thinks the bank has passed the Point of Non
Viability (PONV), or requires a public sector capital infusion to remain a going
concern.

Annex I

S.no Description of disclosure

1 An undertaking from the issuer stating that the necessary documents for the
creation of the charge, where applicable, including the Trust Deed would be
executed within the time frame prescribed in the relevant
regulations/act/rules etc. and uploaded on the website of the Designated
Stock exchange, where the AT1 Instruments have been listed, within 5
working days of execution of the same.
2 An undertaking that permission / consent from the prior creditor for a second
or pari passu charge being created, where applicable, in favor of the trustees to
the proposed issue has been obtained.
3 Latest Audited / Limited Review Half Yearly Consolidated (wherever
available) and Standalone Financial Information (Profit & Loss statement,
Balance Sheet and Cash Flow statement) and auditor qualifications.
4 A copy of the latest annual report to the Trustee and the Trustee shall be
obliged to share the details submitted under this clause with all ‘Qualified
Institutional Buyers’ (QIBs) within 180 days from the end of the financial year
and other existing AT 1 instrument holders within 2 working days of their
specific request.
5 Gross debt-equity ratio of the company, before and after the issuance of the
AT1 instrument.
114
6 The names of the debenture trustee(s) with a statement to the effect that
debenture trustee(s) has given its consent to the Issuer for its appointment and
in all the subsequent periodical communications sent to the holders of AT1
instruments.
7 If the security is backed by a guarantee or letter of comfort or any other
document / letter with similar intent, a copy of the same.

In case such document does not contain detailed payment structure

(procedure of invocation of guarantee and receipt of payment by the investor
along with timelines), disclosure of the same in the placement memorandum.
8 Copy of consent letter from the Debenture Trustee.
9 Other details:

i. Issue/instrument specific regulations - relevant details (Companies Act, RBI,

guidelines etc.).
ii. Application process.
10 Other issue details:

Coupon rate, Step Up/Step Down Coupon Rate, Coupon Payment Frequency,
Coupon payment dates (Dates on which coupon will be paid.), Coupon Type
(Fixed, floating or other coupon structure), Coupon Reset Process (including
rates, spread, effective date, interest rate cap and floor etc). Day Count Basis (
Actual/ Actual), Security (where applicable) (Including description, type of
security, type of charge, likely date of creation of security, minimum security
cover, revaluation, replacement of security [", interest to the AT1 instruments
holder over and above the coupon rate as specified in the Trust deed and
disclosed in the IM/PPM, Roles and responsibility of Debenture Trustee.

Annex II
S. Circular Subject Cir.no
no date
1 October 22, Centralized Database for CIR/IMD/DF/17/2013
2013 Corporate Bonds/ Debentures
2 October Clause I of the Circular on CIR/IMD/DF/18/2013
29,2013 Issues pertaining to primary
issuance of debt securities
3 October 13, Format of uniform Listing CIR/CFD/CMD/6/2015
2015 Agreement
4 November Clarification on aspects related CIR/IMD/DF-1/122/2016
11, 2016 to day count convention for
debt securities issued under
the SEBI ILDS Regulations,
115
 5 June 30, Specifications related to CIR/IMD/DF-1/ 67/2017
2017 International Securities
Identification Number (ISINs)
for debt securities issued
under the SEBI (Issue and
Listing of Debt Securities)
Regulations, 2008.
6 March 28, Clarifications with respect to CIR/DDHS/P/59/2018
2018 circular on “Specifications
related to International
Securities Identification
Number (ISINs) for debt
securities issued under the
SEBI (Issue and Listing of Debt
Securities) Regulations, 2008”
7 January 05, Electronic book mechanism for SEBI/HO/DDHS/CIR/P/2018/05
2018 issuance of securities on
private placement basis
8 August 16, Electronic book mechanism for SEBI/HO/DDHS/CIR/P/2018/122
2018 issuance of securities on
private placement basis-
Clarification

3.10 Electronic Clearing System (ECS) facility

3.10.1 Use of ECS for refund in public/rights issues.94

For locations where facility of refund through ECS is available details of applicants
shall be taken directly from the database of the depositories in respect of issues
made completely in dematerialised form. Accordingly, DPs shall maintain and
update on real time basis the MICR (Magnetic Ink Character Recognition) code of
Bank branch of BOs and other bank details of the applicants in the database of
depositories. This is to ensure that the refunds through ECS are made in a smooth
manner and that there are no failed/wrong credits.

3.10.2 Updation of bank accounts details, MICR code and IFSC of bank branches by
Depository Participants (DPs)95

94Reference Circular SEBI/MRD/DEP/Cir-3/06 dated February 21, 2006 and circular

SEBI/CFD/DIL/DIP/29/2008/01/02 dated February 1, 2008
95 Reference: MRD/DEP/PP/123624 /2008 dated April 23, 2008

116
 i. It has been informed by RBI that they have been receiving complaints from
managers to the issues that the funds routed through the electronic mode are
getting returned by destination banks because of incorrect or old account numbers
provided by beneficiary account holders.

ii. RBI has stated that Investors will have to ensure through their DPs that
bank account particulars are updated in master record periodically, to
ensure that their refunds, dividend payments etc. reach the correct
account, without loss of time. RBI has also suggested incorporation of
Indian Financial System Code (IFSC) of customer's bank branches apart from 9
digit MICR code; since IFSC of bank's branches is used for remittance through
National Electronic Funds Transfer (NEFT).

iii. It is advised that necessary action be taken in this matter to ensure that correct
account particulars of investors are available in the database of
depositories.

3.11 Withdrawal by issuers from the depository96

i. As regards voluntary withdrawal by issuers from the depository, it is informed

that listed companies may not be allowed to withdraw from the depository system
unless they delist their securities from the stock exchanges.

ii. As regards companies under liquidation are concerned, it is informed that

deactivation of the ISIN may be only done in cases where companies have been
liquidated. In other cases, where companies are being liquidated, deactivation of
ISIN resulting in total freezing may not be desirable as it will disallow investors to
hold shares in dematerialized form

3.12 Further issue of shares under Section 86 of Companies Act and Companies (Issue of
Share capital with Differential Voting Rights) Rules, 200197

In all cases of shares issued by companies under Section 86(a) (ii) of Companies
Act and Companies (Issue of Share Capital with Differential Voting Rights)
Rules, 2001, separate ISIN may be allotted to differentiate such shares from
ordinary shares.

96Reference: MRD/DoP/NSDL/VM/ 162378 /2009 dated May 06, 2009

97 Reference: MRD/DoP/MC/141442 /2008 dated October 17, 2008
117
3.13 Streamlining issuance of SCORES Authentication for SEBI registered
intermediaries98

3.13.1 Vide Circular No. CIR/OIAE/1/2014 dated December 18, 2014 SEBI directed all
listed companies and SEBI registered intermediaries (excluding Stock Brokers
and Depository Participants) to send their details as per Form-A and Form-B
respectively, annexed to the said Circular, to SEBI in hard copy and by email to
[email protected] in order to obtain SCORES user id and password.

Any existing or new listed company or SEBI registered intermediary, not having
SCORES user id and password were also required to obtain the same.

3.13.2 In partial modification of the earlier directions, the generation of SCORES user
id and password has been automated for all new SEBI registered intermediaries.
This has been done to streamline the process of providing SCORES credentials in
the interest of investors.

3.13.3 SCORES user id and password details shall be sent to all new SEBI registered
intermediaries, through an auto-generated e-mail, upon completion of process of
online grant of registration by SEBI.

3.13.4 The SCORES user id and password details shall be sent to the e-mail id of the
Contact Person/Compliance Officer as provided in the online Registration Form.
In view of the same, newly registered intermediaries are not required to submit
Form-B, as provided in Circular No. CIR/OIAE/1/2014 dated December 18,
2014, to SEBI.

3.13.5 The primary e-mail address in SCORES is the e-mail ID where all notifications
related to SCORES complaints are sent to the SEBI registered intermediary. All
existing and new SEBI registered intermediaries will now be able to update their
primary e-mail address and registered address on their own.

3.13.6 All listed companies will continue to follow the process, as provided in
CIR/OIAE/1/2014 dated December 18, 2014, for obtaining SCORES user id and
password.

3.14 Clarification on applicability of regulation 40(1) of SEBI (Listing Obligations and

Disclosure Requirements) Regulations, 2015 to open offers, buybacks and delisting
of securities of listed entities99

98
Reference: Circular No. SEBI/HO/OIAE/IGRD/CIR/P/2019/86 dated August 02, 2019
118
 3.14.1 The proviso to regulation 40(1) of the SEBI (Listing Obligations and Disclosure
Requirements) Regulations, 2015 (‘LODR Regulations’) states that “..except in case of
transmission or transposition of securities, requests for effecting transfer of securities shall
not be processed unless the securities are held in the dematerialized form with a depository.”

3.14.2 SEBI received representations from investors expressing concerns that they have
not been able to participate in open offers, buybacks and delisting of securities of
listed entities since the securities held by them were not in dematerialized form.

3.14.3 It is clarified that shareholders holding securities in physical form are allowed to
tender shares in open offers, buy-backs through tender offer route and exit offers in
case of voluntary or compulsory delisting. However, such tendering shall be as per
the provisions of respective regulations.

3.15 Continuous disclosures and compliances by listed entities under SEBI (Issue and
Listing of Municipal Debt Securities) Regulations, 2015100

3.15.1 SEBI (Issue and Listing of Municipal Debt Securities) Regulations, 2015 (ILDM
Regulations) prescribe disclosures to be made by issuers making public issues of
debt securities or seeking listing of municipal debt securities issued on private
placement basis to the Stock Exchange(s). SEBI vide Circular No.
CIR/IMD/DF1/60/2017 dated June 19, 2017 (“hereinafter to be referred as ILDM
Circular”) had specified continuous disclosures and compliance by issuers of debt
securities under ILDM Regulations.

3.15.2 Subsequently, ILDM regulations have been amended to, inter alia, widen the
definition of issuers, revise timelines for submission of annual and half yearly
financial results, structure payment mechanism through escrow accounts, etc.

3.15.3 Regulation 29 of ILDM regulations provides that the Board shall have the power
to issue directions through guidance notes or circulars. Accordingly, it has been
decided to specify as under:

(a) Clause 2.1 of the ILDM circular regarding disclosure of financial information is
substituted to read as under:

“2.1 Disclosure of Financial Information

99
Reference: Circular No. SEBI/HO/CFD/CMD1/CIR/P/2020/144 dated July 31, 2020
100
Reference: SEBI/HO/DDHS/CIR/P/134/2019 dated November 13, 2019
119
While disclosing its financial information to the Stock Exchange(s), listed entities
shall comply with the following:

2.1.1. Half Yearly Unaudited Financial results

(a) The listed entities shall prepare and submit half yearly un-audited financial
results to the stock exchange as soon as the same are available but within forty five
days of the end of the first half year.

2.1.2. Annual Audited Financial Results

(a) The listed entities shall submit annual audited financial results for the financial
year, within sixty days from the end of the financial year along with the audit
report.

Provided that listed entities, who are being audited by CAG, may adopt the
following two step process for audit of its accounts

(i) The first level audit shall be carried out by CAG appointed audit firm
(auditor). The auditor so appointed shall conduct audit of accounts of the
listed entity and such audited annual financial results shall be submitted to
the Stock exchange(s) within sixty days from the end of the financial year.

(ii) The final annual audited financial results as audited by CAG and after
approval of the same by the Standing Committee and/or the Governing
Body or Board of Directors of the listed entities, as applicable, shall be
submitted to the Stock exchange(s) within nine months from the end of the
financial year.

2.1.3. Preparation and Submission of Financial Results

While preparing financial results, the listed entities shall comply with the following

(a) The half yearly un-audited financial results and annual audited financial results
shall contain comparative information for the immediately preceding
corresponding half year or financial year respectively.

(b) The half yearly un-audited financial results and annual audited financial results
submitted to the Stock exchange(s) shall be taken on record by Standing
Committee or General Body or Board of Directors or Board of Trustee, as
applicable or equivalent

120
 (c) The listed entities shall disclose debt equity ratio, debt service coverage ratio,
interest service coverage ratio etc along with the half yearly and annual financial
results.

2.1.4. Annual Report

The annual report shall contain the following

(a) Balance sheet

(b) Income and expenditure account
(c) Statement of cash flows (a summary of cash flow over a given period of time)
(d) Receipts and payments accounts (detailed as per the account head)
(e) Notes to Account
(f) Financial performance indicators
(g) Auditor’s report
(h) Municipal commissioner's report on the Annual Financial Statements and the
qualifications and comments made in the report of the auditor; and
(i) Standing committee's action taken report on the qualifications and comments
made in the Report of the Auditor and the Report of the Municipal commissioner.

(b) The following shall be added after para (16) in the Annexure 1 of Clause
2.2.2(b) of ILDM Circular on disclosing material and price sensitive
information.

“17. any material adverse changes affecting ability to service municipal debt
securities”

(c) Clause 2.2.2.(c) of the ILDM Circular regarding timely payment of interest
or principal obligations or both is substituted to read as under:

“(c) Timely payment of interest or principal obligations or both

The listed entities shall submit a certificate to the stock exchange(s) intimating the
status of payment of interest or principal or both within five working days of the
same becoming due in respect of municipal debt securities.”

(d) Clause 2.3.2. of ILDM Circular regarding Credit rating is modified to read as
under:-

“2.3.2. Credit Rating

121
 (a) Every credit rating shall be reviewed at least once a year, by a registered credit
rating agency.

(b) In the event of credit rating being downgraded by two or more notches below
the rating assigned at the time of issue, the listed entities shall disclose the
reasons for downgrade in rating and the steps, if any, it intends to take to recover
the rating.

(c) Any change in credit rating shall be promptly disseminated on the Stock
exchange(s) where such securities are listed.”

(e) Clause 2.3.3. (e) of ILDM Circular regarding periodic disclosure shall be
deleted.

3.15.4 In addition to the above modifications, it has been decided to further specify as
under:-

3.15.4.1 Escrow Payment Mechanism

The listed entities are required to create following escrow accounts for the purpose
of payment obligations due to the investors.

3.15.4.1.1. No lien escrow account

(a) The listed entities shall deposit tax revenues, user charges and/or grants etc., as
detailed in the offer document/private placement memorandum, to this account.

3.15.4.1.2. Interest payment account

(a) The listed entities shall, throughout the tenure of the municipal debt securities,
maintain an amount equivalent to one year interest obligation in this account. The
amount received in the “No lien escrow account” may be transferred to this account
to maintain the required balance.

(b) In case of any shortfall of funds in this account, the listed entities are required to
maintain the minimum balance from other accounts.

3.15.4.1.3. Sinking fund account

(a) A Sinking fund account shall be created for redemption of municipal debt
securities.

122
(b) The listed entities shall transfer the principal amount due for repayment, as per
the timelines and amount specified in the offer document or preliminary placement
memorandum. The amount received in the “No lien escrow account” may be
transferred to this account to maintain the required balance in the "Sinking fund
account".

3.15.4.1.4. General Account

(a) The surplus funds in the “No lien escrow account” after meeting minimum
balance in the “Interest payment account” and “Sinking funding account” can be
transferred to General account on a monthly basis after obtaining certificate from
debenture trustee that the listed entities has discharged its debt obligations in a
timely manner.

3.15.4.1.5. All the above accounts except “General account” shall be monitored by
the debenture trustee.

3.15.4.1.6. The listed entities shall within 45 days from the end of the quarter,
disclose the balances in the aforesaid accounts along with notes pertaining to
transfers made to/from these accounts to stock exchange(s) for dissemination.

3.15.4.1.7. The amounts available in the escrow accounts may be invested in

Government Securities or Treasury Bills or Fixed deposit with Scheduled
commercial bank or liquid mutual fund or gilt fund or debt mutual funds or debt
ETFs with a lien in favour of the debenture trustee.

3.15.4.2 Interim use of issue proceeds

(a) The listed entities may invest the issue proceeds in Government Securities or
Treasury Bills or Fixed deposit with Scheduled commercial bank or liquid mutual
fund or gilt fund or debt mutual funds or debt ETFs with a lien in favour of the
debenture trustee pending utilization of funds for the stated objects.

3.15.4.3 Utilization of funds for projects and status of implementation of projects

(a) The listed entities shall submit a report containing status of implementation of
project(s) which is being financed along with reasons for delay, if any and the
amount of utilizations of issue proceeds for execution of the projects as stated in the
offer document/ placement memorandum, as applicable, on a half yearly basis along
with financial results to the stock exchange(s).

3.15.4.4 Day Count Convention

123
 (a) The day count convention for calculation of interest payment for listed municipal
debt securities shall be Actual/ Actual. The manner of calculation of Actual/ Actual
for municipal debt securities shall be as specified in Clause I of SEBI Circular no.
CIR/IMD/DF/18/2013 dated October 29, 2013 and Circular no.
CIR/IMD/DF1/122/2016 dated November 11, 2016 issued for debt securities listed
under ILDS Regulations.

3.16 Non-compliance with certain provisions of the SEBI (Listing Obligations and
Disclosure Requirements) Regulations, 2015 and the Standard Operating
Procedure for suspension and revocation of trading of specified securities 101

3.16.1 Pursuant to the amendments to Listing Regulations and to further streamline the
Standard Operating Procedure for dealing with non-compliances, the following
guidelines are stated.

3.16.2 Henceforth, the stock exchanges shall, having regard to the interests of investors
and the securities market:

a) Take action in case of non-compliances with the Listing Regulations as

specified in Annexure I and
b) Follow the Standard Operating Procedure (“SOP”) for suspension and
revocation of suspension of trading of specified securities as specified in
Annexure II.

Stock Exchanges may deviate from the above, if found necessary, only after
recording reasons in writing.

3.16.3 In order to ensure effective enforcement of the Listing Regulations, the

depositories, on receipt of intimation from the concerned recognized stock
exchange, shall freeze or unfreeze, as the case may be, the entire shareholding of
the promoter(s) in such non-compliant listed entity as well as all other securities
held in the demat account of the promoter(s). Further, if a non-compliant entity is
listed on more than one recognized stock exchange, the concerned recognized
stock exchanges shall take uniform action under these provisions in consultation
with each other.

3.16.4 The recognized stock exchanges shall take necessary steps to implement these
provisions. The recognized stock exchanges shall disclose on their website the
action(s) taken against the listed entities for non-compliance(s); including the
details of the respective requirement, amount of fine levied, details regarding the
freezing of shares of promoters, the period of suspension etc.
101
Reference: SEBI/HO/CFD/CMD/CIR/P/2020/12 dated January 22, 2020.
124
 3.16.5 The recognized stock exchanges may keep in abeyance the action against any
non-compliant entity or withdraw the action in specific cases where specific
exemption from compliance with the requirements under the Listing
Regulations/moratorium on enforcement proceedings has been provided for
under any Act, Court/Tribunal Orders etc.

3.16.6 The recognized stock exchanges are advised to bring these provisions to the
notice of listed entities and the listed entities shall in turn bring the same to the
notice of their promoter(s).

ANNEXURE I

ACTION TO BE TAKEN IN CASE OF NON-COMPLIANCES

1. The recognized stock exchanges shall take action for non-compliance with the
provisions of the Listing Regulations & circulars/guidelines issued thereunder, by a listed
entity as under:

Sl. Regulation Fine payable and/or other

No. action to be taken for non-
compliance in respect of
listed entity
1. Regulation 6(1) ₹ 1,000 per day

Non-compliance with requirement to appoint a

qualified company secretary as the compliance
officer
2. Regulation 7(1) ₹ 1,000 per day

Non-compliance with requirement to appoint

share transfer agent
3. Regulation 13(1)* ₹ 1,000 per day

Failure to ensure that adequate steps are taken

for expeditious redressal of investor complaints
4. Regulation 13(3) ₹ 1,000 per day

Non-submission of the statement on shareholder

complaints within the period prescribed under
this regulation or under any circular issued in
respect of redressal of investor grievances

125
5. Regulation 17(1) ₹ 5,000 per day

Non-compliance with the requirements

pertaining to the composition of the Board
including failure to appoint woman director
6. Regulation 17(1A) ₹ 2,000 per day

Non-compliance with the requirements

pertaining to appointment or continuation of
Non-executive director who has attained the age
of seventy five years
7. Regulation 17(2) ₹ 10,000 per instance

Non-compliance with the requirements

pertaining to the number of Board meetings
8. Regulation 17(2A) ₹ 10,000 per instance

Non-compliance with the requirements

pertaining to quorum of Board meetings.
9. Regulation 18(1) ₹ 2,000 per day

Non-compliance with the constitution of audit

committee
10. Regulation 19(1)/ 19(2) ₹ 2,000 per day

Non-compliance with the constitution of

nomination and remuneration committee
11. Regulation 20(2) / (2A) ₹ 2,000 per day

Non-compliance with the constitution of

stakeholder relationship committee

12. Regulation 21(2) ₹ 2,000 per day

Non-compliance with the constitution of risk

management committee

13. Regulation 23 (9) ₹ 5,000 per day

Non-compliance with disclosure of related party

transactions on consolidated basis.

126
14. Regulation 24A ₹ 2000 per day

Non-compliance with submission of secretarial

compliance report

15. Regulation 27(2) ₹ 2,000 per day

Non-submission of the Corporate governance

compliance report within the period provided
under this regulation

16. Regulation 28 (1) ₹ 50,000 per instance

Non-compliance with obtaining in-principle

approval of stock exchange(s) before issuance of
securities.

17. Regulation 29(2)/29(3) ₹ 10,000 per instance of non-

compliance per item
Delay in furnishing prior intimation about the
meeting of the board of directors

18. Regulation 31 ₹ 2,000 per day

Non-submission of shareholding pattern within

the period prescribed

19. Regulation 31A(3)(a) ₹ 5,000 per day

Non-compliance pertaining to delay in

submission of reclassification application to
stock exchanges

20. Regulation 32(1) ₹ 1,000 per day

Non-submission of deviations/ variations in

utilization of issue proceeds

21. Regulation 33 ₹ 5,000 per day

Non-submission of the financial results within

the period prescribed under this regulation

127
 (Levy of fine is in addition to the requirement of
providing reasons for non-submission of the
financial result as per circular no.
CIR/CFD/CMD-1/142/2018 dated November
19, 2018.)

22. Regulation 34 ₹ 2,000 per day

Non-submission of the Annual Report within the

period prescribed under this regulation

23. Regulation 42(2)/42(3)/ 42(4)/42(5) ₹ 10,000 per instance of non-

compliance per item
Delay in/ non-disclosure of record date/
dividend declaration or non-compliance with
ensuring the prescribed time gap between two
record dates/ book closure dates

24. Regulation 43A ₹ 25,000 per instance

Non-disclosure of Dividend Distribution Policy

in the Annual Report and on the websites of the
entity.

25. Regulation 44(3) ₹ 10,000 per instance of non-

compliance
Non-submission of the voting results within the
period provided under this regulation

26. Regulation 44(5) ₹ 25,000 per instance

Non-convening of annual general meeting

within a period of five months from the close of
financial year.

27. Regulation 45(3) ₹ 25,000 per instance

Non-obtaining approval of stock exchange(s)

before filing request for change of name with
Registrar of Companies.

128
28. Regulation 46 Advisory/warning letter per
instance of non-compliance per
item
Non-compliance with norms pertaining to
functional website ₹10,000 per instance for every
additional advisory/warning
letter exceeding the four
advisory/ warning letters in a
financial year

*Fines would be imposed even during suspension period for non-compliance of regulation 13(1), the modalities of the
same would be dealt separately

2. Concerned recognized stock exchange(s) shall display on their website non-compliance

by the listed entity and details of fine levied/ action taken.

3. The amount of fine realized as per the above structure shall be credited to the "Investor
Protection Fund" of the concerned recognized stock exchange.

4. The fines specified above shall continue to accrue till the time of rectification of the non-
compliance to the satisfaction of the concerned recognized stock exchange or till the scrip
of the listed entity is suspended from trading for non-compliance with aforesaid
provisions*. Such accrual shall be irrespective of any other disciplinary/enforcement
action(s) initiated by recognized stock exchange(s)/SEBI.

5. Every recognized stock exchange shall review the compliance status of the listed
entities and shall issue notices to the non-compliant listed entities within 30 days from the
due date of submission of information. Non-compliant listed entity shall ensure
compliance with the requirement(s) and pay fines as per the circular within 15 days from
the date of such notice. If the non-compliant listed entity fails to comply with the
aforesaid requirement(s) and/or pay fine levied within the stipulated period as per the
notice stated above, the concerned recognized stock exchange(s) shall, upon expiry of the
period indicated in the notice, shall issue notices to the promoter(s) of such non-compliant
entities, to ensure compliance with the requirement(s) and pay fines within 10 days from
the date of such notice. While issuing the aforementioned notices, the recognized stock
exchange shall also send intimation to other recognized stock exchange(s) where the
shares of the non-compliant entity are listed.

6. The concerned recognized stock exchange(s) shall, upon expiry of the stipulated
periods indicated in the aforementioned notices, forthwith intimate the depositories to
freeze the entire shareholding of the promoter(s) in such entity as well as all other
129
securities held in the demat accounts, if the non-compliant listed entity fails to comply
with the aforesaid requirement(s) and/or pay fine levied. The depository(ies) shall
immediately freeze such demat accounts and also intimate the promoter(s) about the
details of non-compliances resulting in freezing of their demat accounts.

7. If the non-compliant listed entity subsequently complies with the respective

requirement(s) and pays the fine levied, in terms of this circular, the concerned
recognized stock exchange(s) shall display on their website details of compliance and
fines paid by the listed entity. Simultaneously, the recognized stock exchange(s) shall
intimate the depositories to unfreeze the entire shareholding of the promoter(s) in such
entity as well as all other securities held in the demat account of the promoter(s),
immediately from the date of compliance.

8. If any non-compliant listed entity fails to pay the fine despite receipt of the notice as
stated above, the recognized stock exchange(s) may also initiate appropriate enforcement
action.

9. The recognised stock exchange(s) shall also advise the non-compliant listed entity to
ensure that the subject matter of non-compliance which has been identified and indicated
by the recognised stock exchange(s) and any subsequent action taken by the recognised
stock exchange(s) in this regard shall be placed before the Board of Directors of the
company in its next meeting. Comments made by the board shall be duly informed to the
recognised stock exchange(s) for dissemination.

*Fines would be imposed even during suspension period for non-compliance of regulation 13(1), the modalities of the
same would be dealt separately.

ANNEXURE II

STANDARD OPERATING PROCEDURE (SOP)

1. If a listed entity is non-compliant with the provisions of the Listing Regulations as

specified under paragraph 2 below, in terms of these provisions, the concerned
recognized stock exchange(s) shall:

(a) Move the scrip of the listed entity to "Z" category wherein trades shall take place
on 'Trade for Trade' basis by following procedure prescribed at paragraph A
below and
(b) Suspend trading in the shares of such listed entity by following procedure
prescribed at paragraph B below.

130
If a listed entity rectifies non-compliance with the provisions of the Listing Regulations,
the stock exchanges shall neither move the listed entity to “Z” category nor suspend
trading in the shares of such listed entity. However, the entire shareholding of the
promoter(s) in the non-compliant listed entity as well as all other securities held in the
demat account(s) of the promoter(s) shall remain frozen till the non-compliant listed
entity complies with respective requirement(s) and pays the applicable fines.

In cases, where the non-compliant listed
requirement(s) and pays the applicable fine,
intimate the depositories to unfreeze the entire
entity as well as all other securities held in
immediately from the date of compliance.
entity complies with the respective
the recognized stock exchange(s) shall
shareholding of the promoter(s) in such
the demat account of the promoter(s),

2. Criteria for suspension of the trading in the shares of the listed entities:
(a) failure to comply with regulation 17(1) with respect to board composition
including appointment of woman director for two consecutive quarters;
(b) failure to comply with regulation 18(1) with respect to constitution of audit
committee for two consecutive quarters;
(c) failure to comply with regulation 27(2) with respect to submission of corporate
governance compliance report for two consecutive quarters;
(d) failure to comply with regulation 31 with respect to submission of shareholding
pattern for two consecutive quarters;
(e) failure to comply with regulation 33 with respect to submission of financial results
for two consecutive quarters;
(f) failure to comply with regulation 34 with respect to submission of Annual Report
for two consecutive financial years;
(g) failure to submit information on the reconciliation of shares and capital audit
report, for two consecutive quarters;
(h) receipt of the notice of suspension of trading of that entity by any other recognized
stock exchange on any or all of the above grounds.

Non-compliance for two consecutive quarters of aforementioned Regulations 17(1) and

18(1), refers to two complete consecutive quarters (180 days) of non-compliance.

3. If the non-compliant listed entity complies with the aforesaid requirement(s) after the
date of suspension, the recognized stock exchange(s) shall revoke the suspension of
trading of its shares by following the procedure prescribed at paragraph C below.

4. If the non-compliant listed entity fails to comply with the aforesaid requirement(s)
within 6 months from the date of suspension, the recognized stock exchange(s) shall
initiate the process of compulsory delisting of the non-compliant listed entity in
131
accordance with the provisions of the Securities Contracts (Regulation) Act, 1956, the
Securities Contracts (Regulation) Rules, 1957 and the Securities and Exchange Board of
India (Delisting of Equity Shares) Regulations, 2009 as amended from time to time.

A. Standard operating procedure for moving the scrip to "Z" Category

i. If a listed entity defaults in complying with the provisions of the Listing Regulations as
specified under paragraph 2 above, in terms of these provisions, the concerned recognised
stock exchange(s) shall, in addition to imposing fine under paragraph 1 in Annexure I,
move the scrip of the listed entity to "Z" category wherein trades shall take place on
'Trade for Trade' basis. However, before moving the scrip to “Z” category, the concerned
recognized stock exchange(s) shall send written intimation to the non-compliant listed
entity calling upon it to comply with respective requirement(s) within 7 days of the date
of the intimation.

ii. Simultaneously, the recognized stock exchange(s) shall give 10 days prior public notice
to investors before moving the scrip to "Z" category or while moving the scrip out of "Z"
category. While issuing the notice, the recognized stock exchange(s) shall intimate the
other recognized stock exchange(s) where the shares of the non-compliant entity are
listed.

iii. If the non-compliant listed entity complies with respective requirement(s) two
working days before the proposed date of movement of the scrip to “Z” category, the
scrip shall not be moved to “Z” category and the concerned recognized stock exchange(s)
shall give a public notice on its website informing compliance by the listed entity. While
issuing the said notice, the recognized stock exchange(s) shall send intimation of notice to
other recognized stock exchange(s) where the shares of the entity are listed.

iv. The recognised stock exchange(s) shall move back the scrip of the listed entity from "Z"
category to the normal trading category (if not suspended as specified in paragraph B
below), provided it complies with respective provisions of the Listing Regulations. While
moving the scrip back to normal trading category the recognized stock exchange(s) shall
intimate the other recognized stock exchange(s) where the shares of the non-compliant
entity are listed.

B. Standard operating procedure for suspending the trading

i. If a listed entity complies with respective provisions of the Listing Regulations, no
suspension proceedings would be initiated. However, before suspending the trading of a
scrip, the concerned recognized stock exchange(s) shall send written intimation to the
non-compliant listed entity calling upon it to comply with respective requirement(s) and
pay the applicable fine within 21 days of the date of the intimation. While issuing the said
intimation, the recognized stock exchange(s) shall also inform other recognized stock
exchange(s) where the shares of the non-compliant entity are listed to ensure that the date
132
of suspension is uniform across all the recognised stock exchange(s). Simultaneously, the
recognized stock exchange(s) shall give a public notice on its website proposing possible
suspension of trading in the shares of the non-compliant listed entity 30 days prior to date
of suspension.

ii. If the non-compliant listed entity complies with respective requirement(s) two working
days before the proposed date of suspension, the trading in its shares shall not be
suspended and the concerned recognized stock exchange(s) shall give a public notice on
its website informing compliance by the listed entity. While issuing the said notice, the
recognized stock exchange(s) shall send intimation of notice to other recognized stock
exchange(s) where the shares of the entity are listed.

iii. In case of failure to comply with respective requirement(s), the recognized stock
exchange(s) shall suspend the trading in the shares of a non-compliant listed entity. The
entire shareholding of the promoter(s) in the non-compliant listed entity as well as all
other securities held in the demat account(s) of the promoter(s) shall remain frozen during
the period of suspension.

iv. While suspending trading in the shares of the non-compliant entity, the recognized
stock exchange(s) shall send intimation of suspension to other recognized stock
exchange(s) where the shares of the non-compliant entity are listed to ensure that the date
of suspension is uniform across all the recognised stock exchange(s).

v. After 15 days of suspension, trading in the shares of non-compliant entity may be

allowed on 'Trade for Trade' basis, on the first trading day of every week for 6 months
from the date of suspension. In this regard, the recognized stock exchange(s) shall give
instruction to its trading members to obtain confirmation from clients before accepting an
order for purchase of shares of the non-compliant listed entity on 'Trade for Trade' basis.

vi. The recognized stock exchange(s) shall put in place a system to publish a caution
message on its trading terminals, as follows: "Trading in shares of the <Name of the Listed
Entity> is presently under 'suspension and trade to trade basis' and trading shall stop completely
and compulsory delisting may be initiated if <Name of the Listed Entity> does not become
compliant by <Date>".

C. Standard operating procedure for revocation of suspension of trading.

i. If the non-compliant listed entity complies with the aforesaid requirement(s) after
trading is suspended in the shares of the non-compliant entity, the recognized stock
exchange(s) shall, on the date of compliance, give a public notice on its website informing
compliance by the listed entity. The recognized stock exchange(s) shall revoke the
suspension of trading of its shares after a period of 7 days from the date of such notice.
133
 While issuing the said notice, the recognized stock exchange(s) shall send intimation of
the notice to other recognized stock exchange(s) where the shares of the entity are listed.
After revocation of suspension, the trading of shares shall be permitted only in 'Trade for
Trade' basis for a period of 7 days from the date of revocation and thereafter, trading in
the shares of the entity shall be shifted back to the normal trading category.

3.17 Investor grievances redressal mechanism – Handling of SCORES complaints by

stock exchanges and Standard Operating Procedure for non-redressal of grievances
by listed companies102

1. In terms of SEBI circular SEBI/HO/CFD/CMD/CIR/P/2020/12 dated January 22,

2020, Stock Exchanges shall, having regard to the interest of investors and the
securities market, inter alia take action against listed companies for non-
compliance with the provisions of the Listing Regulations and circulars/guidelines
issued thereunder, including failure to ensure expeditious redressal of investor
complaints under Regulation 13 of the Listing Regulations

2. The procedure for handling complaints by the stock exchanges as well as standard
operating procedure for actions to be taken against listed companies for failure to
redress investor grievances is given.

Handling of complaints by stock exchanges:

3. Stock exchanges will be the first recourse for certain categories of complaints
against listed companies as provided in Annexure-2. The procedure and actions
mentioned below will be applicable for these categories of complaints only.

4. Investors are encouraged to initially take up their grievances for redressal with the
concerned listed company directly. SCORES platform can also be used to submit
grievances directly to the company for resolution, if the complainant has not
approached the company earlier. Companies are expected to resolve the complaint
directly.

5. In case the company does not redress the complaint within 30 days from the date of
receipt of the complaint, such direct complaints shall be forwarded to Designated
Stock Exchange (DSE) through SCORES.

6. At the time of lodging the complaint through SCORES platform, in case the
complainant had approached the company earlier, the complainant shall submit all

102
Reference Circular No. SEBI/HO/OIAE/IGRD/CIR/P/2020/152 dated August 13, 2020
134
 such details of the complaint in SCORES i.e., period of cause of event, date of
grievance taken up with the entity, address of the company corresponded earlier,
etc. Such complaints shall be forwarded to the DSE.

7. Upon receipt of the complaint through SCORES platform, the DSE shall take up the
complaint with the company. The company is required to redress the complaint
and submit an Action Taken Report (ATR) within 30 days from the date of receipt
of such complaint.

8. In case the ATR is not submitted by the company within 30 days or DSE is of the
opinion that the complaint is not adequately redressed and the complaint remains
pending beyond 30 days, a reminder shall be issued by DSE to the listed company
through SCORES directing expeditious redressal of the grievance within another 30
days.

9. On being adequately satisfied with the response of the company with respect to the
complaint, the stock exchange shall submit an ATR to SEBI.

10. For any failure to redress investor grievances pending beyond 60 days by listed
companies, stock exchange shall initiate appropriate action against the listed
company as detailed below.

Action for failure to redress investor complaints:

11. Stock exchanges shall levy a fine of Rs. 1000 per day per complaint on the listed
entity for violation of Regulation 13 (1) of SEBI (LODR) Regulations, 2015 read with
SEBI circular no. SEBI/HO/CFD/CMD/CIR/P/2020/12 dated 22 January, 2020.

12. Fines shall also be levied on companies which are suspended from trading.

13. DSE shall issue a notice to the listed entity intimating them about the levy of fines
while also directing them to submit ATRs on the pending complaints and payment
of fines within 15 days from the date of such notice.

14. In case the listed entity fails to redress the grievances and/or pay fine levied within
15 days from the date of such notice, the concerned DSE shall issue notices to the
promoter(s) of such entities, to ensure submission of ATRs on the pending
complaints and payment of fines by the listed entity within 10 days from the date
of such notice.

135
 15. In case the listed entity fails to comply with the aforesaid requirement and/ or pay
fine levied within the stipulated period as per the notices, the DSE shall forthwith
intimate the depositories to freeze the entire shareholding of the “promoter(s)103 in
such entity as well as all other securities held in the demat account of the
“promoter(s).

16. The depository(ies) shall immediately freeze such demat accounts and also
intimate the promoter(s) about the details of non-compliances resulting in freezing
of their demat accounts.

17. In case listed entity fails to pay the fine or resolve the complaint despite receipt of
the notice as stated above, the DSE may initiate other action as deemed
appropriate.

18. While issuing the aforementioned notices, the DSE shall also send intimation to
other recognized stock exchange(s) where the shares of the non-compliant entity
are listed.

19. Once stock exchange(s) has exhausted all options and if number of pending
complaints exceed 20 or the value involved is more than Rs. 10 lakhs, stock
exchanges shall forward the complaints against such listed companies to SEBI for
further action, if any.

20. Stock exchanges may deviate from the above (Para 11-19), if found necessary, only
after recording reasons in writing.

21. Stock exchanges shall intimate SEBI through SCORES about all actions taken
against the listed company for non-resolution of the complaints and non-payment
of fines.

22. The time-line for handling complaints along with timelines on the actions to be
taken by stock exchanges for non-resolution of investor grievances is provided in
Annexure – 1.

23. Fine shall be computed and levied on a monthly basis during the non-compliance
period.

Vide Circular SEBI/HO/OIAE/IGRD/CIR/P/2020/208 dated 22 October, 2020 “Paras 15, 26, 31 and Point 2c read
103

the words “promoter and promoter group” and “promoter/promoter group” as “promoter(s)”
136
24. Fine amount shall continue to accrue till the date of redressal of grievance /filing of
ATR by the company or till the company is compulsorily delisted, whichever is
earlier.

Action after redressal of investor grievance by the company:

25. Company will be treated as compliant if it has redressed investor’s complaint and
has paid fines (if any) levied.

26. In case the promoters’ shareholding is frozen by the Exchange, an intimation shall
be given to depositories to unfreeze the promoter(s) holdings from the date of such
compliance.

27. If the company has redressed the investor’s complaint but has not paid the accrued
fines, the Exchange shall stop levying further fines. However, the promoters’
shareholdings shall remain frozen till the payment of accrued fines.

28. If the company has not redressed the investor’s complaint but has paid the accrued
fines, the Exchange shall continue to levy the fines and may initiate action as
deemed appropriate.

29. The recognized stock exchanges shall take necessary steps to implement these
provisions. The recognized stock exchanges shall disclose on their website the
action(s) taken against the listed entities for non-compliance(s) with grievances;
amount of fine levied, details regarding the freezing of shares, compliance etc.

30. The above provisions are without prejudice to the power of SEBI to take action
under the securities laws.

31. The recognized stock exchanges are advised to bring these provisions to the notice
of listed entities and the listed entities shall in turn bring the same to the notice of
their promoter(s).

32. The recognized stock exchanges may keep in abeyance the action against any non-
compliant entity or withdraw the action in specific cases where specific exemption
from compliance with the requirements under the Listing Regulations/moratorium
on enforcement proceedings has been provided for under any Act, Court/Tribunal
Orders etc.

33. These provisions shall come into force from September 01, 2020.

137
 Annexure -1

Timelines for handling of complaints and actions in case of non-compliances

Sr Activity No of
No. calendar
days
1. Complaint handling:
a. Complaint received in SCORES by the listed company T
b. Response to be obtained from Listed Company Within
T+30
c. If no response received, alert to Listed company in the form of T+31
reminder for non-redressal of complaint
d. Response to be obtained from Listed Company Within
T+60
2. Action in case of non-compliances:
a. Notice to Listed company intimating the fine @ Rs. 1000/- per T+61
day, per complaint to be levied for not resolving the
complaints within 60 days
b. Notice to Promoters for non-resolution of complaints and non- T+76
payment of fine to the stock exchange.
c. Freezing of promoters shareholdings {i.e. entire shareholding T+86
of the promoter(s) in listed company as well
as all other securities held in the demat account of the
promoter(s) } in demat account.
d. Stock exchanges may take any other actions, as deemed
appropriate.
e. Once Stock exchange has exhausted all options and if number of
pending complaints exceed 20 or the value involved is more
than Rs. 10 lakhs, the Exchange to forward the details of such
Listed companies to SEBI for further action, if any

Annexure -2

Nature of complaints for which these provisions are applicable

1. Non updation of address /Signature or Corrections etc

2. Non-receipt of Bonus
3. Non receipt of Dividend
4. Non receipt duplicate debt securities certificate
5. Non-receipt of duplicate share certificate
6. Non receipt of fractional entitlement
138
7. Non receipt of interest for delay in dividend
8. Non receipt of interest for delay in payment of interest on debt security
9. Non receipt of interest for delay in redemption proceeds of debt security
10. Non receipt of interest for delay in refunds
11. Non receipt of interest on securities
12. Non receipt of redemption amount of debt securities
13. Non receipt of refund in Public/ Rights issue
14. Non receipt of Rights Issue form
15. Non receipt of securities after conversion/ endorsement/ consolidation/ splitting
16. Non receipt of securities after transfer
17. Non receipt of securities in public/ rights issue
18. Non receipt of shares after conversion/ endorsement/ consolidation/splitting
19. Non receipt of shares after transfer
20. Non receipt of shares after transmission
21. Non receipt of shares in public/ rights issue (including allotment letter)
22. Non-receipt of interest for delay in dispatch/credit of securities
23. Receipt of refund/ dividend in physical mode instead of electronic mode
24. Receipt of shares in physical mode instead of electronic mode
25. Demat/Remat
26. Any other nature as may be informed from time to time

However, the stock exchanges shall not handle the following type of complaints and
forward the complaints as directed below:-
Sl. Grievances Pertaining to Process for handling
No. complaints
1. a. Deposits u/s 73 & 74 of Companies Act,2013 Forward the complaint
b. Complaint against Nidhi Companies. to MCA under
c. All matters as delegated under overriding intimation to
powers under Companies Act2013 Complainant.
d. Complaints pertaining to dividend and securities
transferred to IEPF
2. Pension funds Forward the complaint
to Pension Fund
Regulatory and
Development Authority
(PFRDA) under
intimation to
Complainant.

139
 Sl. Grievances Pertaining to Process for handling
No. complaints
3. Monopoly and anti-competitive practices Forward the complaint to
Competition Commission of India
(CCI) under intimation to
Complainant.
4. Chit Funds Request complainant to approach
Registrars of Chit Funds of the
concerned state
5. Insurance Companies Forward the complaint to Insurance
/Brokers/Agents/products and Regulatory and Development
Service Authority of India (IRDAI) under
intimation to Complainant
6. Housing Finance Companies Request complainant to approach
National Housing Bank (NHB)
7. a. Companies where moratorium order Request complainant to approach
is passed against the company in NCLT or the official liquidator
winding up/ insolvency
proceedings.

b. Companies under liquidation and

official liquidator has been appointed

3.18 Automation of Continual Disclosures under Regulation 7(2) of SEBI

(Prohibition of Insider Trading) Regulations, 2015 - System driven
disclosures104

104
Circular No. SEBI/HO/ISD/ISD/CIR/P/2020/168 dated September 09, 2020
140
3.18.1 Vide Gazette Notification No. SEBI/LAD-NRO/GN/2020/23 dated July 17,
2020 Securities and Exchange Board of India (Prohibition of Insider
Trading) Regulations, 2015 (PIT Regulations) have been further amended.

3.18.2 SEBI, vide circular no. CIR/CFD/DCR/17/2015 dated December 01, 2015,
CFD/DCR/CIR/2016/139 dated December 21, 2016 and
SEBI/HO/CFD/DCR1/CIR/P/2018/85 dated May 28, 2018, implemented
the system driven disclosures in phases, under SEBI (Substantial
Acquisition of Shares and Takeovers) Regulations, 2011 and PIT
Regulations.

3.18.3 Pursuant to the amendment of PIT Regulations and discussions held with
the Stock Exchanges and Depositories, the system driven disclosures will be
implemented for member(s) of promoter group and designated person(s) in
addition to the promoter(s) and director(s) of company (hereinafter
collectively referred to as entities) under Regulation 7(2) of PIT
Regulations.

3.18.4 To begin with, the system driven disclosures shall pertain to trading in
equity shares and equity derivative instruments i.e. Futures and Options of
the listed company (wherever applicable) by the entities.

3.18.5 The procedure for implementation of the system driven disclosures is

provided at Annexure-A.

3.18.6 The Depositories and Stock Exchanges to make necessary arrangements

such that the disclosures pertaining to PIT Regulations are disseminated on
the websites of respective stock exchanges with effect from October 01,
2020.

3.18.7 The system would continue to run parallel with the existing system i.e.
entities shall continue to independently comply with the disclosure
obligations under PIT Regulations as applicable to them till March 31, 2021.

141
3.18.8 As currently done, the disclosures generated through the system shall be
displayed separately from the regular disclosures filed with the exchanges.

3.18.9 Stock Exchanges are advised to bring these provisions to the notice of all
listed companies and also disseminate the same on their websites.

ANNEXURE – A

Steps/process required to be taken for implementation:

1. The various formats and timelines for sharing of data shall be standardized,
as agreed upon by the depositories and exchanges.

2. Listed company shall provide the information including PAN number of

Promoter(s) including member(s) of the promoter group, designated
person(s)and director(s) (hereinafter collectively referred to as entities) as
per PIT Regulations to the designated depository (selected in terms of SEBI
circular ref. no. SEBI/HO/CFD/DCR1/CIR/P/2018/85 dated May 28,
2018) in the format and manner prescribed by the Depositories. For PAN
exempt entities, the Investor’s Demat account number(s) shall be specified
by the listed company. The information shall be provided within 10 days
from the date of issue of these provisions.

3. The designated depository shall share the information received from the
listed company with other depository.

4. In case of any subsequent update in the details of the entities, the listed
company shall update the information with the designated depository on
the same day. The designated depository shall share the incremental
changes with the other depository on the day of receipt from the listed
company.

142
5. Based on the PAN of First holder/Demat account number(s), the
depositories shall tag such Demat accounts in their depository systems at
ISIN level.

6. The designated depository shall also share with the stock exchanges,
company-wise details of entities. In case of PAN exempt entity, respective
depository shall share the Demat account number(s) details with the stock
exchanges. Any update (additions or deletions) in this information by listed
company shall be updated by the designated depositories with the stock
exchanges on a daily basis. The information shall be shared via system
interface established between the depositories and stock exchanges.

7. The depositories shall provide the following data pertaining to the tagged
Demat account(s) separately to the stock exchanges on daily basis:

 Details of transactions for pledge/revocation/invocation of shares

and other encumbrances such as NDU etc. of the entities.
 Details of off market transactions of the entities.
 Details of transmission of shares of the entities.
 Details of corporate actions such as ESOPs, Bonus, Rights, etc. of the
entities
 Additionally, details of market transfers in case of PAN Exempt
entities.

8. Based on the PAN information provided by the depositories, on daily basis,

stock exchanges will identify the transactions carried out on their trading
system by the entities in the equities and equity derivative instruments
(wherever applicable) of the listed company/permitted to trade on the
stock exchange(s).

9. Such identified trades shall be shared by the stock exchange with all other
stock exchanges where the company is listed on daily basis.

143
 10. Each stock exchange shall consolidate the information of the transactions
identified by them as well as received from other stock exchanges and the
depositories. On consolidation of the transactions, if the disclosure is
triggered under Regulation 7(2) of PIT Regulations, the stock exchanges
shall disseminate the same on their websites. The transaction(s) carried out
on T day shall be disseminated on T+2 day basis.

11. In case of any discrepancy, the issue shall be resolved by listed company,
stock exchanges and depositories in coordination with one another.

3.19 System-Driven Disclosures (SDD) under SEBI (SAST) Regulations, 2011105

3.19.1 SEBI circulars dated December 01, 2015 and December 21, 2016 pertains to
processes to be followed by Depositories, Exchanges and Registrar &
Share Transfer Agents (“RTAs”) for implementation of SDD.
Subsequently, SEBI vide circular dated September 09, 2020 under
Regulation 7(2) SEBI (PIT) Regulations, 2015 has provided a detailed
procedure for SDD implementation which also requires that the capture of
the PAN of the entities be done from the listed company itself, rather than
through the RTAs as provided in the circular dated December 01, 2015.

3.19.2 In order to align the practices, use of the procedure of capturing the PAN
of the promoters from listed companies as mentioned in para 2,3 & 4 of the
Annexure A of the circular dated September 09, 2020 for SAST disclosures
too.

The referred paras are quoted here for convenience: -

“2. Listed company shall provide the information including PAN number of
Promoter(s) including member(s) of the promoter group, designated person(s) and
director(s) (hereinafter collectively referred to as entities) as per PIT Regulations
to the designated depository (selected in terms of SEBI circular ref. no.
105
Reference: SEBI/CIR/CFD/DCR1/CIR/P/2020/181 dated September 23, 2020
144
 SEBI/HO/CFD/DCR1/CIR/P/2018/85 dated May 28, 2018) in the format and
manner prescribed by the Depositories. For PAN exempt entities, the Investor’s
Demat account number(s) shall be specified by the listed company. The
information shall be provided within 10 days from the date of issue of these
provisions.

3. The designated depository shall share the information received from the listed
company with other depository.

4. In case of any subsequent update in the details of the entities, the listed
company shall update the information with the designated depository on the
same day. The designated depository shall share the incremental changes with
the other depository on the day of receipt from the listed company.”

3.19.3 The other requirements of SEBI circular dated December 01, 2015 on the
subject shall remain in force.

3.20 Streamlining the Process of Public Issue of Equity Shares and

convertibles- implementation of Phase II of Unified Payments Interface
with Application Supported by Blocked Amount106

3.20.1 There are four circulars pertaining to aforesaid subject viz. Circular No.
SEBI/HO/CFD/DIL2/CIR/P/2019/50 dated April 3, 2019, Circular No.
SEBI/HO/CFD/DIL2/CIR/P/2019/76 dated June 28, 2019, Circular No.
SEBI/HO/CFD/DIL2/CIR/P/2019/85 July 26, 2019 and Circular No.
SEBI/HO/CFD/DCR2/CIR/P/2019/133 dated November 08, 2019.

3.20.2 This refers to SEBI circular SEBI/HO/CFD/DIL2/CIR/P/2018/138 dated

November 1, 2018, vide which SEBI had introduced the use of Unified
Payments Interface (UPI) as a payment mechanism with Application

106
Circular No. SEBI/HO/CFD/DIL2/CIR/P/2019/50 dated April 3, 2019, SEBI Circular No.
SEBI/HO/CFD/DIL2/CIR/P/2019/76 dated June 28, 2019, Circular No.
SEBI/HO/CFD/DIL2/CIR/P/2019/85 July 26, 2019 and Circular No.
SEBI/HO/CFD/DCR2/CIR/P/2019/133 dated November 08, 2019
145
 Supported by Blocked Amount (ASBA) for applications in public issues by
retail individual investors through intermediaries (Syndicate members,
Registered Stock Brokers, Registrar and Transfer agent and Depository
Participants), with effect from January 01, 2019. Implementation of the
same was to be carried out in a phased manner to ensure gradual
transition to UPI with ASBA.

3.20.3 Vide SEBI Circular SEBI/HO/CFD/DIL2/CIR/P/2019/76 dated June 28,

2019, Phase II was implemented from July 01, 2019. In Phase II, for
applications by retail individual investors through intermediaries, the
process of physical movement of forms from intermediaries to Self-
Certified Syndicate Banks (SCSBs) for blocking of funds was discontinued
and only the UPI mechanism with existing timeline of T+6 days was
mandated, for a period of 3 months or floating of 5 main board public
issues, whichever is later.

3.20.4 Since then, two big public issues have used the facility of UPI 2.0, wherein
it was seen that the platform has become increasingly acceptable given the
number of applications received in ASBA with UPI as a payment
mechanism. Presently, 47 and 5 self-certified syndicate banks are eligible
to act as issuer banks and sponsor banks in UPI respectively.

3.20.5 National Payments Corporation of India (NPCI) has assessed the situation
with respect to infrastructure at banks and their logistics and suggested
further tweaking of systems, procedures and timelines for various
activities for smoother operations of ASBA with UPI as a payment
mechanism. Similar contraction of timelines is required to be carried out
by the intermediaries in the securities market.

3.20.6 In order to ensure that the transition to UPI in ASBA is smooth for all the
stakeholders, after consultation with various intermediaries and NPCI, the
timeline for implementation of Phase II was extended till March 31, 2020.

146
3.20.7 The revised timelines for the existing T+6 environment are placed at
Annexure 1.

3.20.8 In terms of regulation 23(5) and regulation 271 of SEBI (Issue of Capital
and Disclosure Requirements) Regulations, 2018, these timelines and
processes shall continue to form part of the agreements being signed
between the intermediaries involved in the public issuance process and
lead managers shall continue to coordinate with intermediaries involved
in the said process.

3.20.9 All entities involved in the process are advised to take necessary steps to
ensure compliance.

3.20.10 The modalities and the date for T+3 listing shall be intimated later.

Retention of forms by Intermediaries

3.20.11 Intermediaries shall retain physical application forms submitted by retail

individual investors with UPI as a payment mechanism, for a period of six
months and thereafter forward the same to the issuer/ Registrar to Issue.
However, in case of Electronic forms, “printouts” of such applications
need not be retained or sent to the issuer. Intermediaries shall, at all times,
maintain the electronic records relating to such forms for a minimum
period of three years.

Detailed Timelines of Activities to be adhered in T+6 listing – Phase II

(Annexure 1)

Sr. Details of activities Due Date

No. (working
day*)
1. An investor, intending to subscribe to a public issue,
shall submit a completed bid-cum-application form to
any of the following entities:
147
 i. an SCSB, with whom the bank account to be blocked,
is maintained
ii. a syndicate member (or sub-syndicate member)
iii. a stock broker registered with a recognised stock
exchange (and whose name is mentioned on the website
of the stock exchange as eligible for this activity)
(‘broker’)
iv. a depository participant (‘DP’) (whose name is
mentioned on the website of the stock exchange as
eligible for this activity) Issue
v. a registrar to an issue and share transfer agent (‘RTA’) opening date
(whose name is mentioned on the website of the stock to issue
exchange as eligible for this activity) closing date
(where T is
Retails investors submitting application with any of the
issue closing
entities at (ii) to (v) above (hereinafter referred as
‘Intermediaries’), have to use UPI and shall also their date)
UPI ID in the bid-cum-application form.
2. The aforesaid entities shall, at the time of receipt of
application, give an acknowledgement to investor, by
giving the counter foil or specifying the application
number to the investor, as a proof of having accepted
the application form, in physical or electronic mode,
respectively.

(i) For applications submitted to SCSB: After accepting

the form, SCSB shall capture and upload the relevant
details in the electronic bidding system as specified
by the stock exchange(s) and blocked funds available
in the bank account specified in the form, to the
extent of the application money specified.

(ii) For applications submitted to intermediaries, with

148
 use of UPI for payment:
After accepting the application form, respective
intermediary shall capture and upload the relevant
bid details, including UPI ID, in the electronic
bidding system of stock exchange(s).

Stock exchange(s) shall validate the electronic bid details

with depository’s records for DP ID/Client ID and PAN
Combination, on a real time basis through API
Integration and bring the inconsistencies to the notice of
intermediaries concerned, for rectification and re-
submission within the time specified by stock exchange.
Issue
opening date
Stock exchange(s) shall allow modification of selected
to issue
fields viz. DP ID/Client ID or Pan ID (Either DP
closing date
ID/Client ID or Pan ID can be modified but not BOTH),
(where T is
Bank code and Location code, in the bid details already
issue closing
uploaded.
date)
3. For retail applications submitted to intermediaries, with
use of UPI for payment:
Stock Exchange to share bid details including the UPI ID
with Sponsor Bank on a continuous basis through API
integration, to enable Sponsor Bank to initiate mandate
request on investors for blocking of funds.

Sponsor Bank to initiate request for blocking of funds

through NPCI to investor. Investor to accept mandate
request for blocking of funds, on his / her mobile
application, associated with UPI ID linked bank account.
4. Reconciliation Steps to be done on daily basis (for UPI Issue
Mandates): opening date
to issue
Step 1: Sponsor bank shall do a reconciliation of bid closing date
requests received from exchange(s) and sent to NPCI. (where T is
149
Sponsor bank shall ensure that all the bids received issue closing
from exchange(s) are pushed to NPCI. date) – on
Step 2: NPCI shall ensure that all the bid requests daily basis
received from sponsor bank are pushed to the
corresponding payment system participants of issuer
banks. The issuer banks/sponsor bank shall download
the mandate related UPI settlement files and raw data
files from NPCI portal on daily basis after every
settlement cycle and shall do a three way reconciliation
with Banks UPI switch data, CBS data and the UPI raw
data. NPCI shall coordinate with issuer banks /sponsor
bank on continuous basis.
Step 3:The issuer banks shall process all the incoming
bid requests from NPCI and shall send the response to
NPCI in real time. NPCI shall further facilitate the flow
of these responses to sponsor bank.
Step 4: Sponsor bank shall do a reconciliation of bid
responses received from NPCI and sent to exchange(s).
Sponsor bank shall ensure that all the responses
received from NPCI are sent to the exchange(s) platform
with detailed error code and description, if any.
Step 5: Sponsor bank shall do a final reconciliation of all
bid requests and responses (obtained in Step 1 and Step
4) throughout their lifecycle on daily basis and share the
consolidated report not later than 07:00 PM to Merchant
Banker
Step 6: Merchant Banker shall share the consolidated file
received from sponsor bank with SEBI on daily basis not
later than 09:00 PM as per the format mentioned in
Annexure ‘A’
Step 7: On ‘T’ day, after the closure of issue, Sponsor
Bank shall share the consolidated data to Merchant
Banker not later than 07:00 PM. Merchant Banker shall
share the consolidated data as on ‘T’ day (data obtained

150
 on daily basis in step 6) to SEBI not later than 09:00 PM
as per the format mentioned in Annexure ‘A’

The objective of the reconciliation exercise is to ensure

that every bid entered in the exchange(s) bidding
platform has successfully completed its entire lifecycle
and got its response updated back in the same
exchange(s) bidding platform.

Merchant Banker shall be responsible for the

reconciliation exercise and shall coordinate with NPCI,
Sponsor Bank and Exchange(s) on continuous basis.
Merchant Banker shall be the nodal entity for any issues
arising out of public issuance process.
5. Issue Closes T (Issue
closing date)
6. For retail applications submitted to intermediaries with
use of UPI for payment:

Sponsor Bank may not accept bid details from Stock

Exchanges post 11:00 a.m.

Sponsor Bank to initiate request for blocking of funds of

investor, with confirmation cut off-time of 12:00 p.m.

All pending requests at the cut-off time would lapse.

Applicant to accept mandate request for blocking of

funds prior to cut off-time of 12:00 p.m.

Sponsor Bank to send confirmation of funds blocked

(Final Certificate) to the registrar through stock
exchange not later than 06:00 PM

151
For QIB & NII application submitted to intermediaries:

Intermediaries to forward a schedule as per format

given below along with the application forms to
designated branches of the respective SCSBs for
blocking of funds.

FIELD NO. DETAILS

1. SYMBOL
2. INTERMEDIARY CODE
3. INTERMEDIARY NAME
4. BANK CODE T+1
5. BANK NAME
6. LOCATION CODE
7. APPLICATION NO
8. CATEGORY
9. PAN
10. DP ID
11. CLIENT ID
12. QUANTITY
13. AMOUNT
14. ORDER NO
15. EXCHANGE

(*The character length for each of fields of the schedule

to be forwarded by the intermediaries along with each
application form to the designated branches of the
respective SCSBs for blocking of funds shall be
uniformly prescribed by the stock exchange(s))

Designated branches of SCSBs may not accept schedule

and applications after T+1 day 11:00 AM

SCSBs to begin blocking of funds.

152
 Registrar to give bid file received from stock exchanges
containing the application number and amount to all the
SCSBs who may use this file for validation /
reconciliation at their end.

For all applications submitted to SCSB

The respective SCSB to send confirmation of funds
blocked (Final Certificate) to the registrar not later than
06:00 PM

On ‘T+1’ day, after the closure of modification and

mandate acceptance by applicant, NPCI shall share the
analysis of failures in UPI mandate transactions, duly
classifying them into business declines and technical
declines and further sub-classifying them as per their
error descriptions to sponsor bank not later than 08:00
PM

On ‘T+1’ day, after the closure of modification and

mandate acceptance by applicant, Sponsor Bank shall
share the final consolidated data (Annexure ‘A’) and
the error description analysis report received from
NPCI to Merchant Banker not later than 08:15 PM

Merchant Banker shall share the final consolidated

data as per the format mentioned in Annexure ‘A’ (by
ensuring that point 4 of the ‘detailed timelines of
Activities to be adhered in T+6 listing – Phase II’ is
strictly adhered to) and the error description analysis
report received from sponsor bank to SEBI not later
than 09:00 PM
7. Third party confirmation process to be initiated by T+2
Registrar not later than 09:00 am on T+2. SCSBs and
Issuer Banks to provide confirmation on the third party
153
 applications to the registrar not later than 09:00 pm on
T+2.

Issuer, merchant banker and registrar to submit relevant

documents to the stock exchange(s) except listing
application, allotment details and demat credit and
refund details for the purpose of listing permission.

Registrar shall reconcile the compiled data received

from the stock exchange(s), all SCSBs and Sponsor Bank
(hereinafter referred to as the “reconciled data”).

Registrar shall reject multiple applications determined

as such, based on common PAN.

Registrar to undertake “Technical Rejection” test based

on electronic bid details and prepare list of technical
rejection cases.

Merchant Banker shall submit a report of compliance

with all activities in T+2 to SEBI not later than 10:00
PM.
8. For every bid entered in the exchange(s) bidding Issue
platform, the audit trail shall be maintained by NPCI. opening date
The liability to compensate the investor in case of to ‘T+2’
failed transactions shall be with the concerned entity
(where T is
in the ‘ASBA with UPI as the payment mechanism’
process (Sponsor Bank/ NPCI/ Issuer Banks) at whose issue closing
end the lifecycle of the transaction has come to a halt. date)

NPCI shall share the audit trail of all disputed

transactions/investor complaints to the sponsor
bank/Issuer banks.

Merchant Banker shall obtain the audit trail from

154
 Issuer banks/Sponsor banks for analysis and fixation
of liability.
9. Finalisation of technical rejection and minutes of the T+3
meeting between issuer, lead manager, registrar.

Registrar shall finalise the basis of allotment and submit

it to the designated stock exchange for approval.
Designated Stock Exchange(s) to approve the basis of
allotment.

Registrar to prepare funds transfer schedule based on

approved basis of allotment.

Registrar / Issuer to initiate corporate action to carry out

lock-in for pre-issue capital held in depository system.

Registrar to issue funds transfer instructions to SCSBs.

Registrar to issue funds transfer instructions to Sponsor

Bank in two files, one for debit processing and the other
for unblocking of funds.

Merchant Banker shall submit a report of compliance

with all activities in T+3 to SEBI not later than 09:00
PM.
10. Registrar to receive confirmation for pre-issue capital T+4
lock-in from depositories.

SCSBs and Sponsor Bank to credit the funds in public

issue account of the issuer and confirm the same.

Issuer shall make the allotment.

Registrar / Issuer to initiate corporate action for credit

155
 of shares to successful allottees.

Issuer and registrar to file allotment details with

designated stock exchange(s) and confirm all formalities
are complete except demat credit.

Registrar to send bank-wise data of allottees, amount

due on shares allotted, if any, and balance amount to be
unblocked to SCSBs and Sponsor Bank.

Merchant Banker shall submit a report of compliance

with all activities in T+4 to SEBI not later than 09:00
PM

Sponsor bank, in coordination with NPCI and Issuer

banks, shall share the data points 4 to 8 mentioned in
Annexure ‘B’ with the Registrar.

Registrar shall coordinate with Sponsor Bank/SCSB’s

and submit a comprehensive report on status of
debit/unblock requests of allottees/Non-allottees not
later than 08:00 PM as per the format mentioned in
Annexure ‘B’ to Merchant Banker.

Merchant Banker shall submit a comprehensive report

on status of debit/unblock requests (Annexure ‘B’)
received from the Registrar to SEBI not later than 09:00
PM.
11. Registrar to receive confirmation of demat credit from T+5
depositories.

156
 Issuer and registrar to file confirmation of demat credit,
lock-in and issuance of instructions to unblock ASBA
funds, as applicable, with stock exchange(s).

Issuer to make a listing application to stock exchange(s)

and stock exchange(s) to give listing and trading
permission.

Issuer, merchant banker and registrar to initiate the

process of publishing the allotment advertisement.

Stock exchange(s) to issue commencement of trading

notice.

Merchant Banker shall submit a report of compliance

with all activities in T+5 to SEBI not later than 09:00
PM
12. Issuer, merchant banker and registrar to publish T+6
allotment advertisement before the commencement of
trading, prominently displaying the date of
commencement of trading, in all the newspapers where
issue opening/closing advertisements have appeared
earlier.

Trading commences

Merchant Banker shall identify the non-adherence of

timelines and processes (‘T’ to ‘T+6’ days) mentioned
in ‘detailed timelines of activities to be adhered in T+6
listing – Phase II’ and submit a report to SEBI with a
comprehensive analysis of entities responsible for the
delay and the reasons associated with it.

157
 Merchant Banker should diligently follow all the
activities mentioned in ‘detailed timelines of activities
to be adhered in T+6 listing – Phase II’ on daily basis
from ‘T’ day to ‘T+6’ day.
*Working days will be all trading days of stock exchanges, excluding
Sundays, and bank holidays

Annexure ‘A’

Exchan **Bank ASBA Syndicate ASBA

ge(s) **Online UPI
No of No No of No No of No of No of No
Unique of Unique of Unique Shares Unique of
Applica Shar Applica Shar successf success failed Shar
tions es tions es ul fully Applicat es
Bloc Bloc Applica Blocke ions, if faile
ked ked tions d any d to
get
Bloc
ked
BSE
NSE
Total

** - Data to be obtained by merchant banker from registrar/exchange(s)

Annexure ‘B’

S.No. Data Point Count Date of

Activity

1. Total No of unique Total

applications received Bank ASBA
Online

158
 UPI
2. Total No of Allottees Total
Bank ASBA
Online
UPI
3. Total No of Non-Allottees Total
Bank ASBA
Online
UPI
4. Out of total UPI Allottees (Debit Count :
execution file), How many records were No of
processed successfully? shares:
Amount:
5. Out of total UPI Allottees (Debit Count :
execution file), How many records failed?
No of
shares:

Amount:
6. Out of total UPI Non-Allottees
(Unblocking file), How many records
were successfully unblocked?
7. Out of total UPI Non-Allottees
(Unblocking file), How many records
failed in unblocking?
8. Whether offline revoke is taken up with
issuer banks due to failure of online
unblock system? If yes, Share a separate
list of bank-wise count and application
numbers.

Status of SCSBs on UPI

159
3.20.12 Applications through UPI in IPOs can be made only through the SCSBs /
mobile applications (apps) whose name appears on the SEBI website –
www.sebi.gov.in at the following path:

Home » Intermediaries/Market Infrastructure Institutions » Recognised

Intermediaries » Self Certified Syndicate Banks eligible as Issuer Banks for
UPI

A list of SCSBs and mobile application, as on July 26, 2019, for applying in
public issues using UPI mechanism is provided at Annexure ‘A’. The said
list shall be updated on SEBI website.

An investor shall ensure that when applying in IPO using UPI, the name
of his Bank appears in the list of SCSBs displayed on the SEBI website
which are live on UPI.

Further, he/she shall also ensure that the name of the app and the UPI
handle being used for making the application is also appearing in the
aforesaid list.

3.20.13 An application made using incorrect UPI handle or using a bank account
of an SCSBs or bank which is not mentioned in the aforesaid list is liable to
be rejected.

3.20.14 Investors whose bank is not live on UPI as on July 29, 2019, may use the
other alternate channels available to them viz. submission of application
form with SCSB or using the facility of linked online trading, demat and
bank account (Channel I or II at Para 5.1 of Circular dated November 01,
2018).

3.20.15 Frequently asked questions (FAQs) regarding use of UPI with ASBA in
public issue process can be accessed at the following path on the SEBI
website – www.sebi.gov.in:

160
 Home » FAQs » FAQs on Primary Market Issuances » Use of Unified
Payments Interface (UPI) with ASBA in public issue process

3.20.16 All entities involved in the process are advised to take necessary steps to
ensure compliance with these provisions.

Annexure-A
List of Self Certified Syndicate Banks on UPI 2.0*

Sr. No. SCSBs live on UPI 2.0 Mobile Application UPI Handles
to be used by active
investor
1. Allahabad Bank BHIM @upi
2. Andhra Bank BHIM @upi

3. Axis Bank Ltd BHIM @upi

BHIM AXIS Pay @axisbank
4. Bandhan Bank BHIM @upi
5. Bank of Baroda BHIM @upi
6. Bank of India BHIM @upi
7. Central Bank of India BHIM @upi
8. Canara Bank BHIM @upi
9. Citi Bank N.A BHIM @upi
10. Citi Union Bank BHIM @upi
11. Corporation Bank BHIM @upi
12. DBS Bank India Limited BHIM @upi
13. DCB Bank BHIM @upi
14. Dhanlakshmi Bank Limited BHIM @upi
15. GP Parsik Sahakari Bank BHIM @upi
Limited
16. HDFC Bank Ltd. BHIM @upi
HDFC BANK @hdfcbank
MOBILE BANKING
APP- ANDROID
161
 ONLY
17. HSBC Bank BHIM @upi
HSBC SIMPLY PAY @hsbc
(ANDROID & iOS)

18. ICICI Bank Ltd BHIM @upi

ICICI BANK @icicibank
MOBILE BANKING
APP (iMobile) -
ANDROID ONLY
19. IDBI Bank Ltd. BHIM @upi
20. Indian Overseas Bank BHIM @upi
21. IndusInd Bank BHIM @upi
22. Janata Sahakari Bank Ltd. BHIM @upi
23. Karnataka Bank Limited BHIM @upi
24. Karur Vysya Bank Ltd. BHIM @upi
25. Kotak Mahindra Bank Ltd. BHIM @upi
26. Mehsana Urban Co- BHIM @upi
operative Bank Limited
27. Oriental Bank of Commerce BHIM @upi
28. Punjab National Bank BHIM @upi
29. Punjab & Sind Bank BHIM @upi
30. RBL Bank Limited BHIM @upi
31. Rajkot Nagarik Sahakari BHIM @upi
Bank Ltd
32. South Indian Bank BHIM @upi
33. State Bank of India BHIM @upi
SBI MOBILE @sbi
BANKING APP-
ANDROID ONLY
34. SVC Co-operative Bank Ltd. BHIM @upi
35. Saraswat Co-operative Bank BHIM @upi
Limited

162
 36. The Ahmedabad Mercantile BHIM @upi
Co-Op. Bank Ltd

37. The Catholic Syrian Bank BHIM @upi

Limited
38. The Federal Bank BHIM @upi
39. The Lakshmi Vilas Bank BHIM @upi
Limited
40. The Surat People's Co-op BHIM @upi
Bank Ltd.
41. TJSB Sahakari Bank Ltd BHIM @upi
42. UCO Bank BHIM @upi
43. Union Bank of India BHIM @upi
44. United Bank of India BHIM @upi
45. YES Bank Ltd. BHIM @upi

*As on July 26, 2019

3.21 Standardization of timeline for listing of securities issued on a private

placement basis under107:
i. SEBI (Issue and Listing of Debt Securities) Regulations, 2008 (SEBI
ILDS),
ii. SEBI (Issue and Listing of Non-Convertible Redeemable Preference
Shares) Regulations, 2013 (SEBI NCRPS),
iii. SEBI (Public Offer and Listing of Securitised Debt Instruments and
SecurityReceipts) Regulations, 2008 (SEBI SDI) and
iv. SEBI (Issue and Listing of Municipal Debt Securities) Regulations,
2015 (SEBI ILDM).

3.21.1 SEBI was receiving requests from various market participants for
clarification on the time period within which securities issued on
private placement basis under SEBI ILDS, SEBI NCPRS, SEBI SDI and

107
Reference Circular No. SEBI/HO/DDHS/CIR/P/2020/198 dated October 05, 2020
163
 SEBI ILDM Regulations need to be listed after completion of
allotment.

3.21.2 After discussions and taking feedback from market participants, the
following timelines is stipulated:

Serial Details of Activities Due date

number
1. Closure of issue T day
2. Receipt of funds To be completed by
T+2 trading day
3. Allotment of securities
4. Issuer to make listing To be completed by
application to Stock T+4 Trading day
Exchange(s)
5. Listing permission from Stock
Exchange(s)

3.21.3 Depositories shall activate the ISINs of debt securities issued on

private placement basis only after the Stock Exchange(s) have
accorded approval for listing of such securities.

Further, in order to facilitate re-issuances of new debt securities in an

existing ISIN, Depositories are advised to allot such new debt
securities under a new temporary ISIN which shall be kept frozen.
Upon receipt of listing approval from Stock Exchange(s) for such new
debt securities, the debt securities credited in the new temporary ISIN
shall be debited and the same shall be credited in the pre-existing ISIN
of the existing debt securities, before they become available for
trading.

164
 Stock Exchange(s) are advised to inform the listing approval details to
the Depositories whenever listing permission is given to debt
securities issued on private placement basis.

3.21.4 In case of delay in listing of securities issued on privately placement

basis beyond the timelines specified in para 3.21.2 above, the issuer
shall;

i. pay penal interest of 1% p.a. over the coupon rate for the period of
delay to the investor (i.e. from date of allotment to the date of
listing)
ii. be permitted to utilise the issue proceeds of its subsequent two
privately placed issuances of securities only after receiving final
listing approval from Stock Exchanges.

165
 SECTION-4: Depositories Related

4.1 Online Registration Mechanism and Filing system for Depositories108

i. In order to ease the process of application for recognition /

renewal, reporting and other filings in terms of Securities and
Exchange Board of India (Depositories and Participants) Regulations,
1996 and other circulars issued from time to time, SEBI has introduced
a digital platform for online filings related to Depositories.
ii. All applicants desirous of seeking registration as a Depository in terms
of Regulation 3of the Securities and Exchange Board of
India(Depositories and Participants) Regulations, 1996, shall now submit
their applications online, through SEBI Intermediary Portal at
https://siportal.sebi.gov.in.
iii. The applicants would be required to upload scanned copy of relevant
documents such as any declaration or undertaking or notarised copy
of documents as may be prescribed in Securities and Exchange Board of
India (Depositories and Participants) Regulations1996, and keep hard
copy of the same to be furnished to SEBI whenever required.
iv. Further, all other filings including Annual Financial Statements and
Returns, Monthly Development Report, Rules, Bye-laws, etc., shall also
be submitted online.
v. The aforesaid online registration and filing system for
Depositories is operational. Recognised Depositories are advised to note
the same for immediate compliance.
vi. Link for SEBI Intermediary Portal is also available on SEBI
website –www.sebi.gov.in. In case of any queries and clarifications, users
may refer to the manual provided in the portal or contact the SEBI Portal
helpline on 022-26449364 or may write at [email protected].

4.2 Activity schedule for depositories for T+2 rolling Settlement109

108
Reference Circular SEBI/HO/MRD/DSA/CIR/P/2018/1 dated January 29, 2018
109Reference Circular DCC/FITTC/Cir-19/2003 dated March 4, 2003 and Circular
MRD/DoP/SE/Dep/Cir-18/2005 dated September 2, 2005
166
 i. The activity schedule for T+2 Rolling Settlement is as under:

Sr. Day Time Description of activity

No.

1 T Trade Day
By 1.00 pm Completion of custodial confirmation of
trades to CC/CH. (There is no separate
extended time limit for late confirmations).

2 T+1
By 2.30 pm Completion of process and download
obligation files to brokers/ custodians by
the CC/CH.

By 11.00 am Pay-in of securities and funds.

3 T+2 By 1.30 pm Pay-out of securities and funds.

ii. All Depositories shall adhere to the aforementioned activity schedule to

implement T+2 rolling settlement. DPs shall adhere to the designated
activities within the prescribed time limits as under:

a. DPs shall accept instructions for pay-in of securities from clients in the
physical form atleast upto 4 p.m. and in electronic form atleast upto 6
p.m. on T+1.
b. DPs shall complete execution of pay-in instructions latest by 10:30 a.
m. on T+2.
c. Depositories shall download the processed pay-in files to the Exchange
/ Clearing House / Clearing Corporation latest by 11:00 a.m. on T+2.
d. Pay-out of securities by the Exchange / Clearing House / Clearing
Corporation to the Depositories shall be executed by 1:30 p.m. on T+2.
e. Pay-out of securities shall be completed by the Depositories by 2:00
p.m. on T+2.
167
 iii. All instructions received by the DPs shall have an execution date, which
may be either a current date or a future date. Instructions shall be valid till
the pay-in deadline or till 'end of day' (EOD) of the execution date,
whichever is earlier. DPs shall ensure that the validity period of
instructions is brought to the notice of the client while accepting the
instructions. In case the client account does not have sufficient balance
before pay-in deadline or till EOD, such instructions shall fail.

4.3 Settlement of transactions in case of holidays110

Due to lack of uniformity of holidays and force majeure conditions which

necessitate sudden closure of one or more Stock Exchanges and banks in a
particular state, result in situations where multiple settlements have to be
completed by the Stock Exchanges on the working day immediately
following the day(s) of the closure of the banks. Accordingly, the Stock
Exchanges/Depositories are advised to follow the guidelines and adhere
to the time line.

i. The Stock Exchanges shall clear and settle the trades on a sequential basis
i.e., the pay-in and the pay-out of the first settlement shall be completed
before the commencement of the pay-in and pay-out of the subsequent
settlement/s.
ii. The cash/securities pay out from the first settlement shall be made
available to the member for meeting his pay-in obligations for the
subsequent settlement/s.
iii. Further, in-order to meet his pay-in obligations for the subsequent
settlement, the member may need to move securities from one depository
to another. The Depositories shall, therefore, facilitate the inter-depository
transfers within one hour and before pay-in for the subsequent settlement
begins.
iv. The Stock Exchanges/Depositories shall follow a strict time schedule to
ensure that the settlements are completed on the same day.

110 Reference Circular SEBI/MRD/Policy/AT/Cir- 19/2004 dated April 21, 2004

168
 v. The Clearing Corporation/Clearing House of the Stock Exchanges shall
execute Auto DO facility for all the settlements together, so as to make the
funds and the securities available with the member on the same day for all
the settlements, thereby enabling the availability of the funds/securities at
the client level by the end of the same day.

4.4 Deadline time for accepting non pay-in related instructions111

i. The depositories are advised that any overrun of the time specified for
'spot delivery contract' in the SCRA would result in the contract becoming
illegal under section 16 of the SCRA (unless it is put through the stock
exchange). The DP-BO agreement cannot add anything to or subtract
anything from this position. However, it should be the responsibility of
the DP to ensure that the client's contract is not rendered illegal on
account of delayed execution of the delivery instruction.

ii. Keeping the hardships to change all the existing DP-BO agreements to
enforce the above into consideration, it is advised that suitable bye laws
can be made under section 26(2)(e) and (d) of Depositories Act, 1996 for
imposing such obligation on the DPs. Therefore, it is advised to
amend/insert bye laws which should expressly provide that the DPs shall
execute the non pay-in related instructions on the same day or on the next
day of the instruction. Further, pending such amendment, suitable
instructions may be issued to DPs to adhere to such time limit.

iii. The above clause may be suitably incorporated in the DP-BO agreement
while opening new accounts.

4.5 Approval of amendments to Bye Laws / Rules of Stock Exchanges and

Depositories112

111 Reference: MRD/VSS/ARR/ 12255/2004 dated June 10, 2004

112 Reference Circular LGL/Cir-2/2003 dated February 19, 2003
169
 i. Depositories and exchanges shall submit the following information while
seeking SEBI approval for amendment to Bye Laws/ Rules/ Regulations
and amendments thereto:

a. The objective/purpose of amendments.

b. Whether the amendment is consequential to any directive/circulars/
guidelines from SEBI/ Government and the details thereof.
c. Whether such amendments necessitate any consequential amendments
to any other Bye Laws/ Rules/ Regulations.
d. The proceedings of the Governing Board or Governing Council, as the
case may be, wherein these proposed amendments were approved by
the Exchanges/ Depositories.
e. If documents other than Bye Laws/ Rules/ Regulations are sent for
approval, the justification and need for forwarding the same to SEBI,
indicating whether it forms a part of any Bye Law/ Rule/ Regulation.

ii. Further, all Exchanges shall ensure that requests for dispensation of the
requirement of pre-publication shall be accompanied with proper
justification and indicate how the public interest or interest of trade shall
be served by such dispensation of pre-publication.

4.6 Preservation of Records113

i. Depositories and Depository Participants are required to preserve the

records and documents for a minimum period of 8 years.

ii. Depositories and DPs shall preserve respective original forms of

documents either in physical form or an electronic record, copies of which
have been taken by CBI, Police or any other enforcement agency during
the course of their investigation till the trial is completed.

113Reference
Circular: MRD/DoP/DEP/Cir-20/2009 dated December 9, 2009 and
SEBI/HO/MRD2/DDAP/CIR/P/2020/153 dated August 18, 2020
170
4.7 Facilitating transaction in Mutual Fund schemes through the Stock
Exchange Infrastructure114
4.7.1 Mutual fund distributors are permitted to use recognised stock
exchanges' infrastructure to purchase and redeem mutual fund units
directly from Mutual Fund / Asset Management Companies.
4.7.2 Further, SEBI Registered Investment Advisors (RIAs) are allowed to
use infrastructure of the recognised stock exchanges to purchase and
redeem mutual fund units directly from Mutual Fund/ Asset
Management Companies on behalf of their clients, including direct
plans.
4.7.3 To further increase the reach of this platform, investors are allowed to
directly access infrastructure of the recognised stock exchanges to
purchase and redeem mutual fund units directly from Mutual Fund/
Asset Management Companies.

4.8 Pledge of Shares through depository system115

i. Section 12 of the Depositories Act and Regulation 79 of the SEBI

(Depositories and Participants) Regulations, 2018 along with the relevant
Bye Laws of the Depositories clearly enumerate the manner of creating
pledge. It is felt that there is a need to communicate to the BOs that any
procedure followed other than as specified under the aforesaid provisions
of law shall not be treated as pledge.
ii. In order to clarify the same, the depositories are advised to issue a
communiqué to the DPs advising them to inform BOs about the procedure
for pledging of shares held in demat form as enumerated in the relevant
sections of the Depositories Act and SEBI (Depositories and Participants)
Regulations, 2018. Depositories may also advise DPs that an off-market
transfer of shares leads to change in ownership and cannot be treated as
pledge. Further, this issue may also be taken up in the investor awareness

114
Reference Circulars: Circular no. CIR/MRD/DSA/32/2013 dated October 04, 2013,
CIR/MRD/DSA/33/2014 dated December 09, 2014, Circular no. SEBI/HO/MRD/DSA/CIR/P/2016/113
dated October 19, 2016 and SEBI/HO/MRD1/DSAP/CIR/P/2020/29 dated February 26, 2020
115 Reference: MRD/DoP/MAS – OW/16723/2010 dated August 17, 2010

171
 programs wherein the manner of creation of pledge can be effectively
communicated to the BOs directly.
4.9 Margin obligations to be given by way of Pledge/ Re-pledge in the
Depository System116

4.9.1 There are four circulars pertaining to aforesaid subject viz.

SEBI/HO/MIRSD/DOP/CIR/P/2020/28 dated February 25, 2020,
SEBI/HO/MIRSD/DOP/CIR/P/2020/88 dated May 25, 2020,
SEBI/HO/MIRSD/DOP/CIR/P/2020/90 dated May 29, 2020 and
SEBI/HO/MIRSD/DOP/CIR/P/2020/143 dated July 29, 2020.

4.9.2 Based on consultations with Stock Exchanges, Clearing Corporation,

Depositories including industry representatives of Trading Members
(the “TM”) / Clearing Members (the “CM”) / Depository Participants
(the “DP”) and discussions in Secondary Market Advisory Committee
meeting, a framework was devised that mitigates the risk of
misappropriation or misuse of client’s securities available with the TM
/ CM / DP. The misappropriation or misuse would include use of one
client’s securities to meet the exposure, margin or settlement
obligations of another client or of the TM / CM.

4.9.3 TM / CM shall, inter alia, accept collateral from clients in the form of
securities, only by way of ‘margin pledge’, created in the Depository
system in accordance with Section 12 of the Depositories Act, 1996
read with Regulation 79 of the SEBI (Depositories and Participants)
Regulations, 2018 and the relevant Bye Laws of the Depositories.

4.9.4 Section 12 of the Depositories Act, 1996 read with Regulation 79 of the
SEBI (Depositories and Participants) Regulations, 2018 and the
relevant Bye Laws of the Depositories clearly enumerate the manner of

116 Reference: SEBI/HO/MIRSD/DOP/CIR/P/2020/28 dated February 25, 2020,

SEBI/HO/MIRSD/DOP/CIR/P/2020/88 dated May 25, 2020,
SEBI/HO/MIRSD/DOP/CIR/P/2020/90 dated May 29, 2020 and
SEBI/HO/MIRSD/DOP/CIR/P/2020/143 dated July 29, 2020
172
 creating pledge of the dematerialised securities. Any procedure
followed other than as specified under the aforesaid provisions of law
for creating pledge of the dematerialised securities is prohibited. An
off-market transfer of securities leads to change in ownership and shall
not be treated as pledge.

4.9.5 Transfer of securities to the demat account of the TM / CM for margin

purposes (i.e. title transfer collateral arrangements) shall be prohibited. In
case, a client has given a power of attorney in favour of a TM / CM,
such holding of power of attorney shall not be considered as
equivalent to the collection of margin by the TM / CM in respect of
securities held in the demat account of the client. This provision shall
be applicable from August 01, 2020.

4.9.6 Depositories shall provide a separate pledge type viz. ‘margin pledge’,
for pledging client’s securities as margin to the TM / CM. The TM /
CM shall open a separate demat account for accepting such margin
pledge, which shall be tagged as ‘Client Securities Margin Pledge
Account’.

4.9.7 For the purpose of providing collateral in form of securities as margin,

a client shall pledge securities with TM, and TM shall re-pledge the
same with CM, and CM in turn shall re-pledge the same to Clearing
Corporation (CC). The complete trail of such re-pledge shall be
reflected in the de-mat account of the pledgor.

4.9.8 The TM shall re-pledge securities to the CM’s ‘Client Securities Margin
Pledge Account’ only from the TM’s ‘Client Securities Margin Pledge
Account’. The CM shall create a re-pledge of securities on the
approved list to CC only out of ‘Client Securities Margin Pledge
Account’.

173
4.9.9 In this context, re-pledge would mean endorsement of pledge by TM /
CM in favour of CM/CC, as per procedure laid down by the
Depositories.

4.9.10 The TM and CM shall ensure that the client’s securities re-pledged to
the CC shall be available to give exposure limit to that client only.
Dispute, if any, between the client, TM / CM with respect to pledge,
re-pledge, invocation and release of pledge shall be settled inter-se
amongst client and TM / CM through arbitration as per the bye-laws
of the Depository. CC and Depositories shall not be held liable for the
same.

4.9.11 Securities that are not on the approved list of a CC may be pledged in
favour of the TM / CM. Each TM / CM may have their own list of
acceptable securities that may be accepted as collateral from client.

4.9.12 Funded stocks held by the TM / CM under the margin trading facility
shall be held by the TM / CM only by way of pledge. For this purpose,
the TM / CM shall be required to open a separate demat account
tagged ‘Client Securities under Margin Funding Account’ in which
only funded stocks in respect of margin funding shall be kept/
transferred, and no other transactions shall be permitted. The securities
lying in ‘Client Securities under Margin Funding Account’ shall not be
available for pledge with any other Bank/ NBFC.

4.9.13 The TM / CM shall be required to close all existing demat accounts

tagged as ‘Client Margin/ Collateral’ by August 31, 2020. The TM /
CM shall be required to transfer all client’s securities lying in such
accounts to the respective clients’ demat accounts. Thereafter, TM /
CM are prohibited from holding any client securities in any beneficial
owner accounts of TM/CM, other than specifically tagged accounts as
indicated above, and in pool account(s), unpaid securities account, as
provided in SEBI Circular CIR/HO/MIRSD/DOP/CIR/P/2019/75
dated June 20, 2019.

174
 4.9.14 Clients having arrangements with custodians registered with SEBI for
clearing and settlement of trades shall continue to operate as per the
extant guidelines.

4.9.15 The operational mechanism for margin pledge is provided in

Annexure A. The framework for utilisation of pledged clients’
securities for exposure and margin is provided in Annexure B.

4.9.16 This above norms is applicable for all securities in dematerialised form
and which are given as collateral / margin by the client to TM / CM /
CC by way of pledge and repledge.

4.9.17 The above provisions shall be shall be implemented with effect from
August 01, 2020. Trading member (TM) / Clearing member (CM) shall
endeavor to align their systems and accept client collateral and margin
funded stocks by way of creation of pledge / re-pledge in the
Depository system.

Annexure A
Operational mechanism for margin pledge

INITIATION OF MARGIN PLEDGE

1. For the purpose of providing collateral in form of dematerialised

securities as margin, a client shall initiate the margin pledge only in
favour of the TM / CM’s separate client securities margin account tagged
as ‘Client Securities Margin Pledge Account’ through physical instruction
or electronic instruction mechanism provided by the Depositories. Such
instructions shall have details of client UCC, TM, CM and Default
Segment.

175
2. In cases where a client has given a Power of Attorney (the “POA”) to the
TM / CM, the TM / CM may be allowed to execute the margin pledge on
behalf of such client to the demat account of the TM / CM tagged as
‘Client Securities Margin Pledge Account’.

3. The ‘pledge request form’ shall have a clause regarding express consent
by the client for re-pledge of the securities by the TM to CM and further
by the CM to CC.

4. On receipt of the margin pledge instruction either from the client or by

TM / CM as per the POA, DP of a client shall initiate a margin pledge in
the client’s account and the status of instruction will remain pending till
confirmation is received from client / pledgor. The client will submit
acceptance by way of One Time Password (the “OTP”) confirmation on
mobile number / registered e-mail id of the client or other verifiable
mechanism. Such confirmation shall be required only once from the client
/ pledgor at the time of initial creation of pledge in favour of TM / CM
and subsequent repledging by TM / CM shall not require any further
confirmation from the client / pledgor. The Depositories shall develop a
verifiable mechanism for confirmation of the pledge by the client.

5. In client account, margin pledge or re-pledge shall be reflected against

each security, if it is pledged / re-pledged and in whose favour i.e. TM /
CM / CC.

6. The TM can re-pledge only in favour of CM’s demat account tagged as

‘Client Securities Margin Pledge Account’. The CM shall create a re-
pledge of securities on the approved list only to the CC out of ‘Client
Securities Margin Pledge Account’. While re-pledging the securities to the
CC, CM/TM shall fully disclose the details of the client wise pledge to the
CC/CM. CM would need to have visibility of client level position and
client collateral so that CM shall allow exposure and / or margin credit in
respect of such securities to that client to whom such securities belong.

176
RELEASE OF MARGIN PLEDGE

7. In case of a client creating pledge of the securities in favour of the TM /

CM against margin, the TM / CM may release the ‘margin pledge’ after
their internal exposure and risk management checks. The request for
release of pledge can be made by the client to its DP or to the TM / CM,
who shall release the pledge in the Depository system.

8. For release of client securities given to TM/CM as margin pledge and

which are re-pledged in favour of the CC, the CM shall make a request to
the CC. The client through TM, or the TM on his own, may request the
CM to make an application to the CC for the release of margin pledge. CC
shall do margin utilisation check at the CM level before releasing the re-
pledge of securities to the CM. The CC will release the re-pledged client
securities to CM after blocking other available free collateral of CM. The
CM /TM in turn after doing their risk management shall release the
securities to TM / client, as the case may be.

INVOCATION OF MARGIN PLEDGE

9. In case of default by a client of TM where the clients securities are re-

pledged with the CM/ CC, the invocation request shall be made by the
TM to CM and CM in turn will make request to CC as per the procedure
laid down by the Depositories under their bye-laws.

10. In case of default by a client of TM who has pledged securities with TM,
The TM shall invoke the pledge.

11. In case of default by a client of TM whose securities are re-pledged by TM

with CM, the invocation request shall be made by TM to the CM. The CM,
after doing its internal exposure and risk management, shall release the
re-pledged securities to the ‘Client Securities Margin Pledge Account’ of
the TM. The TM in turn will invoke the pledge of client’s securities.

177
12. In the event of default by a client of a TM, whose securities are re-pledged
by TM with CM and CM in turn has re-pledged with CC, the TM shall
make a request for invocation of pledge with CM and CM in turn shall file
a request with CC to release the re-pledged securities for invocation. The
CC shall block equivalent available free collateral provided by CM and
shall release the re-pledged securities of that defaulting client of TM to
CM in “Client Securities Margin Pledge Account” of CM. The CM shall do
his own risk assessment of TM and would release re-pledged securities of
the defaulting client of TM in “Client Securities Margin Pledge Account”
of TM and TM shall invoke the pledge in Demat account of the client.

13. In case of default by a client/ TM of CM whose securities are re-pledged

with CC, CM shall file a request with CC for invocation of the pledged/
re-pledged securities of that client/TM. CC shall block the equivalent
available free collateral provided by CM and shall release the re-pledged
securities of that defaulting client/TM in “Client Securities Margin Pledge
Account” of CM and the CM shall invoke the pledge in Demat account of
the client/ TM.

14. In case of default by TM or client of TM, CM shall be entitled to invoke

pledged/ re-pledged securities of the TM. CM shall also be entitled to
invoke directly the repledged securities of client of TM having open
position with CM to close out such positions.

15. In case of default by the CM, CC shall invoke securities pledged by the
CM. After exhausting the CM own collateral, CC may also invoke re-
pledge securities of that client who has open position and their re-pledged
securities are blocked by CC to close out their open positions. The re-
pledge securities of other clients who did not have any open position with
CC, their securities shall not be available to CC for invocation to meet
settlement default of the CM.

178
 Annexure B

Framework for utilisation of client’s pledged securities for exposure and

Margin

1. At present, the margin requirement is computed in real time at client level

by the CC and is aggregated at the level of CMs to arrive at the total
margin requirement. The CC maintains and monitor the collateral at the
level of CM. The CM is required to provide the collateral in various
acceptable forms such as Cash, Bank Guarantee, Govt. Securities, pledge
of acceptable shares, etc.

2. The day to day real time risk management with respect to client / TM
exposure, and the margin requirement shall continue to be the
responsibility of the CM, and CC shall not monitor the client level
exposure against the available client level collateral in real time.

3. In order to provide exposure to CM and/or to the clients / TM of a CM,

CC shall aggregate margin requirement at CM level that shall be
compared against the available collateral in real time as aggregate of;

a. cash and cash equivalent deposited by CM,

b. own securities pledged by CM with CC,
c. CC requires minimum 50% of the collateral to be deposited in cash and
cash equivalent, if the total securities pledged by CM with CC exceed
the total cash and cash equivalent, the value of securities will be
restricted to amount of cash and cash equivalent.
d. The TM’s proprietary margin requirement will be treated as a client of
CM and aggregated along with other clients.

4. CM shall be allowed to re-pledge acceptable/approved client securities

with the CC by furnishing the UCC wise client details. CC shall not allow
any exposure to the CM on re-pledged securities of the client / TM. In
case of a trade by a client / TM whose securities are re-pledged with CC,

179
 the CC shall first block the available collateral provided by CM as
mentioned in point 3 above. However, at periodical interval (latest by end
of day), CC shall release the blocked securities collateral of CM to the
extent of re-pledged securities collateral of that client / TM available with
the CC.

5. In the event of default by a client of TM, the TM shall make good the
default to CM. In the event of default by a client or TM on its proprietary
position, the CM shall make good the default to CC. However, in the
event of default by client/s leading to default of TM and also the CM, the
following process shall be applied by TM/CM/CC for invocation of
pledged and re-pledged securities of client/TM/CM:
a. In case of default by a client of TM/CM or default of TM leading to the
default of CM, CC shall:
i. encash the available collateral including cash, cash equivalent
collateral, CM’s own pledged securities.
ii. After encashing the available collateral of CM, also be entitled to
directly invoke the re-pledged securities of client / TM who has any
open position so as to close out the open positions of that client.
iii. not be entitled to invoke re-pledged securities of those clients who
did not have any open position to meet settlement obligation of the
defaulting CM

b. In case of default by a client of TM or default of TM, CM Shall:

i. be entitled to liquidate available cash, cash equivalent collateral and
TM’s own pledged /or re-pledged securities with CM/ CC to meet
settlement/margin obligations of defaulting TM or client(s) of that
TM.
ii. After encashing the available collateral of TM, be entitled to directly
invoke re-pledged securities of the client of defaulting TM who has
open position through CM so as to close out his position.
iii. not be entitled to invoke re-pledged securities of those clients of
defaulting TM who did not have any open position,

180
 iv. ensure that the client securities of TM/ CM re-pledged with the CC
are not utilized for meeting the margin requirement/ settlement
obligation of a TM’s/CM’s own proprietary position or margin
requirement/ settlement obligation of any other client of TM / CM.

4.10 Foreign investments in infrastructure companies in securities markets117

i. Pursuant to Government of India Policy, foreign investments in

infrastructure companies in the securities markets, namely Stock
Exchanges, Depositories and Clearing Corporations shall be as under:

a. Foreign investment shall be allowed in such companies up to 49% with

a separate Foreign Direct Investment (FDI) cap of 26% and Foreign
Institutional Investment (FII) cap of 23%;
b. FDI shall be allowed with specific prior approval of FIPB;
c. FII shall be allowed only through purchases in the secondary market;
d. FII shall not seek and will not get representation on the Board of
Directors;
e. No foreign investor, including persons acting in concert, will hold
more than 5% of the equity in these companies.

ii. The aforesaid limits for foreign investment in respect of recognised Stock
Exchanges shall be subject to 5% shareholding limit as prescribed under
the Securities Contracts (Regulation) (Manner of Increasing and
Maintaining Public Shareholding in Recognised Stock Exchanges)
Regulations, 2006.

4.11 Designated e-mail ID for regulatory communication with SEBI118

Depositories shall create a designated e-mail id for regulatory

communication and inform it to SEBI. This e-mail id shall be exclusive and
shall not be person-centric.

117 Reference Circular MRD/DSA/SE/Dep/Cust/Cir-23/06 dated December 22, 2006

118 Reference Circular MIRSD/DPS- III/Cir-23/08 dated July 25, 2008
181
4.12 Designated e-mail ID for redressal of investor complaints119

i. Depositories and registered DPs shall designate an exclusive e-mail ID for

the grievance redressal division/compliance officer exclusively for
registering investor complaints.

ii. The designated email ID and other relevant details shall be prominently
displayed on the websites and in the various
materials/pamphlets/advertisement campaigns initiated by the
Depositories and DPs for creating investor awareness.

4.13 Redressal of complaints against Stock Exchanges (SEs) and Depositories

through SEBI Complaints Redress System (SCORES).120

i. The complaints received by SEBI against SEs and Depositories shall be

electronically sent through SCORES. Depositories are advised to view the
pending complaints at http://scores.gov.in/admin and submit the Action
Taken Report (ATR) along with supporting documents electronically in
SCORES. Updation of action taken shall not be possible with physical
ATRs. Hence, submission of physical ATR shall not be accepted for
complaints lodged in SCORES.

ii. The SEs and Depositories shall do the following:

a. indicate a contact person in case of SCORES, who is an employee

heading the complaint services division/cell/department. Contact
detail (i.e. phone no., email id, postal address) of the said contact
person be made widely available for e.g. on the websites of
Depositories.

119 Reference Circular MRD/DoP/Dep/SE/Cir-22/06 dated December 18, 2006

120 Reference Circular CIR/MRD/ICC/16/2012 dated June 15, 2012
182
 b. address/redress the complaints within a period of 15 days upon
receipt of complaint through SCORES121. In case additional
information is required from the complainant, the same shall be sought
within 7 days from the receipt of the complaint through SCORES. In
such case, the period of 15 days will be counted upon the receipt of
additional information.

c. maintain a monthly record of the complaints which are not

addressed/redressed within 15 days from the date of receipt of the
complaint/information, alongwith the reason for such pendency.

d. Upload/update the ATR on the SCORES. Failure to do so shall be

considered as non-redressal of the complaint and the complaint shall
be shown as pending.

4.14 Limitation period for filing an arbitration reference122

i. It is decided that the limitation period for filing an arbitration reference

shall be governed by the law of limitation, i.e., The Limitation Act, 1963.
The modified limitation period shall also be applicable to cover inter alia
the following cases:

a. where the limitation period (in terms of Limitation Act 1963) have not
yet elapsed and the parties have not filed for arbitration with the
depository,
OR
b. where the arbitration application was filed but was rejected solely on
the ground of delay in filing within the earlier limitation period; and
the limitation period (in terms of Limitation Act 1963) have not yet
elapsed.

121
Reference Circular SEBI/HO/MIRSD/MIRSD6/CIR/P/2017/20 dated March 10, 2017 –replaced
sentence from “within 7 days of receipt on SCORES” to “within 7 days from the receipt of the complaint
through SCROES”
122 Reference Circular CIR/MRD/DP/4/2011 dated April 7, 2011

183
4.15 Disclosure of investor complaints and arbitration details on Depository
website123

Depositories shall disclose the details of complaints lodged by Beneficiary

Owners (BO’s)/ investors against Depository Participants (DPs) in their
website. The aforesaid disclosure shall also include details pertaining to
arbitration and penal action against the DPs.

The format for the reports for the aforesaid disclosure consists of the
following reports:

i. Report 1A: Complaints received against DPs during 2009-10

ii. Report 1B: Redressal of Complaints received against DPS during 2008-09
iii. Report 1C: Redressal of Complaints received against DPs during 2009-10
iv. Report 2A: Details of Arbitration Proceedings (where Investor is a party)
during 2008-09:
v. Report 2B: Details of Arbitration Proceedings (where Investor is a party)
during 2009-10
vi. Report 3A: Penal Actions against DPs during 2008-09
vii. Report 3B: Penal Actions against DPs during 2009-10
viii. Report 4A: Redressal of Complaints lodged by investors against Listed
Companies during 2008 -09
ix. Report 4B: Redressal of Complaints lodged by investors against Listed
Companies during 2009 -10

123 Reference Circular SEBI/MRD/ OIAE/ Dep/ Cir- 4/2010 dated January 29, 2010
184
 Report 1A: Complaints received against Depository Participants (DPs)# during 2009-10: Updated on mmm dd yyyy (to
be updated weekly) (In excel sheet)

Sl. Details of Complaint Status of Complaint

No. Date of Name of Type of SEBI Ref. Name of Status** Status Date of Name of Date of
Receipt Complainant Complaint* No. (if DP Date## Filing Arbitrator(s) Arbitration
applicable Arbitration Award
1
2
3

185
N
# including against its authorized persons, employees, etc.
## Status date is the date of resolution/reference to arbitration/finding it non-actionable. If under process, it is the date of
updation of this sheet. */** As per Table 1

186
 Report 1B: Redressal of Complaints received against Depository Participants (DPs) during 2008-09: Updated on mmm
dd yyyy (to be updated every quarter) (In excel sheet)

Sl. Nam Status of No. of No. of Of the Complaints received during 2008-09
No e of DP BOs Compl No. of Complaints
. the (active/ina accounts aints Resolved Non Arbitr Pending No. of Decide Decided Pending
DP ctive/ in at the receive through action ation for Arbitrat d by by for
process of beginnin d the able** Advis redressal ion the Arbitrat Redressal
terminatio g of the against Depositor ed with filed by Arbitr ors in with
n year the DP y Depositor BOs ators favour of Arbitrator
/withdraw * y the BOs s
al)
1
2
3

187
N
Total
*including against its authorized persons, employees, etc.
**Non actionable means the complaint that are incomplete / outside the scope of Depository
(Arrange the DPs in descending number of complaints filed against them during the period)

188
 Report 1C: Redressal of Complaints received against Depository Participants (DPs) during 2009-10: Updated on mmm dd yyyy
(to be updated every quarter) (In excel sheet)

Sl. Nam Status of No. of No. of Of the Complaints received during 2008-09
No e of DP BOs Compla No. of Complaints
. the (active/ina account ints Resolved Non Arbitr Pending No. of Decide Decided Pending
DP ctive/ in s at the receive through action ation for Arbitrat d by by for
process of beginni d the able** Advis redressal ion the Arbitrat Redressal
termination ng of against Depositor ed with filed by Arbitr ors in with
/withdraw the year the DP y Depositor BOs ators favour of Arbitrator
al) * y the BOs s
1
2
3

- 189 -
*including against authorized persons, employees, etc.
**Non actionable means the complaint that are incomplete / outside the scope of Depository
(Arrange the DPs in descending number of complaints filed against them during the period)

- 190 -
Report2A: Details of Arbitration Proceedings (where BO is a party) during 2008-09: Updated on mmm dd yyyy (to be updated
every quarter) (In excel sheet)

Sl. Name of No. of No. of Awards in No. of No. of No. of cases pending for redressal at the end
No. Arbitrato Award favor of BOs Awards Awards of period
r s appealed Implemente
Passed d
Filed by Filed by Pending For more For more than
DP BO than 6 3 months, but
months less than 6
months
1
2
3

- 191 -
N
Tota
l

(In case of panel of arbitrators, the cases / awards would appear against every member of the panel)
(Arrange the arbitrators in descending number of awards passed by them during the period)
Report2B: Details of Arbitration Proceedings (where BO is a party) during 2009-10: Updated on mmm dd yyyy (to be updated
every quarter) (In excel sheet)

Sl. Name of No. of No. of No. of No. of No. of cases pending for redressal at the end of
No. Arbitrator Awards Awards in Awards Awards period
Passed favor of BOs appealed Implemented
Filed Filed Pending For more than For more than 3
by by 6 months months, but less
DP BO than 6 months
1
2
3

- 192 -
 N
Total

(In case of panel of arbitrators, the cases / awards would appear against every member of the panel)
(Arrange the arbitrators in descending number of awards passed by them during the period)

- 193 -
Report 3A: Penal Actions against Depository Participants (DPs) during 2008-09: Updated on mmm dd yyyy (to be updated every
quarter) (in excel sheet)

Sl. Name Registration No. of Action against DP, its authorized person and employees together
No. of DP No. Complaints No. of Penal Orders issued Monetary Penalties No. of Arbitration
received levied (Rs. lakh) Awards issued
For complaints For others For For against DP
complaints others
1
2
3

- 194 -
Report 3B: Penal Actions against Depository Participants (DPs) during 2009-10: Updated on mmm dd yyyy (to be updated every
quarter) (in excel sheet)

Sl. Name Registration No. of Action against DP, its authorized person and employees together
No. of DP No. Complaints No. of Penal Orders issued Monetary Penalties No. of Arbitration
received levied (Rs. lakh) Awards issued
For complaints For others For For against DP
complaints others
1
2
3

- 195 -
Report 4A: Redressal of Complaints lodged by investors against Listed Companies during 2008 -09: Updated on mmm dd yyyy
(to be updated every quarter) (In excel format)

Sl. No. Name of the Company No. of Complaints

Received Redressed through Non-Actionable* Pending for Redressal with Depository
Depository
1
2
3

- 196 -
N
Total
*Non actionable means the complaint that are incomplete / outside the scope of Depository
(Arrange the companies in descending number of complaints filed against them during the period)

Report4B: Redressal of Complaints lodged by investors against Listed Companies during 2009 -10: Updated on mmm dd yyyy (to
be updated every quarter) (In excel format)

Sl. No. Name of the Company No. of Complaints

Received Redressed through Non-Actionable* Pending for Redressal with Depository
Depository
1
2
3

- 197 -
N
Total
*Non actionable means the complaints that are incomplete / outside the scope of Depository
(Arrange the companies in descending number of complaints filed against them during the period)

- 198 -
 Table 1 A
Type Details
Type I Account Opening Related
Ia Denial in opening an account
Ib Account opened in another name than as requested
Ic Non receipt of Account Opening Kit
Id Delay in activation/ opening of account
Ie Non Receipt of copy of DP Client Agreement/Schedule A of
Charges

Type II Demat/Remat Related

II a Delay in Dematerialisation request processing
II b Delay in Rematerialisation request processing
II c Delay in/ Non-Receipt of Original certificate after demat
rejection
II d Non Acceptance of demat/remat request

Type III Transaction Statement Related

III a Delay in/ Non-Receipt of Statements from DP
III b Discrepancy in Transaction statement

Type IV Improper Service Related

IV a Insistence on Power of Attorney in its favour
IV b Deactivation/ Freezing/ Suspension related
IV c Defreezing related
IV d Transmission Related
IV e Pledge Related
IV f SMS Related
IV g Non-updation of changes in account (address/
signatories/bank details/ PAN/ Nomination etc.)

Type V Charges Related

Va Wrong/ Excess Charges
Vb Charges paid but not credited
Vc Charges for Opening/closure of Account

Type VI Delivery Instruction Related (DIS )

VI a Non acceptance of DIS for transfer
VI b Delay in/ non Execution of DIS

199
 VI c Delay in Issuance / Reissuance of DIS Booklet

Type VII Closure

VII a Non closure/ delay in closure of account
VII b Closure of a/c without intimation by DP

Type VIII Manipulation/ Unauthorised Action

VIII a Unauthorised Transaction in account
VIII b Manipulation
VIII c Unauthorised changes in account (address/ signatories/bank
details/PAN etc.)

Type IX Company/ RTA related

IX a Action – Cash
IX b Action – Non–Cash
IX c Initial Public Offer/ Follow-on Public Offer Related

Type X Others

** Status
Type Description
I Non actionable

Ia Complaint incomplete
Ib Outside the scope of Depository
Ic Pertains to non-responding company.

II Resolved
III Under Process
IV Referred to Arbitration
V Forwarded to Company/RTA for appropriate action.

4.16 Disclosure of regulatory orders and arbitration awards on Depository

website124

Depositories shall post all their regulatory orders and arbitration awards
issued since April 1, 2007. Further, all regulatory orders and arbitration
awards as and when issued shall be posted on their website immediately.

124 Reference Circular SEBI/MRD/ DP/ 19/2010 dated June 10, 2010

200
4.17 Guideline for websites of depositories125

4.17.1 This is with reference to the policy of website management of depositories.

4.17.2 As a good practice, the guidelines issued by National Informatics Centre

for Indian Government website, which is available at
https://web.guidelines.gov.in/may be adopted by depositories.

4.17.3 Depositories are advised to comply with the aforesaid guidelines for their
website and mobile app.

4.18 Arbitration / Appellate Arbitration fees on the remanded back matter for
fresh arbitration proceedings126

1. It has been observed that in cases remanded by court of law, the stock
exchanges/depositories are directed to undertake arbitration/appellate
arbitration proceedings again. In some cases, the clients/investors are
liable to pay the arbitration fees again, even when the same has been paid
by them for the initial arbitration/appellate arbitration proceedings.

2. It has been decided that in such cases where the arbitration/appellate

arbitration matter has been remanded by the Court to the stock
exchanges/depositories, the arbitration/appellate arbitration fees/deposit
payable by the client shall be borne by such stock exchange/depository.

4.19 Establishment of connectivity by Clearing House / Clearing Corporation

(CH/CC) with the Depository – Clarification127

i. On examination of the provisions of Regulations 35(a) and 45 of the SEBI

(Depositories and Participants) Regulations, 2018, it is advised that
registration of a CC/CH of a stock exchange as a DP with SEBI is not
mandatory and a pre-requisite for it to obtain connectivity with the
depositories. However, if the CC/CH of a stock exchange desires to
function as any other "Depository Participant", i.e. to open BO accounts
for investors or clearing member account, registration as DP with SEBI is

125 SEBI Letter no. MRD/DSA/OW/11447/2/2019 dated May 8, 2019

126
Reference: SEBI letter SEBI/MRD/ICC/OW/P/2018/27066/1 dated September 25, 2018
127 Reference: MRD/DoP/ Dep/82334 /2006 dated December 14, 2006

201
 mandatory.

ii. In view of the above, Depositories are advised to provide continuous

electronic means of communication / connectivity to the CH/CC of the
Exchanges without insisting for a mandatory registration as DP with SEBI
with a condition that such entities would not be permitted to open BO
accounts for investors or clearing member account.

4.20 Computing and monitoring of the Aggregate Value of Portfolio of

Securities (AVPS) of the BOs held in dematerialised form by Stock Broker
DPs

i. For the purpose of computing the AVPS of the beneficial owners held in
dematerialised form under Regulation 35(a)(viii) of SEBI (Depositories
and Participant) Regulations, 2018, the securities held by bank and
financial institutions as well as promoters holdings of a company held in
dematerialised form, may be excluded128.

ii. In view of the potential risk to the system and also to maintain the
integrity of the market, the depositories are advised to develop an
appropriate systemic alert in the depository system, so as to enable the
system to generate and convey automatic alerts to those SBDPs that reach
a pre-determined level of exposure. These alerts would serve as
forewarnings to the SBDPs to the fact that they are approaching their
respective maximum exposure limits. [Note: For this purpose, the
depositories may monitor the value of securities with its SBDPs on an
"end of the day" basis.]129

4.21 Rajiv Gandhi Equity Savings Scheme, 2012 (RGESS)130

i. Vide notification 51/2012 dated November 23, 2012, Department of

Revenue, Ministry of Finance (MoF) has notified the Rajiv Gandhi Equity
Savings Scheme (RGESS), 2012. The notification is available on the website
of Income Tax Department under section “Notifications”.

ii. With regard to implementation of the MoF notification, the following is

clarified:

128 Reference: SMDRP/RKD /NSDL/2494 /98 dated November 18, 1998, SMDRP/CDSL / 18300
/2000 dated November 16, 2000
129 Reference: MRD/DRK/SU/16034/2003 dated August 22, 2003
130 Reference Circular CIR/MRD/DP/32/201 dated December 06, 2012

202
 a. For RGESS eligible close-ended Mutual Funds schemes, advice given
by AMCs to the depository for extinguishment of units of close ended
schemes upon maturity of the scheme shall be considered as settled
through depository mechanism and therefore RGESS compliant.

b. AMCs shall disclose that the concerned RGESS eligible Exchange

Traded Funds and Mutual Fund schemes is in compliance with the
provisions of RGESS guidelines notified by Ministry of Finance vide
notification no. 51/2012 F. No. 142/35/2012-TPL dated November 23,
2012, in Scheme Information Document (SID), in case of new fund
offer, or by way of addendum, in case of existing RGESS eligible
Exchange Traded Funds and Mutual Fund schemes.

c. Section 6(c) of the notification states that the eligible securities brought
into the demat account will automatically be subject to lock-in during
the first year, unless the new investor specifies otherwise and for such
specifications, the new retail investors shall submit a declaration in
Form B indicating that such securities are not to be included within the
above limit of investment. It is clarified that such declaration shall be
submitted by an investor to its Depository Participant within a period
of one month from the date of transaction.

d. For transactions undertaken by investors through their RGESS

designated demat account, Depositories may seek necessary
transactional details from stock exchanges viz. Actual Trade value,
Trading date, Settlement number, etc., for the purpose of enforcing
lock-in and for generating reports mandated vide MoF notification on
RGESS. On receipt of such request from depositories, stock exchanges
shall provide the details to depositories on an immediate basis. It shall
also be ensured that a uniform file structure is used by stock exchanges
and depositories for such intimation of transaction details.

e. With regard to point 3(ix) (a) & (b) of RGESS notification, depositories
may seek confirmation, as applicable, from stock exchanges.

f. With regard to the securities held in the RGESS designated account,

treatment of the corporate actions shall be as given at Annexure A.

iii. Stock exchanges shall furnish list of RGESS eligible stocks / ETFs / MF
schemes on their website. Further, the list shall also be forwarded to the
depositories at monthly intervals and whenever there is any change in the

203
 said list. For this purpose, Mutual Funds / AMCs shall communicate list
of RGESS eligible MF schemes / ETFs to the stock exchanges.

Annexure A

Treatment of corporate actions

(i) Involuntary corporate actions: In case of corporate actions where investors has
no choice in the matter, for example: demerger of companies, etc, the compliance
status of RGESS demat account shall not change.

(ii) Voluntary corporate actions: In case of corporate actions where investors has
the option to exercise his choice and thereby result in debit of securities, for
example: buy-back, etc., the same shall be considered as a sale transaction for the
purpose of the scheme.

Consolidated list of ‘corporate actions’

Sr. Corporate Action Classification (Involuntary or

No. Voluntary)
1 Amalgamation Involuntary
2 Scheme of Arrangement Involuntary
3 Reduction of Capital Involuntary
4 Bonus issue Involuntary
5 Buy Back of Shares Voluntary (Involuntary in case
of court intervention)
6 Stock Split Involuntary
7 Consolidation of Shares Involuntary
8 Conversion of Partly Paid up Involuntary
9 Dividend [Final/ Interim/ Special] Involuntary
10 Exchange of Share Certificate Involuntary
[Name change]
11 Rights Issue Voluntary
12 Conversion (compulsory)* Involuntary
13 Conversion (optionally)* Involuntary
14 Redemption Involuntary (voluntary, if there
is option to continue with
revised terms)
15 Dividend on Mutual Fund Involuntary
16 Redemption of Mutual Fund Involuntary on maturity
(voluntary, if there is option to

204
 shift between different
scheme(s) or on account of exit
option due to change in
fundamental attributes of
scheme)

* Considering any conversion into equities (e.g.: Conversion of warrants into

equities)

End of Annexure A

205
 Annexure B – Illustration of lock-in period in RGESS
I. RGESS lock-in period if investments are brought in at once

Applicable Applicable
financial year financial year
for compliance for compliance
will be 2014-15 will be 2015-16

206
 Annexure B – Illustration of lock-in period in RGESS
I. RGESS lock-in period if investments are brought are in installments

Period of Fixed lock-in Period of Flexible lock-in

Fixed lock-in One year of Flexible Second year of

ends lock-in ends Flexible lock-in ends

March 11, 2013

Third set of Rs. 10,000;
Securities 1 year
RGESS portfolio may
January 15, 2013
change during this period
Second set
of Securities
Rs. 30,000; 1 year 1 months
24days
November 23, 2012
First set of
Securities Rs. 10,000; 1 year 3 months 16 days

March 10, March 10, March 10,

2014 2015 2016

Applicable financial
aaaaa year for
compliance will be 2014-15
Applicable
Applicablefinancial
financialfor
year for
compliance
compliancewill
willbe
be2015-16
2015-16

207
4.22 Principles of Financial Market Infrastructures (PFMIs)131

Background

i. To promote and sustain an efficient and robust global financial infrastructure, the
Committee on Payments and Settlement Systems (CPSS) and the International
Organization of Securities Commissions (IOSCO) published the Principles for financial
market infrastructures1 (PFMIs) on April 2012. They replace the three existing sets of
international standards set out in the Core Principles for Systemically Important
Payment Systems (CPSIPS); the Recommendations for Securities Settlement Systems
(RSSS); and the Recommendations for Central Counterparties (RCCP). CPSS and IOSCO
have strengthened and harmonised these three sets of standards by raising minimum
requirements, providing more detailed guidance and broadening the scope of the
standards to cover new risk-management areas and new types of FMIs.

ii. The PFMIs comprise of 24 principles (Annex 1) for Financial Market Infrastructure to
provide for effective regulation, supervision and oversight of FMIs. They are designed
to ensure that the infrastructure supporting global financial markets is robust and well
placed to withstand financial shocks.

iii. Full, timely and consistent implementation of the PFMIs is fundamental to ensuring the
safety, soundness and efficiency of key FMIs and for supporting the resilience of the
global financial system. In addition, the PFMIs play an important part in the G20's
mandate that all standardized over-the-counter (OTC) derivatives should be centrally
cleared. Global central clearing requirements reinforce the importance of strong
safeguards and consistent oversight of derivatives CCPs in particular.

Financial Market Infrastructure (FMI)

iv. The Principles apply to systematically important financial market infrastructures

entities such as Central Counterparty (CCP), Central Securities Depository (CSD)/
Securities Settlement System (SSS), Payment and Settlement systems, and Trade
Repository (TR) which are responsible for providing clearing, settlement and recording
of monetary and other financial transactions. The principles are international standards
set forth to –
a. Enhance safety and efficiency in payment, clearing, settlement, and recording
arrangements,
b. Reduce systemic risk.

131 Reference Circular SEBI/MRD/DRMNP/26/2013 dated September 04, 2013

208
 c. Foster transparency and financial stability and
d. Promote protection of participants and investors.

v. Financial Market Infrastructure (FMI) are critically important institutions responsible

for providing clearing, settlement and recording of monetary and other financial
transactions. The different categories of FMIs, as identified under PFMIs, are listed
below -

Payment Systems (PSS)

A payment system is a set of instruments, procedures, and rules for the transfer of
funds between or among participants. The system includes the participants and the
entity operating the arrangement. Payment systems are typically based on an
agreement between or among participants and the operator of the arrangement, and the
transfer of funds is effected using an agreed-upon operational infrastructure.

Central Securities Depositories (CSD)

Central securities depository provides securities accounts, central safekeeping services,

and asset services, which may include the administration of corporate actions and
redemptions, and plays an important role in helping to ensure the integrity of securities
issues (that is, ensure that securities are not accidentally or fraudulently created or
destroyed or their details changed). A CSD can hold securities either in physical form
(but immobilised) or in dematerialised form (that is, they exist only as electronic
records). A CSD may maintain the definitive record of legal ownership for a security; in
some cases, however, a separate securities registrar will serve this notary function.

Securities Settlement Systems (SSS)

A securities settlement system enables securities to be transferred and settled by book

entry according to a set of predetermined multilateral rules. Such systems allow
transfers of securities either free of payment or against payment. When transfer is
against payment, many systems provide delivery versus payment (DvP), where
delivery of the security occurs if and only if payment occurs. An SSS may be organised
to provide additional securities clearing and settlement functions, such as the
confirmation of trade and settlement instructions.

Central Counterparties (CCP)

209
 A central counterparty interposes itself between counterparties to contracts traded in
one or more financial markets, becoming the buyer to every seller and the seller to
every buyer and thereby ensuring the performance of open contracts. A CCP becomes
counterparty to trades with market participants through novation, an open-offer
system, or through an analogous legally binding arrangement. CCPs have the potential
to significantly reduce risks to participants through the multilateral netting of trades
and by imposing more effective risk controls on all participants. For example, CCPs
typically require participants to provide collateral (in the form of initial margin and
other financial resources) to cover current and potential future exposures. CCPs may
also mutualise certain risks through devices such as default funds. As a result of their
potential to reduce risks to participants, CCPs also can reduce systemic risk in the
markets they serve.

Trade Repositories (TR)

A trade repository is an entity that maintains a centralised electronic record (database)

of transaction data. TRs have emerged as a new type of FMI and have recently grown in
importance, particularly in the OTC derivatives market. By centralising the collection,
storage, and dissemination of data, a well designed TR that operates with effective risk
controls can serve an important role in enhancing the transparency of transaction
information to relevant authorities and the public, promoting financial stability, and
supporting the detection and prevention of market abuse. An important function of a
TR is to provide information that supports risk reduction, operational efficiency and
effectiveness, and cost savings for both individual entities and the market as a whole.
Such entities may include the principals to a trade, their agents, CCPs, and other service
providers offering complementary services, including central settlement of payment
obligations, electronic novation and affirmation, portfolio compression and
reconciliation, and collateral.

Adoption of Principles of Financial Market Infrastructures

vi. All CPSS and IOSCO members are required to strive to adopt the PFMIs and implement
them in their respective jurisdictions.

vii. SEBI as a member of IOSCO is committed to the adoption and implementation of the
new CPSS-IOSCO standards of PFMIs in its regulatory functions of oversight,
supervision and governance of the key financial market infrastructures under its
purview.

210
viii. Depositories and Clearing Corporations regulated by SEBI are FMIs in terms of the
criteria described above. These systemically important financial infrastructures provide
essential facilities and perform systemically critical functions in the market and shall
hence be required to comply with the principles of financial market infrastructures
specified by CPSS-IOSCO as applicable to them. The list of SEBI regulated FMIs is
provided in Annexure 2.

ix. All FMIs in the securities market shall be monitored and assessed against the PFMIs on
a periodic basis.

Annexure 1

Principles for financial market infrastructures

General Organisation

Principle 1: Legal basis

An FMI should have a well-founded, clear, transparent, and enforceable legal basis for
each material aspect of its activities in all relevant jurisdictions.

Principle 2: Governance

An FMI should have governance arrangements that are clear and transparent, promote
the safety and efficiency of the FMI, and support the stability of the broader financial
system, other relevant public interest considerations, and the objectives of relevant
stakeholders.

Principle 3: Framework for the comprehensive management of risks

An FMI should have a sound risk-management framework for comprehensively

managing legal, credit, liquidity, operational, and other risks. Credit and liquidity risk
management.

Principle 4: Credit risk

An FMI should effectively measure, monitor, and manage its credit exposures to
participants and those arising from its payment, clearing, and settlement processes. An
FMI should maintain sufficient financial resources to cover its credit exposure to each
211
 participant fully with a high degree of confidence. In addition, a CCP that is involved in
activities with a more-complex risk profile or that is systemically important in multiple
jurisdictions should maintain additional financial resources sufficient to cover a wide
range of potential stress scenarios that should include, but not be limited to, the default
of the two participants and their affiliates that would potentially cause the largest
aggregate credit exposure to the CCP in extreme but plausible market conditions. All
other CCPs should maintain additional financial resources sufficient to cover a wide
range of potential stress scenarios that should include, but not be limited to, the default
of the participant and its affiliates that would potentially cause the largest aggregate
credit exposure to the CCP in extreme but plausible market conditions.

Principle 5: Collateral

An FMI that requires collateral to manage its or its participants’ credit exposure should
accept collateral with low credit, liquidity, and market risks. An FMI should also set
and enforce appropriately conservative haircuts and concentration limits.

Principle 6: Margin

A CCP should cover its credit exposures to its participants for all products through an
effective margin system that is risk-based and regularly reviewed.

Principle 7: Liquidity risk

An FMI should effectively measure, monitor, and manage its liquidity risk. An FMI
should maintain sufficient liquid resources in all relevant currencies to effect same- day
and, where appropriate, intraday and multiday settlement of payment obligations with
a high degree of confidence under a wide range of potential stress scenarios that should
include, but not be limited to, the default of the participant and its affiliates that would
generate the largest aggregate liquidity obligation for the FMI in extreme but plausible
market conditions.

Settlement

Principle 8: Settlement finality

An FMI should provide clear and certain final settlement, at a minimum by the end of
the value date. Where necessary or preferable, an FMI should provide final settlement
intraday or in real time.

212
Principle 9: Money settlements

An FMI should conduct its money settlements in central bank money where practical
and available. If central bank money is not used, an FMI should minimise and strictly
control the credit and liquidity risk arising from the use of commercial bank money.

Principle 10: Physical deliveries

An FMI should clearly state its obligations with respect to the delivery of physical
instruments or commodities and should identify, monitor, and manage the risks
associated with such physical deliveries.

Central securities depositories and exchange-of-value settlement systems

Principle 11: Central securities depositories

A CSD should have appropriate rules and procedures to help ensure the integrity of
securities issues and minimise and manage the risks associated with the safekeeping
and transfer of securities. A CSD should maintain securities in an immobilised or
dematerialised form for their transfer by book entry.

Principle 12: Exchange-of-value settlement systems

If an FMI settles transactions that involve the settlement of two linked obligations (for
example, securities or foreign exchange transactions), it should eliminate principal risk
by conditioning the final settlement of one obligation upon the final settlement of the
other.

Default management

Principle 13: Participant-default rules and procedures

An FMI should have effective and clearly defined rules and procedures to manage a
participant default. These rules and procedures should be designed to ensure that the
FMI can take timely action to contain losses and liquidity pressures and continue to
meet its obligations.

Principle 14: Segregation and portability

213
 A CCP should have rules and procedures that enable the segregation and portability of
positions of a participant’s customers and the collateral provided to the CCP with
respect to those positions.

General business and operational risk management

Principle 15: General business risk

An FMI should identify, monitor, and manage its general business risk and hold
sufficient liquid net assets funded by equity to cover potential general business losses so
that it can continue operations and services as a going concern if those losses
materialise. Further, liquid net assets should at all times be sufficient to ensure a
recovery or orderly wind-down of critical operations and services.

Principle 16: Custody and investment risks

An FMI should safeguard its own and its participants’ assets and minimise the risk of
loss on and delay in access to these assets. An FMI’s investments should be in
instruments with minimal credit, market, and liquidity risks.

Principle 17: Operational risk

An FMI should identify the plausible sources of operational risk, both internal and
external, and mitigate their impact through the use of appropriate systems, policies,
procedures, and controls. Systems should be designed to ensure a high degree of
security and operational reliability and should have adequate, scalable capacity.
Business continuity management should aim for timely recovery of operations and
fulfillment of the FMI’s obligations, including in the event of a wide-scale or major
disruption.

Access

Principle 18: Access and participation requirements

An FMI should have objective, risk-based, and publicly disclosed criteria for
participation, which permit fair and open access.

Principle 19: Tiered participation arrangements

214
 An FMI should identify, monitor, and manage the material risks to the FMI arising from
tiered participation arrangements.

Principle 20: FMI links

An FMI that establishes a link with one or more FMIs should identify, monitor, and
manage link-related risks.

Efficiency

Principle 21: Efficiency and effectiveness

An FMI should be efficient and effective in meeting the requirements of its participants
and the markets it serves.

Principle 22: Communication procedures and standards

An FMI should use, or at a minimum accommodate, relevant internationally accepted

communication procedures and standards in order to facilitate efficient payment,
clearing, settlement, and recording.

Transparency

Principle 23: Disclosure of rules, key procedures, and market data

An FMI should have clear and comprehensive rules and procedures and should
provide sufficient information to enable participants to have an accurate understanding
of the risks, fees, and other material costs they incur by participating in the FMI. All
relevant rules and key procedures should be publicly disclosed.

Principle 24: Disclosure of market data by trade repositories

A TR should provide timely and accurate data to relevant authorities and the public in
line with their respective needs.

End of Annexure 1

215
 Annexure 2

1. Clearing Corporations

a. Indian Clearing Corporation Ltd. (ICCL)

b. Metropolitan Clearing Corporation of India Ltd. (MCCIL)
c. National Securities Clearing Corporation Ltd. (NSCCL)

2. Depositories

a. Central Depository Services Ltd. (CDSL)

b. National Securities Depository Ltd (NSDL)

End of Annexure 2

4.23 Annual System Audit132

4.23.1 Based on discussions with Stock Exchanges, Clearing Corporations, Depositories
(hereinafter referred as ‘Market Infrastructure Institutions – MIIs) and
recommendations of Technical Advisory Committee (TAC) of SEBI, a System Audit
Framework has been prescribed to keep pace with the technological advancements
in the securities market.

4.23.2 MIIs are to conduct an Annual System Audit as per the framework enclosed as
Annexure 1 and Terms of Reference (TOR) enclosed as Annexure 2. MIIs are also
required to maintain a list of all the relevant SEBI circulars/ directions/ advices, etc.
pertaining to technology and compliance thereof, as per format enclosed as
Annexure 3 and the same shall be included under the scope of System Audit.

4.23.3 Further, MIIs are required to submit information with regard to exceptional major
Non-Compliances (NCs)/ minor NCs observed in the System Audit as per format
enclosed as Annexure 4 and are required to categorically highlight those

132 Circular No. SEBI/HO/MRD1/ICC1/CIR/P/2020/03 dated January 07, 2020

216
 observations/NCs/suggestions pointed out in the System Audit (current and
previous) which remain open.

4.23.4 The Systems Audit Report including compliance with SEBI circulars/ guidelines
and exceptional observation format along with compliance status of previous year
observations shall be placed before the Governing Board of the MII and then the
report along with the comments of the Management of the MII shall be
communicated to SEBI within a month of completion of audit. Further, along with
the audit report, MIIs are advised to submit a declaration from the MD / CEO
certifying the security and integrity of their IT Systems.

Annexure 1
System Audit Framework

Audit Process
1. For the Annual System Audit, the following broad areas shall be considered in order to
ensure that the audit is comprehensive and effective:

a. The Audit shall be conducted according to the Norms, Terms of Reference (TOR) and
Guidelines issued by SEBI.

b. The Governing Board of the Market Infrastructure Institution (MII) shall appoint the
Auditors based on the prescribed Auditor Selection Norms and TOR.

c. An Auditor can perform a maximum of 3 successive audits. However, such auditor

shall be eligible for re-appointment after a cooling-off period of two years.

d. Further, during the cooling-off period, the incoming auditor may not include:
i. Any firm that has common partner(s) with the outgoing audit firm; and
ii. Any associate / affiliate firm(s) of the outgoing audit firm which are under the same
network of audit firms wherein the term "same network" includes the firms
operating or functioning, hitherto or in future, under the same brand name, trade
name or common control.

e. The number of years an auditor has performed an audit prior to this circular shall also
be considered in order to determine its eligibility in terms of sub-clause c above.

217
f. The scope of the Audit may be broadened to incorporate any new developments that
may arise due to issuance of circulars/ directions/ advice by SEBI from time to time.

g. The period of Audit shall not be for more than 12 months. Further, the Audit shall be
completed within 2 months from the end of the Audit Period.

h. In the Audit report, the Auditor shall include its comments on whether the areas
covered in the Audit are in compliance with the norms/ directions/ advices issued by
SEBI, internal policy of the MII, etc. Further, the report shall also include specific non-
compliances (NCs), observations for minor deviations and suggestions for
improvement. The report shall take previous audit reports into consideration and cover
any open items therein. The auditor should indicate if a follow-on audit is required to
review the status of NCs.

i. For each of the NCs/ observations and suggestions made by the Auditor, specific
corrective action as deemed fit by the MII may be taken. The management of the MII
shall provide its comments on the NCs, observations and suggestions made by the
Auditor, corrective actions taken or proposed to be taken along with time-line for such
corrective action.

j. The Audit report along with the comments of management shall be placed before the
Governing Board of the MII. The Audit report along with Comments of the Governing
Board shall be submitted to SEBI, within 1 month of completion of Audit.

k. The follow-on audit should be completed within one month of the corrective actions
taken by the MII. After the follow-on audit, the MII shall submit a report to SEBI within
1 month from the date of completion of the follow-on audit. The report shall include
updated Issue-Log to indicate the corrective actions taken and specific comments of the
Auditor on the NCs and the corrective actions.

l. If follow-on audit is not required, the MII shall submit an Action Taken Report (ATR) to
the Auditor. After verification of the ATR by the Auditor, the MII shall submit a report
to SEBI within 1 month from the date of completion of verification by the Auditor. The
report shall include updated Issue-Log to indicate the corrective actions taken and
specific comments of the Auditor on the ATR.

m. The overall timeline from the last date of the audit period till completion of final
compliance by MII, including follow-on audit, if any, should not exceed one year. In
exceptional cases, if MII is of the view that compliance with certain observations may

218
 extend beyond a period of one year, then the concerned MII shall seek specific approval
from the Governing Board.

Auditor Selection Norms

2. MII shall ensure compliance with the following norms while appointing System Auditor:

a. The Auditor must have minimum 3 years of demonstrable experience in IT audit of

Securities Industry i.e. Stock Exchanges, Clearing Corporations, Depositories,
intermediaries etc. and/ or Financial Services Sector i.e. Banking, Insurance, Fin-tech.

b. The team performing system audit must have experience in / direct access to
experienced resources in the areas covered under TOR. It is recommended that
resources deployed by the Auditor for the purpose of system audit shall have relevant
industry recognized certifications e.g. CISA (Certified Information Systems Auditor)
from ISACA, CISM (Certified Information Securities Manager) from ISACA, GSNA
(GIAC Systems and Network Auditor), CISSP (Certified Information Systems Security
Professional) from International Information Systems Security Certification Consortium,
commonly known as (ISC).

c. The Auditor shall have experience in working on IT audit/governance/IT service

management frameworks and processes conforming to industry leading practices like
CobIT 5/ ISO 27001 and beyond.

d. The Auditor should have the capability to undertake forensic audit and undertake such
audit as part of Annual System Audit, if required.

e. The Auditor must not have any conflict of interest in conducting fair, objective and
independent audit of the exchange / depository/ clearing corporation. It should not
have been engaged over the last three years in any consulting engagement with any
departments / units of the entity being audited.

f. The Auditor should not have any cases pending against it, which point to its
incompetence and/or unsuitability to perform the audit task.

g. The proposed audit agency must be empanelled with CERT-In.

h. Any other criteria that the MII may deem fit for the purpose of selection of Auditor.

Audit Report Guidelines

219
3. The Audit report should cover each of the major areas mentioned in the TOR and
compliance with SEBI circulars/directions/advices, etc. related to technology. The Auditor
in the Audit Report shall give its views indicating the NCs to the standards or observations
or suggestions. For each section, auditors should also provide qualitative
inputs/suggestions about ways to improve the processes, based upon the best industry
practices.

4. The report should also include tabulated data to show NCs / observations for each of the
major areas in the TOR.

5. Evidences should be specified in the Audit Report while reporting/ closing an issue.

6. A detailed report with regard to the System Audit shall be submitted to SEBI. The report
should include an Executive Summary as per the following format:

Issue Log Description Responsibility

Column
Heading

Major Area Major area/relevant clause in TOR Auditor

against which compliance is being
audited

Description of Describe the findings in sufficient detail, Auditor

Finding/ referencing any accompanying evidence
Observation (e.g. procedure manual, interview notes,
reports etc.)

Reference Reference to the section in detailed Auditor

report – where full background
information about the findings are
available

Process/ Unit Process or unit where the audit is Auditor

conducted and the finding pertains to

220
 Category of Major/Minor Non-compliance, Auditor
Findings Observation, Suggestion etc.

Audited By Which Auditor covered the findings Auditor

Root Cause A detailed analysis on the cause of the Auditee

Analysis Non-compliance

Remediation The action (to be) taken to correct the Auditee

Non-compliance

Target The date by which remedial action must Auditor/Auditee

Completion be/will be completed
Date for
Remedial
Action

Status Status of finding on reporting date Auditor/Auditee

(open/close)

Verified By Auditing personnel (upon verification Auditor

that finding can be closed)

Closing Date Date when finding is verified and can be Auditor

closed

Annexure 2

System Audit Program – Terms of Reference (TOR)

1. IT environment
1.1 Organization details
a. Name
b. Address
221
 c. IT team size (in house- employees)
d. IT team size (vendors)
1.2 IT set up and usage
a. Data Centre, near site and DR site and Regional/ Branch offices (location, owned/
outsourced)
b. System Architecture

2. IT Governance
2.1 Whether IT Governance framework exists to include the following:
a. IT organization structure including roles and responsibilities of key IT personnel;
b. IT governance processes including policy making, implementation and monitoring
to ensure that the governance principles are followed;

2.2 IT policies and procedures

a. Whether the organization has defined and documented IT policy? If yes, is it
approved by the Governing Board (GB)?
b. Is the current System Architecture including infrastructure, network and
application components to show system linkages and dependencies documented?
c. Whether defined and documented Standard Operating Procedures (SOPs) for the
following processes are in place?
i. IT Assets Acquisition

ii. Access Management

iii. Change Management

iv. Backup and Recovery

v. Incident Management

vi. Problem Management

vii. Patch Management

viii. Data Centre Operations

ix. Operating Systems and Database Management

x. Network Management

xi. DR Site Operations

222
 xii. Data Retention and Disposal

3. Business Controls
3.1 General Controls for Data Centre Facilities
a. Application Access – segregation of duties, database and application access etc.
(Approved Policy clearly defining roles and responsibilities of the personnel
handling business operations)
b. Maintenance Access – vendor engineers
c. Physical Access – permissions, logging, exception reporting & alerts
d. Environmental Controls – fire protection, AC monitoring, etc.
e. Fault Resolution Mechanism
f. Folder Sharing and Back Up Controls – safeguard of critical information on local
desktops
g. Incidences of violations in last year and corrective action taken

3.2 Software change control

a. Whether pre-implementation review of application controls (including controls
over change management) was undertaken?
b. Adherence to secure Software Development Life Cycle (SDLC) / Software Testing
Life Cycle (STLC) standards/ methodologies
c. Whether post implementation review of application controls was undertaken?
d. Is the review of processes followed by implementation team to ensure data integrity
post implementation of new application or system?
e. User awareness
f. Processing of new feature request
g. Fault reporting / tracking mechanism & process for resolutions
h. Testing of New releases / Bug-fixes – Testing process (automation level)
i. Version Control – History, Change Management process etc.
j. Development / Test/ Production environment – Segregation
k. New Release in Production – Promotion, Release note approvals
l. Production Issues / disruptions reported during last year, root cause analysis &
corrective actions taken
m. Software Development Stage
n. Software Design to bot ‘crash’ and capacity to work in degraded manner

3.3 Data Communication/ Network Controls

a. Network Administration – Redundancy, Monitoring, breakdown resolution etc.

223
 b. WAN Management – Connectivity provisions for business continuity.
c. Encryption - Router based as well as during transmission
d. Connection Permissions – Restriction on need to have basis
e. Fallback Mechanism – Dial-up connections controls etc.
f. Hardware based Signing Process
g. Incidences of access violations in last year & corrective actions taken

3.4 Security Controls

a. Secured e-mail with other entities like SEBI, other partners
b. Email Archival Implementation

3.5 Access Policy and Controls

a. Defined and documented policies and procedures for managing access to
applications and infrastructure – PDC, DRS, NS, branches (including network,
operating systems and database) and approved by relevant authority
b. Review of access logs
c. Access rights and roles review procedures for all systems
d. Segregation of Duties (SOD) matrix describing key roles
e. Risk acceptance for violation of SOPs and alternate mechanism put in place
f. Privileged access to system and record of logs,
g. Periodic monitoring of access rights for privileged users
h. Authentication mechanisms used for access to systems including use of passwords,
One Time Passwords (OTP), Single Sign on, etc.

3.6 Electronic Document Controls

3.7 General Access Controls

3.8 Performance Audit

a. Comparison of changes in transaction volumes since previous audit
b. Review of systems (hardware, software, network) performance over period
c. Review of the current volumes against the last performance test and against the
current system utilization

3.9 Business Continuity / Disaster Recovery Facilities

a. BCP manual, including Business Impact Analysis (BIA), Risk Assessment and DR
process, Roles and responsibilities of BCP team}
b. Implementation of policies
224
 c. Back-up procedures and recovery mechanism using back-ups.
d. Storage of Back-up (Remote site, DRS etc.)
e. Redundancy – Equipment, Network, Site etc.
f. DRS installation and Drills - Management statement on targeted resumption
capability (in terms of time required & extent of loss of data)
g. Evidence of achieving the set targets during the DRS drills in event of various
disaster scenarios.
h. Debrief / review of any actual event when the DR/BCP was invoked during the
year
i. User awareness and training
j. Is Recovery Time Objective (RTO) /Recovery Process Objective (RPO) during
Business Impact Analysis (BIA) documented?
k. Is annual review of BCP-DR or in case of major change in business/ infrastructure
undertaken?
l. Testing of BCP-DR plan through appropriate strategies including simulations, DR
drills, system recovery, etc.

3.10IT Support & IT Asset Management

a.Utilization Monitoring – including report of prior year utilization
b.Capacity Planning – including projection of business volumes
c.IT (S/W, H/W & N/W) Assets, Licenses & maintenance contracts
d.Comprehensive review of Assets life cycle management (Acquisition,
commissioning, deployment, monitoring, maintenance and de commissioning) and
relevant records related to it.
e. Insurance
f. Disposal – Equipment, media, etc.

4. Entity Specific Software used for or supporting trading/clearing systems / peripheral

systems and critical processes

5. Human Resources Management

5.1 Screening of Employee, Third party vendors / contractors
5.2 Onboarding
5.3 Offboarding
5.4 Consequence Management (Incident / Breach of policies)
5.5 Awareness and Trainings

225
 5.6 Non-Disclosure Agreements (NDAs) and confidentiality agreement

6. IT Vendor Selection and Management

6.1 Identification of eligible vendors
6.2 Dissemination process of Request for Proposal (RFP)
6.3 Definition of criteria of evaluation
6.4 Process of competitive analysis
6.5 Approach for selection
6.6 Escrow arrangement for keeping source code

7. E-Mail system
7.1 Existence of policy for the acceptable use of electronic mail
7.2 Regulations governing file transfer and exchange of messages with external parties
7.3 Rules based on which e-mail addresses are assigned
7.4 Storage, backup and retrieval

8. Redressal of Technological Complaints

9. Any other Item

9.1 Electronic Waste Disposal
9.2 Observations based on previous Audit Report (s)
9.3 Any other specific area that may be informed by SEBI.

Annexure 3

Format for monitoring compliance with SEBI circulars/guidelines/advisories related to

technology

Sl. Date of Subj Technolo Mechan Non Complia Commen Time-

226
 N SEBI ect gical ism put complia nce ts of the line for
o. circular requireme in place nces status Manage taking
/ nts by the with (Open/ ment correctiv
directio specified MIIs SEBI closed) e action
ns/ by SEBI circulars in case of
in brief / open
advice,
guidelin observati
etc.
es ons

Annexure 4

Exception Observation Reporting Format

Note: MIIs are expected to submit following information with regard to exceptional major
non-compliances (NCs) / minor NCs observed in the System Audit. MIIs should also
categorically highlight those observations/NCs/suggestions pointed out in the System
Audit (current and previous) which are not yet complied with.

Name of the MII: ___________________

Name of the System Auditor: _________________

Systems Audit Report Date: _________________

Table 1: For preliminary audit

Au Obser Descr Depa Sta Ris Au Roo Imp Corr Dea Mana Whe
dit vation iptio rtmen tus/ k dit t act ectiv dlin gemen ther
per No. n of t Nat Rat T Cau Ana e e for t simi
iod findi ure ing O se lysi Acti the respo lar
ng of of R Ana s ons corre nse in issu
227
 fin fin cla lysi prop ctive case e
din din us s osed actio of was
g g as e by n accept obse
per audit ance rved
Au or of in
dito associ any
r ated of
risks the
prev
ious
3
Aud
its

Description of relevant Table heads

1. Audit Period– This indicates the period of audit

2. Description of findings/observations – Description of the findings in sufficient details,
referencing any accompanying evidence
3. Status/ Nature of Findings – The category can be specified for example:
a. Non-compliant (Major/Minor)
b. Work in progress
c. Observation
d. Suggestion
4. Risk Rating of finding- A rating has to be given for each of the observations based on
their impact and severity to reflect the risk exposure, as well as the suggested priority for
action

Rating Description
HIGH Represents weakness in control with respect to threat(s) that is
/are sufficiently capable and impacts asset (s) leading to
regulatory non-compliance, significant financial, operational

228
 and reputational loss. These observations need to be addressed
with utmost priority.
MEDIUM Represents weakness in control with respect to threat(s) that is
/are sufficiently capable and impacts asset (s) leading to
exposure in terms of financial, operational and reputational
loss. These observations need to be addressed reasonably
promptly.

LOW Represents weaknesses in control, which in combination with

other weakness can develop into an exposure. Suggested
improvements for situations not immediately/directly
affecting controls.

5. Audit TOR clause – The TOR clause corresponding to this observation

6. Root Cause analysis– A detailed analysis on the cause of the non-conformity.
7. Impact Analysis– An analysis of the likely impact on the operations/ activity of the
organization
8. Corrective Action– The action taken to correct the non-conformity

Table 2: For follow on/ follow up system audit

Prelim Prelim Prelimi Prelim Prelim Curr Curr Revis Deadl Reason
inary inary nary inary inary ent ent ed ine for delay
Audit Audit Observ Status Correct Find Stat Corre for in
Date Period ation ing us ctive the implemen
ive
Numbe Actio Revis tation/
r Action n, if ed complian
as any Corre ce
propos ctive
ed by Actio
Audito n
r

229
 Description of relevant Table heads

1. Preliminary Status – The original finding as per the preliminary System Audit Report
2. Preliminary Corrective Action – The original corrective action as prescribed in the
preliminary system audit report
3. Current Finding – The current finding w.r.t. the issue
4. Current Status – Current Status of the issue viz. compliant, non-compliant, work in
progress (WIP)
5. Revised Corrective Action – The revised corrective action prescribed w.r.t. the Non-
compliant/ WIP issue

4.24 Guidelines for Business Continuity Plan (BCP) and Disaster Recovery (DR) 133and 134
i. The stock exchanges, clearing corporations and depositories(collectively referred as
Market Infrastructure Institutions –MIIs) should have in place BCP and DRS so as to
maintain data and transaction integrity.
ii. Apart from DRS, stock exchanges and clearing corporations should also have a Near
Site (NS) to ensure zero data loss whereas, the depositories should also ensure
zero data loss by adopting a suitable mechanism.
iii. The DRS should preferably be set up in different seismic zones and in case due to
certain reasons such as operational constraints, change of seismic zones, etc.,
minimum distance of 500 kilometer shall be ensured between PDC and DRS so that
both DRS and PDC are not affected by the same disaster
iv. The manpower deployed at DRS / NS should have similar expertise as available at
PDC in terms of knowledge / awareness of various technological and procedural
systems and processes relating to all operations such that DRS / NS can function at
short notice, independently. MIIs should have sufficient number of trained staff at
their DRS so as to have the capability of running live operations from DRS
without involving staff of the primary site.
v. Configuration of DRS / NS with PDC

133 Circular No. CIR/MRD/DMS/12/2012 dated April 13, 2012 and clarification issued vide Circular No.
CIR/MRD/ DMS/17/2012 dated June 22, 2012
134
Reference Circular SEBI/HO/MRD/DMS1/CIR/P/2019/43 dated March 26, 2019 - extant framework re-examined and
modified
230
 a) Hardware, system software, application environment, network and security devices
and associated application environments of DRS / NS and PDC should have one to
one correspondence between them.
b) MIIs should endeavor to develop systems that do not require configuration
changes at the end of trading members/ clearing members/ depository
participants for switchover from the PDC to DRS. Further, MIIs should test such
switchover functionality by conducting unannounced 2 day live trading session from
its DRS. This would help to gauge the state of readiness of various other processes
and procedure relating to business continuity and disaster recovery that may not get
tested in a planned exercise.
c) MIIs should have Recovery Time Objective (RTO) and Recovery Point Objective
(RPO) not more than 4 hours and 30 minutes, respectively.
d) The time taken to define/ establish/ declare a disaster should not be more than 2
hours and the total RTO including the time taken to declare an incident as disaster
should not be more than 4 hours. Further, RTO shall be calculated from the
occurrence of disaster and not from the time an incident is declared a disaster.
e) Solution architecture of PDC and DRS / NS should ensure high availability, fault
tolerance, no single point of failure, zero data loss, and data and transaction
integrity.
f) Any updates made at the PDC should be reflected at DRS / NS immediately (before
end of day) with head room flexibility without compromising any of the
performance metrics.
g) Replication architecture, bandwidth and load consideration between the DRS/ NS
and PDC should be within stipulated RTO and ensure high availability, right sizing,
and no single point of failure.
h) Replication between PDC and NS should be synchronous to ensure zero data loss.
Whereas the one between PDC and DR and between NS and DR may be
asynchronous.
i) Adequate resources (with appropriate training and experience) should be available
at all times to handle operations on a regular basis as well as during disasters.
vi. DR Drills / Testing
a) DR drills should be conducted on quarterly basis. In case of exchanges,
these drills should be closer to real life scenario (trading days) with minimal notice to
DR staff involved.
b) During the drills, the staff based at PDC should not be involved in supporting
231
 operations in any manner.
c) The drill should include running all operations from DRS for at least 1 full trading
day.
d) Before DR drills, the timing diagrams clearly identifying resources at both ends (DRS
as well as PDC) should be in place.
e) The results and observations of these drills should be documented and
placed before the Governing Board of Stock Exchange / Depositories. Subsequently,
the same along with the comments of the Governing Board should be forwarded to
SEBI within a month of the DR drill.
f) The system auditor while covering the BCP - DR as a part of mandated
annual system audit should check the preparedness of the MII to shift its operations
from PDC to DRS unannounced and should also comment on documented results
and
observations of DR drills.
g) Live trading sessions from DR site shall be scheduled for at least two
consecutive days in every six months. Such live trading sessions from the DRS shall
be organized on normal working days (i.e. not on weekends / trading holidays).
The stock exchange/ clearing corporation shall ensure that staff members
working at DRS have the abilities and skills to run live trading session independent
of the PDC staff.
h) Stock exchanges and clearing corporations shall include a scenario of intraday
shifting from PDC to DR during the mock trading sessions in order to
demonstrate its preparedness to meet RTO/RPO as stipulated above.
i) MII should undertake and document Root Cause Analysis (RCA) of their
technical/ system related problems in order to identify the causes and to
prevent reoccurrence of similar problems.
vii. BCP - DR Policy Document
a) Stock exchanges, clearing corporations and depositories, depending upon their line
of business shall decide the definition of ‘Disaster’ which requires them to move
from the PDC to DRS and include the same in the BCP-DR Policy. The above policy
shall be approved by the respective Governing Boards of MIIs.
b) The BCP - DR policy of stock exchanges and depositories should be well
documented covering all areas as mentioned above including disaster escalation
hierarchy.
c) The stock exchanges should specifically address their preparedness in terms of
232
 proper system and infrastructure in case disaster strikes during business hours.
d) Depositories should also demonstrate their preparedness to handle any issue which
may arise due to trading halts in stock exchanges
e) The policy document and subsequent changes / additions / deletions should be
approved by Governing Board of the Stock Exchange / Depositories and thereafter
communicated to SEBI.
f) In case a MII desires to lease its premise at the DRS to other entities including to its
subsidiaries or entities in which it has stake, the MII should ensure that such
arrangements do not compromise confidentiality, integrity, availability, targeted
performance and service levels of the MII’s systems at the DRS. The right of first use
of all the resources at DRS including network resources should be with the MII.
Further, MII should deploy necessary access controls to restrict access (including
physical access) of such entities to its critical systems and networks.
viii. Considering the above, stock exchanges and depositories are advised to submit their
BCP - DR policy to SEBI within 3 months from the date of this circular. Further, they
should also ensure that point 1 (vi) (f) mentioned above is also included in scope of
system audit.
4.25 (Information Technology) IT Governance For Depositories135

i. SEBI constituted the Depository System Review Committee (DSRC) to undertake a

comprehensive review of the Indian depository system. Based on the recommendations
of DSRC, following guidelines are issued to strengthen the information Technology (IT)
governance framework of depositories.

ii. Depositories shall formulate an IT strategy committee at the Board level of depository
to provide insight and advice to the Board in various areas that may include:

a. Developments in IT from a business perspective.

b. The alignment of IT with the business direction.
c. The availability of IT resources to meet strategic objectives.
d. Competitive aspects of IT Investments.
e. Alignment of the IT architecture to the organization needs and its approval.
f. Setting priorities and milestones.

iii. Depositories shall formulate an executive level IT Steering Committee to assist the IT
Strategy Committee in Implementation of IT strategy. The IT steering committee shall

135 Reference: MRD/DMS/03/2014 dated January 21, 2014

233
 comprise of representatives from IT, Human Resources (HR), Legal and various
business functions as felt appropriate.

iv. The Depositories shall formulate an IT strategy document and an Information Security
policy which should be approved by the Board and reviewed annually.

v. The Depositories shall create an Office of Information Security and designate a senior
official as Chief Information Security Officer (CISO) whose work would be to assess,
identify and reduce information technology (IT) risks, respond to incidents, establish
appropriate standards and controls, and direct the establishment and implementation
of policies and procedures.

vi. SEBI has laid down Guidelines for Business Continuity Plan (BCP) and Disaster
Recovery (DR) for stock exchange and depositories vide circular
CIR/MRD/DMS/12/2012 dated April 13, 2012 and CIR/MRD/DMS//17/2012 dated
June 22, 2012. In Addition to the requirements of the aforementioned circulars,
depositories shall designate a senior official as the head of BCP function.

4.26 Guidelines for inspection of Depository Participants (DPs) by Depositories136

i. Depository System Review Committee (DSRC) was constituted by SEBI to undertake a

comprehensive review of the depository system of Indian Securities market.

ii. As a first measure, DSRC has reviewed framework adopted by the depositories with
regard to the inspection of depository participants (DPs). Considering the
recommendations of the committee, it has been decided that depositories shall ensure
the following while inspecting their DPs.

Inspection Areas and Sample Size

iii. For conducting inspection of DPs, depositories shall inspect the areas as mentioned in
Annexure - I. During inspection, depositories shall cover implementation of circulars /
guidelines issued by SEBI and guidelines / operating instructions / directions by
depositories in respect of these areas. In addition, Depositories may include such other
areas as felt appropriate.

iv. For the purpose of determining the size of sample, depositories shall be guided by
'Adaptive Sample Size determination methodology' as mentioned at Annexure - II.

136 Reference Circular SEBI/MRD/DMS/05/2014 dated February 07, 2014

234
 Categorization / Risk Rating of DPs

v. For the purpose of computing total risk score of DPs, depositories shall be guided by
“DP Rating Model / Categorization” as mentioned at Annexure – III.

vi. Depositories should periodically undertake risk - impact analysis for each of the
inspection areas, assign appropriate risk weightage, calculate risk scores for each DPs in
the lines mentioned below.

a. Risk Weightage: Depositories shall assign risk weights for each of inspection areas
after taking into consideration following factors:

1. Operational risks in each of the inspection areas.

2. Category of DPs (such as stock broker DPs, bank DP, etc.)
3. Size of Operation
4. Repetitive violations
5. IT Security and BCP
6. Complaints received and redressed

b. Quantitative Score Calculation: Depositories shall arrive at a Quantitative Risk Score

for each inspection area by multiplying percentage of non-compliance to the sample
size with the corresponding assigned risk weight.

c. Qualitative Score Calculation: Depositories shall arrive at a Qualitative Risk Score

for each qualitative area by multiplying the score assigned by inspection team to DP
with corresponding assigned risk weight.

d. Total DP Risk Score shall be the summation of quantitative and qualitative scores
assigned to the DP.

e. Depositories shall suitably normalize the scales of the qualitative and quantitative
scores in arriving at the Total DP risk score.

vii. Depositories shall categorize their DPs as 'High Risk', 'Medium to High Risk', 'Medium
Risk', and 'Low Risk' DPs based on the percentile of risk score.

DP Risk Rating / Categorization Percentile of Risk Score

235
 High ≥ 80

Medium-High 46-79

Medium 21-45

Low ≤ 20

viii. After arriving at the risk rating / categorization as mentioned above, for subsequent
inspections, depositories shall use the DP risk rating/ categorization to decide on the
frequency of inspection of DPs

ix. Apart from the above, depositories may undertake specific purpose inspections for DPs
which score high in the specific inspection areas as mentioned at Annexure - I.

x. Depositories shall jointly inspect DPs which are registered with both depositories to
have better control over DPs, avoid duplicity of manpower, time and cost and also to
reduce the possibility of regulatory arbitrage, if any. Depositories shall share the risk
rating / categorization of common DPs with each other. For the purpose of determining
sample size and frequency of the joint inspection of such common DPs, the higher risk
categorization assigned by any of the Depository shall prevail.

Annexure –I
List of Inspection Areas

1. Depositories shall inspect the areas mentioned at para 2 below during inspection of DPs
with regards to any
1.1. Circulars / Guidelines issued by SEBI on the areas mentioned below.
1.2. Guidelines / Operating Instructions / Directions from depositories on the areas
mentioned below.

2. In case there are built in system checks at the depository that ensure compliance of any of
the inspection areas / sub –areas with regard to point 1.1 and 1.2 above, the depository
may decide on the including the same during the inspection of DPs

Inspection Areas

A. Account Opening / KYC Documents

236
 A.1. Account Opening forms
A.2. KYC Documents
A.2.1. PAN Verification
A.2.2. In-person verification
A.2.3. Forwarding of Documents to KYC Registration Agency (KRA)
A.3. Proof of Identity (POI)
A.4. Proof of Address
A.5. Correspondence Address
A.6. Authorized Signatories
A.7. Completeness / Validation of data entered into DPM with data
provided in the Account Opening forms
A.8. Minor BO / Joint / HUF accounts
A.9. Account Activation
A.10. PMS Accounts
A.11. Nomination
A.12. Any other area as may be specified by the depository

B. Basic Service Demat Account (BSDA)

B.1. Procedures and Checks pertaining to BSDA
B.2. Any other area as may be specified by the depository

C. Client Data Modification (CDM)

C.1. Procedure for CDM
C.2. Any other area as may be specified by the depository

D. Demat / Remat / Conversion /Reconversion request

D.1. Procedure for receiving/processing requests pertaining to Demat /
Remat / Conversion /Reconversion request
D.2. Procedure for forwarding requests pertaining to Demat / Remat /
Conversion /Reconversion request to RTA / issuer

237
 D.3. Arrangement for Safekeeping of Security / Share Certificates
D.4. Tracking of demat requests
D.5. Rejection of above requests attributable to DPs
D.6. Checks pertaining to processing of Demat / Remat / Conversion /
Reconversion request
D.7. Any other area as may be specified by the depository

E. Delivery Instruction Slip (DIS)

E.1. Issuance of DIS
E.2. Inventory Control of DIS
E.3. First Instruction Slip Booklet
E.4. Requisition Slip
E.5. Procedure for Loose DIS
E.6. Depository specific areas
E.7. Verification of DIS
E.8. Procedure for accepting DIS
E.9. Time Stamping and related Areas
E.10. Accepting DIS by Fax
E.11. Accepting DIS in form of Annexure
E.12. Completeness of DIS
E.13. Accepting DIS in electronic form
E.14. Procedure for Verification of DIS
E.15. Signature Verification
E.16. Corrections / Cancellations to DIS
E.17. Blocking of used / executed / lost / misplaced / Stolen DIS
E.18. Procedure for processing of DIS
E.19. Any other area as may be specified by the depository

F. Transaction

238
 F.1.Checks pertaining to setting up / processing of transactions
F.2.Future dated transactions
F.3.Transfer of all ISINs of BO account having 5 or more ISINs
F.4.Any other area as may be specified by the depository

G. Transaction Statement (TS)

G.1. Validation of TS
G.2. Maintenance of records of TS
G.3. Issuance of TS to BOs
G.4. Any other area as may be specified by the depository

H. Compliance under Prevention of Money Laundering Act, 2002 (PMLA)

H.1. Compliance with PMLA Act, 2002 and SEBI Guidelines on areas such
as Customer due diligence, suspicious transaction monitoring ,
reporting and record keeping
H.2. Appointment of Principal officer as required under PMLA Act,2002
H.3. Mechanism to deal with alerts provided by Depository
H.4. Suspicious Transactions reports to FIU
H.5. Any other area as may be specified by the depository

I. Maintenance of record and documents

I.1. Information regarding place(s) of record keeping
I.2. Outsourcing of record keeping activities
I.3. Any other area as may be specified by the depository

J. Service Centre Opening and closing/ modification of service centers

J.1. Procedure for Opening /Closure of Service centers
J.2. Details of Service centre on Depository website
J.3. Qualified persons at service centers
J.4. Any other area as may be specified by the depository
239
K. Information Technology areas
K.1. Hardware, Software and Network requirements / configurations
K.2. Logical and Physical restrictions / safeguards
K.3. IT Security
K.4. Procedure for alteration of parameters / configurations
K.5. Redundancy
K.6. Any other area as may be specified by the depository

L. Power of Attorney (POA)

L.1. Documents executed
L.2. Maintenance of POA Register
L.3. Clauses of POA
L.4. Registration of BO for SMS Alert facility for POA
L.5. Any other area as may be specified by the depository

M. Inter Depository Transfers (IDT)

M.1. Processing of IDT
M.2. Checks pertaining to IDT
M.3. Any other area as may be specified by the depository

N. Account Transfer
N.1. Procedure followed for account transfer
N.2. Checks pertaining to Account transfer
N.3. Waiver claimed for inter depository transfer
N.4. Any other area as may be specified by the depository

O. Transmission
O.1. Procedure followed for transmission

240
 O.2. Checks pertaining to Transmission
O.3. Waiver Claimed for inter depository transfer
O.4. Any other area as may be specified by the depository

P. Pledge / Unpledge
P.1. Procedure followed for Pledge / Unpledge
P.2. Checks pertaining to Pledge / Unpledge
P.3. Any other area as may be specified by the depository

Q. Freeze / Unfreeze
Q.1. Freeze facility
Q.2. Procedure followed for Freeze
Q.3. Checks pertaining to freeze
Q.4. Any other area as may be specified by the depository

R. Miscellaneous areas
R.1. Investor Grievance
R.2. Forms for various activities
R.3. Execution of any supplementary agreement/ Letter of Confirmation
R.4. Submission of Internal Audit / Concurrent Audit / Net worth
Certificate
R.5. Submission of Annual Financial Statement
R.6. Outsourcing of Activities
R.7. Closure / transfer of Balances
R.8. Submission of Information sought by Depositories specifically through
Circulars / Letters.
R.9. Half Yearly Compliance
R.10. Any other area as may be specified by the depository

S. Status of compliance for deviations / observations noted in last inspection

241
 T. Complaints
T.1. Account Opening
T.2. Demat / Remat
T.3. Transaction Statement
T.4. Improper Service
T.5. Charges
T.6. Delivery Instruction Related ( DIS )
T.7. Closure
T.8. Manipulation / Unauthorized Action
T.9. Monthly report for client complaints
T.10. Other Complaints
Annexure –II

Adaptive Sample Size Determination methodology

1. Sample Size for inspection area of 'Account Opening'

 The sample selection for account opening shall cover all categories of clients such as
individuals, HUF, Corporate, FIIs etc.
 Base sample size: 5% of Account Opening Forms (AOFs) or 150 AOFs whichever is
higher, with a maximum cap of 1000 accounts.
 Final Sample Size: The final sample size shall also be dependent on past rating /
categorization of DP. The following multipliers shall be used to determine the final
sample size for the current inspection. In case the total number of instances / cases is
less than the final sample size, then 100% of the samples shall be verified.
DP Rating / Categorization Multiplier
High risk 3
Medium High risk 2
Medium risk 1.5
Low risk 1

242
  The selected sample shall maintain the proportion of new accounts opened in each
category, except for Account Opening Forms (AOF) relating to FIIs where it shall be
checked on a 100% basis.

2. Sample Size for inspection area relating to DIS

 Base sample size: 10% of total DIS processed or 200 processed DIS whichever is higher,
with a maximum cap of 1000 DIS.
 Final Sample Size: The sample size shall also be dependent on rating / categorization of
DP. The following multipliers shall be used to determine the final sample size for the
current inspection. In case the total number of instances / cases is less than the final
sample size, then 100% of the samples shall be verified.
DP Rating / Categorization Multiplier
High risk 3
Medium High risk 2
Medium risk 1.5
Low risk 1

 Out of total intra depository instructions to be verified, the percentage of on and off
market instructions would be in the ratio of 1/3 and 2/3.
 DIS issuance sample size shall be 5% of the total samples verified for DIS.

3. Sample Sizes for inspection areas of 'Demat / Remat request' and 'Pledge / Unpledge'

 5% of Demat / Remat request processed or 100 requests whichever is higher with a

maximum cap of 500 such requests.
 5% of Pledge / Unpledge request processed or 100 requests whichever is higher with a
maximum cap of 500 such requests.

4. Sample Size for inspection area of 'Client Data Modification', 'Miscellaneous areas' and
'Other depository specific requirements'

 Base Sample Size

o Address change = 50
 Samples from Urban, Semi Urban and Rural Areas shall be equally represented if
available.

243
 o Nomination Change = 25
o Signature change = 100
o Addition / Deletion / Modification of POA = 100
o Freeze / Unfreeze = 50
o Bank Details Change = 100
o PAN modification = 100
o Account closure initiated by clients = 25
o Closure initiated by DPs = 25
o Demat rejection = 30
o Transactions = 25
o Change in e-mail Id = 25
o Change in mobile number = 25
o Change in SMS flag = 50
o Change in standing instruction flag = 50
o Transmission = 50% of total transmission cases
o Previous compliance = 100% of total samples
o Final sample size shall be arrived at after multiplying with the respective multiplier
corresponding to the DP Risk rating / categorization as given below. In case the
total number of instances / cases is less than the final sample size, then 100% of the
samples shall be verified.

DP Rating/ Categorisation Multiplier

High risk 3
Medium High risk 2
Medium risk 1.5
Low risk 1

5. Other Aspects
 A uniform Base sample size of 100 shall be adopted in case of all other activities. In case
the total number of samples is less than 100, then 100% of the samples shall be verified.

244
 Annexure-III
DP Rating / Categorization Model

I. Quantitative Score Calculation: Specific weights shall be assigned to each area as

decided by each depository. The Total Quantitative Score shall be the summation of all
individual inspection scores.

Table: Indicative Table for calculation of Quantitative Score

Sr No Inspection Areas Weight B = No of Inspection
(A) Instances Score
divided by
Sample size IS = A*B
A. Inspection Area 1
A.1. Inspection Sub Area A 1
A.2. Inspection Sub Area 2
Total Score for Inspection Area 1
B. Inspection Area 2
B.1. Inspection Sub Area B 1
B.2. Inspection Sub Area B 2
B.3. Inspection Sub Area B 3
Total Score for Inspection Area 2

Depositories shall include all inspection areas and sub areas, as per Annexure –I (List of
Inspection Areas) of this circular, in the above model to arrive at the Quantitative Score
for a DP.

Table: Indicative Table for calculation of Quantitative Score for Complaints Received
Sr No Type and Nature of Weight (Number of Inspection
Complaint (A) Complaints Score
redressed) /
Number of IS = A*B
Complaints
received)
T Complaints
T.1 Complaint Sub Area 1

245
 Sr No Type and Nature of Weight (Number of Inspection
Complaint (A) Complaints Score
redressed) /
Number of IS = A*B
Complaints
received)
T.2 Complaint Sub Area 2
Total Score for Complaints

Quantitative Score = Σ (Scores of Inspection Areas including Total score for Complaints)

II. Qualitative Score Calculation: Specific weights shall be assigned to each area as
decided by depository. The Total Qualitative Score shall be the summation of all area
scores.

Point on the scale

Area
of 1 to 10.
Sr. Weight score
Qualitative Factors [10 being the
No (A) =(A) *
Worst]
(B)
(B)
1 Ownership and Governance
2 IT security and Business Continuity
3 Regulatory / procedural Compliance
Automation of systems and processes for critical
4
activities
5 Quality of Management
6 Financial Status / profitability of DPs
Pending enquires / Penalties imposed by SEBI /
7
Depositories on DP operations
8 Complaints redressal
Adverse findings of other activities (eg. Broking
9
/ custodian / banks etc)
Total Qualitative Score = Σ (Area Scores)

Following indicative factors shall be taken into account for arriving at above mentioned
qualitative score:
246
(a) Ownership and Governance
1. Constitution of Board of DP – Number of promoter directors, Independent Directors
etc.
2. Role of non-executive directors / Independent directors.

(b) Quality of Management

1. Experience, Fit and Proper and Qualification of Key Personnel.
2. Existence of Succession planning for top management especially in control
functions.
3. Chinese walls between the activities in terms of manpower, resources etc.
4. Training and development of employees.
5. Adequacy of staff strength.
6. Compliance level of previous inspection observations/ directions of regulatory
bodies

(c) IT security and Business Continuity

1. High Availability.
2. Appropriate Interconnected Architecture.
3. Appropriate Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
and near “Zero Data Loss”.
4. Periodic drills that simulate the real life disaster scenarios on a regular basis.
5. Technological glitches in the past period and remedies taken.
6. Information security.
7. Upgradation of technology

(d) Financial Status / profitability of DPs

1. The net-worth of the DPs (whether reducing or increasing from previous years)
2. Net Profits of DPs operations.

(e) Complaints redressal

1. Complaint redressal system
2. Percentage of complaints pending and resolved.

247
 (f) Other adverse findings
1. Actions taken by Stock exchange and SEBI / RBI with respect to other activities
2. Actions taken by other depository.

III. Total Score = Qualitative Score + Quantitative Score

4.27 Activity of Demat of warehouse receipts137

The aforesaid activity is not in compliance with Regulation 42 of SEBI (D&P)

Regulations, 2018 and therefore depositories cannot carry out this activity. Depositories
are therefore advised to take suitable steps in this regard, either to hive-off or to
discontinue the activity.

4.28 Voting rights in respect of securities held in pool account138

It was informed that the corporate benefits availed by the clearing member, clearing
corporation and intermediaries shall be held in trust on behalf of beneficiary owners.
Therefore, the clearing member, clearing corporation as well as the intermediaries
cannot have voting rights in respect of securities held in the pool account.

4.29 Risk Management Policy at the Depositories139

i. The depositories are advised to establish a clear, comprehensive and well documented
risk management framework which shall include the following:
a) an integrated and comprehensive view of risks to the depository including those
emanating from participants, participants' clients and third parties to whom
activities are outsourced etc.;
b) list out all relevant risks, including technological, legal, operational, custody and
general business risks and the ways and means to address the same;
c) the systems, policies and procedures to identify, assess, monitor and manage the
risks that arise in or are borne by the depository;
d) the depository's risk-tolerance policy;

137 Reference: MRD/DP/SG-OW/202/2012 and MRD/DP/SG-OW/203/2012 dated January 4, 2012

138 Reference: SMDRP/NSDL/26563/2001 dated April 10, 2001
139 Reference: CIR/MRD/DP/1/2015 dated January 12, 2015

248
 e) responsibilities and accountability for risk decisions and decision making process
in crises and emergencies.

ii. The Depositories shall put in place mechanism to implement the Risk Management
Framework through a Risk Management Committee which shall be headed by a
Public Interest Director140. The responsibilities of the said Committee shall include the
following:
a) It shall meet periodically in order to continuously identify, evaluate and assess
applicable risks in depository system through various sources such as investors
complaints, inspections, system audit etc.;
b) It shall suggest measures to mitigate risk wherever applicable;
c) It shall monitor and assess the adequacy and effectiveness of the risk management
framework and the system of internal control;
d) It shall review and update the risk management framework periodically.

The Board of the depository shall approve the Risk Management Framework and the Chief
Risk Officer shall have access to the Board. The CRO shall be responsible, accountable and
answerable to the board on overall risk management issues.

4.30 Outsourcing by Depositories141

Based on recommendations by DSRC, the depositories are advised to ensure the

following:
i. Depositories shall formulate and document an outsourcing policy duly approved by
their Board based on the guidelines given below and the principles outlined in the
SEBI circular CIR/MIRSD/24/2011 dated December 15, 2011.

Core activities of Depositories

ii. Core and critical activities of depositories shall not be outsourced. The core activities
of the depositories shall include but not limited to the following:
a) Processing of the applications for admission of Depository Participants (DPs),
Issuers and Registrar & Transfer Agents (RTAs).
b) Facilitating Issuers/RTAs to execute Corporate Actions.

140
Reference: SEBI/HO/MRD/DOP2DSA2/CIR/P/2019/13 dated January 10, 2019
141 Reference: CIR/MRD/DP/19/2015 dated December 09, 2015
249
 c) Allotting ISINs for securities.
d) Maintenance and safekeeping of Beneficial Owner’s data.
e) Execution of settlement and other incidental activities for pay-in/ pay-out of
securities.
f) Execution of transfer of securities and other transactions like pledge, freeze, etc.
g) Provision of internet based facilities for access to demat accounts and submitting
delivery instructions.
h) Ensuring continuous connectivity to DPs, RTAs, Clearing Corporations and
other Depository.
i) Monitoring and redressal of investor grievances.
j) Inspection of DPs and RTAs.
k) Surveillance Functions.
l) Compliance Functions.

iii. Core IT (Information Technology) support infrastructure / activities for running the
core activities of depositories shall not be outsourced to the extent possible.

Due Diligence
iv. The depositories shall conduct appropriate due diligence in selecting the third party
to whom activity is proposed to be outsourced and ensure that only reputed entities
having proven high delivery standards are selected.

Risk Management & Monitoring

v. Depositories shall ensure that outsourced activities are further outsourced
downstream only with the prior consent of the depository and with appropriate
safeguards including proper legal documentation/ agreement.

vi. Depositories shall ensure that risk impact analysis is undertaken before outsourcing
any activity and appropriate risk mitigation measures like back up/ restoration
system are in place.

vii. An effective monitoring of the entities selected for outsourcing shall be done to
ensure that there is check on the activities of outsourced entity. Depositories shall
strive to automate their processes and workflows to the extent possible which shall
enable real time monitoring of outsourced activities.

250
 Audit
viii. The outsourcing policy document shall act as a reference for audit of the outsourced
activities. Audit of implementation of risk assessment and mitigation measures
listed in the outsourcing policy document and outsourcing agreement/ service level
agreements pertaining to IT systems shall be part of System Audit of Depositories.

4.31 Cyber Security and Cyber Resilience framework of Depositories142

i. SEBI as a member of IOSCO has adopted the Principles for Financial Market
Infrastructures (PFMIs) laid down by CPMI-IOSCO and has issued guidance for
implementation of the principles in the securities market.
ii. Principle 17 of PFMI that relates to management and mitigation of ‘Operational risk’
requires that systemically important market infrastructures institutions “should
identify the plausible sources of operational risk, both internal and external, and mitigate
their impact through the use of appropriate systems, policies, procedures, and controls.
Systems should be designed to ensure a high degree of security and operational reliability and
should have adequate, scalable capacity. Business continuity management should aim for
timely recovery of operations and fulfilment of the FMI’s obligations, including in the event
of a wide-scale or major disruption.”

iii. Depositories (hereafter referred as Market Infrastructure Institutions or MIIs) are

systemically important market infrastructure institutions. As part of the operational
risk management, these MIIs need to have robust cyber security framework to
provide essential facilities and perform systemically critical functions relating to
trading, clearing and settlement in securities market.

iv. In view of the above, SEBI along with the Technical Advisory Committee (TAC)
engaged in detailed discussions with MIIs to develop necessary guidance in the area
of cyber security and cyber resilience.
v. Based on the consultations and recommendations of Technical Advisory Committee
TAC, it has been decided to lay down the framework placed at Annexure below that
MIIs would be required to comply with regard to cyber security and cyber
resilience.

142 Reference: Circular CIR/MRD/DP/13/2015 dated July 06, 2015

251
 Annexure

1. Cyberattacks and threats attempt to compromise the Confidentiality, Integrity and

Availability (CIA) of the computer systems, networks and databases. 143 Cyber security
framework include measures, tools and processes that are intended to prevent cyberattacks
and improve cyber resilience. Cyber Resilience is an organisation’s ability to prepare and
respond to a cyber attack and to continue operation during, and recover from, a cyber attack.

Governance

2. As part of the operational risk management framework to manage risk to systems,

networks and databases from cyber attacks and threats, MII should formulate a
comprehensive cyber security and cyber resilience policy document encompassing the
framework mentioned hereunder. The policy document should be approved by the Board, and
in case of deviations from the suggested framework, reasons for such deviations should also
be provided in the policy document. The policy document should be reviewed by the MII’s
Board atleast annually with the view to strengthen and improve its cyber security and cyber
resilience framework.

3. The cyber security and cyber resilience policy should include the following process to
identify, assess, and manage cyber security risk associated with processes, information,
networks and systems.
a. ‘Identify’ critical IT assets and risks associated with such assets,
b. ‘Protect’ assets by deploying suitable controls, tools and measures,
c. ‘Detect’ incidents, anomalies and attacks through appropriate monitoring tools /
processes,
d. ‘Respond’ by taking immediate steps after identification of the incident, anomaly or
attack,
e. ‘Recover’ from incident through incident management, disaster recovery and
business continuity framework.

4. The Cyber security policy should encompass the principles prescribed by National

143Confidentialityrefers to limiting access of systems and information to authorized users, Integrity is the
assurance that the information is reliable and accurate, and Availability refers to guarantee of reliable access to
the systems and information by authorized users
252
Critical Information Infrastructure Protection Centre (NCIIPC) of National Technical Research
Organisation (NTRO), Government of India in the report titled ‘Guidelines for Protection of
National Critical Information Infrastructure’ and subsequent revisions, if any, from time to
time.

5. MII should also incorporate best practices from standards such as ISO 27001, ISO 27002,
COBIT 5, etc., or their subsequent revisions, if any, from time to time.

6. MII should designate a senior official as Chief Information Security Officer (CISO)
whose function would be to assess, identify and reduce cyber security risks, respond to
incidents, establish appropriate standards and controls, and direct the establishment and
implementation of processes and procedures as per the cyber security and resilience policy
approved by the Board of the MII.

7. The Standing Committee on Technology144 of the stock exchanges, clearing

corporations and the depositories should on a quarterly basis review the implementation of
the cyber security and resilience policy approved by their Boards, and such review should
include review of their current IT and cyber security and resilience capabilities, set goals for a
target level of cyber resilience, and establish a plan to improve and strengthen cyber security
and cyber resilience.

8. MII should establish a reporting procedure to facilitate communication of unusual

activities and events to CISO or to the senior management in a timely manner.

9. The aforementioned committee and the senior management of the MII, including the
CISO, should periodically review instances of cyber attacks, if any, domestically and globally,
and take steps to strengthen cyber security and cyber resilience framework.

10. MII should define responsibilities of its employees, outsourced staff, and employees of
vendors, members or participants and other entities, who may have access or use systems /
networks of MII, towards ensuring the goal of cyber security.

Identify

11. MII should identify critical assets based on their sensitivity and criticality for business

144Refer SEBI Circulars SMD/POLICY/Cir-2/98 dated January 14, 1998

SEBI/HO/MRD/DOP2DSA2/CIR/P/2019/13 dated January 10, 2019
253
operations, services and data management. To this end, MII should maintain up-to-date
inventory of its hardware and systems, software and information assets (internal and
external), details of its network resources, connections to its network and data flows.

12. MII should accordingly identify cyber risks (threats and vulnerabilities) that it may face,
along-with the likelihood of such threats and impact on the business and thereby, deploy
controls commensurate to the criticality.

13. MII should also encourage its third-party providers, such as service providers, stock
brokers, depository participants, etc. to have similar standards of Information Security.

Protection

Access Controls

14. No person by virtue of rank or position should have any intrinsic right to access
confidential data, applications, system resources or facilities.

15. Any access to MII’s systems, applications, networks, databases, etc., should be for a
defined purpose and for a defined period. MII should grant access to IT systems, applications,
databases and networks on a need-to-use basis and based on the principle of least privilege. Such
access should be for the period when the access is required and should be authorized using
strong authentication mechanisms.

16. MII should implement strong password controls for users’ access to systems,
applications, networks and databases. Password controls should include a change of password
upon first log-on, minimum password length and history, password complexity as well as
maximum validity period. The user credential data should be stored using strong and latest
hashing algorithms.

17. MII should ensure that records of user access are uniquely identified and logged for
audit and review purposes. Such logs should be maintained and stored in encrypted form for a
time period not less than two (2) years.

18. MII should deploy additional controls and security measures to supervise staff with
elevated system access entitlements (such as admin or privileged users). Such controls and
measures should inter-alia include restricting the number of privileged users, periodic review
of privileged users’ activities, disallow privileged users from accessing systems logs in which

254
their activities are being captured, strong controls over remote access by privileged users, etc.

19. Account access lock policies after failure attempts should be implemented for all
accounts.

20. Employees and outsourced staff such as employees of vendors or service providers,
who may be given authorised access to the MII’s critical systems, networks and other
computer resources, should be subject to stringent supervision, monitoring and access
restrictions.

21. Two-factor authentication at log-in should be implemented for all users that connect
using online / internet facility.

22. MII should formulate an Internet access policy to monitor and regulate the use of
internet and internet based services such as social media sites, cloud-based internet storage
sites, etc.

23. Proper ‘end of life’ mechanism should be adopted to deactivate access privileges of
users who are leaving the organization or who access privileges have been withdrawn.

Physical security

24. Physical access to the critical systems should be restricted to minimum. Physical access
of outsourced staff / visitors should be properly supervised by ensuring at the minimum that
outsourced staff / visitors are accompanied at all times by authorised employees.

25. Physical access to the critical systems should be revoked immediately if the same is no
longer required.

26. MII should ensure that the perimeter of the critical equipments room are physically
secured and monitored by employing physical, human and procedural controls such as the
use of security guards, CCTVs, card access systems, mantraps, bollards, etc. where
appropriate.

Network Security Management

27. MII should establish baseline standards to facilitate consistent application of security
configurations to operating systems, databases, network devices and enterprise mobile devices
within the IT environment. The MII should conduct regular enforcement checks to ensure that
255
the baseline standards are applied uniformly.

28. MII should install network security devices, such as firewalls as well as intrusion
detection and prevention systems, to protect its IT infrastructure from security exposures
originating from internal and external sources.

29. Anti-virus software should be installed on servers and other computer systems.
Updation of Anti-virus definition files and automatic anti-virus scanning should be done on a
regular basis.

Security of Data

30. Data-in motion and Data-at-rest should be in encrypted form by using strong
encryption methods such as Advanced Encryption Standard (AES), RSA, SHA-2, etc.

31. MII should implement measures to prevent unauthorised access or copying or

transmission of data / information held in contractual or fiduciary capacity. It should be
ensured that confidentiality of information is not compromised during the process of
exchanging and transferring information with external parties.

32. The information security policy should also cover use of devices such as mobile phone,
faxes, photocopiers, scanners, etc. that can be used for capturing and transmission of data.

33. MII should allow only authorized data storage devices through appropriate validation
processes.

Hardening of Hardware and Software

34. Only a hardened and vetted hardware / software should be deployed by the MII.
During the hardening process, MII should inter-alia ensure that default passwords are
replaced with strong passwords and all unnecessary services are removed or disabled in
equipments / software.

35. All open ports which are not in use or can potentially be used for exploitation of data
should be blocked. Other open ports should be monitored and appropriate measures should
be taken to secure the ports.

Application Security and Testing

256
36. MII should ensure that regression testing is undertaken before new or modified system
is implemented. The scope of tests should cover business logic, security controls and system
performance under various stress-load scenarios and recovery conditions.

Patch Management

37. MII should establish and ensure that the patch management procedures include the
identification, categorization and prioritisation of security patches. An implementation
timeframe for each category of security patches should be established to implement security
patches in a timely manner.

38. MII should perform rigorous testing of security patches before deployment into the
production environment so as to ensure that the application of patches do not impact other
systems.

Disposal of systems and storage devices

39. MII should frame suitable policy for disposals of the storage media and systems. The
data / information on such devices and systems should be removed by using methods viz.
wiping / cleaning / overwrite, degauss and physical destruction, as applicable.

Vulnerability Assessment and Penetration Testing (VAPT)

40. MII should regularly conduct vulnerability assessment to detect security vulnerabilities
in the IT environment. MII should also carry out periodic penetration tests, atleast once in a
year, in order to conduct an in-depth evaluation of the security posture of the system through
simulations of actual attacks on its systems and networks.

41. Remedial actions should be immediately taken to address gaps that are identified
during vulnerability assessment and penetration testing.

42. In addition, MII should perform vulnerability scanning and conduct penetration
testing prior to the commissioning of a new system which offers internet accessibility and open
network interfaces.

Monitoring and Detection

43. MII should establish appropriate security monitoring systems and processes to facilitate
257
continuous monitoring of security events and timely detection of unauthorised or malicious
activities, unauthorised changes, unauthorised access and unauthorised copying or
transmission of data / information held in contractual or fiduciary capacity, by internal and
external parties. The security logs of systems, applications and network devices should also be
monitored for anomalies.

44. Further, to ensure high resilience, high availability and timely detection of attacks on
systems and networks, MII should implement suitable mechanism to monitor capacity
utilization of its critical systems and networks.

45. Suitable alerts should be generated in the event of detection of unauthorized or

abnormal system activities, transmission errors or unusual online transactions.

Response and Recovery

46. Alerts generated from monitoring and detection systems should be suitably
investigated, including impact and forensic analysis of such alerts, in order to determine
activities that are to be performed to prevent expansion of such incident of cyber attack or
breach, mitigate its effect and eradicate the incident.

47. The response and recovery plan of the MII should aim at timely restoration of systems
affected by incidents of cyber attacks or breaches. The recovery plan should be in line with the
Recovery Time Objective (RTO) and Recovery Point Objective (RPO) specified by SEBI.

48. The response plan should define responsibilities and actions to be performed by its
employees and support / outsourced staff in the event of cyber attacks or breach of cyber
security mechanism.

49. Any incident of loss or destruction of data or systems should be thoroughly analyzed
and lessons learned from such incidents should be incorporated to strengthen the security
mechanism and improve recovery planning and processes.

50. MII should also conduct suitable periodic drills to test the adequacy and effectiveness of
response and recovery plan.

Sharing of information

51. Quarterly reports containing information on cyber attacks and threats experienced by

258
MII and measures taken to mitigate vulnerabilities, threats and attacks including information
on bugs / vulnerabilities / threats that may be useful for other MIIs, should be submitted to
SEBI.

52. Such details as are felt useful for sharing with other MIIs in masked and anonymous
manner shall be shared using mechanism to be specified by SEBI from time to time.

Training

53. MII should conduct periodic training programs to enhance awareness level among the
employees and outsourced staff, vendors, etc. on IT / Cyber security policy and standards.
Special focus should be given to build awareness levels and skills of staff from non-technical
disciplines.

54. The training program should be reviewed and updated to ensure that the contents of
the program remain current and relevant.

Periodic Audit

55. The Terms of Reference for the System Audit of MII specified vide circular
CIR/MRD/DMS/13/2011 dated November 29, 2011 shall be accordingly modified to include
audit of implementation of the aforementioned areas.

Cyber Security Operation Center (C-SOC)145

1. Recognizing the need for a robust Cyber Security and Cyber Resilience framework at
Market Infrastructure Institutions (MIIs), i.e., Stock Exchanges, Clearing Corporations and
Depositories, vide SEBI Circular CIR/MRD/DP/13/2015 dated July 06, 2015, a detailed
regulatory framework on cyber security and cyber resilience was prescribed.
2. With the view to further strengthening the aforesaid framework, particularly in respect of
monitoring of cyber threats and cyber resiliency, the matter was discussed with SEBI’s
Technical Advisory Committee (TAC), SEBI’s High Powered Committee on Cyber Security
(HPSC-CS) and the MIIs.

145
Reference circular CIR/MRD/CSC/148/2018 dated December 07, 2018
259
3. Accordingly, it has been decided that MIIs shall have a Cyber Security Operation Center
(C-SOC) that would be a 24x7x365 set-up manned by dedicated security analysts to
identify, respond, recover and protect from cyber security incidents.
4. The C-SOC shall function in accordance with the framework specified in SEBI Circular
CIR/MRD/DP/13/2015 dated July 06, 2015. Illustrative list of broad functions and
objectives to be carried out by a C-SOC are mentioned hereunder:
4.1. Prevention of cyber security incidents through proactive actions:
a) Continuous threat analysis,
b) Network and host scanning for vulnerabilities and breaches,
c) Countermeasure deployment coordination,
d) Deploy adequate and appropriate technology at the perimeter to prevent attacks
originating from external environment and internal controls to manage insider
threats. MIIs may implement necessary controls to achieve zero trust security
model.
4.2. Monitoring, detection, and analysis of potential intrusions / security incidents in real
time and through historical trending on security-relevant data sources.
4.3. Response to confirmed incidents, by coordinating resources and directing use of timely
and appropriate countermeasures.
4.4. Analysis of the intrusions / security incidents (including Forensic Analysis and Root
Cause Analysis) and preservation of evidence.
4.5. Providing situational awareness and reporting on cyber security status, incidents, and
trends in adversary behavior to appropriate organizations including to CERT- In and
NCIIPC.
4.6. Engineer and operate network defense technologies such as Intrusion Detection
Systems (IDSes) and data collection / analysis systems.
4.7. MIIs to adopt security automation and orchestration technologies in C-SOC to
automate the incident identification, analysis and response as per the defined
procedures.
5. Further to the above, the C-SOC of MII shall, at the minimum, undertake the following
activities:
5.1. In order to detect intrusions / security incidents in real time, the C-SOC should
monitor and analyze on a 24x7x365 basis relevant logs of MII’s network devices, logs of
MII’s systems, data traffic, suitable cyber intelligence (intel) feeds sourced from reliable
vendors, inputs received from other MIIs, inputs received from external agencies such

260
 as CERT-In, etc. The cyber intelligence (intel) feeds may include cyber news feeds,
signature updates, incident reports, threat briefs, and vulnerability alerts.
5.2. To this end, appropriate alert mechanisms should be implemented including a
comprehensive dashboard, tracking of key security metrics and provide for cyber
threat scorecards.
5.3. The C-SOC should conduct continuous assessment of the threat landscape faced by the
MII including undertaking periodic VAPT (Vulnerability Assessment and Penetration
Testing).
5.4. The C-SOC should have the ability to perform Root Cause Analysis, Incident
Investigation, Forensic Analysis, Malware Reverse Engineering, etc. to determine the
nature of the attack and corrective and/or preventive actions to be taken thereof.
5.5. The C-SOC should conduct periodic (at the minimum quarterly) cyber attack
simulation to aid in developing cyber resiliency measures. The C-SOC should develop
and document mechanisms and standard operating procedures to recover from the
cyber-attacks within the stipulated RTO of the MII. The C-SOC should also document
various scenarios and standard operating procedures for resuming operations from
Disaster Recovery (DR) site of MII.
5.6. The C-SOC should conduct periodic awareness and training programs at the MII and
for its members / participants / intermediaries with regard to cyber security,
situational awareness and social engineering.
5.7. The C-SOC should be capable to prevent attacks similar to those already faced. The C-
SOC should also deploy multiple honey pot services which are dynamic in
characteristics to avoid being detected as honey pot by attackers.
6. As building an effective C-SOC requires appropriate mix of right people, suitable security
products (Technology), and well-defined processes and procedures (Processes), an
indicative list of areas that MIIs should consider while designing and implementing a C-
SOC are as follows:
6.1. The MII shall ensure that the governance and reporting structure of the C-SOC is
commensurate with the risk and threat landscape of the MII. The C-SOC shall be
headed by the Chief Information Security Officer (CISO) of the MII. The CISO shall be
designated as a Key Managerial Personnel (KMP) and relevant provisions relating to
KMPs in the SEBI Securities Contracts (Regulation) (Stock Exchanges and Clearing
Corporations) Regulations, 2012 and the subsequent circulars issued by SEBI relating to
KMPs, shall apply to the CISO.

261
 6.2. While the CISO is expected to work closely with various departments of MIIs,
including MII’s Network team, Cyber Security team and Information Technology (IT)
team, etc., the reporting of CISO shall be directly to the MD & CEO of the MII.
6.3. The roles and responsibilities of CISO may be drawn from Ministry of Electronics and
IT notification No. 6(12)/2017-PDP-CERT-In dated March 14, 2017.
6.4. The C-SOC should deploy appropriate technology tools of adequate capacity to cater to
its requirements. Such tools shall, at the minimum, include SecurityAnalytics Engine,
Malware detection tools, Network and User Traffic Monitoring and Behavior Analysis
systems, Predictive Threat Modelling tools, Tools for monitoring of System parameters
for critical systems / servers, Deep Packet Inspection tools, Forensic Analysis tools, etc.
6.5. Each MII is advised to formulate a Cyber Crisis Management Plan (CCMP) based on its
architecture deployed, threats faced and nature of operations. The CCMP should
define the various cyber events, incidents and crisis faced by the MII, the extant cyber
threat landscape, the cyber resilience envisaged, incident prevention, cyber crisis
recognition, mitigation and management plan. The CCMP should be approved by the
respective Standing Committee on Technology / IT- Strategy Committee of the MIIs
and the governing board of the MII. The CCMP should also be reviewed and updated
annually.
6.6. The C-SOC should have well-defined and documented processes for monitoring of its
systems and networks, analysis of cyber security threats and potential intrusions /
security incidents, usage of appropriate technology tools deployed by C-SOC,
classification of threats and attacks, escalation hierarchy of incidents, response to
threats and breaches, and reporting (internal and external) of the incidents.
6.7. The C-SOC should employ domain experts in the field of cyber security and resilience,
network security, data security, end-point security, etc.
6.8. The MIIs are also advised to build a contingent C-SOC at their respective DR sites with
identical capabilities w.r.t. the primary C-SOC in line with the SEBI Circular
CIR/MRD/DMS/12/2012 dated April 13, 2012 read with SEBI Circular
CIR/MRD/DMS/17/2012 dated June 22, 2012. Additionally, the MIIs should perform
monthly live-operations from their DR-C-SOC.
6.9. The C-SOC should document the cases and escalation matrices for declaring a disaster.
7. In view of the feedback received from MIIs, it has been decided that MIIs may choose any
of the following models to set-up their C-SOC:
i. MII’s own C-SOC manned primarily by its internal staff,

262
 ii. MII’s own C-SOC, staffed by a service provider, but supervised by a full time staff of
the MII. (Refer to 7.3)
iii. C-SOC that may be shared by the MII with its group entities (that are also SEBI
recognized MIls),
iv. C-SOC that may be shared by the MII with other SEBI recognized MII(s).

7.1. The responsibility of cyber security of an MII, adherence to business continuity and
recovery objectives, etc. should lie with the respective MII, irrespective of the model
adopted for C-SOC.
7.2. The respective risk committee(s) of the MII should evaluate the risks of outsourcing the
respective activity.
7.3. The MII may outsource C-SOC activities in line with the guidelines as given in
Annexure-A.
8. A report on the functioning of the C-SOC, including details of cyber-attacks faced by the
MII, major cyber events warded off by the MII, cyber security breaches, data breaches
should be placed on a quarterly basis before the board of the MII.
9. The system auditor of the MII shall audit the implementation of the aforesaid guidance in
the annual system audit of the MII. The Scope and/or Terms of Reference (ToR) of the
annual system would accordingly be modified to include audit of the implementation of
the aforementioned areas.
10. Further, in continuation to the requirement specified at para 52 of the Annexure A to the
aforementioned SEBI Circular dated July 06, 2015, the C-SOC shall share relevant alerts and
attack information with members / participants / intermediaries of the MII, other MIIs,
external cyber response agencies such as CERT-In, and SEBI.
11. MIIs are directed to take necessary steps to put in place appropriate systems and processes
for implementation of the circular, including necessary amendments to the relevant bye-
laws, rules and regulations, if any, within six months from the date of the circular. In case
wherein a MII currently has a C-SOC set-up that is different from that mentioned at para
7(i) - 7(iv), such MIIs are directed to adopt and transit to one of the models mentioned at
para 7(i) - 7(iv) within a period of one year from the date of issuance of this circular.

Annexure A

1. Level of support definitions for outsourcing/in-house are as follows:

263
1.1. Security Analyst Level 1 (L1): This function may be mostly outsourced
a) Monitoring SIEM Solution console for identifying the security events generated by
the log sources integrated with SIEM tools.
b) Identification of security events that are false +ve before qualifying event as an
incident.
c) Identify the exceptions which are identified as an event (e.g. VA scanning performed
by SEBI appointed 3rd party which may be identified as port scanning attack).
d) Perform first level event analysis before qualifying the incidents.
e) Qualifying the event as an incident using Knowledgebase.
f) Escalating exceptions & Events to L2 level.
g) Log Incident tickets in service management tool and assign it to the respective team.
h) Follow-up for the closure of the incident tickets generated.

1.2. Security Analyst Level 2 (L2): Combination of Outsource / In-House

(a) Exception Analysis.
(b) Analysis of extended events.
(c) Confirmation of False +ve & update Knowledge Base.
(d) Qualify Incident & provide mitigation suggestions.
(e) Escalate incident to next level.
(f) Update /configuration correlation rules after approval.

1.3. Security Analyst Level 3 (L3): Combination of Outsource / In-House

(a) Analysis of escalated Incidents.
(b) Define correlation rules.
(c) Analysis of impact on SIEM over all correlation rules and operations for the
correlation rules suggested by Level 2 Analyst.
(d) Approve correlation rules after the impact analysis.
(e) Perform impact analysis before deployment of correlation rules.
(f) Perform impact analysis for update and upgrade of SIEM & Advance security
solutions components.
(g) Define Mitigation suggestions for newly identified incidents.
(h) Approve the reports before sharing with others.

1.4. SOC Manager (L4): In-house

264
 (a) Lead and manage Security Operations Centre.
(b) Provide strategic directions to SOC team and organization for security posture
improvements.
(c) To identify key contacts for incident escalation and change management activities.
(d) Ensure compliance to SLA.
(e) Ensure process adherence and process improvisation to achieve operational
objectives.
(f) Revise and develop processes to strengthen the current Security Operations.
(g) Responsible for team and vendor management.
(h) Responsible for overall use of resources and initiation of corrective action where
required for Security Operations Center.
(i) Escalate to the other IT Infra. Management teams or application maintenance teams,
as necessary.
(j) Overall responsibility for delivery of in scope activities as a part of this engagement.
(k) Point of contact for problem escalation and reporting.

1.5. Security Subject Matter Expert for Security technologies: In-house with reliance on
external expertise
(a) Subject Matter Expert (SME) for SIEM and Advance security solutions.
(b) Assist you with troubleshooting steps to be performed by you in order to re-establish
connectivity between the SIEM System and SEBI’s locations.
(c) Provide software-level management for the SIEM System components;
(d) Verify data collection and log continuity;
(e) Manage user access including user and group permissions updates;
(f) Review application performance, capacity, and availability make recommendations
as appropriate;
(g) Review SIEM System disk space usage;
(h) Verify time synchronization among SIEM System components;
(i) Perform archival management and retrieval per change management process;
(j) Provide problem determination / problem source identification for the SIEM System,
consisting of creating tickets & tracking progress of Open tickets
(k) Managing tickets to resolution / closure, in accordance with the processes as defined
in the Integrated and Transition vendor announcements & manage SIEM System
update alerts;

265
 (l) Install application patches and software updates in order to improve performance, or
enable additional functionality

Illustrative Training Requirements Security Analyst Level 1 (L1):

1) SEC401: Security Essentials Bootcamp Style https://www.sans.org/event/cyber-

defence-canberra-2018/course/security-essentials-bootcamp-style
2) SEC301: Introduction to Cyber Security https://www.sans.org/course/introduction-
cyber-security

Security Analyst Level 2 (L2):

1) SEC542: Web App Penetration Testing and Ethical Hacking

https://www.sans.org/event/cyber-defence-canberra-2018/course/web-app-
penetration-testing-ethical-hacking
2) SEC566: Implementing and Auditing the Critical Security Controls -In-Depth
https://www.sans.org/private-training/course/implementing-auditing-critical-
security-controls
3) SEC575: Mobile Device Security and Ethical Hacking https://www.sans.org/private-
training/course/mobile-device-security-ethical-hacking

Security Analyst Level 3 (L3):

1) SEC504: Hacker Tools, Techniques,Exploits, and Incident Handling

https://www.sans.org/event/cyber-defence-canberra-2018/course/hacker-techniques-
exploits-incident-handling
2) FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting
https://www.sans.org/event/digital-forensics-summit-2018/course/advanced-
incident-response-threat-hunting-training
3) SEC501: Advanced Security Essentials -Enterprise Defender
https://www.sans.org/private-training/course/advanced-security-essentials-
enterprise-defender
4) MGT414: SANS Training Program for CISSP® Certification
https://www.sans.org/course/sans-plus-s-training-program-cissp-certification-exam

SOC Manager (L4):

1) Cyber Security Specialist

266
 http://www.leaderquestonline.com/it-career-training/cybersecurity-specialist/
2) Managing Security Operations: Detection, Response, and Intelligence
https://www.sans.org/event/rocky-mountain-2018/course/managing-security-
operations-detection-response-and-intelligence
3) SIEM with Tactical Analytics
https://www.sans.org/private-training/course/siem-with-tactical-analytics
4) SEC511: Continuous Monitoring and Security
Operationshttps://www.sans.org/course/continuous-monitoring-security-operations
5) SEC599: Defeating Advanced Adversaries -Implementing Kill ChainDefenses
https://www.sans.org/course/defeating-advanced-adversaries-kill-chain-defenses

4.32 Recommendations of high powered steering Committee146:

4.32.1 High Powered Steering Committee: Cyber Security (Committee) in its meeting dated
February 21, 2019 has recommended the following actions to be undertaken by all MIIs
in the context of their information technology infrastructure:
i) No applications should be introduced in the production environment without
adequate testing. Certificates on testing of software should be mandatorily
provided.
ii) MIIs formulate its own system specific SOPs to implement SEBI guidelines.
Further, MIIs should prepare and maintain a control document elaborating the
implementation and methodology of the SOPs.
With regards to comprehensive review of cyber security at MIIs, the committee
recommended that:
iii) The review should have same time frame across all MIIs. The time frame of the
review should be from April to September and October to March of the specific
financial year. Organizations with review time frame not in sync with the
prescribed time frame should make necessary changes.
iv) The audit report to include time required for implementation of observation and
business impact of the observations.
v) The audit report should mention all the control areas prescribed in the scope of
audit
vi) The audit process and submission of report should strictly follow the time lines
provided in the SEBI letter dated February 21, 2018.
4.32.2 MIIs are advised to implement the same.

146
SEBI Letter number SEBI/HO/MRD/CSC/OW/P/2019/10055 dated April 22, 2019
267
4.33 Database for Distinctive Number (DN) of Shares147

1. Share capital reconciliation of the entire issued capital of the company by the issuer or
its agent is a mandatory requirement under Regulation 75 of the SEBI (Depositories &
Participants) Regulations, 2018.

2. In order to ensure centralised record of all securities, including both physical and
dematerialised shares, issued by the company and its reconciliation thereof, the
Depositories are advised to create and maintain a database of distinctive numbers (DN)
of equity shares of listed companies with details of DN in respect of all physical shares
and overall DN range for dematerialised shares.

3. The DN database shall make available, information in respect of issued capital, such as
DN Range, number of equity shares issued, name of stock exchange where the shares
are listed, date of in-principle listing / final trading approval / dealing permission,
shares held in physical or demat form, date of allotment, shares dematerialized under
temporary (frozen) ISIN (International Securities Identification Number) or Permanent
(active) ISIN etc., at one place.

4. Based on consultations with the Depositories and Stock Exchanges, the following
guidelines are given for the operationalisation of the DN database -

4.1. Instructions to the Depositories

4.1.1. The depositories shall create and maintain a database to capture DN in

respect of all physical equity shares and overall DN range for dematerialised
equity shares issued by listed companies.

4.1.2. The depositories shall provide an interface to the Stock Exchange,

Issuers/RTAs for online updation and to the DPs for online enquiry. The same
shall be released for live updates latest by September 30, 2015.

4.1.3. The database shall include the following information -

147 Reference: Circular CIR/MRD/DP/10/2015 dated June 05, 2015

268
 i. Distinctive Numbers (From) vii. Trading start date

ii. Distinctive Numbers (To) viii. Physical/demat

iii. Number of Equity shares ix. Date of allotment and date of

issue (date of credit to BO
account)

iv. Name of stock exchange x. ISIN along with name of

company

v. Date of in-principle listing xi. Nature of ISIN [Temporary

approval (Frozen) or Permanent (Active)]

vi. Date of final trading approval /

dealing permission

4.1.4. The depositories shall ensure that the database maintained by them is
continuously updated and synchronised. The initial synchronisation may be in
batch mode and shall thereafter shift to online mode.

4.1.5. The Depositories, in co-ordination with the Stock Exchanges, having

nationwide trading terminals and the Issuers/RTAs, shall facilitate the process
of populating the database with details of equity share capital and the
corresponding DN information as on September 30, 2015.

4.2. Instructions to the Stock Exchanges

4.2.1. The Stock Exchanges shall provide the following information of all
companies listed on the concerned Stock Exchange as on September 30, 2015 -

i. Total number of equity shares (A) for which final trading approval / dealing
permission has been granted.

ii. Total number of equity shares (B) for which in-principle listing approval has
been granted but final trading approval / dealing permission is pending.

iii. Total number of equity shares comprising the paid-up capital i.e. (A+B).

269
 4.2.2. The Stock Exchanges shall use the interface provided by the Depositories
for the following -

i. In respect of companies where the final trading approval / dealing

permission was awaited as on September 30, 2015, consequent to update of
DN information by Issuers/RTAs, the stock exchange shall validate the DN
information updated by the Issuer/RTA and update the date of ‘in-principle’
listing approval, date of final trading approval / dealing permission and
trading start date [as per point nos. (v), (vi) and (vii) of 4.1.3], immediately
upon granting of such permissions.

ii. In respect of further issue of shares by listed companies, consequent to

update of DN information by Issuers/RTAs, the stock exchange shall validate
the DN information updated by the Issuer/RTA and update the date of ‘in-
principle’ listing approval, date of final trading approval / dealing
permission and trading start date [as per point nos. (v), (vi) and (vii) of 4.1.3],
immediately upon granting of such permissions.

iii. In respect of companies coming out with initial public offer or new listings on
stock exchanges, the stock exchange shall update the DN database with the
total number of equity shares for which final trading approval / dealing
permission has been granted.

iv. In respect of companies whose capital is changed/altered for any reason

other than further issuance of shares such as buy-back of shares, forfeiture of
shares, capital reduction, etc., the stock exchange shall confirm such
change/alteration in the capital as updated by the Issuer/RTA in the DN
database.

4.2.3. In case the DN data on listed shares as per the records of Issuers/RTAs
does not match with records of the Stock Exchanges, the Stock Exchanges shall
coordinate with the Issuer/RTA to reconcile such differences.

4.3. Instructions to the Issuers/RTAs

4.3.1. Issuers/RTAs shall use the interface provided by the Depositories for the
following -

270
 i. To update DN information in respect of all physical share capital and overall
DN range for dematerialised share capital for all listed companies.

ii. Updating the fields (i)-(iv), (viii) and (ix) given in para 4.1.3, on a continuous
basis for subsequent changes including changes in case of further issue, fresh
issuance / new listing and other change / alteration in capital (such as buy-
back of shares, forfeiture of shares, capital reduction, etc.).

iii. Capturing / updating the DN information on a continuous basis while

processing, dematerialisation / rematerialisation requests confirmation,
executing corporate action, etc.

4.3.2. Issuers/RTAs shall take all necessary steps to update the DN database. If
there is mismatch in the DN information with the data provided / updated by
the Stock Exchanges in the DN database, the Issuer/RTA shall take steps to
match the records and update the same latest by December 31, 2015.

4.3.3. Failure by the Issuers/RTAs to ensure reconciliation of the records as

required in terms of para above shall attract appropriate actions under the
extant laws.

4.4. Instructions to the DPs

4.4.1. The DPs shall use the interface provided by the Depositories to check the
DNs of certificates of equity shares submitted for dematerialisation and ensure
that appropriate ISIN is filled in Dematerialisation Request Form, as applicable,
while processing request for dematerialisation.
5. Despite follow-ups by Depositories, certain companies were yet to comply with the
above provisions. Hence, in order to protect the interest of investors the following is
directed148:-

5.1 Action against non-compliant companies

5.1.1 With effect from August 01, 2019:-
i. The depositories shall freeze all the securities held by the promoters and
directors of the listed companies that are not in compliance with the above
provisions of SEBI circular no. CIR/MRD/DP/10/2015 dated June 05, 2015
[i.e. Beneficiary Owner a/c level freezing].

148
Reference: SEBI/HO/MRD/DOP2DSA2/CIR/P/2019/87 dated August 01, 2019
271
 ii. The depositories shall not effect any transfer, by way of sale, pledge, etc., of
any of the securities, held by the promoters and directors of such non-
compliant companies.
iii. The depositories shall freeze all related corporate benefits on the Beneficiary
Owner a/c frozen as above.
iv. The depositories shall retain the freeze on the securities held by promoters
and directors of non-compliant companies till such time the company
complies with the directions provided in SEBI circular dated June 05, 2015.

Depositories are advised to keep in abeyance the action mentioned above in

specific cases where moratorium on enforcement proceedings has been provided
for under any Act, Court/ Tribunal Orders, etc.
5.1.2 The names of companies that are not in compliance with aforementioned
circular shall be prominently disseminated on the website of the
exchanges / depositories, indicating that the concerned companies have
not complied with SEBI circular no. CIR/MRD/DP/10/2015 dated June
05, 2015.
5.1.3 Prior to revocation of suspension of trading of shares of any company,
exchanges shall ensure compliance by the company with SEBI circular
no. CIR/MRD/DP/10/2015 dated June 05, 2015 and ensure availability
of updated details of company’s promoters (especially their PAN) and
directors (especially their PAN and DIN), apart from ensuring
compliance with other applicable regulatory norms.

5.2 The concerned Stock Exchanges and Depositories shall coordinate with each
other and take necessary steps to implement these provisions.

5.3 SEBI may also take any other appropriate action(s) against the concerned listed
companies and its promoters/directors for non-compliance with SEBI circular no.
CIR/MRD/DP/10/2015dated June 05, 2015.

4.34 Ticker on Website - For Investor awareness149

In order to create wider awareness about the same, Depositories and Depository
Participants are advised to run the following ticker on their websites:

149 Reference: Email on “Ticker on Website - For Investor awareness” dated November 05, 2015
272
 "No need to issue cheques by investors while subscribing to IPO. Just write the
bank account number and sign in the application form to authorise your bank to
make payment in case of allotment. No worries for refund as the money remains in
investor's account."

Depositories are advised to communicate the above to their depository participants and
ensure its implementation.
4.35 Separate mobile number/ email id for the clients of Depository Participants (DPs)150
i. It has been observed that DPs do not have the procedure to check that separate
mobile number/ email id is uploaded for each client.
ii. In view of the same Depositories are advised to instruct their participants to ensure
that separate mobile number/E-mail address is uploaded for each client. However,
under exceptional circumstances, the participants may, at the specific written
request of a client, upload the same mobile number/E-mail address for more than
one client provided such clients belong to one family. ‘Family’ for this purpose
would mean self, spouse, dependent children and dependent parents.

4.36 Investor Protection Fund (IPF) of Depositories151

1. The Depository System Review Committee (DSRC) had examined various aspects of
the depository IPF including utilization and investment policy of IPF and quantum
of funds to be transferred to IPF. The Expert Committee on Clearing Corporations
also deliberated the issue with regard to quantum of funds to be transferred by the
Depositories to their IPF.
2. SEBI (Depositories and Participants) (Amendment) Regulations, 2012 require every
depository to establish and maintain an Investor Protection Fund (IPF). Pursuant to
the aforesaid committee recommendations, the SEBI (Depositories and Participants)
Regulations were amended mandating the depositories to credit five per cent or
such percentage as may be specified by the Board, of its profits from depository
operations every year to the IPF.

150Email on Separate mobile number/ email id for the clients of Depository Participants (DPs) dated January 16,
2015.
151Reference: Circular SEBI/HO/MRD/DP/CIR/P/2016/58 dated June 07, 2016

273
3. Based on recommendations of DSRC and Expert Committee on Clearing
Corporations, the following guidelines are being issued with regard to IPF of the
Depositories.

Utilization of the IPF

4. The IPF may be utilized for the following purposes with a focus on depository
related services:
i. Promotion of investor education and investor awareness programmes through
seminars, lectures, workshops, publications (print and electronic media),
training programmes etc. aimed at enhancing securities market literacy and
promoting retail participation in securities market.
ii. To aid, assist, subsidise, support, promote and foster research activities for
promotion/ development of the securities market.
iii. To utilize the fund for supporting initiatives of Depository Participants for
promotion of investor education and investor awareness programmes.
iv. To utilize the fund in any other manner as may be prescribed/ permitted by
SEBI in the interest of investors.
5. Depositories shall frame their internal guidelines on utilisation of the funds in
accordance with the aforementioned objectives and post approval of their board,
submit the same to SEBI within 30 days from the date of this circular. Depositories
shall also keep SEBI informed of any subsequent changes in internal guidelines with
regard to utilization of IPF.
Constitution and Management of the IPF
6. The IPF shall be administered by way of a Trust created for the purpose.
i. The IPF Trust shall consist of atleast one Public Interest Director (PID) of the
depository, one person of eminence from an academic institution from the field
of finance / an expert in the field of investor education / a representative from
the registered investor associations recognized by SEBI and Managing Director
of the Depository.
ii. The Depository shall provide the secretariat for the IPF Trust.
iii. The Depository shall ensure that the funds in the IPF are kept in a separate
account designated for this purpose and that the IPF is immune from any
liabilities of the Depository.
Contribution to the IPF
274
 7. The following contributions shall be made by the Depository to the IPF.
i. 5% of their profits from Depository operations every year. The depositories
shall transfer the amount with effect from the Financial Year 2012-13 as
specified in the SEBI (Depositories and Participants) (Amendment)
Regulations, 2016.
ii. All fines and penalties recovered from Depository Participants and other users
including Clearing Member pool account penalty as specified in SEBI circular
no. SMDRP/Policy/Cir-05/2001 dated February 01, 2001.
iii. Interest or Income received out of any investments made from the IPF.
iv. Funds lying to the credit of IPR (Investor Protection Reserve) / BOPF
(Beneficial Owners Protection Fund) of the Depository or any other such fund
/ reserve of the Depository shall be transferred to IPF.
v. Any other sums as may be prescribed by SEBI from time to time
Investments of Fund
8. Funds of the Trust shall be invested in instruments such as Central Government
securities, fixed deposits of scheduled banks and any such instruments which are
allowed as per the investment policy approved by the Board of the Depository. The
investment policy shall be devised with an objective of capital protection along with
highest degree of safety and least market risk.
9. The balance available in the IPF as at the end of the month and the amount utilised
during the month including the manner of utilization shall be reported in the
Monthly Development Report of the Depository.

4.37 Enhanced Supervision of Depository Participant152

1. Uniform nomenclature to be followed by stock brokers for Naming/Tagging of Bank
and Demat Accounts and the reporting of such accounts to the Depositories.
1.1. Bank accounts and Demat accounts maintained by all stock brokers shall have
appropriate nomenclature to reflect the purposefor which those bank/demat accounts
are being maintained.
1.2. The nomenclature for bank accounts and demat accounts to be followed is given as
under:

152
Reference: Circular SEBI/HO/MIRSD/MIRSD2/CIR/P/2016/95 dated September 26, 2016.
275
 1.2.1. Bank account(s) which hold clients’ funds shall be named as "Name of Stock Broker
- Client Account".
1.2.2. Deleted153
1.2.3. Demat account(s) which hold clients' securities shall be named as "Name of Stock
Broker- Client Account".
1.2.4. Deleted154
1.2.5. Demat account(s), maintained by the stock broker for depositing securities collateral
with the clearing corporation, shall be named as "Name of Stock Broker-Collateral
Account".
1.2.6. Demat account(s) held for the purpose of settlement would be named as “Name of
Stock Broker - Pool account".
1.2.7. Bank account(s) held for the purpose of settlement would be named as “Name of
Stock Broker - Settlement Account"
Accordingly naming proprietary bank/demat accounts of the stock broker as 'Stock
Broker-Proprietary Account' is voluntary. It is however clarified that bank/demat
account which do not fall under the Clauses 1.2.1,1.2.3, 1.2.5 , 1.2.6 and 1.2.7 would
be deemed to be proprietary.155
2. Imposition of uniform penal action on depository participants by the Depositories in the
event of non-compliance with specified requirements.
Monitoring criteria for Depository Participants
a. Failure to furnish Networth certificate to Depository for year ending March 31st by
September 30th.
b. Failure to furnish Internal Audit report to Depository for half year ending September
30th by November 15th and half year ending March 31st by May 15th.
c. Failure to co-operate with the Depository for conducting inspection by not submitting
all the information/records sought within 45 days from the due date specified in the
letter of intimation.

153
Paragraph 1.2.2 in circular number SEBI/HO/MIRSD/MIRSD2/CIR/P/2016/95 dated September 26, 2016 which read as
“Bank account(s) which hold own funds of the stock broker shall be named as "Name of Stock Broker - Proprietary
Account"deleted in view of CIR/HO/MIRSD/MIRSD2/CIR/P/2017/64 dated June 22,2017
154
Paragraph 1.2.4 in circular number SEBI/HO/MIRSD/MIRSD2/CIR/P/2016/95 dated September 26, 2016 which read as
“Demat account(s), which hold own securities of the stock broker, shall be named as "Name of Stock Broker-Proprietary
Account" deleted in view of CIR/HO/MIRSD/MIRSD2/CIR/P/2017/64 dated June 22,2017
155
Reference circular number CIR/HO/MIRSD/MIRSD2/CIR/P/2017/64 dated June 22,2017
276
 d. Failure to submit data for the half yearly Risk Based Supervision within the time
specified by Depositories.
e. Failure to furnish half yearly compliance certificate/report to Depository for half year
ending June 30th by July 30th and half year ending December 31st by January 31st.
f. Failure to furnish monthly Investor grievance report by 10th day of next month.
g. In case depository participant shares incomplete/wrong data or fails to submit data on
time.
h. Failure to submit financial statements as per timeline prescribed by the Depositories.
4.38 Amendment pursuant to comprehensive review of Investor Grievance Redressal
Mechanism156
In order to enhance the effectiveness of grievance redressal mechanism at Market
Infrastructure Institutions (MIIs), SEBI has comprehensively reviewed the existing
framework in consultation with the Stock Exchanges and Depositories (inter alia, issues
relating to strengthening of arbitration mechanism and investor protection mechanism).
Based on the aforesaid review, it has been decided to revamp the grievance redressal
mechanism at Stock Exchanges and Depositories (wherever applicable), as follows:-
1. InvestorGrievance Resolution Panel (IGRP)/ Arbitration Mechanism

The existing IGRP/ arbitration mechanism to be modified as follows:

A. Public dissemination of profiles of arbitrators

In order to enhance transparency and also to provide choice to parties, Stock

Exchanges/ Depositories shall disseminate information w.r.t. brief profile,
qualification, areas of experience/ expertise, number of arbitration matters
handled, pre-arbitration experience, etc. of the arbitrators on their website.

B. Submission of documents in soft copies

In order to assist the arbitrators in pronouncing comprehensive and speedy

awards, Stock Exchanges/ Depositories shall make necessary arrangements in
terms of hardware viz., computer, scanner, printer, etc. and required software’s
at exchange offices/ Investor Service Centers (ISCs) to facilitate the clients to
type/ convert their documents into electronic format/ soft copy. Such electronic
format/ soft copies shall be provided to the arbitrators along with original
submissions in physical copies.
156
Reference Circular SEBI/HO/DMS/ CIR/P/2017/15 dated February 23, 2017
277
C. Review and Training of arbitrators

Investor Service Committee of the Stock Exchanges/ Depositories shall review

the performance of the arbitrators annually and submit the review report to the
Board of the Stock Exchange/ Depository. Training need of the arbitrators will
be catered by National Institute of Securities Markets (NISM). Cost of training of
arbitrators may be incurred from ISF.

D. Mechanism for implementation of award

Stock Exchanges/ Depositories shall create a common database of defaulting

clients accessible to members/ depository participants across the Stock
Exchanges/ Depositories.

For this purpose, a client may be identified as defaulter if the client does not pay
the award amount to the member/ depository participant as directed in the
IGRP/ arbitration/ appellate arbitration order and also does not appeal at the
next level of redressal mechanism within the timelines prescribed by SEBI or file
an application to court to set aside such order in accordance with Section 34 of
the Arbitration and Conciliation Act, 1996 (in case of aggrieved by arbitration/
appellate award).

E. Empanelment of arbitrators and segregation of arbitration and appellate

arbitration panel

There shall be separate panels for arbitration and appellate arbitration. Further,
for appellate arbitration, at least one member of the panel should be a Retired
Judge.

Stock Exchanges/ Depositories shall obtain prior approval of SEBI before

empanelment of arbitrators/ appellate arbitrators.

F. Empanelment of IGRP members

Stock Exchanges shall empanel IGRP members and no arbitrator/ appellate

arbitrator shall be empaneled as IGRP member.

G. Revision in professional fee of arbitrators

The arbitrator fee shall be upwardly revised to Rs.18,000/- (Rs. Eighteen

thousand) per case. Consequent to this upward revision, the additional expenses
attributable to a client over and above the fee structure specified in point J, shall
278
 be borne by the client (wherever applicable) and Stock Exchange/ Depository
equally. The total expense attributable to the member/ depository participant
has to be borne by the concerned member/ depository participant.

H. Place of arbitration/ appellate arbitration

In case award amount is more than Rs. 50 lakh (Rs. Fifty lakh), the next level of
proceedings (arbitration or appellate arbitration) may take place at the nearest
metro city, if desired by any of the party involved. The additional cost for
arbitration, if any, to be borne by the appealing party.

I. Arbitration/ appellate arbitration award

In order to safeguard the interest of the parties involved in arbitration and to

ensure speedy implementation of the arbitration award, the rate of interest on
the award passed by arbitrators shall be in compliance with Arbitration and
Conciliation (Amendment) Act, 2015.

J. Speeding up grievance redressal mechanism

(i) In order to have faster implementation of award and to discourage delayed

filling of arbitrations by members, the fee structure (exclusive of statutory
dues - stamp duty, service tax, etc.) for filling arbitration reference shall be as
follows:-

Amount of If claim is If claim is filed If the claim is filed

Claim / filed within after six months beyond the
six months from the date of timeline prescribed
Counter from the date dispute or after in column 3, (only
Claim, of dispute one month from for member)
whichever is the date of IGRP
higher (Rs.) order, whichever is
later

≤ 10,00,000 1.3% subject to 3.9% subject to a Additional fee of

a minimum of minimum of Rs. 3,000/- per
Rs.10,000 Rs.30,000 month over and
above fee
prescribed in

279
 column 3

> 10,00,000 - Rs. 13,000 plus Rs. 39,000 plus Additional fee of
25,00,000 ≤ 0.3% amount 0.9% amount above Rs. 6,000/- per
above Rs. 10 Rs. 10 lakh month over and
lakh above fee
prescribed in
column 3

> 25,00,000 Rs. 17,500 plus Rs. 52,500 plus 0.6 Additional fee of
0.2 % amount % amount above Rs. 12,000/- per
above Rs. 25 Rs. 25 lakh subject month over and
lakh subject to to maximum of above fee
maximum of Rs.90,000 prescribed in
Rs. column 3

30,000

(ii) The filing fee will be utilized to meet the fee payable to the arbitrators.

(iii) A client, who has a claim / counter claim upto Rs. 10 lakh (Rs. Ten lakh)
and files arbitration reference, will be exempted from filing the deposit.

(iv) Excess of filing fee over fee payable to the arbitrator, if any, to be
deposited in the IPF of the respective Stock Exchange.

(v) In all cases, on issue of the arbitral award the stock exchange shall refund the
deposit to the party in whose favour the award has been passed.

2. Investor Protection fund (IPF), Investor Service fund (ISF), Interest on IPF and
Interest on ISF

A. IPF and ISF management structure

(i) In order to ensure effective utilization of interest income on IPF, supervision

of utilization of interest on IPF will rest with the IPF Trust.

280
 (ii) In order to have better management and control on the contributions and
utilization of ISF fund, supervision of the same will rest with the Investor
Service Committee.

B. Investor Protection Fund corpus

In order to ensure the adequacy of corpus of the IPF, Stock Exchanges and
Depositories shall periodically review the sources of the fund and the eligible
compensation amount so as to recalibrate the fund to make suitable
recommendation for enhancement.

C. Utilization of IPF, ISF, interest on IPF and interest on ISF

Modified guidelines for utilization of IPF, Interest on IPF, ISF and Interest on ISF would be as
follows
Sr. Particulars Utilization
No.

1 IPF Stock Exchanges:

To meet the legitimate investment claims of the clients of

the defaulting members.

Depository:

a) Promotion of investor education and investor

awareness programmes through seminars, lectures,
workshops, publications (print and electronic media),
training programmes etc. aimed at enhancing
securities market literacy and promoting retail
participation in securities market;

b) To utilize the fund for supporting initiatives of

Depository Participants for promotion of investor
education and investor awareness programmes;

c) To utilize the fund in any other manner as may be

prescribed/ permitted by SEBI in the interest of
investors;

281
 d) To meet the legitimate claims of the beneficial owners,
upto the maximum cap as to be determined by the
depository, in case the same is not settled by the
beneficial owner indemnity insurance;

2 Interest on Stock Exchanges:

IPF
a) To further strengthen the corpus, 75% of interest on
IPF earned every year should be treated as corpus of
IPF;

b) The balance 25% may be utilized by the exchange for

promotion of investor education and investor
awareness programmes through seminars, lectures,
workshops, publications (print and electronic media),
training programmes etc. aimed at enhancing
securities market literacy, promoting retail
participation in securities market and undertaking
research activities related to securities market. Capital
expenditure would be permissible only w.r.t. setting
up of Investor Service Centre. However, no
expenditure to be incurred on product promotion in
any manner.

c) In any other manner as may be prescribed/ permitted

by SEBI in the interest of investors;

Depositories:

To further strengthen the corpus, 100% of Interest on IPF

should be treated as corpus of IPF

3 ISF Exchanges:

a) ISF may be utilized only for promotion of investor

education and investor awareness programmes
through seminars, lectures, workshops, publications
(print and electronic media), training programmes etc.
aimed at enhancing securities market literacy and

282
 promoting retail participation in securities market;

b) At least 50% should be spent at Tier II & Tier III cities;

c) Cost of training of arbitrators;

d) In any other manner as may be prescribed/ permitted

by SEBI in the interest of investors;

4 Interest on Exchanges: Interest on ISF should be ploughed back to

ISF ISF

D. Admissibility of claim for making payment out of IPF in Stock Exchanges

In the event of default by the member, all transactions executed on exchange

platform shall be eligible for settlement from IPF (subject to maximum limit),
subject to the appropriate norms laid down by the Defaulters’ Committee.

E. Determination of legitimate claims from IPF for clients of the defaulter

member

The Stock Exchanges shall ensure that once a member has been declared
defaulter, the claim (s) shall be placed before the Defaulters’ Committee for
sanction and ratification. The Defaulters’ Committee’s advice w.r.t. legitimate
claims shall be sent to the IPF Trust for disbursement of the amount
immediately.

In case the claim amount is more than the coverage limit under IPF or the
amount sanctioned and ratified by the Defaulters’ Committee is less than the
claim amount then the investor will be at liberty to prefer for arbitration
mechanism for claim of the balance amount.

F. Threshold limit for interim relief paid out of IPF in Stock Exchanges

In partial modification to Circular No. CIR/MRD/ICC/30/2013 dated

September 26, 2013 on “Investor Grievance Redressal Mechanism” the following
changes are prescribed:

283
 (i) Stock Exchanges, in consultation with the IPF Trust and SEBI, shall review
and progressively increase the amount of interim relief available against a
single claim for an investor, atleast every three years.

(ii) The Stock Exchanges shall disseminate the interim relief limit fixed by them
and any change thereof, to the public through a Press Release and also
through its website.

(iii) In case, award is in favour of client and the member opts for arbitration
wherein the claim value admissible to the client is not more than Rs. 20 lakhs
(Rs. Twenty lakhs), the following steps shall be undertaken by the Stock
Exchange:

a) In case the IGRP award is in favour of the client then 50% of the admissible
claim value or Rs. 2.00 lakhs (Rs. Two lakhs), whichever is less, shall be
released to the client from IPF of the Stock Exchange.

b) In case the arbitration award is in favour of the client and the member opts
for appellate arbitration then 50% of the amount mentioned in the arbitration
award or Rs. 3.00 lakhs (Rs. Three lakhs), whichever is less, shall be released
to the client from IPF of the Stock Exchanges. The amount released shall
exclude the amount already released to the client at clause (a) above.

c) In case the appellate arbitration award is in favour of the client and the
member opts for making an application under Section 34 of the Arbitration
and Conciliation Act, 1996 to set aside the appellate arbitration award, then
75% of the amount determined in the appellate arbitration award or Rs. 5.00
lakhs (Rs. Five Lakhs), whichever is less, shall be released to the client from
IPF of the Stock Exchanges. The amount released shall exclude the amount
already released to the client at clause (a) and (b) above.

d) Total amount released to the client through the facility of interim relief
from IPF in terms of this Circular shall not exceed Rs. 10.00 lakhs (Ten lakhs)
in a financial year.

3. Disciplinary Action Committee, Defaulters’ Committee, Investors Service

Committee, Arbitration Committee and IPF Trust

(i) In partial modification to circular no. MRD/DoP/SE/Cir-38/2004 dated

October 28, 2004 and CIR/MRD/DSA/33/2012 dated December 13,2012, the

284
 functions and composition of the Disciplinary Action Committee, Defaulter’s
Committee, Investors Service Committee and IPF Trust will be as follows:

Sr. Name of Functions handled Composition

No. Committee

1 Disciplinary i. The Committee shall (i) The Committee should

Action formulate the policy for have a minimum of 3
Committee regulatory actions including members and a maximum
warning, monetary fine,
of 5 members;
suspension, withdrawal of
trading terminal, expulsion, to (ii) The Public Interest
be taken for various violations
Directors shall form a
by the members of the
exchange. majority of the
Committee;
ii. Based on the laid down
policy, the Committee shall (iii) A maximum of two
consider the cases of key management
violations observed during personnel of the exchange
inspection, etc. and impose
can be on the committee
appropriate regulatory action
and one of which shall
on the members of the
exchange. necessarily be the
Managing Director of the
iii. While imposing the stock exchange;
regulatory measure, the
Committee shall adopt a laid (iv) The Committee may
down process, based on the also include independent
'Principles of natural justice'.
external persons such as
retired judge, etc.;

(v) SEBI may nominate

members in the
Committee, if felt
necessary in the interest of
securities market;

285
2 Defaulters’ i. To realize all the assets / (i) The Committee should
Committee deposits of the defaulter/ have a minimum of 3
expelled member and members and a maximum
appropriate the same
of 5 members;
amongst various dues and
claims against the (ii) The Public Interest
defaulter/ expelled
Directors shall form a
member in accordance with
the Rules, Byelaws and majority of the
Regulations of the Committee;
exchange.
(iii) A maximum of two
ii. In the event both the key management
clearing member and his personnel of the exchange
constituent trading member
can be on the Committee;
are declared defaulter, then
the Defaulter’s Committee (iv) The Committee may
of the stock exchange and
also include independent
the Defaulter's Committee
of the clearing corporation external persons such as
shall work together to retired judge, etc.;
realise the assets of both the
clearing member and the
trading member.
(v) SEBI may nominate
iii. Admission or rejection of members in the
claims of client/ trading Committee, if felt
members/ clearing
necessary in the interest of
members over the assets of
securities market;
the defaulter/ expelled
member.

iv. Advise in respect of the

claims to the Trustees of the
IPF on whether the claim is
to be paid out of IPF or
otherwise.

3 Investor (i) Supervising the functioning (i) The Committee should

Services of Investors’ Services Cell of have a minimum of 3
286
 Committee the Exchange which includes members and a maximum
review of complaint resolution of 5 members;
process, review of complaints
remaining unresolved over
long period of time, estimate
(ii) The Public Interest
the adequacy of resources
Directors shall form a
dedicated to investor services,
majority of the
etc.;
Committee;
(ii) Supervision of utilization
(iii) A maximum of two
of ISF;
key management
(iii) To have annual review of personnel of the exchange
the arbitrators and can be on the Committee;
arbitration/ awards (both
(iv) The Committee may
quantum and quality of the
also include independent
awards).
external persons;

(v) SEBI may nominate

members in the
Committee, if felt
necessary in the interest of
securities market;

4 IPF Trust (i) The IPF shall be (i) The Trust should have
administered by way of a maximum 5 trustees;
Trust created for this purpose;
(ii) The trustee should
(ii) The IPF Trust shall comprise of:
disburse the amount of
compensation from IPF to the a. Three Public Interest
Directors;
investor and such a
compensation shall not be b. One representative
more than the maximum from investor
amount fixed for a single associations
recognized by SEBI;
287
 claim of an investor; and

(iii) The IPF Trust shall c. The principal

disburse the compensation to regulatory compliance
officer of the MII;
the investors as and when
claims have been crystallized (iii) The maximum tenure
against a defaulter member; of a trustee (excluding the
principal regulatory
(iv) The IPF Trust need not
compliance officer of the
wait for realization of assets
MII, whose trusteeship
of the defaulter member for
would be co-terminus
disbursements of the claims;
with the service) should
(v) Upon receipt of advice of be five years or as
the Defaulters’ Committee, for specified by SEBI;
payment, the IPF Trust should
take necessary steps for
disbursement of the amount
at the earliest

It may be noted that, norms for composition of IPF Trust, as provided in Clause 3(i)(4) above are
uniformly applicable across Exchanges and Depositories.157

Further, the functions of IPF Trust, as prescribed in Clause 3(i)(4) above, shall be applicable only
to Exchanges.

(ii) The Arbitration Committee of the Stock Exchanges shall stand discontinued.

157
Reference: SEBI/HO/MRD/DDAP/CIR/P/2020/16 dated January 28, 2020
288
 4.39 Digital Mode of Payment158

i. SEBI has notified the SEBI (Payment of Fees and Mode of Payment)
(Amendment) Regulations, 2017 on March 06, 2017 to enable digital mode of payment
(RTGS/NEFT/IMPS, etc.) of fees/penalties/remittance/other payments etc.
ii. Pursuant to above, SEBI has been receiving direct credit of amounts from various
intermediaries / other entities.
iii. In order to identify and account such direct credit in the SEBI account, intermediaries /
other entities shall provide the information as mentioned in Annexure below to SEBI
once the payment is made.
iv. The above information should be emailed to the respective department(s)as well as to
Treasury &Accounts division at [email protected]

Annexure
Date Depar Name Type of SEBI PAN Amount Purpose Bank UTR
tment of Intermedi Registration (Rs.) ofPayment name No.
of Intermed ary No. (If any) (including and
SEBI iary theperiod Account
/ Other for number
entities whichpaym from
ent which
was payment
madee.g.qu is
arterly,ann remitted
ually)

4.40 Framework for Innovation Sandbox159

4.40.1 Capital market in India have been early adopters of technology. SEBI believes that
encouraging adoption and usage of financial technology (‘FinTech’) would have a
profound impact on the development of securities market. FinTech can act as a catalyst
to further develop and maintain an efficient, fair and transparent securities market
ecosystem.

4.40.2 To create an ecosystem which promotes innovation in the securities market, SEBI feels
that FinTech firms should have access to market related data, particularly, trading and
holding data, which is otherwise not readily available to them, to enable them to test

158
Reference circular number SEBI/HO/GSD/T&A/CIR/P/2017/42 dated May 16, 2017
159
Reference circular number SEBI/MRD/CSC/CIR/P/2019/64 dated May 20, 2019
289
 their innovations effectively before the introduction of such innovations in a live
environment.

4.40.3 The “Innovation Sandbox”, would be a testing environment where FinTech firms and
entities not regulated by SEBI including individuals (herein afterwards referred to as
participants/ applicants) may use the environment for offline testing of their proposed
solutions in isolation from the live market, subject to fulfillment of the eligibility
criteria, based on market related data made available by Stock Exchanges, Depositories
and Qualified Registrar and Share Transfer Agents (QRTAs).

Features and Structure of Innovation Sandbox

4.40.4 The components and structure of the Innovation Sandbox can be broadly classified into
design, legal and administrative categories. The method of implementation has been
elaborated under the head “Implementation” in para 4.40.6-4.40.13.

I. Design Components
A. Data Sets
a) One of the most important components of an Innovation Sandbox is access to
securities market related data, which will enable participants to test and improve their
FinTech solutions.
b) The datasets that will be made available to participants shall be clearly defined and
known to market participants. Indicative datasets which may become part of the
Innovation Sandbox are as follows:

i. Depositories data: Holding data, KYC data

ii. Stock exchange data: Transactions data like order log, trade log
iii. RTA data: Mutual fund transactions data
c) The datasets shall be historical and anonymized data and shall also contain data
related to episodic market events. Live data shall not be made available to participants.
d) Access to datasets shall be provided in a phased manner starting with limited
amount of data and based on validations, more exhaustive data would be provided to
participants.
e) The use of datasets shall be governed by comprehensive confidentiality agreement
which shall include an ‘End User Agreement’ clearly specifying that the datasets made
available shall not be sold or sublet or shared in any manner with any other entities.
B. Infrastructure
290
a) The datasets to be used for testing solutions in the Innovation Sandbox shall be
shared through application program interface (APIs), which will be widely published
and available to all eligible participants.
b) Virtual machines may be made available with configurations similar to the live
environment for testing an innovative product, service or solution on the datasets.
II. Legal components
a) Flexibility
The Innovation Sandbox shall be flexible to adapt and incorporate the changes, once the
Innovation Sandbox evolves and matures.
b) Not-for-profit
The Innovation Sandbox can be set up as a separate not-for-profit entity which enhances
the impartiality of the Innovation Sandbox.
c) Compliance
The Innovation Sandbox should ensure that all applicants can perform their testing
without breaking any regulatory barriers, including compliance with investor
protection, Know Your Client norms, data integrity or any other Indian laws.
d) Legally robust
The Innovation Sandbox should clearly define the rights and obligations of the
stakeholders. Applicants are required to agree to contractually binding terms of
participation.
e) Intellectual Property Rights (IPR) protection
The Innovation Sandbox should have the relevant provisions to protect the applicants’
IPR. Also, it should define how the IPR which results from the collaboration can be
used once the testing phase has ended.
f) Prevention of Data misuse
The Innovation Sandbox should have provision to restrict misuse of data from the
stated purposes.
g) Restriction from Fraudulent purposes
The Innovation Sandbox should have provision for restricting development of any
product/ solution for fraudulent/ manipulative purposes.
h) Secured
The Innovation Sandbox should be secured from cyber threats or unauthorized access.

291
 III. Administrative Components
a) Application Assessment
Applications received for participating in the Innovation Sandbox will be assessed and
rule based self-assessment process shall be formalized, in order to allow the applicants’
automatic entry into the Innovation Sandbox.
b) Governance body
A governance body shall be formed comprising of representatives from the Stock
Exchanges, Depositories and Qualified Registrar and Share Transfer Agents. This body
shall supervise the operations of the Innovation Sandbox in the interests of its
contributors, users and securities market in general. The governance body shall be
responsible for ensuring that the sandbox fulfils its stated objectives. The governance of
the Innovation Sandbox should be neutral and should not favor any particular
participant or category of participants.
c) Operational team
An operational team shall be constituted to carry out the day-to-day activities of the
Innovation Sandbox including processing applications, communicating with applicants,
assisting the governance body, maintaining the infrastructure of the Innovation
Sandbox, supervising the testing in Innovation Sandbox etc.
d) Rules of participation
Rules shall be framed to regulate the rights and responsibilities of the participant with
respect to an Innovation Sandbox and to other participants. These rules could be same
for each applicant type and may include the entry and exit criteria, operating
guidelines, reporting requirements etc.
e) Grievance redressal process
A grievance redressal mechanism shall be formulated to deal with the grievances of any
applicant in the Innovation Sandbox. This mechanism shall clearly define the point of
contact for grievance redressal along with the escalation matrix.
IV. Interface for Innovation Sandbox
The entire sandbox participation lifecycle (applying, tracking, on-boarding, monitoring,
reporting, etc.) shall be completely digital to ensure transparency and efficiency.
Eligibility Criteria
4.40.5 The eligibility criteria for inclusion into the Innovation Sandbox are as follows:

a) Applicability
292
 Conceptually, the Innovation Sandbox framework is applicable to any entity, who
intends to innovate on the products, services, and/or solutions for the securities and
commodities market in India.
b) Genuine need to test
The applicant should have a genuine need for testing the solution using resources
available in the Innovation Sandbox. The applicant should be able to postulate that the
solution cannot be developed properly without testing in the Innovation Sandbox.
c) Testing readiness of the solution
The applicant should have the necessary resources to support testing in the sandbox.
The applicant must show testing plans with clear objectives, parameters and success
criteria.
d) Post-testing strategy
The applicant should be able to postulate their post-testing plan.
e) Direct benefits to consumers
The solution should offer identifiable benefits (direct or indirect) to consumers and to
the capital market and the Indian economy at large.
f) Secure
The solution shall be validated for cyber security parameters. The applicant is required
to submit a cyber-security compliance certificate as per SEBI’s Cyber Security
guidelines.
Implementation
4.40.6 A Steering Committee comprising of representatives from the Market Infrastructure
Institutions (MIIs) and QRTAs shall develop the operating guidelines as mentioned at
Para 4.40.4 III (c) towards the components and structure of the Innovation Sandbox as
articulated in the Features, Structure and Eligibility criteria of Innovation Sandbox in
Para 4.40.4 and 4.40.5. The Steering Committee shall also include members drawn from
the areas of FinTech start-ups, academia and angel investors or any other area as may
be prescribed by SEBI. At the initial stage, SEBI representative shall be a permanent
invitee to this Committee.

4.40.7 Post issuance of operating guidelines, the Steering Committee shall carry out all the
functions as envisaged in the Administrative Components at Para 4.40.4 viz. receive,
evaluate and process the applications received for participating in the Innovation
Sandbox, approve / reject applications so received, grievance redressal etc. The Steering
Committee shall also be responsible for registering/onboarding the applicant post
293
 approval of the application and monitor the participant throughout the lifecycle of the
project.

4.40.8 Each of the MIIs and QRTAs shall build their own interface and APIs. Any approved
sandbox applicant can then get access to the APIs of the respective MIIs and QRTAs
where the applicant would test its solution.

4.40.9 The Sandbox applicant may give a presentation to the Steering Committee upon
completion of the testing and exit from the Innovation Sandbox.

4.40.10 The Steering Committee overseeing the testing of the applicant’s solution within the
sandbox shall maintain an Objective and Key Result Areas (OKRA) document for
effective oversight on the entire process.

4.40.11 The entire sandbox participation lifecycle (applying, tracking, on-boarding,

monitoring, reporting, etc.) should move towards a complete digital environment
within a time-bound manner, not exceeding 24 months, towards ensuring transparency
and efficiency.
4.40.12 The Steering Committee, to begin with, shall evolve decisions based on consensus and
have a Chairperson from among the group on a rotation basis.

4.40.13 Based on the functioning of the Steering Committee, SEBI would prescribe other
norms for governance, as and when required.

4.40.14 The steering committee shall be constituted within 15 days of issuance of these
provisions. The steering committee shall provide the operating guidelines within 2
months of issuance of these provisions.

Outcome of Innovation Sandbox

4.40.15 SEBI envisages the Innovation Sandbox to have the following benefits:

i. Product showcase
A platform for showcasing the working prototype of the solution which may help
FinTech firms secure more funding.

ii. Product regulation

Assessing compliance and readiness with SEBI’s regulations.

294
 iii. Industry interoperability
Providing an environment where developers could explore industry challenges and
use cases for innovative technologies linked to interoperability of new solutions
across the industry.

4.41 Framework for Regulatory Sandbox160

4.41.1 Participants in the capital market in India have been early adopters of technology.
SEBI believes that encouraging adoption and usage of financial technologies
(‘FinTech’) can act as an instrument to further develop and maintain an efficient,
fair and transparent securities market ecosystem.

4.41.2 Towards this end, SEBI vide circular SEBI/HO/MRD/2019/P/64 dated May 20,
2019, stipulated a framework for an industry-wide Innovation Sandbox, whereby
FinTech startups and entities not regulated by SEBI were permitted to use the
Innovation Sandbox for offline testing of their proposed solution.

4.41.3 SEBI now has introduced a framework for “Regulatory Sandbox”. Under this
sandbox framework, entities regulated by SEBI shall be granted certain facilities and
flexibilities to experiment with FinTech solutions in a live environment and on
limited set of real customers for a limited time frame. These features shall be
fortified with necessary safeguards for investor protection and risk mitigation

4.41.4 The guidelines pertaining to the functioning of the Regulatory Sandbox are
provided at Annexure A.

Annexure A

APPLICABILITY

1. All entities registered with SEBI under section 12 of the SEBI Act 1992, shall be eligible
for testing in the regulatory sandbox. The entity may either on its own or engage the
services of a FinTech firm. In either scenarios, the registered market participant shall be
treated as the principal applicant, and shall be solely responsible for testing of the
solution.

ELIGIBILITY CRITERIA FOR THE PROJECT

160
Reference circular SEBI/HO/MRD-1/CIR/P/2020/95 dated June 05, 2020
295
 2. The eligibility criteria shall be as follows:

a) Genuineness of innovation
The solution should be innovative enough to add significant value to the existing
offering in the Indian securities market.

b) Genuine need to test

The applicant should have a genuine need for live testing the solution on real
customers. Further, the applicant should demonstrate that the solution cannot be
developed without relaxing certain regulations, if any, being sought.

c) Limited prior testing

Before applying for testing in sandbox, limited offline testing of the solution should
have been carried out by the applicant.

d) Direct benefits to users

The solution should offer identifiable benefits (direct or indirect) to the investors or
entities or to the capital market at large.

e) No risks to the financial system

The solution should have proper risk management strategy to incorporate
appropriate safeguards to mitigate and control potential risks to any market
participants/users that may arise from the testing of the solution and shall propose
appropriate safeguards to manage the risks and contain the consequences of failure.

f) Testing readiness of the solution

The applicant should have the necessary resources to support testing in the sandbox
and must demonstrate well developed testing plans with clear objectives,
parameters and success criteria.

g) Deployment post-testing
The applicant should demonstrate the intention and ability to deploy the solution on
a broader scale. To this effect the applicant should share a proposed sandbox exit
and transition strategy.

APPLICATION AND APPROVAL PROCESS

3. The applicant shall ensure that the specified eligibility criteria are satisfied while
submitting the application as per Annexure-1 to SEBI. The application form shall be

296
 signed by the Chief Executive Officer (CEO) of the applicant or officer duly authorized
by the CEO or compliance officer. The complete application must be submitted to:

Chief General Manager,

Market Regulation Department-1,
SEBI Bhavan, Plot No. C4-A, G-Block, Bandra Kurla Complex,
Bandra (E), Mumbai – 400051
or
by email at [email protected]

4. Thereafter, the application shall be forwarded to the relevant department of SEBI for
processing. The flowchart for the application and approval process is depicted at
Annexure-2. SEBI shall communicate with the applicant during the course of evaluating
the sandbox application, and during the testing phase.

5. At the “Application Stage”, SEBI shall review the application and inform of its potential
suitability for a sandbox within 30 working days from the submission of the complete
application. SEBI may issue guidance to the applicant according to the specific
characteristics and risks associated with the proposed solution. SEBI may also consult
its Committee on Financial and Regulatory Technologies (CFRT), if necessary, to
evaluate the application.

6. At the “Evaluation Stage”, SEBI shall work with the applicant to determine the specific
regulatory requirements and conditions (including test parameters and control
boundaries) to be applied to the proposed solution in question. The applicant shall then
assess if it is able to meet these requirements. If the applicant is able and willing to meet
the proposed regulatory requirements and conditions, the applicant shall be granted
permission to develop and test the proposed FinTech innovation(s) in the sandbox.

7. Upon approval, the application shall proceed towards the “Testing Stage”. The
participant shall disclose to its users that the solution shall operate in a sandbox and the
potential key risks associated with the solution. The applicant is also required to obtain
the user’s acknowledgement that they have read and understood the risks

8. During the testing stage, the applicant shall take prior approval from SEBI to effect any
material changes to the solution.

9. Each applicant shall assign a contact person to coordinate with a designated officer of
SEBI.

297
 10. The duration of the sandbox testing stage shall be a maximum of twelve months and
extendable upon request of the applicant.

11. In case an application is rejected at any stage, the applicant shall be informed
accordingly. The reasons for rejection could include failure to meet the objective of the
sandbox or any of the eligibility criteria. The applicant may re-apply for the sandbox
when it is ready to meet the objective and eligibility criteria of the sandbox, subject to an
appropriate cooling off period as decided by the concerned department of SEBI.

EVALUATION CRITERIA

12. The applicant may be evaluated using a scoring process by the concerned department,
inter alia, based on the parameters given below:

i. Profile of the applicant

ii. Usage of innovative solution including technology and/or processes
iii. Identified benefits to the investors and/or the securities/commodities markets
iv. Compilation of meaningful test scenarios and expected/desired outcomes
v. Risk measured/graded testing conditions and parameters so as to ensure safety
and protection of the markets/investors
vi. Risk mitigation for high risk testing conditions and parameters
vii. Appropriate disclosure requirements and protection to their users
viii. Clearly defined grievance redressal mechanism and user rights
ix. Adequate disclosure of the potential risks to participating users
x. Prior confirmation from users that they fully understand and accept the
attendant risks
xi. Intent and feasibility to deploy the proposed FinTech solution post testing
xii. The deployment and monitoring strategy post testing (in the event the tests are
deemed successful) or the exit strategy (in the event the tests are not successful)
xiii. Any other factors considered relevant by SEBI

REGULATORY EXEMPTIONS

13. To encourage innovation with minimal regulatory burden, SEBI shall consider
exemptions/ relaxations, if any, which could be either in the form of a comprehensive
exemption from certain regulatory requirements or selective exemptions on a case-
bycase basis, depending on the FinTech solution to be tested.

298
 14. Within the overarching principles of market integrity and investor protection, no
exemptions would be granted from the extant investor protection framework,
KnowYour-Customer (KYC) and Anti-Money Laundering (AML) rules.

15. Entities desirous of participating in sandbox shall make an application, including

exemption / relaxation being sought from relevant provisions of the applicable
regulatory framework.

16. The registration granted by SEBI to all entities registered with SEBI under Section 12 of
the SEBI Act, 1992 is activity based. An entity which is registered with SEBI for a
particular activity is authorized to carry out activity in that domain. In order to enable
the cross domain testing of FinTech solutions, an existing registered entity would be
required to first obtain a limited certificate of registration for the category of
intermediary for which it seeks to test the FinTech solution(s). This concept of limited
registration shall facilitate the entities to operate in a Regulatory Sandbox without being
subjected to the entire set of regulatory requirements to carry out that activity.

17. Accordingly, regulatory relaxations from various SEBI regulations may be provided
after analyzing specific sandbox testing applications. A reference list is given at
Annexure-3 with examples of the regulatory requirements that will be mandatory and
those for which SEBI may consider granting relaxation during the sandbox testing.

18. SEBI has notified SEBI Regulatory Sandbox (Amendment) Regulations, 2020 so as to
enable the respective department(s) to grant relaxation(s)/exemption(s), as may be
deemed fit, while granting such limited certificate of registration.

SUBMISSION OF TEST RELATED INFORMATION AND REPORTS

19. During the testing period, SEBI may require the participant to submit information/
interim reports including:

i) Key performance indicators, milestones and statistical information

ii) Key issues arising as observed from fraud or operational incident reports
iii) Actions or steps taken to address the key issues identified above

20. The Sandbox Participants must submit a final report containing the following
information to SEBI within 30 calendar days from the expiry of the testing period:

i) Key outcomes, key performance indicators against agreed measures for the success
or failure of the test and findings of the test
299
 ii) A full account of all incident reports and resolution of user complaints, if any
iii) Key learnings from the test

21. The interim and final reports must be confirmed by the Chief Executive Officer (CEO)
of the applicant or officer duly authorized by the CEO or the compliance officer.

22. The participant must ensure that proper records of the conducted tests are maintained
for review by SEBI. Further, the participant shall also maintain such records for a period
of five (5) years from the date of completion of testing/ exit from the sandbox.

OBLIGATIONS OF THE APPLICANT TOWARDS THE USER

23. The applicant shall ensure that before signing up, the user has read the full
documentation provided by the applicant and confirm that he/she is aware of the risks
of using the solution.

24. The applicant shall ensure that users participating in the sandbox have the same
protection rights as the ones participating in the live market.

EXTENDING OR EXITING THE SANDBOX

25. At the end of the testing period, the permission granted to the applicant as well as the
legal and regulatory requirements relaxed by SEBI, shall expire.

26. Upon completion of testing,

i) SEBI shall decide whether to permit the FinTech innovation to be introduced in the
market on a wider scale. Where allowed, participants intending to carry out
regulated businesses shall be assessed based on applicable licensing, approval and
registration criteria under various SEBI regulations, as the case may be.

OR

ii) The applicant may employ an exit strategy.

OR

iii) The applicant may request for an extension period to continue testing.

27. The applicant may exit the sandbox on its own by giving a prior notice to SEBI, in
writing, of its intention to exit the sandbox.

300
 28. The applicant shall ensure that any existing obligation to the users of the FinTech
innovation(s) in the sandbox are completely fulfilled or addressed before exiting the
sandbox or before discontinuing the sandbox testing.

29. The applicant is required to maintain records of acknowledgement of all its users
stating that all the obligations towards the users have been met. These records shall be
maintained by the applicant for a period of five years from the date of exit from the
sandbox.

REVOCATION OF THE APPROVAL

30. SEBI may revoke an approval, to participate in the sandbox, at any time before the end
of the testing period, if the applicant:

i) Fails to carry out risk mitigants.

ii) Submits false, misleading or inaccurate information, or has concealed or failed to
disclose material facts in the application
iii) Contravenes any applicable law administered by SEBI or any applicable law in
India or abroad
iv) Suffers a loss of reputation
v) Undergoes or has gone into liquidation
vi) Comprises the digital security and integrity of the service or product or elevates
the risk of a cyber-security attack
vii) Carries on business in a manner detrimental to users or the public at large
viii) Fails to effectively address any technical defects, flaws or vulnerabilities in the
product, service or solution which gives rise to recurring service disruptions or
fraudulent activities
ix) Fails to implement any directions given by SEBI

31. In addition to revocation of approval for participating in the sandbox, appropriate

actions under relevant regulatory framework may be initiated against the applicant in
case Fintech solution facilitates the following:

i) Undermining of Know Your Customer (KYC) principles

ii) Violation of user’s/investor’s privacy
iii) Promotion of sale of fraudulent/illegal products or services
iv) Promotion of mis-selling of products or services
v) Violation of Anti-Money Laundering (AML) norms
vi) Creation of risk to financial stability
301
 vii) Theft of intellectual property

32. Before revoking the approval to participate in the sandbox, SEBI shall:

i) Immediately suspend trials on new users i.e. no new users shall be permitted to
sign up for using/testing the solution
ii) Give the applicant a prior notice of its intention to revoke the approval; and
iii) Provide an opportunity to the applicant to respond to SEBI on the grounds for
revocation

33. Notwithstanding anything contained in the above para, where SEBI is satisfied that in
the interest of the applicant, its users, the financial system or the public in general, it
may revoke the approval immediately without prior notice and provide the
opportunity to the participant to respond after the effective date of revocation. If the
response is satisfactory, SEBI may reinstate the approval to participate in the sandbox.

34. Upon revocation of an approval, the participant must:

i) Immediately implement its exit plan to cease the provision of the product, process,
service or solution to new and existing users;
ii) Notify its users about the cessation and their rights to grievance redressal, as
applicable;
iii) Comply with obligations imposed by SEBI to dispose of all confidential
information including user’s personal information collected over the duration of
the testing;
iv) Compensate any users who had suffered financial losses arising from the test in
accordance with the safeguards submitted by the participant;
v) Submit a report to SEBI on the actions taken, within 30 days from the revocation;
vi) Comply with any other directions given by SEBI.

ANNEXURE 1

REGULATORY SANDBOX APPLICATION FORM

1. Applicant’s Information
Sr. Description Response
No.
1.1 Name of the Organization
1.2 SEBI Registration no.

302
1.3 Name of the Authorized Representative
1.4 Designation
1.5 Contact No
1.6 Email id
2. Details of the FinTech firms involved, if any
Sr. Description Response
No.
2.1 Provide a brief description of the FinTech firm and its core
businesses including but not limited to:
a. registration with other regulators,
b. affiliation to prominent societies,
c. Accreditations,
d. significant achievements
e. financial standing including avenues for funding
f. Profile of key personnel

2.2 Does the FinTech firm have a presence in India? If yes then
please provide details.

2.3 Is the FinTech firm’s business is already active abroad? If yes

then please provide details.

2.4 Current orders or proceedings against the FinTech firm in India

and abroad (if any)

3. About the proposed solution

Sr. Description Response
No.
3.1 Provide a short summary of the proposed solution to be tested
in the sandbox including but not limited to:
a. Objective of the proposed FinTech solution or the
statement of purpose
b. Key benefits to the users and markets
c. Business Model, including asset deployment and sources
of revenue
d. Target users
e. Compliance obligations
f. Time period for testing
3.2 Summary of the technical solution including but not limited to:
a. Technical architecture
b. Usage of Artificial Intelligence and Machine Learning, if

303
 any
c. Cyber resilience: VAPT results, if any
d. Certification from Common Criteria Recognition
Arrangement (CCRA), if any
e. Business Continuity Plan, if any
f. Any other certifications, if any

3.3 With respect to the genuineness of innovation, please provide

an explanation as to how the solution constitutes a significantly
different offering in the market place

3.4 Awareness of similar offering in other countries or for other

than securities/commodities markets

3.5 Timelines for pan-India deployment post sandbox testing

4. Sandbox readiness
Sr. Description Response
No.
4.1 Illustrate the aspect of the FinTech solution that will be tested

4.2 The test criteria and expected outcomes

4.3 Describe the use case that will be tested in the sandbox

4.4 Define success for a test and the Key Performance Indicators
that will indicate a successful test

4.5 Probable start and end date of sandbox testing

4.6 Details of users including but not limited to:

a. Number of participating customers

b. Profile of customers (retail, institutional, etc.)
c. Process for enrollment and acquisition of customers
d. Requirement of KYC
e. User awareness required/conducted
f. Whether consent required /has consent been obtained
g. Arrangements to limit loss if applicable e.g. Margin, stop
loss thresholds etc.
h. User compensation if any
i. Value at risk per user

304
 j. Transaction thresholds per user

4.7 Risk assessment and mitigation options including but not

limited to:
a. Failure of sandbox testing
b. Financial loss to the customers
c. Cyber attack
d. AML and terrorism financing

4.8 Any instance of a legal and regulatory non-compliance for any

other regulator during the sandbox testing

5. Legal and Regulatory Assessment: other regulators

5.1 Legal and regulatory status (registration, licensing,
authorization, approval, recognition etc.)

5.2 Legal opinion sought on the proposed FinTech solution, if any

5.3 Relevant license to deploy the proposed solution in the

production environment? Please provide the details

6. Deployment post-testing
6.1 Describe how the regulatory requirements will be met post
successful sandbox testing

6.2 Please provide a pan-India deployment strategy, post

successful sandbox testing

6.3 Please provide a clear strategy to monitor the outcomes in the

live scenario

6.4 Please provide exit and transition strategy if the deployed

solution turns unviable and the tests are unsuccessful

7. Relaxation of SEBI regulations and guidelines

7.1 Outline the list of rules, regulation, guidelines, circulars etc. of
SEBI that, as per the applicant, may act as an impediment to the
proposed FinTech solution, along with detailed rationale

305
7.2 Is SEBI to relax any specific regulatory requirements, for the
duration of the sandbox? Please provide the details along with
detailed rationale

7.3 In the event of a successful test and before exit from the
sandbox, provide details on how SEBI’s regulatory
requirements shall be complied with

306
 ANNEXURE-2
FLOWCHART: APPLICATION AND APPROVAL PROCESS

Applicant submits a sandbox

application to SEBI

Application Stage:
SEBI reviews the application

Applicant is informed that the

Sandbox application is not
Is application suitable
potentially
suitable NO
??fosandbox?

YES

Evaluation Stage:
Specific sandbox conditions
determined

Is sandbox
application
approved? NO

YES

Testing Stage After completion of the evaluation

Testing of the solution period, Sandbox exit criteria will
begins be triggered

307
 ANNEXURE - 3
REQUIREMENTS WHICH WILL NOT BE RELAXED AND WHICH MAY MERIT
RELAXATION (FOR ILLUSTRATIVE PURPOSE)

a. Requirements for which relaxation will not be considered

i.Confidentiality of customer information

ii.Fit and proper criteria particularly on honesty and integrity
iii.Handling of customer’s moneys and assets by intermediaries
iv. Prevention of money laundering and countering the financing of
terrorism
v. Risk checks (like price check, order value check, etc.)
vi. Principles of KYC

b. Requirements that may merit relaxation

i. Net worth
ii. Track record
iii. Registration fees
iv. SEBI Guidelines, such as technology risk management guidelines and
outsourcing guidelines
v. Financial soundness

4.42 Monitoring of Foreign Investment limits in listed Indian companies161

i. As per FEMA, the onus of compliance with the various foreign investment limits
rests on the Indian company. In order to facilitate the listed Indian companies to
ensure compliance with the various foreign investment limits, SEBI in consultation with
RBI has decided to put in place a new system for monitoring the foreign investment
limits. The architecture of the new system has been explained in Annexure A.
ii. The depositories (NSDL and CDSL)shall put in place the necessary infrastructure
and IT systems for operationalizing the monitoring mechanism described at
Annexure A.

161
Reference circular IMD/FPIC/CIR/P/2018/61 dated April 05, 2018
308
 Annexure A
Architecture of the System for Monitoring Foreign Investment Limits in listed Indian
companies
Housing of the System
i. The system for monitoring the foreign investment limits in listed Indian companies shall
be implemented and housed at the depositories (NSDL and CDSL).
Designated Depository
ii. A Designated Depository is a depository which has been appointed by an Indian
company to facilitate the monitoring of the foreign investment limits of that company. As
defined at Regulation 2(xxiii) of FEMA, the term ‘Indian company’ means a company
incorporated in India and registered under the Companies Act, 2013.
iii. The Designated Depository shall act as a lead depository and the other depository shall
act as a feed depository.
Company Master
iv. The company shall appoint any one depository as its Designated Depository for the
purpose of monitoring the foreign investment limit.
v. The stock exchanges (BSE, NSE and MSEI) shall provide the data on the paid-up equity
capital of an Indian company to its Designated Depository. This data shall include the
paid-up equity capital of the company on a fully diluted basis. As defined at Regulation
2(xvii) of FEMA, the term “fully diluted basis” means the total number of shares that
would be outstanding if all possible sources of conversion are exercised.
vi. The depositories shall provide an interface wherein the company shall provide the
following information to its Designated Depository:
1. Company Identification Number (CIN)
2. Name
3. Date of incorporation
4. PAN number
5. Applicable Sector
6. Applicable Sectoral Cap
7. Permissible Aggregate Limit for investment by FPIs
8. Permissible Aggregate Limit for investment by NRIs
9. Details of shares held by FPI, NRIs and other foreign investors, on repatriable basis,
in demat as well as in physical form
10. Details of indirect foreign investment which are held in both demat and physical
form

309
 11. Details of demat accounts of Indian companies making indirect foreign investment
in the capital of the company
12. Whether the Indian company that has total foreign investment in it, is either not
owned and not controlled by resident Indian Citizens or is owned or controlled by
person’s resident outside India (Yes or No)
13. ISIN-wise details of the downstream investment in other Indian companies
The information provided by the companies shall be stored in a Company Master database.
The Designated Depository, if required, may seek additional information from the company
for the purpose of monitoring the foreign investment limits. The companies shall ensure that
in case of any corporate action, the necessary modification is reflected immediately in the
Company Master database.
vii. In the event of any change in any of the details pertaining to the company, such as
increase/decrease of the aggregate FPI/NRI limits or the sectoral cap or a change of the
sector of the company, etc. the company shall inform such changes along with the
supporting documentation to its Designated Depository. Such documentation may
include:
1. Board of Directors resolution approving the increase/decrease
2. General body resolution approving the increase/decrease
3. Company Secretary certificate for compliance with FEMA, 1999
Reporting of trades
viii. At present, as per SEBI guidelines, the custodians are reporting confirmed trades of their
FPI clients to the depositories on a T+1 basis. This reporting shall continue and the data
shall be the basis of calculating FPI investments/holding in Indian companies.
ix. With respect to NRI (repatriable) trades, Authorized Dealer (AD) Banks shall report the
transactions of their NRI clients to the depositories. The AD Banks shall be guided by the
circulars issued by RBI in this regard.
Activation of a Red Flag Alert
x. The monitoring of the foreign investment limits shall be based on the paid-up equity
capital of the company on a fully diluted basis to ensure that all foreign investments are
in compliance with the foreign investment limits.
xi. A red flag shall be activated whenever the foreign investment within 3% or less than 3%
of the aggregate NRI/FPI limits or the sectoral cap. This shall be done as follows:
Aggregate NRI investment limit in the company
1. The system shall calculate the percentage of NRI holdings in the company and the
investment headroom available as at the end of the day with respect to the aggregate
NRI investment limit.

310
 2. If the available headroom is 3% or less than 3% of the aggregate NRI investment limit,
a red flag shall be activated for that company.
3. Thereafter, the depositories and exchanges shall display the available investment
headroom, in terms of available shares, for all companies for which the red flag has
been activated, on their respective websites.
4. The data on the available investment headroom shall be updated on a daily end-of-
day basis as long as the red flag is activated.

Aggregate FPI investment limit of the company

1. The system shall calculate the percentage of FPI holding in the company and the
investment headroom available as at the end of the day with respect to the aggregate
FPI investment limit
2. If the available headroom is 3% or less than 3% of the aggregate FPI investment limit,
a red flag shall be activated for that company.
3. Thereafter, the depositories and exchanges shall display the available investment
headroom, in terms of available shares, for all companies for which the red flag has
been activated, on their respective websites.
4. The data on the available investment headroom shall be updated on a daily end-of-
day basis as long as the red flag is activated.

Sectoral cap of the company

1. The system shall calculate the total foreign investment in the company by adding the
aggregate NRI investment on the stock exchange, the aggregate FPI investment in the
company and other foreign investment as provided by the company in the company
master.
2. If the total foreign investment in a company is within 3% or less than 3% of the
sectoral cap, then a red flag shall be activated for that company.
3. Thereafter, the depositories and exchanges shall display the available investment
headroom, in terms of available shares, for all companies for which the red flag has
been activated, on their respective websites.
4. The data on the available investment headroom shall be updated on a daily end-of-
day basis as long as the red flag is activated.
xii. The depositories shall inform the exchanges about the activation of the red flag for the
identified scrip. The exchanges shall issue the necessary circulars/public notifications on
their respective websites. Once a red flag has been activated for a given scrip, the foreign
investors shall take a conscious decision to trade in the shares of the scrip, with a clear
understanding that in the event of a breach of the aggregate NRI/FPI limits or the
311
 sectoral cap, the foreign investors shall be liable to disinvest the excess holding within
five trading days from the date of settlement of the trades.
Breach of foreign investment limits
xiii. Once the aggregate NRI/FPI investment limits or the sectoral cap for a given company
have been breached, the depositories shall inform the exchanges about the breach. The
exchanges shall issue the necessary circulars/public notifications on their respective
websites and shall halt all further purchases by:
1. FPIs, if the aggregate FPI limit is breached
2. NRIs, if the aggregate NRI limit is breached
3. All foreign investors, if the sectoral cap is breached
xiv. In the event of a breach of the sectoral cap/aggregate FPI limit/aggregate NRI limit, the
foreign investors shall divest their excess holding within 5 trading days from the date of
settlement of the trades, by selling shares only to domestic investors.
Method of disinvestment
xv. The proportionate disinvestment methodology shall be followed for disinvestment of the
excess shares so as to bring the foreign investment in a company within permissible
limits. In this method, depending on the limit being breached, the disinvestment of the
breached quantity shall be uniformly spread across all foreign Investors/FPIs/NRIs
which are net buyers of the shares of the scrip on the day of the breach. The foreign
investors are required to disinvest the excess quantity by selling them only to domestic
investors, within 5 trading days of the date of settlement of the trades that caused the
breach.
xvi. This method has been illustrated with the help of an example provided below.
Total shares that can be purchased by foreign investors till 600
sectoral cap is not breached
Total quantity purchased by foreign investors on T day 1000
Breach quantity 400

Time Foreign Purchase Cumulativ Quantity to be

Investor d e Purchase disinvested by
quantity by foreign the foreign
investor investor
1000 hrs ABC 100 100 40
1015 hrs XYZ 250 350 100
1145 hrs TYU 50 400 20
1230 hrs POI 180 580 72
1300 hrs QSX 120 700 48
1400 hrs REW 150 850 60
312
 Time Foreign Purchase Cumulativ Quantity to be
Investor d e Purchase disinvested by
quantity by foreign the foreign
investor investor
1410 hrs LOP 150 1000 60
Total 1000 400

xvii. As can be observed from the above table, the foreign investors/FPIs/NRIs which are
required to disinvest shall be identified and shall be informed of the excess quantity that
they are required to disinvest.
xviii. In the case of FPIs which have been identified for disinvestment of excess holding, the
depositories shall issue the necessary instructions to the custodians of these FPIs for
disinvestment of the excess holding within 5 trading days of the date of settlement of the
trades.
xix. In the case of NRIs which have been identified for disinvestment of excess holding, the
depositories shall issue the necessary instructions to the Authorized Dealer (AD) Banks
for disinvestment of the excess holding within 5 trading days of the date of settlement of
the trades.
xx. The depositories shall utilize the FPI trade data provided by the custodians, post
custodial confirmation, on T+1 day, where T is the trade date. The breach of investment
limits (if any) shall be detected at the end of T+1 day and therefore, the announcement
pertaining to the breach shall be made at the end of T+1 day. The foreign investors who
have purchased the shares of the scrip during the trading hours on T+1 day shall also be
given a time period of 5 trading days from the date of settlement of such trades, to
disinvest the holding accruing from the aforesaid purchase trades. In other words, the
purchase trades of such foreign investors which have taken place of T+1 day, shall be
settled on T+3 day and thereafter a time period from T+4 day to T+8 day shall be
available to them to disinvest their entire holding arising from purchases on T+1 day.
xxi. If T+1 is a settlement holiday, then the custodial confirmation of the trade executed on T
day shall be done on T+2 day and the subsequent settlement of the trade on T+3 day. In
such a scenario, the breach would be detected at the end of T+2 day.
xxii. A table summarizing the breach-disinvestment scenario is given below
Parameter Purchase on T Day Purchase on T+1
Date of breach T day T day
Date of trade T day T+1 day

313
 Parameter Purchase on T Day Purchase on T+1
Date of detection T+1 day (End of day) T+1 day (End of day)
of breach

T+2 day (End of Day, if T+1 is a T+2 day (End of Day), if T+1 is a
settlement holiday settlement holiday

Date of T+2 day T+3 day

settlement of
transaction T+3 day, if either T+1 day or T+2
day is a settlement holiday
Disinvestme 5 trading days from the date of
nt time frame settlement of the transactions
which were executed on the day
of the breach
i.e. 5 trading days from T+2 day
T+4 day, if either T+2 day or
T+3 day is a settlement holiday
5 trading days from the date of
settlement of the transactions
which were executed on T+1
day i.e. 5 trading days from
T+3day

If T+1 day or T+2 day is a If T+2 day or T+3 day is a

settlement holiday, then 5 trading settlement holiday, then 5
days from T+3 day trading days from T+4 day

xxiii. In the event the foreign shareholding in a company comes within permissible limit
during the time period for disinvestment, on account of sale by other FPI or other group
of FPIs, the original FPIs, which have been advised to disinvest, would still have to do so
within the disinvestment time period, irrespective of the fresh availability of an
investment headroom during the disinvestment time period.
xxiv. There shall be no annulment of the trades which have been executed on the trading
platform of the stock exchanges and which are in breach of the sectoral caps/aggregate
FPI limits/aggregate NRI limits.
Failure to disinvest within 5 trading days
xxv. If a breach of the investment limits has taken place on account of the FPIs and the
identified FPIs have failed to disinvest within 5 trading days, then necessary action shall
be taken by SEBI against the FPIs.
Fees
xxvi. The Designated Depository shall levy reasonable fee/charges on the company towards
development, ongoing maintenance and monitoring costs at an agreed upon frequency.

314
4.43 Disclosure of performance of CRAs on Stock Exchange and Depository website162
Each CRA shall furnish data on sharp rating actions in investment grade rating
category, as per the format specified in Annexure B, to Stock Exchanges and
Depositories for disclosure on website on half-yearly basis, within 15 days from the end
of the half-year (31stMarch/ 30thSeptember).
Annexure B
Sharp rating actions in investment grade rating category
(Excluding non-cooperative issuers)
S. No. Rating action Number of ratings
1. Number of rating downgrades of more than 3 notches
2. Number of downgrades to default from investment
grade ratings
3. Number of rating upgrades of more than 3 notches
4. Number of outstanding ratings as on March 31/
September 30

4.44 Handling of Clients’ Securities by Trading Members/Clearing Members163

4.44.1 In order to protect clients’ funds and securities, The Securities Contracts
(Regulation) Act, 1956 and Securities and Exchange Board of India (Stock-Brokers)
Regulations, 1992 specifies that the stock broker shall segregate securities or moneys
of the client or clients or shall not use the securities or moneys of a client or clients
for self or for any other client.

4.44.2 Further, the following circulars were issued by SEBI from time to time detailing the
operational modalities with respect to handling of client’s funds and securities by
stock broker (hereinafter referred to as ‘Trading Member /Clearing Member’ or
TM/CM):

a) Circular No. SMD/SED/CIR/93/23321 dated November 18, 1993:

In terms of clause 2 of the circular SEBI had inter alia specified that “it shall be
compulsory for all member brokers to keep separate accounts for client’s
securities and to keep such books of accounts, as may be necessary, to

162
Reference circular SEBI/ HO/ MIRSD/ DOS3/ CIR/ P/ 2018/ 140 dated November 13, 2018
163
Reference Circular CIR/HO/MIRSD/DOP/CIR/P/2019/75 dated June 20, 2019 and
SEBI/HO/MIRSD/DOP/CIR/P/2019/95 dated August 29, 2019
315
 distinguish such securities from his/their own securities. Such accounts for
client’s securities shall, inter-alia provide for the following:-

i. Securities fully paid for, pending delivery to clients;

ii. Fully paid for client’s securities registered in the name of Member, if any,
towards margin requirements etc.

b) SEBI Circular No. MRD/DOP/SE/Cir – 11/2008 dated April 17, 2008:

In the said circular, SEBI had inter-alia specified that ‘brokers should have
adequate systems and procedures in place to ensure that client collateral is
notused for any purposes other than meeting the respective client’s margin
requirements / pay-ins. Brokers should also maintain records to ensure proper
audit trail of use of client collateral.

c) Circular no. SEBI/HO/MIRSD/MIRSD2/CIR/P/2016/95 dated September

26, 2016 and Circular no. CIR/HO/MIRSD/MIRSD2/CIR/P/2017/64 dated
June 22, 2017:

In the said circulars, SEBI had specified that “stock brokers shall not grant
further exposure to the clients when debit balances arise out of client’s failure
to pay the required amount and such debit balances continues beyond fifth
trading day, as reckoned from the date of pay-in, except in accordance with
the margin trading facility provided vide SEBI circular
CIR/MRD/DP/54/2017 dated June 13, 2017 or as may be issued from time to
time”

d) Circular No. SEBI/HO/MRD/DP/CIR/P/2016/13 dated December 16, 2016:

In the said circular, SEBI had specified that “the member shall transfer securities
from pool account to the respective beneficiary account of their client within 1
working day after the pay-out day. The securities lying in the pool account
beyond the stipulated 1 working day shall attract a penalty at the rate of 6
basis point per week on the value of securities.”

Therefore, in terms of the above provisions, all TM/CM are required to transfer the
clients securities received in pay-out to clients demat account within one working day.
In case the client does not pay for such securities received in pay-out, then the TM/CM
shall be entitled to retain those securities up to five trading days after pay-out. Further,

316
 where the client fails to meet its funds pay-in obligation within five trading days from
payout day, the TM/CM shall liquidate the securities in the market to recover its dues.
Under no circumstances, shall the securities of the clients received in pay-out be
retained by the TM/CM beyond five trading days and be used for any other purpose.

4.44.3 As per the provisions of the following circulars, TM/CM are permitted to provide
running account for securities and create a lien on the client securities to the extent
of the clients’ indebtedness to the TM/CM.

a) As per clause 12 of the SEBI circular on ‘Dealings between a client and a Stock
Broker’ dated December 03, 2009 a client may specifically authorize the stock
broker to maintain a running account of ‘funds’ and ‘securities’ subject to the
specified conditions.

b) As per clause 2.5 of SEBI circular on ‘Enhanced Supervision of Stock Brokers/

Depository Participants’ dated September 26, 2016 read with clause 2 (c) of SEBI
circular CIR/HO/MIRSD/MIRSD2/CIR/P/2017/64 dated June 22, 2017, “a
stock broker is entitled to have a lien on client’s securities to the extent of the
client’s indebtedness to the stock broker and the stock broker may pledge those
securities.”

Referencing the above stated provisions, the TM/CM are transferring client’s securities
into their own account by way of title transfer and then placing such securities as a
collateral to Banks/NBFCs and/or fulfilling securities shortages of other
clients/proprietary trades which is not contemplated in the provisions of the SEBI
circulars referred to in paragraph 4.44.2.

4.44.4 In order to provide clarity with respect to a TM/CM maintaining a running

account164 for client securities and pledging the client securities with Banks/NBFCs,
after discussions with the Exchanges, Depositories and Clearing Corporations, the
following is advised:-

i. The securities received in pay-out against which payment has been made by
clients, shall be transferred to the demat account of the respective clients within

Accordingly, the provisions with regard to running account settlement of clients’ funds and securities specified in SEBI
164

Circulars MIRSD/SE/Cir-19/2009 dated December 03, 2009 and SEBI/HO/MIRSD/MIRSD2/CIR/P/2016/95 dated

September 26, 2016 shall stand modified to the extent as stated hereinabove and the said circulars shall be applicable only as
guidelines for running account settlement of clients’ “funds” only
317
 one working day of the pay-out. Such securities shall be transferred directly from
the pool account of the TM/CM to the demat account of the respective client.

ii. With regard to securities that have not been paid for in full by the clients (unpaid
securities), a separate client account titled – “client unpaid securities account”
shall be opened by the TM/CM. Unpaid securities shall be transferred to such
“client unpaid securities account” from the pool account of the concerned
TM/CM.

iii. The securities kept in the ‘client unpaid securities account’ shall either be
transferred to the demat account of the respective client upon fulfilment of
client’s funds obligation or shall be disposed off in the market by TM/CM within
five trading days after the pay-out. The unpaid securities shall be sold from the
Unique Client Code (UCC) of the respective client. Profit/loss on the sale
transaction of the unpaid securities, if any, shall be transferred to/adjusted from
the respective client account.

iv. In case the clients’ securities are kept in the ‘client unpaid securities account’
beyond seven trading days after the pay-out, the depositories shall under their
bye-laws levy appropriate penalties upon such TM/CM which shall not be
permitted to be recovered from the client.

v. SEBI circular (on Comprehensive Review of Margin Trading Facility) dated June
13, 2017 specifies that TM/CM shall maintain separate client wise ledger for
funds and securities of clients availing margin trading facility. Accordingly, the
securities that are bought under Margin Trading Facility, shall be kept in a
separate account titled as – ‘Client Margin Trading Securities Account’.

vi. Further said circular on Comprehensive Review of Margin Trading Facility also
specifies that:

a) For the purpose of providing the margin trading facility, a stock broker may
use own funds or borrow funds from scheduled commercial banks and/or
NBFCs regulated by RBI. A stock broker shall not be permitted to borrow
funds from any other source.

b) The stock broker shall not use the funds of any client for providing the
margin trading facility to another client, even if the same is authorized by
the first client.
318
 Also, SEBI vide Circular No. MRD/DOP/SE/Cir – 11/2008 dated April 17, 2008 had
specified that client collateral/securities shall not be used for the purposes other than
meeting client’s margin requirements/pay-in.

Referencing the above stated provisions, TMs/CMs are pledging collateral/securities of

the clients with the Banks/NBFCs to borrow funds to meet the margin requirement of
the clients/proprietary obligation which is not contemplated in the provisions of the
aforesaid SEBI circular. In this regard, it is reiterated that the client securities received as
collateral shall be used only for meeting the respective client’s margin requirement by
way of depositing the same with Stock Exchange/ Clearing Corporation/ Clearing
House.

vii. With effect from September 01, 2019, clients’ securities lying with the TM/CM in
“client collateral account”, “Client Margin Trading Securities account” and
“client unpaid securities account” cannot be pledged to the Banks/NBFCs for
raising funds, even with authorization by client as the same would amount to
fund based activity by TM/CM which is in contravention of Rule 8(1)(f) & 8(3)(f)
of Securities Contracts (Regulation) Rules, 1957.

viii. Further, the client’s securities already pledged in terms of clause 2.5 of SEBI
Circular SEBI/HO/MIRSD/MIRSD2/CIR/P/2016/95 dated September 26, 2016
and clause 2 (c) of SEBI circular CIR/HO/MIRSD/MIRSD2/CIR/P/2017/64
dated June 22, 2017 shall, by August 31, 2019, either be unpledged and returned
to the clients upon fulfilment of pay-in obligation or disposed off after giving
notice of 5 days to the client165.

4.44.5 Opening and reporting of Demat Accounts by TM/CM:

In order to implement the above, the following course of action shall be taken by
TM/CM:

a) All the existing client securities accounts opened by the TM/CM other than
‘Pool account’(including ‘Early Pay-in’),‘Client Margin Trading Securities
account’ and ‘Client collateral account’ shall be wound up on or before
September 30, 2019.The TM/CM shall within one week of closure of existing

165
Clause 2.5 of SEBI Circular SEBI/HO/MIRSD/MIRSD2/CIR/P/2016/95 dated September 26, 2016 and clause 2 (c) of
SEBI circular CIR/HO/MIRSD/MIRSD2/CIR/P/2017/64 dated June 22, 2017 stands deleted with effect from June 30, 2019.
319
 client accounts, inform the Stock Exchange/s the details in the following
format:

Name of Account DP Name of PAN Date of

DP Number/ ID Account Closing
Client ID

b) TM/CM shall open the unpaid securities account latest by September 30,
2019 and inform the details of the same to the respective Stock Exchanges /
Clearing Corporations within one week of opening of the unpaid securities
account in the following format:

Name of Account DP Name of PAN Date of

DP Number/ ID Account Opening
Client ID

c) Any non-compliance/non reporting in this regard by the TM/CM shall

attract penal action as per the bye-laws of Stock Exchanges.

4.44.6 Monitoring with respect to handling of clients securities:

Stock Exchanges, Clearing Corporations and Depositories shall put in place a

mechanism for monitoring of the following:

a) Handling of unpaid clients’ securities by the TM/CM – Mechanism of

matching of transfer of securities with the securities obligation as obtained
from the clearing corporation with respect to the following:
i. Securities transferred from the client unpaid securities account to the
pool account
ii. Securities transferred from the client unpaid securities account to the
concerned client account,
iii. Securities transferred from pool account to the concerned client account

b) All the DP accounts tagged as “Stock Broker – Client Account” are wound
up before August 31, 2019.

320
 c) Securities lying with TM/CM in client collateral account, client margin
trading securities account and client unpaid securities account shall not be
permitted to be pledged/transferred to Banks/NBFCs for raising funds by
TM/CM.

4.45 Early Warning Mechanism to prevent diversion of client securities166

1. There have been instances where stock brokers had diverted clients’ securities
received as collaterals towards margin obligations and / or settlement obligations, for
raising loan against shares on their own account and / or for meeting securities
shortages in settlement obligations on its own account. However, such instances of
diversion of securities come to light when stock broker failed in meeting the
margin and/ or settlement obligations to Stock Exchange / Clearing Corporation.

2. It has been decided to put in place an Early Warning Mechanism and sharing of
information between Stock Exchanges, Depositories and Clearing Corporations to
detect the diversion of client’s securities by the stock broker at an early stage so as to
take appropriate preventive measures. The threshold for such early warning signals
shall be decided by the Stock Exchanges, Depositories and Clearing Corporations with
mutual consultation.
3. Early warning signals, for prevention of diversion of clients’ securities, may include the
following:
3.1. Deterioration in financial health of the stock broker/ depository participant based
on any of the following parameters:
a) Significant reduction in net worth over previous half-year / year.
b) Significant losses in the previous half years / years.
c) Delay in reporting of Annual Report, Balance Sheet, Internal Audit Reports,
Risk Based Supervision (RBS) data and any other data related to its financial
health to the Stock Exchanges/ Depositories.
d) Failure to submit information sought by the Stock Exchange/ Depositories on its
dealing with related parties / promoters.
e) Significant mark-to-market loss on proprietary account/ related party accounts
f) Repeated instances of pay-in shortages.
g) Significant trading exposure or amount of loans or advances given to and
investments made in related parties/ group.
h) Sudden activation of significant number of dormant client’s accounts and/ or
significant activity in the dormant account/s.
i) Significant number of UCC modifications.

166
Reference Circular SEBI/HO/MIRSD/DOP/CIR/P/2018/153 dated December 17, 2018
321
 j) Resignation of Statutory Auditors or Directors.

3.2. Early warning signals in relation to securities pledge transactions by the stock
broker to be identified by the Depositories and shall be shared with Stock
Exchanges which may include:
a) Alerts for stock brokers maintaining multiple proprietary demat accounts and
opening any new demat account in the name of stock broker for client purpose.
b) Movement of shares to/from a large number of clients’ demat accounts or large
value shares to stock broker proprietary accounts and vice a versa.
c) Transfer of large value of shares through off-market transfers other than for
settlement purposes.
d) Invocation of pledge of securities by lenders against stock broker or his clients.
e) Significant depletion of client’s shares in the stock broker client account
maintained by the stock broker.

3.3. Increase in number of investor complaints against the stock broker /

depository participant alleging un-authorized trading / unauthorized delivery
instructions being processed and non-receipt of funds and securities and non-
resolution of the same.

3.4. Alerts generated from the monthly/ weekly submissions made by stock broker
under Risk Based Supervision (RBS) or Enhanced Supervision to the Stock
Exchanges.
a) Non-recovery of significant dues from debit balance clients over a period of
time.
b) Significant dues to credit balance clients over a period of time.
c) Failure by stock broker to upload weekly data regarding monitoring of clients’
funds as specified in SEBI’s circular on Enhanced Supervision, for 3
consecutive weeks.
d) Pledging securities in case of clients having credit balance and using the funds so
raised against them for own purposes or for funding debit balance of clients.
e) Mis-reporting / wrong reporting about the client funds/securities.
f) Significant increase in RBS score.

3.5. Stock broker’s terminal disabled for certain number of days in any segment / Stock
Exchange in previous quarter.

4. Stock Exchanges and Depositories shall frame an internal policy / guidelines regarding
non-cooperation by stock brokers and depository participants during inspections which

322
 shall lay down the time period, the type of documents critical for closing the
inspections, which if not submitted, can be treated as non-cooperation.
4.1. Failure to submit data sought for inspections especially relating to bank / demat
accounts, client ledgers etc. despite repeated reminders.
4.2. Failure to provide reasonable access to the records or any office premise

5. Stock Exchanges/ Clearing Corporations/ Depositories, shall devise a mechanism to

detect diversion of clients’ securities and to share information among themselves in
respect of:
5.1. Diversion of pay-out of securities to non-client accounts
5.2. Mis-matches between gross (client-wise) securities pay-in and pay-out files of a
stock brokers generated by the Clearing Corporation which shall be compared
with actual transfer of securities to/from the client’s depository accounts by the
Depository. The cases of any mismatch found out by the Depository shall be
informed to the concerned Stock Exchange / Clearing Corporation.
5.3. Stock Exchange shall seek clarification from the concerned stock broker on the
mismatches reported by Depository and identify transfer to a non-client / third
party, without any trade obligation.
5.4. Such information on wrong / fraudulent / unauthorized transfer shall be shared by
the Stock Exchange with other Stock Exchange/s.

6. Any other alerts as the Stock Exchanges / Clearing Corporations and Depositories
may deem fit.

7. Alerts triggered at one Stock Exchange / Clearing Corporation/ Depository through

early warning mechanism shall be immediately shared with other Stock Exchanges /
Depositories with respect to the stock broker / depository participant.

8. Based on the analysis of the early warning data, if it is established that the stock
broker’s financial health has deteriorated and/ or he has made unauthorized transfer of
funds / securities of the client, in such cases Stock Exchanges / Depositories shall
jointly take preventive actions on the stock broker which may include one or more of,
but not limited, to the following:
8.1. Actions to be initiated by the Stock Exchanges like:
a) Blocking of certain percentage of available collaterals towards margin.
b) Check securities register in respect of securities received and transferred
against pay-in/pay-out against settlement and client’s securities received as
collateral.

323
 c) Check details of funds and securities available with the clearing member,
Clearing Corporation and the Depository of that stock broker.
d) Impose limits on proprietary trading by the stock broker.
e) Prescribe and monitor shorter time duration for settlement of Running Account
of clients.
f) Conduct meeting with the designated directors of the stock broker to seek
appropriate explanation.
g) Uniform action of deactivation of trading terminals by all Stock Exchanges
based on the communication received from other Stock Exchange.
h) Initiate inspection of the stock broker/depository participant.
i) Cross check information submitted by stock broker with other independent
sources like collateral details with the Clearing Corporation, transactions in
Bank and Depositories, with statement collected directly etc.
j) Where client money and securities diversion is suspected, appoint forensic
auditor to trace trails of entire funds and securities of clients.

8.2. Actions to be taken by the Depositories:

a) Restriction on further pledge of client securities from the client’s account by
freezing the stock broker client account for debit.
b) Imposition of 100% concurrent audit on the depository participant.
c) Cessation/ restriction on uses of Power of Attorney (POA) given to stock broker
by clients mapped to such brokers only to meet settlement obligation of that
client. Clients to issue instructions electronically or through Delivery Instruction
Slip (DIS) for delivery of shares for off market transfers.
8.3. Any other measures that Stock Exchanges/ Clearing Corporations/ Depositories
may deem fit.

4.46 Standard Operating Procedure in the cases of Trading Member / Clearing Member
leading to default167

4.46.1 With the introduction of uniform membership structure of Trading Member (“TM”)
and Clearing Member (“CM”) across all segments, the TM shall make good the
default of its clients to the CM and the CM shall make good the default of its clients /
TM to the CC. The default of TM may not necessarily lead to default of CM, if the CM
continues to fulfill the settlement obligation with the CC. To protect the interest of
non-defaulting clients of a TM and /or non-defaulting clients / TM(s) of the CM, in

167
Reference SEBI Circular no. SEBI/HO/MIRSD/DPIEA/CIR/P/2020/115 dated July 01, 2020

324
 the likely event of default by TM / CM, there is a need for Standard Operating
Procedure (“SoP”) enumerating the steps to be taken by the SEs / CCs / Depositories
in such cases where SE / CC is of the view that TM / CM is likely to default in
repayment of funds or securities to its clients.

4.46.2 In order to harmonize the action amongst all SEs / CCs / Depositories in a time
bound manner this SoP is laid down in consultation with SEs, CCs and Depositories
so as to achieve uniformity in implementation of actions. The SoP lays down the
actions to be initiated by the SEs / CCs / Depositories within a time frame after
detection of the early warning signals as laid out in the Circular dated December 17,
2018 and other triggers as laid down in this circular untill declaration of defaulter of
TM / CM by the SE / CC. Once the TM is declared defaulter, the proceedings shall
be in compliance with the bye-laws, rules and regulations of SE / CC respectively.

4.46.3 On analysis of early warning signals or any of the following triggers, if the SE / CC
is of the view that the TM / CM is likely to default in the repayment of funds /
securities to its clients and / or fail to meet the settlement obligations to CM / CC,
where:
a) There is shortage of funds / securities payable to the clients by Rs. 10 crore (SE
may have their own criteria) and / or
b) TM / CM has failed to meet the settlement obligations to CM / CC and / or
c) There is sudden increase in the number of investor’s complaints against the TM /
CM for non-payment of funds and / or transfer of securities, the following actions
shall be taken by Initiating Stock Exchange (ISE) / SEs / CCs and Depositories as
per the timeline given below:

Sr. Action Timeline

No.
3.1 Seek documents / explanation or Meeting Within 3 trading
with designated directors of TM. days of trigger
3.2 A limited purpose joint inspection of TM Within 3 trading
shall be initiated. ISE along with other SEs days of the
shall send a team of officials for taking meeting /
possession of the copy of the books of explanation with
accounts and other relevant records the designated
including but not restricted to securities directors
register, trial balance, client master, bank
books, debtors and creditors ledger
(preferably in electronic mode) for the last

325
 3 years (if available).
3.3 a) The explanations offered by the Within 7 trading
designated director(s) of the TM shall be days of 3.2
analysed by the ISE and based on the
information available, to protect the
interest of non-defaulting clients, as an
interim measure, the trading terminal of
the TM may be directed to be disabled by
the Managing Director of the ISE for
reasons to be recorded in writing.
b) A preliminary assessment of assets and
liabilities of the TM shall be completed by
the ISE
3.4 ISE shall issue a notice / circular informing Within 1 day of
the disablement of the TM in all segments. Disablement
3.5 ISE shall communicate the decision of Within 1 trading
disablement of the trading terminal(s) of day of
the TM along with detailed reasons for Disablement
disablement to the TM and CM(s) with an
advice to CM(s) to square-off open
positions of TM and its clients.
3.6 ISE shall inform the Depositories about the Within 1 trading
disablement immediately and advice day of disablement
Depositories to freeze the demat accounts
of the TM (including TM Pool Accounts).
(ISE shall give specific instructions along
with PAN to the Depositories). Any debit
in the demat account of TM shall be made
under supervision of ISE.
3.7 ISE shall inform other SEs about the Within 1 trading
disablement immediately and the other day of receipt of
SEs shall disable the said TM on receipt of intimation of
information and the other SEs shall Issue a disablement from
notice / circular in this regard. ISE
3.8 TM may also stand suspended to act as a Within 1 trading
client with any other TM / CM in any day of the date of
other segment / SEs. receipt of
information of
disablement from
326
 ISE
3.9 In case of open positions of clients / TM, Within 15 trading
CM shall liquidate / square off the open days from the date
positions. of receipt of
information by the
CM.
3.10 a) All SEs shall immediately direct other Within 1 trading
TM / CM so as not to alienate the day of the date of
unencumbered surplus funds/ securities receipt of
held by them for such TM registered as a information of
client. disablement from
ISE

b) CM shall invoke the BGs of TM and all Upon instructions

unencumbered funds of TM to be from SE
transferred to SE on demand. CM shall
also ensure that the BG do not expire in the
intervening period else they shall invoke
even before the receipt of instructions from
SE.
3.11 All SEs shall inform the CM / CC As and when
regarding pay-out proceeds due to the TM payout is made
which shall be credited to the settlement
account of the TM.
3.12 If the open position of clients of TM could Within 15 trading
not be liquidated / squared off, the re- days from the date
pledged securities of the client of the TM of receipt of
lying with the CM in the Client Securities information by the
Margin Pledge Account and other CM
identifiable collateral of the client of TM
such as cash /Bank Guarantee (BG) /
Fixed Deposit Receipts (FDR)/ Mutual
Fund Units shall be taken / encashed over
by CM wherever possible in accordance
with guidelines issued in this regard from
time to time.
3.13 All the securities lying in client unpaid Within 15 trading
securities account of the TM (CUSA) shall days from receipt
be liquidated by CM /CC / ISE and the of information of

327
 sale proceeds shall be credited to disablement from
respective client’s financial ledger. In this ISE
situation depository shall not levy any
penalty on such transactions.
3.14 a) ISE, in consultation with SEs / CCs, Within 15 trading
shall appoint a forensic auditor to conduct days of
forensic audit of books of accounts of the disablement
concerned TM. All SEs shall obtain details
of the free securities / collateral available
with their respective CM and CC and
provide to the forensic auditor.
b) An assessment of assets and liabilities of Within 3 weeks of
the TM shall be undertaken by the forensic appointment of
auditor. The liabilities to the clients for forensic auditor
funds and securities shall be established
with demarcation of securities belonging
to the fully paid clients or partly paid
/unpaid clients.
3.15 ISE shall also provide a report to SEBI on Within 30 trading
the reasons for trigger, the meetings held days from the date
with directors of the TM /CM and the of trigger
outcomes of limited purpose inspection,
the details of actions taken and proposed
to be taken under the SoP and any other
information that the ISE may deem
relevant.
Action by Depositories

3.16 Depositories to freeze the demat accounts Within 1 trading

of the TM (including TM Pool Accounts). day from the
receipt of
information of
disablement
3.17 Depositories shall not allow new account Within 1 trading
opening by the DP (Defaulting TM / CM) days from the date
and shall suspend all Power of Attorney in of receipt of
favour of the defaulting TM given by its information of
clients. disablement
3.18 If the TM is also a Depository Participant Within 3 trading

328
 (DP), the Depositories shall depute its days from the date
officials / auditor to monitor the of receipt of
transactions in demat securities of the information of
clients of TM and / or transfer the demat disablement
accounts of the clients to another DP.
3.19 Depositories shall initiate concurrent audit
Within 7 trading
for 100%verification of debit transfers days from the date
executed from the client accounts and of receipt of
account closures processed by the DP. information of
disablement
3.20 Depositories shall provide the details of Within 15 trading
pledges that were invoked by Banks/ days from the date
NBFCs with whom TM’s own securities of
were pledged in the previous 30 days to receipt of
the SE / CC. information of
disablement
Action by ISE /SEs / CCs and Banks

3.21 Issuance of instruction to the banks that Within 1 trading

the balance in all the bank accounts of TM day of receipt of
/ CM shall be frozen for debits by Banks. information of
disablement
3.22 SEs to direct CCs / CM to invoke the Within 1 trading
unencumbered collateral deposits day from
including BGs / FDRs disablement
3.23 CCs / CM shall secure the unencumbered Within 1 trading
collateral deposits, electronic balances in day on receipt of
the depository accounts of the TM / CM, information of
including BGs as per the directions disablement
received from SEs.
Other actions by ISE/ SEs / CCs

3.24 With regard to the restoration of securities Within 30 trading

of clients lying with the CM, post days from
crystallization of balances in the financial crystallization of
ledger of clients by forensic auditor or as balances
per the Auditor’s certificate as may be
provided by Member:

329
  ISE/ SE / CC shall endeavour to initiate
the process to settle debit balance of
such client accounts by selling their
securities if such clients fail to clear their
debit balance after giving notice period
for 5days.
 After reconciling the Register of
Securities (ROS), the securities of the
credit balance clients (fully paid clients)
shall be restored to their respective
demat accounts.

In this regard, the related parties of the

trading member shall not be considered for
settlement, for which the TM shall provide
an undertaking to the SEs / CC.
3.25 ISE / SEs / CCs shall endeavour to settle Within 30 trading
the claims of maximum number of clients days from
by way of interim measures, under their crystallization of
supervision prior to issuing show cause balances
notice (SCN) for declaring the TM a
defaulter. The TM shall be instructed to
pay small investors out of available funds
and own resources (movable and
immovable) under the supervision of the
ISE / SEs.

Further, the unencumbered deposits

available with the SEs / CCs, after
adjusting for any dues of the SE / CC and
maintaining the minimum BMC, shall also
be utilised for settling the credit balance of
investors starting from the smallest
amount. Also any surplus available with
any SEs / CCs, shall be utilised for settling
the credit balances of clients with respect
to other SEs. BGs of the TM shall be
invoked and also the FDRs shall be
encashed for utilisation. SEs / CC may

330
 settle such clients in tranches.

For this purpose, the balances of client will

be netted across exchanges to arrive at the
final credit balance due to such client.

The TM shall furnish the proof of payment

to the clients, to the SEs.

In this regard, the related parties of the TM

shall not be considered for settlement, for
which the TM shall provide an
undertaking to the SEs / CC. TM to
provide indemnity to the SEs to make
available the funds to meet any shortfall in
meeting investor’s claim (other than those
who have withdrawn their claim). Clients
withdrawing their claim will have to
submit unconditional withdrawal letter to
the SEs.
3.26 Issuance of SCN for declaration of TM as a After finalization
defaulter and the list of members to whom of assets and
the notice is issued shall be placed on the liabilities as per
website of the SE and on such other place, forensic audit or
as the relevant authority may deem fit. audit by SEs
3.27 SEs shall intimate the clients about the Within 3 trading
issuance of the notice / SCN to declare the days of the
TM as defaulter including through email / issuance of SCN
SMS.

4.46.4 The above action shall equally apply to a likely event of default by a CM who is also
a TM. However, in case of likely default of a Professional CM, the action to be
initiated by the CM shall fall upon the CC.

4.46.5 As soon as TM is disabled that information shall be shared by ISE with all SEs / CCs.
On receipt of such information respective SE shall also conduct their due diligence
and may initiate action of disablement by issuing reasoned order by MD of SE
concern. However, when SCN has been issued for declaring a TM / CM as a
defaulter by any SE, its subsidiary / associate companies which are also member(s)

331
 on other segment / SE / CC shall also be put in suspension mode. All their open
positions shall be squared off and their assets shall be frozen.

4.46.6 Once the Member is disabled or SCN is issued for declaration of defaulter to TM /
CM (whichever is earlier), no further Investor Grievance Redressal Committee
(IGRC) / Arbitration meetings shall be conducted.

4.46.7 Default proceedings shall take place as per bye laws / rules / regulations of the SE /
CC. If the member is also a DP, Depositories shall take action as per its bye laws for
termination / transfer of its participant-ship based on record. SEs shall not expel the
TM immediately until the default proceedings are completed.

4.46.8 The TM shall provide a list of all its bank accounts to the SEs /CCs and the SEs / CCs
shall obtain an undertaking from the TM within 90 days from the date of issuance of
these provisions, undertaking that the SEs / CCs shall be empowered to instruct the
bank(s) of the TM to freeze the bank account(s) for debits. The draft of undertaking is
enclosed at Annexure A.

4.46.9 The above SoP enumerates the minimum action which shall be initiated by the
respective SEs / CCs / Depositories in accordance with law with effect from August
01, 2020. However, the respective SEs / CCs / Depositories are free to initiate any
other actions as may be necessary in compliance with their bye laws / rules /
regulations and / or to protect the interest of investors. The ISE / SEs/ CCs and
Depositories are expected to follow the timelines with respect to each actions as
enumerated, reasons shall be recorded in case of for any deviation in timelines
prescribed.

4.46.10 Flexibility has been provided to the SEs/ CCs for modifying the Undertaking cum
Indemnity bond they need to take from TMs/ CMs and suitably modify the draft
undertaking wherever required168.

Annexure A

To be on Stamp / Franked Paper of appropriate value and notarized

168
Reference Circular No. SEBI/HO/MIRSD/DOP/CIR/P/2020/193 dated October 01, 2020
332
AFFIDAVIT OF UNDERTAKING CUM INDEMNITY BOND TO BE SUBMITTED BY
MEMBER TO ………… [NAME OF THE STOCK EXCHANGE / CLEARING
CORPORATION]

This Undertaking cum Indemnity Bond is signed at Mumbai on this ________day of _______,
20.

By

I/We, Member of ……….. [Name of The Stock Exchange / Clearing Corporation] (bearing
Trading / Clearing No. ________), having office at ………………………………………………,
(hereinafter referred to as “Member”, which expression, unless repugnant to the context or
meaning thereof, shall be deemed to include its successors and assigns).

In favour of:

………………..Ltd., [Name of the Stock Exchange / Clearing Corporation] a company

incorporated under the Companies Act, 1956 having its registered office at
………………………………………………… (hereinafter referred to as “…..”, which expression
shall, unless repugnant to the context or meaning thereof, be deemed to include its successors
and assigns).

I/We hereby solemnly declare and undertake that:

Whereas the Securities and Exchange Board of India (hereinafter referred to as “SEBI”) has
issued circular dated July 01, 2020 on Standard Operating Procedure to be followed in the case
of trading member/clearing member leading to default (hereinafter referred to as the “said
circular”).

Whereas in terms of the said circular the …….. [Name of the Stock Exchange / Clearing
Corporation] has amended its bye-laws and is empowered …….. [Name of the Stock Exchange
/ Clearing Corporation] to issue instructions to the concerned bank/s to freeze the bank
account/s maintained by the Member, for all debits / withdrawal by the Member in the event
of a potential default by the Member in meeting its obligations to Stock Exchange / Clearing
Member / Clearing Corporation and / or repayment of funds / securities to his / its clients.

Now, in consideration of the above, I / We do hereby agree and confirm unconditionally to

undertake that:

333
1) ………… [Name of the Stock Exchange / Clearing Corporation] is empowered to instruct
the concerned banks to freeze my / our bank accounts for all debits / withdrawals from such
accounts. The details of bank accounts held by me/ us are as follows:

2) Any debits to such bank account, post freezing by the banks, shall be done only on the
express instructions to the said banks by ………… [Name of the Stock Exchange/ Clearing
Corporation].

3) ………… [Name of the Stock Exchange / Clearing Corporation] shall not be liable in any
way to me/us for any losses, claims, penalties, proceedings / actions, damages, consequential
or otherwise, arising there from or occasioned thereby.

4) No proceeding/suit/action/claims would be adopted by me/us against ………… [Name of

the Stock Exchange/ Clearing Corporation] for any act done with respect to issuance of
instruction to the bank/s mentioned above for freezing of my/our account/s held with the
bank/s.

5) I / We agree to indemnify and keep ………… [Name of the Stock Exchange/ Clearing
Corporation] and/or its successors/assigns indemnified from time to time, and at all times
hereafter, against all claims, demands, damages, liabilities, proceedings, losses, actions,
charges and expenses made or suffered or incurred or caused or likely to suffer / incur
directly or indirectly, to ………… [Name of the Stock Exchange/ Clearing Corporation]
and/or its successors/assigns on account of freezing of my/our account/s held with bank/s.

6) I/ We shall keep the Bank appropriately notified of the obligations undertaken by me / us

herein and authorizing them to honour the instructions from ………… [Name of the Stock
Exchange / Clearing Corporation].

7) I / We undertake that a revised Undertaking cum Indemnity Bond shall be submitted by me

/ us to ………… [Name of the Stock Exchange / Clearing Corporation] within seven working
days of opening of any new bank account or change in details of any existing bank account,

8) This Undertaking cum Indemnity Bond shall be binding on my / our successors, legal
representatives and assigns.

9) I / We warrant that representations made by the undersigned / on behalf of the Member

are true and correct.

334
IN WITNESS WHEREOF, I/We hereby execute this Undertaking cum Indemnity Bond on the
day, month and year above written.

Solemnly declared at )
this ___ day of ______, 20 ) BEFORE ME

(Name of Designated Director)

(Name of Trading Member)
(with rubber stamp & SEBI Registration No.)
In the presence of:

1.
2.

Note: Board Resolution for execution of the said undertaking cum indemnity and
authorization for signing the same should be enclosed alongwith the document.

4.47 Mapping of Unique Client Code (UCC) with demat account of the clients169
4.47.1 Vide SEBI circular no. SEBI/HO/MIRSD/DOP/CIR/P/2018/153 dated December
17, 2018, Early Warning Mechanism was put in place to detect the diversion of
client’s securities by the stock broker at an early stage so as to take appropriate
preventive measures. It, specified that Stock Exchanges / Clearing Corporations /
Depositories, shall devise a mechanism to detect diversion of clients’ securities and
to share information among themselves in respect of:

1.1. Diversion of pay-out of securities to non-client/other client accounts.

1.2. Mis-matches between gross (client-wise) securities pay-in and pay-out files of a
stock brokers generated by the Clearing Corporation which shall be compared with
actual transfer of securities to/from the client’s depository accounts by the
Depository. The cases of any mismatch found out by the Depository shall be
informed to the concerned Stock Exchange / Clearing Corporation.

4.47.2 In order to facilitate ease in reconciliation, it was considered necessary to map

clients’ Unique Client Code (UCC) with their demat accounts. Pursuant to the
discussion with Stock Exchanges and Depositories, following mechanism for
mapping of UCC with the demat account of the clients, shall be implemented:

169
Reference Circular No. SEBI/HO/MIRSD/DOP/CIR/P/2019/136 dated November15, 2019
335
 1.1 UCC allotted by the trading member (TM) to the client shall be mapped with
the demat account of the client.

1.2 A client may trade through multiple TMs in which case each such UCC shall be
mapped with one or more demat account(s).

1.3 Stock Exchanges shall share the UCC data with the Depositories which shall
include the PAN, segment, TM/CM code and UCC allotted. Such UCC data
shall be shared with the Depositories on a one-time basis by November 30, 2019,
and subsequently incremental data in respect of new UCCs created, shall be
shared on a daily basis.

1.4 Depositories shall map the UCC data in the demat account based on the PAN
provided in the UCC database.

1.5 Clients may make a request to their depository participants to delink or add
UCC details which shall be processed by the Depository through depository
participants. Before any addition of UCC in the demat account, the Depositories
shall validate the same with the Stock Exchanges / client.

1.6 Stock Exchanges and Depositories shall have a mechanism in place to address
clients’ complaints with regard to UCC mapping with their demat accounts.

1.7 Stock Exchanges and Depositories shall have a mechanism in place to ensure
that inactive, non-operational UCCs are not misused and also a mechanism to
ensure that inactive, non-operational UCCs are weeded out in the process of
mapping clients’ UCC with their demat account.

4.47.3 Stock Exchanges and Depositories shall map the existing UCCs with the demat
account of the clients latest by December 31, 2019.

4.48 Reporting for Artificial Intelligence(AI) and Machine Learning (ML)

applications and systems offered and used by Market Infrastructure Institutions
(MIIs)170
Background

170
Reference Circular SEBI/HO/MRD/DOP1/CIR/P/2019/24 dated January 31, 2019
336
1. SEBI is conducting a survey and creating an inventory of the AI / ML landscape in the
Indian financial markets to gain an in-depth understanding of the adoption of such
technologies in the markets and to ensure preparedness for any AI / ML policies that
may arise in the future.

Scope definition

2. Any set of applications / software / programs/ executable / systems (computer

systems) cumulatively called application and systems, to carry out compliance
operations / activities, where AI / ML is used for compliance or management
purposes, is included in the scope of this circular. In order to make the scope of
this circular inclusive of various AI and ML technologies in use, the scope also covers
Fin-Tech and Reg-Tech initiatives undertaken by MIIs that involves AI and ML.
3. Technologies that are considered to be categorized as AI and ML technologies in the
scope of this circular, are explained in Annexure A.

Regulatory requirements

4. All MIIs shall fill in the AI / ML reporting form (Annexure B)in respect of the AI or ML
based applications or systems as defined in Annexure A offered or used by them, and
submit the same in soft copy only at [email protected] (for stock Exchanges) /
AI_MII_ [email protected] (for Depositories) /[email protected] (for Clearing
Corporations) to SEBI on a quarterly basis within 15 days of the expiry of the quarter,
with effect from quarter ending March 31, 2019.

Annexure A – Systems deemed to be based on AI and ML technology

Applications and Systems belonging but not limited to following categories or a

combination of these:

1. Natural Language Processing (NLP), sentiment analysis or text mining systems that
gather intelligence from unstructured data. – In this case, Voice to text, text to
intelligence systems in any natural language will be considered in scope. E.g.: robo
chat bots, big data intelligence gathering systems.

2. Neural Networks or a modified form of it. – In this case, any systems that uses a
number of nodes (physical or software simulated nodes) mimicking natural neural
networks of any scale, so as to carry out learning from previous firing of the nodes
will be considered in scope. Eg: Recurrent Neural networks and Deep Learning
Neural Networks
337
 3. Machine learning through supervised, unsupervised learning or a combination of
both. – In this case, any application or systems that carry out knowledge
representation to form a knowledge base of domain, by learning and creating its
outputs with real world input data and deciding future outputs based upon the
knowledge base. E.g: System based on Decision tree, random forest, K mean, Markov
decision process, Gradient boosting Algorithms.

4. A system that uses statistical heuristics method instead of procedural algorithms or

the system / application applies clustering or categorization algorithms to categorize
data without a predefined set of categories

5. A system that uses a feedback mechanism to improve its parameters and bases it
subsequent execution steps on these parameters.

6. A system that does knowledge representation and maintains a knowledge base.

Annexure B - Form to report on AI and ML technologies – to be submitted quarterly

S/N Head Value
1 Entity SEBI registration number
2 Registered entity category
3 Entity name
4 Entity PAN no.
5 Application / System name
6 Date used from
7 Type of area where AI or ML is
used (order execution /
Surveillance / compliance /
others). In case of others, please
specify.
8 What is the name of the Tool / <free text field>
Technology that is categorized as
AI and ML system / Application
and submissions are declared vide
this response

9 How was the AI or ML project <Internally / through solution

implemented provider / Jointly with a solution
provider or third party>
338
 10 Are the key controls and control <free text field>
points in your AI or ML
application or systems in
accordance with circular(s) of SEBI
that mandate/s cybersecurity
control requirements
11 Is the AI / ML system included in <Yes / No>
the system audit
12 Describe the application / system <free text field>
and how it uses AI / ML
13 What safeguards are in place to <free text field>
prevent abnormal behavior of the
AI or ML application / System

4.49 Measures to expedite Dematerialisation of securities171

1. In order to enable prompt execution of demat requests, Depositories shall provide
additional details, such as PAN, Address and Residential status of investors in the DRF
itself.
2. To include a provision in DRF to capture 2 signatures – one registered with DP at the
time of demat account opening and the other registered with issuer/RTA at the time of
allotment /transfer. The request submitted by BO would be only processed when both
two signatures i.e. one registered with RTA and other registered with DP matches with
two respective signatures on DRF. In case of mismatch of any of the two signatures the
existing process of verifying signature may be followed.
3. To advise Depository Participants to update bank account details of all demat account
holders in their records.
4.50 Capacity Planning Framework for the Depositories172
1. The capacity planning framework of the Stock Exchanges and Clearing Corporations
was reviewed by Technical Advisory Committee (TAC) of SEBI. Based on
recommendations of the committee, circular no. CIR/MRD/DP/17/2015 dated
October 08, 2015 was issued to the Stock Exchanges and Clearing Corporations with
regard to their capacity planning.
2. Depositories have been identified as financial Market Infrastructure Institutions which
facilitate and perform systemically critical functions in the securities market. In view
of their importance in the smooth functioning of the securities market, the framework
for capacity planning of the Depositories was also discussed in TAC. Based on
171
Reference: SEBI letter MRD/DoPII/DSAII/MIRSD/DOS3/OW/2018/28162/1 dated October 22, 2018
172
Reference: SEBI Circular No. SEBI/HO/MRD/DP/CIR/P/2017/29 dated April 03, 2017
339
 recommendations of the committee, it has been decided to put in place following
requirements for Depositories while planning capacities for their operations:
a. The installed capacity shall be at least 1.5 times (1.5x) of the projected peak load.
b. The projected peak load shall be calculated for the next 60 days based on the per
hour peak load trend of the past 180days.
c. The Depositories shall ensure that the utilisation of resources in such a manner
so as to achieve work completion in 70% of the allocated time.
d. All systems pertaining to Depository operations shall be considered in this
process including all technical components such as network, hardware,
software, etc., and shall be adequately sized to meet the capacity requirements.
e. In case the actual capacity utilization exceeds 75% of the installed capacity for a
period of 15 days on a rolling basis, immediate action shall be taken to enhance
the capacity.
f. The actual capacity utilisation shall be monitored especially during the period
of the day in which pay-in and pay-out of securities takes place for meeting
settlement obligations.
3. Depositories shall implement suitable mechanisms, including generation of
appropriate alerts, to monitor capacity utilisation on a real-time basis and shall
proactively address issues pertaining to their capacity needs.

4.51 Enhanced Due Diligence for Dematerialization of Physical Securities 173

4.51.1 In terms of Regulation 40 of Securities and Exchange Board of India (Listing
Obligations and Disclosure Requirements) (IV Amendment) Regulations, 2018
(LODR), transfer of securities held in physical mode is not permitted w.e.f. April
01, 2019. Standardised norms with respect to documentation / procedure for
transfer of physical securities were issued vide SEBI circular No.
SEBI/HO/MIRSD/DOS3/CIR/P/2018/139 dated November 06, 2018.

4.51.2 To augment the integrity of the system in processing of dematerialization request

in respect of the remaining physical shares, the Depositories and the listed
companies / RTAs are directed to implement the following due diligence
process:

173
Reference: SEBI Circular No. SEBI/HO/MIRSD/RTAMB/CIR/P/2019/122 dated November05, 2019
340
 I. All Listed companies or their RTAs shall provide data of their members holding
shares in physical mode, viz the name of shareholders, folio numbers, certificate
numbers, distinctive numbers and PAN etc. (hereinafter, static database) as on
March 31, 2019, to the Depositories, latest by December 31, 2019. The common
format for this data shall be specified jointly by the Depositories and be
communicated to Issuer companies / their RTAs.

II. Depositories shall capture the relevant details from the static database as per
clause I above and put in place systems to validate any dematerialization
request received after December 31, 2019. Accordingly, the depository system
shall retrieve the shareholder name(s) recorded against the folio number and
certificate number in Static Data for each DRN request received after this date
and validate the same against the demat account holder(s) name as available in
the records of the Depositories.

III. In case of mismatch of name on the share certificate(s) vis-à-vis name of the
beneficial owner of demat account, the depository system shall generate flag /
alert. In instances, where such flags / alerts have been generated, the following
additional documents explaining the difference in name, as prescribed in
paragraph 2 (b) of the cited SEBI circular of November 06, 2018, shall be sought,
namely

i. Copy of Passport
ii. Copy of legally recognized marriage certificate
iii. Copy of gazette notification regarding change in name
iv. Copy of Aadhar Card

IV. In the case of complete mismatch of name on the share certificate(s) vis-à-vis
name of the beneficial owner of demat account, the applicant may approach
the Issuer company / RTA for establishing his title / ownership.

341
 4.52 Committees at Market Infrastructure Institutions174
1. There are three circulars pertaining to aforesaid subject viz. Circular No.
SEBI/HO/MRD/DOP2DSA2/CIR/P/2019/13 dated January 10, 2019, Circular No.
SEBI/HO/MRD/DOP2DSA2/CIR/P/2019/31 dated February 15, 2019,
SEBI/HO/MRD/DDAP/CIR/P/2020/16 dated January 28, 2020 and SEBI email dated
February 06, 2020.
2. In order to ensure effective oversight of the functioning of depositories (hereafter referred as
Market Infrastructure Institutions or MIIs), Regulation 30 of the SEBI (Depositories and
Participants) Regulations, 2018 [SEBI (D&P) Regulations, 2018], mandates MIIs to constitute
three functional committees and four oversight committees within each MII. A list of all such
mandatory committees for MIIs along with their functions and detailed composition
requirements is provided at Annexure A.
3. Further, while the aforementioned annexure provides for the composition that is specific to
each statutory committee at MII, the overarching principles for composition and quorum of
the statutory committee at MIIs shall be as under, which shall be applicable to all committees
with an exception for Grievance Redressal Committee (GRC) and Advisory Committee:
2.1 On each committees at MIIs, except GRC and Advisory Committee, the number of Public
Interest Directors (PIDs) shall not be less than the total of number of shareholder directors,
Key Management Personnel (KMPs), independent external persons, etc. put together,
wherever shareholder directors, KMPs, independent external persons, etc. are part of the
concerned committee.
2.2 PID shall be chairperson of each committee at MII.
2.3 To constitute the quorum for the meeting of the MII committee, the number of PIDs on
each of the committees at MIIs shall not be less than total number of other members
(shareholder directors, KMPs, independent external persons, etc. as applicable) put together.
2.4 The voting on a resolution in the meeting of the committees at MIIs shall be valid only
when the number of PIDs that have cast their vote on such resolution is equal to or more
than the total number of other members (shareholder directors, KMPs, independent external
persons, etc., as applicable) put together who have cast their vote on such resolution.
2.5 The casting vote in the meetings of the committees shall be with the chairperson of the
committee.
2.6 Apart from that specifically provided in the Annexure, whenever required, a committee
may invite Managing Director, other relevant KMPs and employees of the MII. However,
such invitee shall not have any voting rights.
174
Circular No. SEBI/HO/MRD/DOP2DSA2/CIR/P/2019/13 dated January 10, 2019, Circular No.
SEBI/HO/MRD/DOP2DSA2/CIR/P/2019/31 dated February 15, 2019, SEBI/HO/MRD/DDAP/CIR/P/2020/16 dated January
28, 2020 and SEBI email dated February 06, 2020
342
 As regards the composition and quorum of GRC and Advisory Committee, the same shall be
as prescribed in the enclosed Annexure A.
4. Further, MIIs are directed to adhere to the following:
3.1 Over and above the statutory committees mentioned at point 1 above, the committees
that are mandated by relevant law for listed companies shall apply mutatis mutandis to MIIs.
3.2 MIIs shall lay down policy for the frequency of meetings, etc., for the statutory
committees.
3.3 PIDs in Committees at MIIs:
3.3.1 SEBI (D&P) Regulations 2018 prescribes that a PID on the board of a MII shall not
act simultaneously as a member on more than five committees of that MII.
3.3.2 It is clarified that the above limitation on maximum number of committees that a
PID can be member of, shall be applicable only to statutory committees prescribed by
SEBI under SEBI (D&P) Regulations, 2018, and circulars issued thereunder. The said
requirement shall not be applicable to committees constituted under Companies Act,
2013, SEBI (Listing Obligations and Disclosure Requirements), 2015, amongst others.
3.3.3 In case of non-availability of adequate number of PIDs in a MII, the relevant MII
shall take steps to induct more PIDs in order to fulfil the requirement of composition
of committees within a MII.
3.4 Meeting of PIDs:
3.4.1 As per code of conduct for PIDs provided SEBI (D&P) Regulations 2018, the
PIDs shall be required to meet separately every six months. It is added that all the
PIDs shall necessarily attend all such meetings of PIDs
3.4.2 The objective of such meetings, shall include inter alia reviewing the status of
compliance with SEBI letters/ circulars, reviewing the functioning of regulatory
departments including the adequacy of resources dedicated to regulatory functions,
etc. PIDs shall also prepare a report on the working of the committees of which they
are member and circulate the same to other PIDs. The consolidated report in this
regard shall be submitted to the governing board of the MIIs. Further, PIDs shall
identify the important issues which may involve conflict of interest for the MII or
may have significant impact on the market and report the same to SEBI, from time to
time.
3.5 Independent external persons in committees at MIIs:
3.5.1 The independent external persons forming a part of committees shall be from
amongst the persons of integrity, having a sound reputation and not having any
conflict of interest. They shall be specialists in the field of work assigned to the
343
 committee; however, they shall not be associated in any manner with the relevant
MII and its members.
3.5.2 MIIs shall frame the guidelines for appointment, tenure, code of conduct, etc., of
independent external persons. Extension of the tenure may be granted to
independent external persons at the expiry of the tenure, subject to performance
review in the manner prescribed by SEBI for PIDs. Further, the maximum tenure
limit of Independent external persons in a committee of MII shall be at par with that
of PIDs, as prescribed under Regulation 25(3) of the SEBI (D&P) Regulations, 2018.
3.6 The existing MIIs shall submit a confirmation report to SEBI with regard to the
formation and composition of the Committees listed out in the Annexure A and
compliance with other norms prescribed in the circular, at the earliest but not later than
three months from the date of the circular.
ANNEXURE-A: MANDATORY COMMITTEES FOR DEPOSITORIES:

Sr no Name of Brief terms of reference Composition

Committee

(I) FUNCTIONAL COMMITTEES :

1 Member  To scrutinize, evaluate, accept or  A maximum of two key

Committee reject applications for admission management personnel
of members, transfer of of the depositories can
membership as well as approve be on the committee one
voluntary withdrawal of of which shall
membership. necessarily be the
 Formulate policy to deal with Managing Director of
any disciplinary matters relating the depositories.
to the Participants, Clients,  The committee may also
Issuer or its Registrar and include independent
Transfer Agent, Clearing external persons.
Members, Clearing Corporations  SEBI may nominate
and other users. This shall members in the
include termination / Committee, if felt
disciplinary action against necessary in the interest
participants, suspending, of securities market.
expelling or imposing penalty on  The number of PIDs
the participant, freezing the shall not be less than the
account of the participant, total of number of
344
 among others. shareholder directors,
 Based on the laid down policy, KMPs and independent
consider the cases of violations external persons put
observed during inspection, etc. together.
and impose appropriate
regulatory measure on the
members of the depositories.
 While imposing the regulatory
measure, the Committee shall
adopt a laid down process,
based on the 'Principles of
natural justice'.
2 Grievance  Deal with the complaints  The GRC shall comprise
Redressal referred to it by the depositories, of a single person for
Committee hear the parties and resolve their claims up to Rs. 25
complaints Lakh, whereas, for
claims above Rs. 25
Lakh, the GRC shall
comprise of three
persons.
 The GRC shall comprise
of independent external
persons with
qualifications in the area
of law, finance,
accounts, economics,
management or
administration and
experience in financial
services, including
securities market.
 The members of GRC
shall not be associated
with a depository
participant in any
manner.
 The disclosures and
code of conduct
prescribed under para
345
 3.4 and 4 of SEBI
circular Ref. No.
CIR/MRD/DSA/24/20
10 dated August 11,
2010, shall be
applicable, as far as may
be, to members of GRC
also.
3 Nomination  Identifying a Key management  The Committee shall
and personnel, other than personnel include only public
Remuneration as specifically provided in its interest directors.
Committee definition under SEBI (D&P)  However, independent
Regulations, 2018. external persons may be
 Lay down the policy for part of the committee
compensation of key for the limited purpose
management personnel in terms of recommendation
of the compensation norms relating to selection of
prescribed by SEBI. Managing Director;
 Determining the compensation wherein the number of
of KMPs in terms of the PIDs shall not be less
compensation policy. than the independent
 Determining the tenure of a key external persons.
management personnel, other
than a director, to be posted in a
regulatory department.
 Selecting the Managing Director.
 Framing & reviewing the
performance review policy to
carry out evaluation of every
director’s performance,
including that of Public Interest
Director (PID).
 Recommending whether to
extend the term of appointment
of the PID.
 Besides the above, it will also
discharge the function as
Nomination & Remuneration
Committee under the
346
 Companies Act, 2013 and SEBI
(LODR) regulations, 2015 as
amended from time to time.
(II) OVERSIGHT COMMITTEES :

4 Standing  Monitor whether the technology  The Committee shall

Committee on used by the depository remains include at least two
Technology up to date and meets the independent external
growing demands. persons proficient in
 Monitor the adequacy of system technology.
capacity and efficiency.  The number of PIDs
 Look into the changes being shall not be less than the
suggested to the existing total of number of
software/hardware. shareholder directors
 Investigate into the problems and independent
computerised depository system, external persons put
such as hanging/ slowdown/ together.
breakdown.
 Ensure that transparency is
maintained in disseminating
information regarding
slowdown/break down in the
depository system.
 The Committee shall submit a
report to the Governing Board of
the depository. The Board will
deliberate on the report and
suitable action/ remedial
measure will be taken.
 Explain any system outage
related incidents to the
governing board.
 Review the implementation of
board approved cyber security
and resilience policy and its
framework.
 Such other matters in the scope
as may be referred by the
Governing Board of the
347
 depository and/or SEBI.
5 Advisory  To advise the Depository on  The number of PIDs
Committee non-regulatory and operational shall not be less than the
matters including technology, total of number of
charges and levies, amongst shareholder directors
others. and depository
participants put
together.
 The Committee shall
comprise of depository
participants of the
depository.
 The chairperson of the
governing board shall
be the head of the
advisory committee.
 The managing director
shall be a permanent
invitee to every meeting
of the advisory
committee.
6. Regulatory  To lay down procedures for the  The committee shall
Oversight implementation of the Code of comprise of public
Committee Ethics and prescribe the interest director and
reporting formats for the independent external
disclosure required under the persons.
Code of Ethics.  The number of PIDs
 To oversee the implementation shall not be less than the
of the Code of Ethics. total of number of
 To periodically monitor the independent external
dealings in securities of the Key persons put together.
Management Personnel.  Also shareholder
 To periodically monitor the director and key
trading conducted by management personnel
firms/corporate entities in may be invitee to the
which the directors hold twenty committee.
percent or more beneficial
interest or hold a controlling
interest.
348
 To consider and decide on the
criteria for admission,
withdrawal of securities and
continuous compliance
requirements.
 To declare any security admitted
into Depository as ineligible.
 To review complaint resolution
process and status of redressal of
grievances of demat account
holders, depository participants,
Issuers / RTAs with respect to
depository operations. This shall
include review of complaints
remaining unresolved over long
period of time, estimate the
adequacy of resources, amongst
others.
 Annual review of arbitrators and
arbitration awards (both
quantum and quality of the
awards).
 To monitor compliance with
SEBI (Depositories and
Participants) Regulations, 2018
as amended from time to time
and other applicable rules and
regulations along-with SEBI
Circulars and other directions
issued thereunder.
 To review the fees and charges
levied by the Depository.
 Review the actions taken to
implement the suggestions of
SEBI's Inspection Reports, place
the same before the Governing
Board of the depository.
 To follow up and ensure
compliance/implementation of
349
 the inspection observations.
7 Risk  To formulate a detailed risk  The risk management
Management management policy which shall committee shall
Committee be approved by the governing comprise only of the
board. public interest directors
 To review the Risk Management and independent
Framework & risk mitigation external persons, and
measures from time to time. shall report to the
 To monitor and review Governing Board.
enterprise-wide risk  The number of PIDs
management plan and lay down shall not be less than the
procedures to inform Board total of number of
members about the risk independent external
assessment and minimisation persons.
procedures.
 The head of the risk
management department shall
report to the risk management
committee and to the managing
director of the depository.
 The risk management committee
shall monitor implementation of
the risk management policy and
keep the Board and the
governing board informed about
its implementation and
deviation, if any.
 Responsibilities and other
requirements provided in SEBI
circular Jan. 12, 2015.

4. Performance review of Public Interest Directors (PIDs)175:

4.1 In respect of Public Interest Directors (PIDs) appointed in the governing board of
MIIs, Regulation 25(3) of SEBI(D&P) Regulations, 2018, provides the following:

175
Reference Circular No. SEBI/HO/MRD/DOP2DSA2/CIR/P/2019/26 dated February 5, 2019
350
 “Public interest directors shall be nominated for a term of three years, extendable
by another term of three years, subject to performance review in the manner as may be
specified by the Board:

Provided that post the expiry of term(s) at the recognized stock exchange or the
recognized clearing corporation / depository, a public interest director may be
nominated for a further term of three years in other recognized clearing corporation or
recognized stock exchange, or a depository, only after a cooling-off period of one year:

Provided further that a person may be nominated as a public interest director for
a maximum of three terms across recognized stock exchanges / recognized clearing
corporations / depositories, subject to a maximum age limit of seventy-five years.”

4.2 For complying with the aforementioned regulation, while developing a

framework for performance review of PIDs, MIIs need to consider the following:
4.2.1 Policy for Performance review of PIDs:
4.2.1.1 The Nomination and Remuneration committee (NRC) of the
MIIs will be responsible for framing the performance review
policy for PIDs.
4.2.1.2 Such performance review policy shall include criteria for
performance evaluation, methodology adopted for such
evaluation and analyzing the results, amongst others.
4.2.1.3 Performance review policy of PID shall include scope for
both internal evaluation as well as external evaluation.
4.2.1.4 Further, as performance review is not a static process and
requires periodical review, NRC shall also be responsible for
reviewing such performance review policy, at least once in 3
years.
4.2.1.5 Such performance review policy and changes made therein,
shall be approved by the governing board of MII.
4.2.2 Guiding criteria of Performance Review:
As a part of framing performance review policy, NRC shall be primarily responsible for
formulation of performance evaluation criteria. The criteria for performance review of
PIDs, which shall be considered for both internal evaluation and external evaluation,
may be framed by NRC taking into consideration guiding principles provided at
Annexure B. These principles would serve as a guidance for MIIs and the same may be

351
adopted by respective MIIs, as considered appropriate, with additional principles, if
any.

4.2.3 Evaluation mechanism:

4.2.3.1 PIDs shall be subjected to internal evaluation as well as
external evaluation, carrying equal weightage.
4.2.3.2 Internal evaluation: All the governing board members shall
evaluate the performance of each PID, on an annual basis at
the end of every financial year.
4.2.3.3 External evaluation: PIDs shall also be subject to external
evaluation during their last year of the term in a MII, by a
management or a human resources consulting firm. The
consultant shall take into consideration the performance of
the PID for the entire tenure served in a given MII, at least
up to 4 months before expiry of his/ her term. In order to
avoid any bias or conflict of interest, external consultant
should not be a related party or associated with the MII, the
concerned PID or any other governing board members.
4.2.3.4 Such performance review should be carried out in fair &
objective manner and the review should be recorded with
clarity and verifiable facts in a standardized format covering
all the relevant criteria / aspects.
4.2.3.5 While evaluating conflict of interest of a PID, the governing
board of MII shall also take into consideration provisions of
Clause 2(d) of Schedule II Part C of SEBI (D&P) Regulations,
2018 under the head ‘Public Interest Director’; and conflict of
interest, if any, of any PIDs should be disclosed to SEBI by
the governing board with their comments/ views.
4.2.4 Disclosure: Performance evaluation criteria for PIDs shall be disclosed
in their annual report as well as on the website of the concerned MII.
4.2.5 Recommendation to SEBI: After taking into account the performance
of a PID in the concerned MII, on the basis of internal evaluation and
external evaluation both carrying equal weightage, NRC shall consider
and recommend extension of his / her tenure to the Governing Board
of the MII. The Governing Board of the MII shall in-turn consider and
recommend to SEBI if the tenure of the PID is desired to be extended
by another term of three years.

352
 4.2.6 In addition to the other requirements prescribed in performance
review policy of the MIIs along-with norms specified in SEBI (D&P)
Regulations, 2018, the following may be considered by NRCs of MIIs:
4.2.6.1 It shall be ensured that the concerned PID hasn’t remained
absent for three consecutive meetings of the governing
board and has attended seventy-five per cent of the total
meetings of the governing board in each calendar year;
failing which PID shall be liable to vacate office.
4.2.6.2 It shall be ensured that PIDs in the governing boards of MIIs
are selected from diverse fields of work, in terms of their
qualification and experience.
4.3 The application for extension of term of a PID shall be accompanied with the
attendance details of PID in the meetings of various mandatory committees and
of the governing board of the MII along-with specific reasons for seeking
extension of his / her term as a PID. Such specific reasons shall include facts such
as whether the concerned PID, during the term served, had identified any
important issues concerning any matter which may involve conflict of interest, or
have significant impact on functioning of MII, or may not be in the interest of
securities market as a whole, and whether the PID had reported the same to
SEBI.
4.4 In terms of SEBI (D&P) Regulations, 2018, it is clarified that a minimum of two
names shall be submitted by MIIs at the time of making request for appointment
of PID and extension of the term of existing PID, including appointment of PID
for the purpose of broad basing the governing board, against each such vacancy.
4.5 It is clarified that the aforementioned norms specify the minimum requirements
that have to be complied with by MIIs, however the NRCs of MIIs may adopt
additional and more stringent norms while framing a policy for performance
review of PIDs. With regard to the detailed criteria for performance evaluation,
as provided in Annexure B to the circular, the same shall serve as an illustrative
guide for MIIs to frame performance evaluation criteria –both for internal as well
as external evaluation, and the same may be adopted by MIIs as considered
appropriate, with additional criteria, if any.
4.5.1 Additionally, with regard to tenure of existing PIDs as on date of this
circular, following is clarified:
4.5.1.1 The term of existing PIDs serving in a MII for more than
three years, can be extended, subject to his / her
performance review and a maximum tenure of 6 years as
PID in that particular MII.

353
 4.5.1.2 The term of existing PIDs, that have already served for six
years or more in a single MII, shall not be eligible for further
extension in that MII.

ANNEXURE-B

Guide for MIIs to frame criteria for performance review of PIDs:

a. Qualifications: The PID’s qualification in area of law, finance, accounting, economics,
management, administration or an other area relevant to the financial markets, including
any recent updates in this regard.

b. Experience: The PID’s prior experience in area of law, finance, accounting, economics,
management, administration or any other area relevant to the financial markets, including
any recent updates in this regard.

c. Knowledge and Competency:

 Whether the PID has sufficient understanding and knowledge of the entity in which it
operates and the applicable regulatory norms.
 Whether the PID has sufficient understanding of the role, responsibilities and
obligations of PID under the relevant regulatory norms.
 How the PID fares across different competencies as identified for effective functioning
of Board of the concerned MII (The MII may list various competencies and mark all
PIDs against every such competency e.g. Constructive and analytical decision making
abilities).
 Whether the PID has sufficient understanding of the risk attached with the business
structure.

d. Fulfilment of functions:
 Whether the PID understands and fulfils the functions as assigned to him/her by the
Board and the regulatory norms.
 Whether the PID gives views and opinion on various regulatory matters when
comments are invited by SEBI through various means.

e. Ability to function as a team:

 Whether the PID is able to function as an effective team- member.

354
  Whether the PID listens attentively to the contributions of others and gives adequate
weightage to the views and perception of other Board members.
 Whether the PID shares good interpersonal relationship with other directors.

f. Initiative:
 Whether the PID actively takes initiative with respect to various areas.
 Whether the PID insists on receiving information necessary for decision making.
 Whether the concerned PID keeps himself well informed about the functioning of MII
and the external environment in which it operates.
 Whether the PID remains updated in terms of developments taking place in regulatory
areas.
 Whether the PID has identified any important issues concerning any matter which may
involve conflict of interest for the concerned MII, or may have significant impact on
their functioning, or may not be in the interest of securities market, and whether the
PID reported same to SEBI.
 Whether the PID appropriately deals with critical matters.

g. Availability and attendance:

 Whether the PID is available for meetings of the Board and attends the meeting of
Governing board and Committees regularly and timely, without delay. It must be
ensured that the concerned PID hasn’t remained absent for three consecutive meetings
of the governing board and has attended seventy five per cent of the total meetings of
the governing board in each calendar year; failing which the PID shall be liable to
vacate office.

h. Commitment: Whether the PID is adequately committed to the Board and the MII.

i. Contribution:
 Whether the PID has contributed effectively to the entity and in the Board meetings.
 Whether the PID participates in the proceedings of Board meetings keeping in mind the
interests of various stakeholders.
 Whether the PID actively deliberates and contributes on proposed business
propositions and strategic decisions taking into consideration pros and cons of such
propositions, long term outlook, business goals, cost-benefit analysis, etc.

355
j. Integrity:
 Whether the PID demonstrates highest level of integrity (including conflict of interest
disclosures, maintenance of confidentiality, etc.).
 Whether the PID strictly adhere to the provisions of the SEBI SECC Regulations, 2018,
SEBI (D &P) Regulations, 2018 and any other regulatory provision, as applicable, along-
with the code of conduct and code of ethics prescribed under other applicable
regulatory norms.
 Whether disclosures such as dealing in securities and other regulatory disclosures are
provided by the PID on timely basis.
 Confirmation on the PID being a Fit & Proper person.
 Confirmation that the PID doesn’t disclose confidential information, including
technologies, unpublished price sensitive information, unless such disclosure is
expressly approved by the Board of directors or required under the applicable laws.

k. Independence:
 Whether the PID is independent from the entity and the other directors and there is no
conflict of interest.
 Confirmation as to non-association of the PID with relevant MII and its member.
 Whether the PID keeps regulators informed of material developments in the concerned
MIIs functioning, from time to time.

l. Independent views and judgment:

 Whether the PID exercises his/ her own judgment and voices opinion freely.
 Whether the PID’s participation in decisions taken during meetings are unbiased, based
on ethical judgment and are in strict conformity to the applicable regulatory norms.
 Whether the PID raises his/her concern if anything is observed contrary to regulatory
norms and the expected norms of ethical conduct.
 Whether the PID is committed to ensure that there is fairness and integrity in MIIs
system, in letter as well as spirit.

356
4.53 Operational Guidelines for FPIs & DDPs under SEBI (Foreign Portfolio
Investors), Regulations 2019 and for Eligible Foreign Investors176 and
Exemption from clubbing of investment limit for foreign Government
agencies and its related entities177 and Write-off of shares held by FPIs178

4.53.1 SEBI (Foreign Portfolio Investors) Regulations, 2019 (“the Regulations”)

have been notified and have come into force with effect from September
23, 2019.

4.53.2 In order to operationalise the Regulations, necessary guidance under

regulation 44 of the Regulations is issued to ensure efficient transition
from SEBI (Foreign Portfolio Investors) Regulations, 2014.

4.53.3 SEBI vide notification dated December 19, 2019 amended the Securities
and Exchange Board of India (Foreign Portfolio Investors) Regulations,
2019 and omitted the following regulation:

“Regulation 20 (9)
In cases where the Government of India enters into agreements or treaties with
other sovereign Governments and where such agreements or treaties
specifically recognize certain entities to be distinct and separate, the Board
may, during the validity of such agreements or treaties, recognize them as such,
subject to conditions as may be specified by it.”

4.53.4 In line with rule 1(a)(iv) of Schedule II of Foreign Exchange Management

(Non-debt Instruments) Rules, 2019 regarding “Investments by Foreign
Portfolio Investors”, certain foreign Government agencies and its related
entities are exempt from clubbing of investment limit requirements and
other investment conditions either by way of an agreement or treaty with
other sovereign governments or by an order of the Central Government.

4.53.5 In view of the requests received from various stake holders, the FPIs are
permitted to write-off shares of all companies which they are unable to sell.
In this regard, the process detailed at para 17 of Part C of the said
Operational Guidelines shall be complied with.

176
Reference Circular IMD/FPI&C/CIR/P/2019/124 dated November 05, 2019
177
Reference circular IMD/FPI&C/CIR/P/2020/07 dated January 16, 2020
178
Reference circular SEBI/HO/IMD/FPI&C/CIR/P/2020/177 dated September 21, 2020
357
 4.53.6 The Operational Guidelines for FPIs & DDPs and EFIs are enclosed.

4.54 Operational framework for transactions in defaulted debt securities post

maturity date/ redemption date under provisions of SEBI (Issue and
Listing of Debt Securities) Regulations, 2008179:
4.54.1 Representations were received from market participants and investors
to allow transactions in debt securities where redemption amount has
not been paid on maturity/redemption date (referred as defaulted debt
securities).
4.54.2 After detailed consultation with various stakeholders including market
participants, investors, Debentures Trustee(s), Stock Exchange(s),
Depositories etc., an operational framework for transactions in
defaulted debt securities is introduced. It outlines the operational
framework for transactions in defaulted debt securities and also
prescribes the obligations of Issuers, Debenture Trustee(s), Depositories
and Stock Exchange(s) while permitting such transactions.

4.54.3 The operational framework has been outlined in Annexure A and the
same is also presented in a tabular form along-with timelines in
Annexure B, for ease of reference.

4.54.4 Issuers, Debenture Trustee(s), Stock Exchanges and Depositories are

advised to:
i. comply with the obligations laid down including mechanism for
inter-depository and exchange coordination, wherever required;
ii. put in place necessary systems and infrastructure for its
implementation.
Annexure A
Operational framework
As per existing practice, the Stock Exchanges suspend trading/reporting of
trades on debt securities before the redemption date. Further, Depositories

179
Reference Circular No. SEBI/HO/DDHS/CIR/P/103/2020 dated June 23, 2020
358
impose restriction on off-market transfers on redemption date that restricts
transfers on and after the redemption date.
These restrictions will be lifted on defaulted debt securities as per para 4 of the
Annexure and after following procedure given in this Annexure.
1. Temporary restriction on transactions in debt securities:
1.1 Stock Exchange(s) shall not allow any transactions in the defaulted debt
securities, two working days prior to their maturity/redemption date.

1.2 On maturity/redemption date of the defaulted debt securities

Depositories shall temporarily restrict transactions in such debt
securities from such maturity/redemption date till the time its status of
payment is determined.

2. Intimation on status of payment:

2.1 Issuer shall intimate to the Stock Exchanges, Depositories and
Debenture Trustee(s) the status of payment of debt securities within 1
working day of payment/redemption date.

Provided for debt securities in which default has occurred before the
date of issuance of these norms, the issuer shall intimate the status of
payment within 5 working days from the issuance of these norms.

2.2 Working day shall be the working day of the Stock Exchange on which
the debt securities have been listed.

2.3 While intimating the status of payment to Debenture Trustee(s), Issuer

shall also intimate to Debenture Trustee(s) that they have informed the
status of payment or otherwise to the Stock Exchanges and
Depositories.

3. Role of Debenture Trustee(s):

3.1 In case the Issuer fails to intimate the status of payment of the debt
securities within stipulated timelines, then Debenture Trustee(s) shall
seek status of payment from Issuer and/or conduct independent
359
 assessment (from banks, investors, rating agencies, etc) to determine
the same.

3.2 At the time of executing Debenture Trust Deed, Issuer shall provide its
bank details (from which it proposes to pay the redemption amount)
and pre-authorise Debenture Trustee(s) to seek debt redemption
payment related information from the Issuer’s bank. Issuer shall also
inform the Debenture Trustee(s) of any change in bank details within 1
working day of such change.

For existing debt securities, Issuer shall provide such pre-authorisation

to Debenture Trustee(s), within 60 days from the issuance of these
norms.

3.3 Based on such assessment, Debenture Trustee(s) shall intimate Stock

Exchange and Depositories the status of payment of debt securities
within 9 working days of the maturity/redemption date.

3.4 In case intimation of the status of payment of debt securities is not

received by Stock Exchanges and Depositories within stipulated
timeline, transactions in such debt securities shall continue to be
restricted and such restrictions shall continue until any further
intimation is received from Issuer/ Debenture Trustee(s) regarding the
status of payment of such debt securities.

4. Default in payment of redemption amount and resumption of transaction

on defaulted debt securities:

4.1 Within 2 working days from the date of intimation from Issuer or
Debenture Trustee(s) that issuer has defaulted on its payment
obligations, the Depositories in co-ordination with Stock Exchanges
shall update the ISIN master file and lift restrictions on transactions in
such debt securities. Information regarding resumption of transactions

360
 shall be disseminated immediately on the websites of both
Depositories and Stock Exchange(s).

4.2 Depositories shall also immediately flag in the Corporate Bond

Database such debt securities as “ISIN-defaulted in redemption” and
its description shall mandatorily reflect that there was default in
payment of redemption amount of the concerned debt securities.

5. Reporting of trades in defaulted Debt Securities on stock exchange

platform:

5.1 Upon intimation by Depositories that transactions have been

permitted in the defaulted debt securities, Stock Exchange(s) shall
simultaneously but not later than 2 working days of the default
intimation from Issuer/ Debenture Trustee(s), permit reporting of
OTC trades in the concerned defaulted debt securities on its reporting
platform in terms of SEBI circular no. CIR/MRD/DP/10/2014 dated
March 21, 2014.

5.2 At the time of reporting of such trades, Stock Exchanges shall ensure
that a pop-up window is flashed, specifying that the reported trade is
in a defaulted debt security.

5.3 The trade repository shall flag such trades as “Trades in ISIN-
defaulted in redemption”.

6. Intimation of transactions in defaulted debt securities: In case of

transactions in defaulted debt securities, the Depositories shall send an
intimation (by email/SMS, as per BO a/c details available) to both parties
to the transaction that it is “Transaction in ISIN-defaulted in redemption”
immediately.

7. Account statement: While sending the periodic account statement to the

Demat account holders, including Consolidated Account statement (CAS),

361
 Depositories shall highlight in such statements that a particular debt
securities is an "ISIN – defaulted in redemption".

8. Continuous assessment of default status:

8.1 The Issuer shall inform the Stock Exchange(s), Depositories and
Debenture Trustee(s) latest by the 2nd working day of April of each
financial year on the updated status of payment of the debt securities

8.2 In case the Issuer fails to intimate the updated status of payment of the
concerned debt securities, within the stipulated timelines, the
Debenture Trustee(s) shall carry independent assessment as given at
3.1 above and intimate the status of payment of debt securities to the
Stock Exchange and Depositories within 7th working day of April of
each Financial Year.

8.3 In case issuer or Debenture Trustee(s) does not intimate the status of
payment of debt securities to Stock Exchanges and Depositories
within the stipulated timeline, transactions in such debt securities
shall be restricted from 8th working day of April of that Financial
year, until any further intimation is received from Issuer or Debenture
Trustee(s) regarding the same.

8.4 In case of any developments that impact the status of default of the
debt securities (including restructuring of debt securities, IBC
proceedings, its repayment, etc.), the issuer/debenture trustee shall
intimate the stock exchange and depositories within 1 working day of
such development.

9. Payment of debt securities or subsequent payment of defaulted debt

securities: In case of receipt of intimation or subsequent intimation to the
depositories regarding full payment of redemption amount or any
developments that impacts the status of default of the concerned debt
securities (including restructuring of debt securities, IBC proceedings, its

362
 repayment, etc.) from Issuer or from Debenture Trustee(s), transactions
shall be restricted in such debt securities by the Depositories immediately.
The same shall be informed to the Stock Exchange(s) and disseminated on
respective Depositories’ website, within one working day of such
restriction. Further, the concerned ISIN shall be extinguished in the
depository system on receipt of corporate action documents from the issuer
towards its extinguishment.

10. Process in paras 8 and 9 above shall be followed till either Issuer has been
liquidated and money has been realised after completion of recovery
proceedings or full payment on these securities is made by Issuer.
Annexure B

Event Activity to be Timeline By To

undertaken (Working
Days)

1. Execution of Pre authorization to At the time of Issuer Debenture

Debenture seek debt execution of Trustee(s)
trust deed redemption payment the deed
related information
from issuer’s bank

2. Any change Information regarding Within 1 Issuer Debenture

in bank updated bank details working day Trustee(s)
details of of event
issuer for
making debt
redemption
payment

3. Creation of Intimation of - Issuer 1. Depositories

ISIN / Listing Redemption date 2. Stock
of Debt Exchange(s)
Securities

4. Redemption/ Non acceptance of T-2 Stock -

Maturity date trades for Exchange

363
 (T day) reporting/settlement

5. Temporary restriction T Depository -

on transaction in
ISIN

6. Intimate Status of T+1 Issuer 1. Stock

payment of debt Exchange(s)
securities
2. Depositories
3. Debenture
Trustee(s)

7. Non receipt Independent T+2 to T+9 Debenture -

of status of Assessment of Trustee(s)
payment Payment Status
from Issuer
8. Intimate Status of By T+9 1. Stock
payment of debt Exchange(s)
securities
2. Depositories

9. Receipt of Obligations as per T+3/T+11/ 1. Depositories

information para 9 of Annexure A event basis,
2. Stock Exchanges
regarding full as applicable
payment

10. Receipt of Obligations as per 1. Depositories

information para 4-8 of Annexure
2. Stock Exchanges
regarding A
non payment

Continuous assessment of payment

11. Any Intimate updated Within 1 Issuer or 1. Stock

development Status of payment of working day Debenture Exchange(s)
that impacts debt securities of event Trustee(s)
2. Depositories
the status of
default of the
concerned
debt
securities
(including
364
 restructuring
of debt
securities,
IBC
proceedings,
its
repayment,
etc.)

12. Continuous Intimate Status of 2 nd working Issuer 1. Stock

assessment payment of debt day of April Exchange(s)
of Payment securities every
2. Depositories
financial year
3. Debenture
Trustee(s)

13 Non receipt Independent 3 rd working Debenture

of status of Assessment of day of April – Trustee(s)
payment Payment Status 7th working
from Issuer day of April of
every
financial year

14 Intimate Status of Within 7 1. Stock

payment of debt working days Exchange(s)
securities of April of
2. Depositories
every
financial year

4.55 Stealing of Customers data registered with NSE/ BSE180

4.55.1 Central Economic Intelligence Bureau, Department of Revenue, GOI
brought to the notice of SEBI that certain fraudsters are collecting data
of customers who already into trading either in NSE / BSE and send
them bulk messages on the pretext of providing investment tips and
luring them to invest with them in their bogus firms by promising

180
MIRSD email dated October 16, 2019

365
 huge profits. In view of the above, there is need to sensitize, create
awareness among investors about the same.

4.55.2 In this regard Stock exchanges and Depositories to advise, sensitize

their stockbrokers, investors on the above issue and also that
necessary steps, safeguards are taken so that data of the customers /
investors registered with the Members / Participants are not shared or
revealed to unauthorised persons.

4.56 Advisory regarding remote access and telecommuting181

4.56.1 In reference to the meeting of the Technical Advisory Committee held on
April 30, 2020, the Market Infrastructure Institutions (MIIs) were advised
to implement the following measures after taking into consideration the
COVID-19 situation: -

1. The MII shall have proper remote access policy framework

incorporating the specific requirements of accessing the enterprise
resources securely located in the data centre from home, using
internet connection.

2. For implementation of the concept of trusted machine as end users,

the MII shall categorize the machines as official desktops/laptops
and accordingly the same may be configured to ensure
implementation of solution stack considering the requirements of
authorized access. Official devices shall have appropriate security
measures to ensure that the configuration is not tampered with. The
MII shall ensure that internet connectivity provided on all official
devices shall not be used for any purpose other than the use of
remote access to data centre resources.

3. If personal devices (BYOD) are allowed for general functions, then

appropriate guidelines should be issued to indicate positive and
negative list of applications that are permitted on such devices.
Further, these devices should be subject to periodic audit.

181
MRD email dated May 18, 2020

366
 4. The MII shall implement the various measures related to Multi-
Factor Authentication (MFA) for verification of user access so as to
ensure better data confidentiality and accessibility. VPN remote
access through MFA shall also be implemented. It is clarified
that MFA refers to the use of two or more factors to verify an
account holder’s claimed identity.

5. The MII shall ensure that the trusted machine is the only client
permitted to access the data centre resources. The MII shall ensure
that the Virtual Private Network (VPN) remote login is device
specific through the binding of the Media Access Control (MAC)
address of the device with the IP address to implement appropriate
security control measures.

6. The MII shall explore a mechanism for ensuring that the employee
using remote access solution is indeed the same person to whom
access has been granted and not another employee or unauthorized
user. A suitable video-recognition method has to be put in place to
ensure that only the intended employee uses the device after
logging in through remote access. The MII shall implement short
session timeouts for better security. Towards this end, it is
suggested that the MII may consider running a mandatory monitor
on the device that executes:

a. At random intervals takes a picture with the webcam and

uploads the same to
the MII’s server,

b. At random intervals pops up and prompts biometric

authentication with a timeout period of a few seconds. If
there is a timeout, this is flagged on the MII server as a
security event.

7. The MII shall ensure that appropriate risk mitigation mechanisms

are put in place whenever remote access of data centre resources is
permitted for service providers.

8. Remote access has to be monitored continuously for any abnormal

access and appropriate alerts and alarms should be generated to
367
 address this breach before the damage is done. For on-site
monitoring, the MII shall implement adequate safeguard
mechanism such as cameras, security guards, nearby co-workers to
reinforce technological activities.

9. The MII shall ensure that the backup, restore and archival functions
work seamlessly, particularly if the users have been provided
remote access to internal systems.

10. The MII is advised to exercise sound judgement and discretion

while applying patches to existing hardware and software and
apply only those patches which were necessary and applicable.

11. The Security Operations Centre (SOC) engine has to be periodically

monitored and logs analyzed from a remote location. Alerts and
alarms generated should also be analyzed and appropriate
decisions should be taken to address the security concerns. The
security controls implemented for the Remote Access requirements
need to be integrated with the SOC Engine and should become a
part of the overall monitoring of the security posture.

12. The MII shall update its incidence response plan in view of the
current pandemic.

13. The MII shall implement cyber security advisories received from
SEBI, CERT-IN and NCIIPC on a regular basis.

4.56.2 Further, all the guidelines developed and implemented during pandemic
situation shall become SOPs post Covid-19 situation for future
preparedness.

4.57 Standard Operating Procedure (SOP) for Reporting of Technical Glitches

by MIIs and Imposition of “Financial Disincentive 182

4.57.1 Stock exchanges, Depositories and Clearing Corporations (collectively

referred to as securities Market Infrastructure Institutions (MIIs)) are

182
SEBI Letter no. SEBI/HO/MRD/DOP1/OW/P/20062/7/2019 dated August 06, 2019

368
 systemically important for the country’s financial development and
provide the infrastructure necessary for the securities market. A smooth
and uninterrupted functioning of operations of the MIIs is essential for
ensuring the continuity of the securities market. It is, therefore, critical
for the MIIs to constantly monitor the performance of its systems and
upgrade/ enhance its systems to avoid any possibility of a technical
glitch.

4.57.2 However, incidents of technical glitches at MIIs were seen which have
hindered the smooth functioning of the MIIs and hence the continuity
of the securities market. In the event of such incidents, it should be
incumbent on MIIs to address technical glitches in a timely manner by
taking appropriate corrective actions to prevent recurrence of any such
glitches. It was observed that despite ample time and opportunities, the
MIIs are not forthcoming with the exact root cause for the disruption
and appropriate corrective actions to prevent recurrence of such
incident. In case of such lackadaisical approach by a MII, there is
significant delay in addressing the technical glitch, leading to increased
possibility of recurrence of glitch.

4.57.3 In case of failure to timely address technical glitches, MIIs shall be

subject to imposition of “financial disincentive”, which shall act as a
deterrence for any lackadaisical approach in addressing technical
glitches, and shall rather encourage them to constantly monitor the
performance of their systems and upgrade/ enhance their systems to
avoid any possibility of technical glitches.

4.57.4 A SOP for Reporting of Technical Glitches by MIIs and Imposition of

“Financial Disincentive” for information and necessary compliance by
the MIIs is given below.

Standard Operating Procedure (SOP) for Reporting of Technical

Glitches by MIIs and Imposition of “Financial Disincentive”

Background
1. Stock exchanges, Depositories and Clearing Corporations are collectively
referred to as securities Market Infrastructure Institutions (MIIs). These
institutions are systemically important for the country’s financial
development and provide the infrastructure necessary for the securities
market. A smooth and uninterrupted functioning of operations of the MIIs is
369
 essential for ensuring the continuity of the securities market. It is, therefore,
critical for the MIIs to constantly monitor the performance of its systems and
upgrade/ enhance its systems to avoid any possibility of a technical glitch.

However, incidents of technical glitches at MIIs were seen which have

hindered the smooth functioning of the MIIs and hence the continuity of the
securities market. In the event of such incidents, it should be incumbent on
MIIs to address technical glitches in a timely manner by taking appropriate
corrective actions to prevent recurrence of any such glitches. It was observed
that despite ample time and opportunities, the MIIs are not forthcoming with
the exact root cause for the disruption and appropriate corrective actions to
prevent recurrence of such incident. In case of such lackadaisical approach by
a MII, there is significant delay in addressing the technical glitch, leading to
increased possibility of recurrence of glitch.

In case of failure to timely address technical glitches, MIIs should be subject

to imposition of “financial disincentive”, which shall act as a deterrence to
MIIs for any lackadaisical approach in addressing technical glitches and shall
rather encourage them to constantly monitor the performance of their
systems and upgrade/ enhance their systems to avoid any possibility of
technical glitches.

Definition of Technical Glitch

2. Technical glitch shall mean any malfunction in the systems of a MII.
Malfunction in the systems of MII shall include malfunction in its (a)
hardware, or; (b) software, or; (c) any products/ services provided by the
MII, whether on account of inadequate infrastructure/ systems or otherwise,
which may lead to either stoppage or variance in the normal functions/
operations of systems of the MII.

Reporting Requirements
3. The following reporting structure for technical glitches shall be adopted by
the MIIs:

Sl. Disruption Reporting

No.

1. No business disruption  Standing Committee on Technology

 Governing Board of MII

370
 2. Business disruption  Standing Committee on Technology
 Governing Board of MII
 SEBI

3.1. With regard to incidents resulting in business disruption, the following

shall be submitted by the MIIs to SEBI:
(i) Information of technical glitch on immediate basis but not later than 2
hours from the time of occurrence of the glitch.
(ii) Preliminary report within 24 hours of the occurrence of the glitch.
(iii)Comprehensive root cause analysis and corrective action taken to
address the glitch within 21 days of the incident. Such report shall be
submitted to SEBI, after placing the same before the Standing
Committee on Technology and the Governing Board of the MII and
confirming compliance with their observations.

Placing before TAC

4. With regard to the incidents wherein business is disrupted, the root cause
analysis and corrective action taken, as submitted by the MII, shall be placed
before Technical Advisory Committee (TAC) of SEBI. TAC/ SEBI, if it so
desires, may seek additional information/ clarification from the MII
regarding the technical glitch.

5. In case TAC finds the action taken by the MII inadequate, based on the
recommendations of TAC, the MII shall be required to address the technical
glitch by taking appropriate corrective actions, within the timeline specified
by TAC/ SEBI. While deciding such timeline, criticality of the malfunction
and/or the services/ applications affected by the same shall also be taken into
consideration.

Failure to timely submit root cause analysis

6. In case of delay in submission or submission of incomplete/ inadequate root
cause analysis by a MII, a “financial disincentive” of Rs 25,000 per working
day shall be imposed on the MII for each working day of delay from the
timeline specified at Para 3.1(iii) above or any revised timeline specified by
TAC/ SEBI for submission of exact root cause analysis.

Failure to timely address technical glitch

7. In order to ensure that MIIs address technical glitch within the timeline
specified by TAC/ SEBI, following progressive slab-wise structure for
371
 imposition of “financial disincentive” shall be followed from the expiry of the
timeline specified by TAC/ SEBI.
No. of working days during which Financial disincentive (Rs) per
failure continues working day

First 15 working days 1 lakh per working day

Subsequent 15 working days 2 lakh per working day

Subsequent working days 5 lakh per working day

The “financial disincentive” specified above shall continue to accrue till the
time the technical glitch is addressed by the MII by taking appropriate
corrective actions.

Failure to restore operations within RTO

8. In case of a disaster, if a MII fails to restore its operations within the Recovery
Time Objective (RTO), as published by the MII on its website/ stated in its
BCP-DR Policy, a “financial disincentive” of Rs 25 lakh shall be imposed on
the MII.

9. The amount of “financial disincentive” realized as per the above structure

shall be credited by MII to Investor Protection and Education Fund
administered by SEBI.

10. Imposition of aforesaid “financial disincentive” shall be irrespective of any

other action(s) initiated/ taken by SEBI.

4.58 Standard Operating Procedure (SOP) for Reporting of Cyber Security

Incidents/ breaches/ deficiencies by MIIs and Imposition of “Financial
Disincentive 183

4.58.1 Stock exchanges, Depositories and Clearing Corporations are

collectively referred to as securities Market Infrastructure Institutions

183
SEBI Letter no. SEBI/HO/MRD/CSC/OW/P/2019/22202/1 dated August 28, 2019

372
 (MIIs). These institutions are systemically important for the country’s
financial development and provide the infrastructure necessary for the
securities market. A smooth and uninterrupted functioning of
operations of the MIIs is essential for ensuring the continuity of the
securities market. It is, therefore, critical for the MIIs to constantly
monitor the performance of their internal processes and systems and
upgrade/ enhance their systems with respect to cyber security and
cyber resilience so as to eliminate cyber security deficiencies and
prevent or minimize the possibility of a cyber security breach.

4.58.2 However, incidents of technical and administrative lapses at MIIs were

observed some of which have arisen due to non-compliance with the
extant regulatory framework for cyber security and cyber resilience and
which have hindered the smooth functioning of the MIIs and
threatened the continuity of the securities market. In the event of such
incidents, it should be incumbent on MIIs to address cyber security
deficiencies and breaches in a timely manner by taking appropriate
corrective actions. It was also observed that the MIIs were non-
compliant with the extant regulatory framework for cyber security and
cyber resilience in the cyber audit reports and reports from other
agencies.

4.58.3 It is decided to levy a “Financial Disincentive” on MIIs in the event of

the following cases:

a) Non-compliance with the extant cyber security regulations and

guidelines resulting in cyber security breaches, cyber attacks, cyber
security deficiencies or any other cyber security incidents
b) Lackadaisical approach or undue delay in addressing cyber security
deficiencies and breaches
c) Non-reporting/ delay in reporting a cyber security incident/
breach

The intent of this financial disincentive is to encourage MIIs to

constantly monitor the performance of their systems and upgrade/
enhance their systems so as to eliminate cyber security deficiencies and
prevent or minimize the possibility of a cyber security breach.

373
 4.58.4 In this regard, a SOP for reporting of cyber security breaches and
deficiencies by MIIs and imposition of “Financial Disincentive”, is
enclosed for information and necessary compliance.

Standard Operating Procedure (SOP) for Reporting of Cyber Security

breaches, incidents and deficiencies and for Imposition of “Financial
Disincentive on MIIs

Background
1. Stock exchanges, Depositories and Clearing Corporations are collectively
referred to as securities Market Infrastructure Institutions (MIIs). These
institutions are systemically important for the country’s financial
development and provide the infrastructure necessary for the securities
market. A smooth and uninterrupted functioning of operations of the MIIs is
essential for ensuring the continuity of the securities market. It is, therefore,
critical for the MIIs to constantly monitor the performance of their internal
processes and systems and upgrade/ enhance their systems with respect to
cyber security and cyber resilience so as to eliminate cyber security
deficiencies and prevent or minimize the possibility of a cyber security
breach.

2. However, incidents of technical and administrative lapses at MIIs were

observed some of which have arisen due to non-compliance with the extant
regulatory framework for cyber security and cyber resilience and which have
hindered the smooth functioning of the MIIs and threatened the continuity of
the securities market. In the event of such incidents, it should be incumbent
on MIIs to address cyber security deficiencies and breaches in a timely
manner by taking appropriate corrective actions. It was also observed that the
MIIs were non-compliant with the extant regulatory framework for cyber
security and cyber resilience in the cyber audit reports and reports from other
agencies.

3. However, in the event of a failure to do so, MIIs should be subject to

imposition of “Financial Disincentive”, for any lackadaisical approach in
addressing cyber security deficiencies and breaches and shall rather
encourage them to constantly monitor the performance of their systems and
upgrade/ enhance their systems so as to eliminate cyber security deficiencies
and prevent or minimize the possibility of a cyber security breach.

374
4. “Cyber security deficiency” shall be defined as loophole, vulnerability or non-
compliance observed in
a. The MII’s stated internal cyber security policy/cyber security
protocol/operational guidelines/information security practices or
b. The cyber security guidelines specified by SEBI from time to time

Which threatens or compromises the security, confidentiality, integrity or

availability of the MII’s computer resource or cyber assets.

5. “Cyber security incident” shall be defined as any real or suspected adverse

event in relation to cyber security that violates, explicitly, implicitly,
applicable cyber security policy resulting in unauthorized access, denial of
service or disruption, unauthorized use of computer resource for processing
or storage of information or changes to data or information without
authorization.

6. “Cyber security breach” shall be defined as any incident or security violation

that results in unauthorized or illegitimate access or use by a person as well as
an entity, of data, applications, services, networks and/or devices through
bypass of the underlying cyber security protocols, policies and mechanisms
resulting in the compromise of the confidentiality, integrity or availability of
data/information maintained in a computer resource or cyber asset. A cyber
security breach is a subset security incident.

7. “Information security practices” shall be defined as implementation of cyber

security policies and standards in order to minimize the cyber security
incidents and cyber security breaches.

8. “Cyber security policy” shall be defined as a set of documented business rules

and processes for protecting information and the computer resource.

9. “Cyber security protocol” shall be defined as the official procedure or system of

rules governing the cyber security operations of a MII. The cyber security
protocol is usually as subset of the cyber security policy.

10. “Operational guidelines” refers to any additional set of rules and procedures
issued internally by a MII that compliments its cyber security protocol and
information security practices.

375
Reporting Requirements

11. The following reporting structure for cyber security deficiencies / breach
shall be adopted by the MIIs:

Sn Issue Reporting

1. Cyber Security  CERT-In

Breach / Incident  SEBI’s Cyber Security Cell
 Standing Committee on Technology of the MII
 Governing Board of the MII
2. Cyber Security  Standing Committee on Technology of the MII
Deficiencies  Governing Board of the MII
 SEBI’s Cyber Security Cell

Cases for levy of “Financial Disincentive”

12. The “Financial Disincentives” shall be levied in the following cases:

a. Cyber Security breaches, cyber-attacks and any other cyber security

incidents occurring on account of non-compliance of SEBI cyber security
policies and guidelines and delay in reporting the Root Cause Analysis to
SEBI in case of breaches, attacks and incidents.

For the above, a “Financial Disincentive of Rs.10,000,00/- {ten lakhs} shall

be levied for

i. each such cyber security breach, cyber-attack or any other cyber

security incident on account of non-compliance of SEBI cyber
security policies and guidelines
ii. delay in reporting the Root Cause Analysis to SEBI in case such
breaches, attacks and incidents.
iii. for cyber security breaches, cyber-attacks and any other cyber
security incidents occurring otherwise and where there is a delay in
submission of the RCA reports.

376
 SEBI prescribed a time period of two weeks from the date of the incident
for submission of RCA reports.

b. Cyber Security deficiencies occurring on account of non-compliance of

SEBI cyber security policies and guidelines observed during biannual
cyber security audits mandated by SEBI vide letter dated February 21,
2018 or reports from other agencies.

For the above, a “Financial Disincentive” of Rs.500,000/- {five lakhs} shall

be levied for each such deficiency from the date of the report.

c. A cyber security breach / incident should be reported as soon as it is

discovered as per the reporting structure specified at Para 11. A “Financial
Disincentive” of INR 10,000,00/- {ten lakhs} shall be levied on those MIIs
that

i. Do not report a cyber security breach/incident, or

ii. Delay the reporting of the cyber security breach/incident

d. Failure to timely address the cyber security deficiencies / breaches within

the deadline set by SEBI/ HPSC-CS. The progressive slab-wise structure
for imposition of “Financial Disincentives” shall be followed from the
expiry of the deadline specified by SEBI/ HPSC-CS.

No. of working days post the “Financial Disincentive” (Rs) per

stated deadline during which the working day
deficiency / cause of breach is not
addressed

First 15 working days 1 lakh per working day

Subsequent 15 working days 2 lakh per working day

Subsequent working days 5 lakh per working day

377
13. Notwithstanding the reporting structure mentioned at Para 11 above, the
penalties would start being levied by SEBI at Para 12 as mentioned above.

Proceeds to be credited to SEBI’s IPEF

14. Further, with view to making such “Financial Disincentives” effective and
meaningful, it is proposed that the amount realized from the same may be
credited to the “Investor Protection and Education Fund” of SEBI in accordance
with Section 11(1) of SEBI Act, 1992 read with Regulation 4(1)(j) of the SEBI
(IPEF) Regulations, 2009, which is as follows:

Amounts to be credited to the Fund.

“4. (1) The following amounts shall be credited to the Fund:-

(a)…

(b)…

(j) such other amount as the Board may specify in the interest of investors.”

15. The “Financial Disincentive” specified above shall continue to accrue till the
time the issue has been addressed by the MII by taking appropriate corrective
actions and the same has been validated by an independent third party.

16.The amount of “Financial Disincentive” realized as per the above structure

shall be credited by MII to Investor Protection and Education Fund
administered by SEBI as mentioned at Para 14 above.

17.Imposition of aforesaid “Financial Disincentive” shall be irrespective of any

other action(s) initiated/taken by SEBI.

4.59 Implementation of Cyber Capability Index 184

184
SEBI/HO/MRD/CSC/OW/P/2019/28527/1 dated October 30, 2019 and
SEBI/HO/MRD/CSC/OW/P/2019/28517/1 dated October 30, 2019 and MRD email dated
November 04, 2019

378
4.59.1 SEBI issued cyber-security framework/guidelines to be implemented
by all the MIIs. In this regard, SEBI developed a Cyber Capability Index
to gauge the cyber security preparedness of the MIIs. The index consists
of the below mentioned domains:

(a) Governance of Critical Infrastructure and Personnel

(b) Identification of Critical Assets and Risks
(c) Protection of Critical Assets and Infrastructure
(d) Monitoring and Detection of Critical Assets/ Infrastructure and
Detection of Intrusion/ Unauthorized Access
(e) Response and Recovery
(f) Sharing of Information
(g) Training
(h) Periodic Audit

4.59.2 Each of the eight domains contains a structured set of parameters. Each
set of parameters shall determine the extent/level to which the
organization has matured with respect to cyber security and cyber
resilience in that domain.

4.59.3 Depositories are advised to rate itself on Cyber Capability Index based
on the rating framework (given below) on a quarterly basis.
Depositories are required to submit the score of the index and detailed
breakup to its Standing Committee on Technology (SCOT) and its
Governing board. The report on the completed maturity index rating is
then required to be submitted to SEBI.

4.59.4 Depositories were requested to start rating itself from the quarter of
July to September 2019. Subsequently, Depositories are requested to
rate itself every quarter and submit the report to SEBI by 30th of
subsequent quarter.

Please find Annexures containing the following :

a. Annexure 1 - “MIL” containing Maturity Indicator Levels (MILs) &

b. Annexure 2 - “Calculation” containing the illustration for Index
calculation

379
Index Calculation Methodology

4.59.5 The 54 parameters for evaluation of cyber security and cyber resilience
of a Market Infrastructure Institution (MII), as specified in the SEBI
circular CIR/MRD/DP/13/2015 dated July 06, 2015, have been divided
into 8 domains:

i. Governance of Critical Infrastructure and Personnel

ii. Identification of critical assets and risks
iii. Protection of Critical Assets and Infrastructure
iv. Monitoring and Detection of Critical Assets/ Infrastructure and
Detection of Intrusion/ Unauthorized Access
v. Response and Recovery
vi. Sharing of information
vii. Training
viii. Periodic Audit

4.59.6 Each parameter has various Maturity Indicator Levels (MIL). The MII
shall apply a MIL independently to each parameter within a domain/
sub-domain. A MII aspiring to achieve the highest MIL for each and
every parameter and therefore the highest possible score within a
Domain, would be an ideal scenario.

4.59.7 MIL 1 represents non-compliance with the parameter and therefore

shall be assigned a value of zero. At MIL 2 (for most parameters), only
the initial set of practices for the parameter is expected. However, the
MII should not be hindered from undertaking additional practices to
achieve higher MILs for that parameter. MIL 2 shall be assigned a score
of 1, MIL 3 shall be assigned a score of 2 and so on (i.e. MIL <n> shall
have a score of (n-1)).

4.59.8 For the purpose of being evaluated and rated on the Cyber Capability
Index, a MII has to fulfill the minimum cut-off score for each of the 8
domains and 9 sub-domains. A MII is declared “Fail” in the evaluation
process when it scores below the cut-off in at least one Domain/Sub-
Domain, even if the overall index score is greater than or equal to 50.

4.59.9 The Domain-wise minimum cut-off scores and weightages in the index
have been provided in the worksheet “Calculation” in the excel file. The
worksheet contains three sample index scores and their calculations:
380
 a. Index on maximum permissible score for every parameter (100)
b. Index on minimum cut-off score for every parameter (50)
c. Index on a random sample score for every parameter (89.02)

4.59.10 The formula for calculation of the Cyber Capability Index is as follows:

Index = ∑ ( ScoreParameteri * Weighti (%)*100ii/MaxParameteri)

where i ranges from 1 to 53

ScoreParameteri is the score of the MII for that parameter
Weighti (%) is the weightage, in percentage, of the parameter in the
index
MaxParameteri is the maximum permissible value of that
parameter

Score based Rating

4.59.11 Based on the value of the index, the cyber security maturity level of the
MIIs shall be determined as follows:

Sr No Rating Index Score Range

1 Exceptional Cyber Security Maturity 90-100
2 Optimal Cyber Security Maturity 80-90
3 Manageable Cyber Security Maturity 70-80
4 Developing Cyber Security Maturity 60-70
5 Bare Minimum Cyber Security 50-60
Maturity
6 FAIL Not applicable as the
MII has scored below
the cut-off in at least
one Domain / Sub-
Domain

4.59.12 Based on the sample index scores calculated in the worksheet and the
abovementioned details, the sample scores would be categorized as
follows (for illustrative purposes):

381
 Sr No Rating Index Score
1 Exceptional Cyber Security Maturity 100
2 Optimal Cyber Security Maturity 89.02
3 Bare Minimum Cyber Security Maturity 50

Action Point

4.59.13 Depositories are advised to rate their systems and processes on the
Cyber Capability Index on a quarterly basis. Additionally, they are
required to submit their quarterly index scores along with the detailed
breakup to their Standing Committee on Technology (SCOT) and their
Governing Board.

4.63.1 Depositories are advised to commence the rating exercise from the
quarter ending September 30, 2019. Thereafter, the rating exercise shall
be done every quarter and the corresponding reports shall be submitted
within 30 calendar days of the end of that quarter.

ANNEXURE 1
S.No Parameter Maturity Indicator Level No of Maximum
(MIL) Levels Permissible
Score

Domain : Governance of Critical Infrastructure and Personnel

1 As part of the operational risk MIL 1: No cyber security policy 4 3

management framework to manage risk to
systems, networks and databases from
cyber attacks and threats, MII should
formulate a comprehensive cyber security
and cyber resilience policy document
encompassing the framework mentioned
hereunder. The policy document should be
approved by the Board, and in case of
deviations from the suggested framework,
reasons for such deviations should also be
provided in the policy document. The
document.
MIL 2: Policy approved by the
Board. No deviations from
suggested framework or if
deviations observed, reasons
provided.
MIL 3: Policy document
reviewed by MIIs Board at
least annually.

382
 policy document should be reviewed by
the MII’s Board atleast annually with the MIL 4: Policy document
view to strengthen and improve its cyber includes security framework
security and cyber resilience framework. more stringent than SEBI
guidelines/ policy document
reviewed multiple times
during the year.

2 The cyber security and cyber resilience MIL 1: No cyber security policy 3 2
policy should include the following document.
process to identify, assess, and manage
cyber security risk associated with MIL 2: Policy document
processes, information, networks and includes ad-hoc process to
systems. identify, assess and manage
a. ‘Identify’ critical IT assets and risks cyber security risk.
associated with such assets,
b. ‘Protect’ assets by deploying suitable MIL 3: Policy document
controls, tools and measures, includes planned and
c. ‘Detect’ incidents, anomalies and attacks documented process to
through appropriate monitoring tools / identify, assess and manage
processes, cyber security risk.
d. ‘Respond’ by taking immediate steps
after identification of the incident, anomaly
or attack,
e. ‘Recover’ from incident through incident
management, disaster recovery and
business continuity framework.

383
3 The Cyber security policy should MIL 1: No cyber security policy 4 3
encompass the principles prescribed by document.
National Critical Information
Infrastructure Protection Centre (NCIIPC) MIL 2: Policy document
of National Technical Research includes principles prescribed
Organisation (NTRO), Government of by NCIIPC, NTRO and
India in the report titled ‘Guidelines for Government of India
Protection of National Critical Information
Infrastructure’ and subsequent revisions, if MIL 3: Policy document is
any, from time to time. being revised annually to
include changes prescribed by
NCIIPC, NTRO and
Government of India.

MIL 4: Policy document is

being revised multiple times in
a year to include changes
prescribed by NCIIPC, NTRO
and Government of India.

4 MII should also incorporate best practices MIL 1: No cyber security policy 4 3
from standards such as ISO 27001, ISO document.
27002, COBIT 5, etc., or their subsequent
revisions, if any, from time to time. MIL 2: Policy document
includes best practices from
standards such as ISO 27001,
ISO 27002, COBIT 5, etc.

MIL 3: Policy document is

being revised annually to
include best practices from
standards such as ISO 27001,
ISO 27002, COBIT 5, etc.

MIL 4: Policy document is

being revised multiple times in
a year to include best practices
from standards such as ISO
384
 27001, ISO 27002, COBIT 5, etc.

5 MII should designate a senior official as MIL 1: No CISO appointed 4 3

Chief Information Security Officer (CISO)
whose function would be to assess, MIL 2: CISO appointed
identify and reduce cyber security risks, without well-defined
respond to incidents, establish appropriate functions.
standards and controls, and direct the
establishment and implementation of MIL 3: CISO appointed with
processes and procedures as per the cyber well-defined functions as per
security and resilience policy approved by the cyber security and
the Board of the MII. resilience policy.

MIL 4: The functions of CISO

are reviewed periodically and
modified accordingly.

6 The Oversight Standing Committee on MIL 1: No review conducted. 4 3

Technology of the stock exchanges and of
MIL 2: Review conducted with
the clearing corporations and the IT
less frequency than advised.
Strategy Committee of the depositories
should on a quarterly basis review the MIL 3: Review conducted
implementation of the cyber security and quarterly and only
resilience policy approved by their Boards, shortcomings as pointed out
and such review should include review of addressed
their current IT and cyber security and
resilience capabilities, set goals for a target MIL 4: Committee reviewed
level of cyber resilience, and establish a quarterly and also provided
plan to improve and strengthen cyber inputs to improve the
security and cyber resilience. strengthen cyber security
framework which have been
carried out.

385
7 MII should establish a reporting procedure
to facilitate communication of unusual
activities and events to CISO or to the
senior management in a timely manner.
8 The aforementioned committee and the
senior management of the MII, including
the CISO, should periodically review
instances of cyber attacks, if any,
domestically and globally, and take steps
to strengthen cyber security and cyber
resilience framework.
386
MIL 1: No procedure 4 3
established to facilitate
communication of unusual
activities and events to CISO or
to the senior management in a
timely manner.
MIL 2: Procedure established
to facilitate communication of
unusual activities and events,
but not till the level of CISO.
MIL 3: Procedure established
to facilitate communication of
unusual activities and events
to CISO or to the senior
management in a timely
manner.
MIL 4: Procedure established
to facilitate communication of
unusual activities and events
to MD/CEO and the
Governing Board.
MIL 1: No review of cyber- 4 3
attacks is conducted.
MIL 2: Review of cyber-attacks
is conducted, but no remedial
action is taken.
MIL 3: Periodic review of
cyber-attacks is conducted and
prompt remedial action is
taken.
MIL 4: Periodic review of
 cyber-attacks is conducted and
remedial action is taken.
Preventive steps to counter
similar attacks is also
undertaken.

9 MII should define responsibilities of its MIL 1: Responsibilities of 4 3

employees, outsourced staff, and personnel who may have
employees of vendors, members or access or use systems/
participants and other entities, who may networks is not defined.
have access or use systems / networks of
MII, towards ensuring the goal of cyber MIL 2: Responsibilities of
security. personnel who may have
access or use systems/
networks is mentioned but not
clearly defined.

MIL 3: Responsibilities of
personnel who may have
access or use systems/
networks are clearly defined.

MIL 4: Responsibilities of
personnel who may have
access or use systems/
networks are defined. The
same are periodically reviewed
and revised accordingly.

Domain : Identification critical assets and risks

10 MII should identify critical assets based on
their sensitivity and criticality for business
operations, services and data management.
To this end, MII should maintain up-to-
date inventory of its hardware and
systems, software and information assets
(internal and external), details of its
MIL 1: MII has not identified 5 4
any critical assets and is not
maintaining any inventory of
its hardware, software and
information assets.
MIL 2: MII has identified

387
 network resources, connections to its critical assets however is not
network and data flows. maintaining any inventory of
its hardware, software and
information assets.

MIL 3: MII has identified

critical assets and is
maintaining a basic inventory
of its hardware, software and
information assets.

MIL 4: MII has identified

critical assets and is
maintaining a basic inventory
of its hardware, software and
information assets and is
reviewing the same at least
half-yearly.

MIL 5: MII has identified

critical assets and is
maintaining a basic inventory
of its hardware, software and
information assets and is
reviewing the same at least
half-yearly. (Including its
shadow inventory.)

11 MII should accordingly identify cyber risks
(threats and vulnerabilities) that it may
face, alongwith the likelihood of such
threats and impact on the business and
thereby, deploy controls commensurate to
the criticality.
MIL 1: MII has not identified / 4 3
categorized / envisaged cyber
threats.
MIL 2: MII has identified /
maintained a Software /
Hardware inventory but has
not categorized / envisaged
cyber threats.

388
 MIL 3: MII has identified /
maintained a Software /
Hardware inventory and has
categorized / envisaged
probable cyber threats
prevalent to the sector.

MIL 4: MII has identified /

maintained a Software /
Hardware inventory and has
categorized / envisaged
probable cyber threats based
on its deployed architecture
and network architecture.

12 MII should also encourage its third-party
providers, such as service providers, stock
brokers, depository participants, etc. to
have similar standards of Information
Security.
MIL 1: MII has an outsourcing 2 1
policy that does not enlist such
a clause for its third party
vendors.
MIL 2: MII has an outsourcing
policy that does not enlist such
a clause for its vendors.

Domain : Protection of Critical Assets and Infrastructure

Sub-Domain : Access Controls

13 No person by virtue of rank or position MIL 1: MII has no documented 3 2

should have any intrinsic right to access and approved data
confidential data, applications, system classification methodology.
resources or facilities.
MIL 2: MII has a documented
and approved data
classification methodology,
however (any one) the
previous 3 System Audits have
pointed out observations
pertaining to access matrices or

389
 email ids/ login ids of ex-
employees.

MIL 3: MII has a documented

and approved data
classification methodology,
and none of the previous 3
System Audits have pointed
out observations pertaining to
access matrices or email ids/
login ids of ex-employees.

14 Any access to MII’s systems, applications, MIL 1: MII has no documented 4 3

networks, databases, etc., should be for a and approved access control
defined purpose and for a defined period. methodology for systems,
MII should grant access to IT systems, applications, networks,
applications, databases and networks on a databases of the MII.
need-to-use basis and based on the
principle of least privilege. Such access MIL 2: MII has a documented
should be for the period when the access is and approved access control
required and should be authorized using methodology for systems,
strong authentication mechanisms. applications, networks,
databases of the MII. However
the System Audit /
Comprehensive review has
highlighted observations
pertaining to the same.

MIL 3: MII has a documented

and approved access control
methodology for systems,
applications, networks,
databases of the MII. and the
System Audit /
Comprehensive review has no
observations pertaining to the
same.

390

15 MII should implement strong password
controls for users’ access to systems,
applications, networks and databases.
Password controls should include a change
of password upon first log-on, minimum
password length and history, password
complexity as well as maximum validity
period. The user credential data should be
stored using strong and latest hashing
algorithms.
16 MII should ensure that records of user
access are uniquely identified and logged
for audit and review purposes. Such logs
should be maintained and stored in
encrypted form for a time period not less
than two (2) years.
391
MIL 4 : MII has a documented
and approved access control
methodology for systems,
applications, networks,
databases of the MII. and the
System Audit /
Comprehensive review has no
observations pertaining to the
same. The MII policy for the
same has a defined timelines
for review.
MIL 1: MII has no documented 3 2
and approved password policy
encompassing the
requirements of the clause.
MIL 2: MII has a documented
and approved password policy
however the same does not
completely encompass the
requirements of the clause.
MIL 3: MII has a documented
password policy encompassing
the requirements of the clause,
however the same is not
approved.
MIL 1: MII does not have an 3 2
explicit (documented and
approved) data retention and
log management and rotation
policy with relevant SOPs for
the same.
MIL 2: MII has an explicit
(documented and approved)
 data retention and log
management and rotation
policy with relevant SOPs for
the same. However the System
Audit / Comprehensive
review has highlighted
observations pertaining to the
same.

MIL 3: MII has an explicit

(documented and approved)
data retention and log
management and rotation
policy with relevant SOPs for
the same. And the System
Audit / Comprehensive
review has highlighted no
observations pertaining to the
same.

17 MII should deploy additional controls and MIL 1: The MII does not have 3 2
security measures to supervise staff with Privilege Identity Management
elevated system access entitlements (such (PIM) solution deployed at
as admin or privileged users). Such both production systems (core
controls and measures should inter-alia Systems) as well as on non-
include restricting the number of production systems.
privileged users, periodic review of
privileged users’ activities, disallow MIL 2: The MII has a Privilege
privileged users from accessing systems Identity Management (PIM)
logs in which their activities are being solution deployed at
captured, strong controls over remote production systems (core
access by privileged users, etc. Systems) but not on non-
production systems.

MIL 3: The MII has a Privilege

Identity Management (PIM)
solution deployed at
production systems (core

392
 Systems) but not on non-
production systems.

18 Account access lock policies after failure MIL 1: MII does not have a 4 3
attempts should be implemented for all documented and approved
accounts. account lock out policy.

MIL 2 :The MII has a

documented and approved
account lock-out policy ,
however the policy doesn’t
segregate between different
types of resources based on
risk , user type etc.

MIL 3: The MII has a

documented and approved
account lock-out policy , and
the policy segregates the
different types of resources
based on risk , user type etc,
however the System Audit /
Comprehensive review has
highlighted observations
pertaining to the same.

MIL 4: The MII has a

documented and approved
account lock-out policy , and
the policy segregates the
different types of resources
based on risk , user type etc,
and the System Audit /
Comprehensive review has no
observations pertaining to the
same.

393
19 Employees and outsourced staff such as
employees of vendors or service providers,
who may be given authorised access to the
MII’s critical systems, networks and other
computer resources, should be subject to
stringent supervision, monitoring and
access restrictions.
394
MIL 1: MII does not have an 4 3
approved policy for privileged
identity management (PIM) for
own staff as well as staff of
vendors.
MIL 2: MII has an approved
policy for privileged identity
management (PIM) for own
staff however the same does
not encompass the staff of
vendors.
MIL 3: MII has an approved
policy for privileged identity
management (PIM) for own
staff which also encompass the
staff of vendors, however the
System Audit /
Comprehensive review has
highlighted observations
pertaining to the same.
MIL 4: MII has an approved
policy for privileged identity
management (PIM) for own
staff which also encompass the
staff of vendors , and the
System Audit /
Comprehensive review has no
observations pertaining to the
same.
20 Two-factor authentication at log-in should MIL 1: MII has not 4 3
be implemented for all users that connect implemented a 2FA at log-in
using online / internet facility. for all users that connect using
online / internet facility,
neither the MII has put in
multi-step authentication as a
compensating mechanism.

MIL 2: MII has not

implemented a 2FA at log-in
for all users that connect using
online / internet facility,
neither the MII has put in
multi-step authentication as a
compensating mechanism.
However, the MII is in process
of implementing 2FA and is
currently in the transition
phases.

MIL 3: MII has implemented a

2FA log-in for all users that
connect using online / internet
facility. However the System
Audit / Comprehensive
review has highlighted
observations pertaining to the
same.

MIL 4: MII has implemented a

2FA log-in for all users that
connect using online / internet
facility and the System Audit /
Comprehensive review has no
observations pertaining to the
same.

395
21 MII should formulate an Internet access
policy to monitor and regulate the use of
internet and internet based services such as
social media sites, cloud-based internet
storage sites, etc.
396
MIL 1: MII has not formulated 5 4
an internet access policy based
on the controls specified in the
clause.
MIL 2: MII has formulated an
internet access policy, however
the same does not elaborate on
the use of social media sites
and / or cloud based storage
sites / clients.
MIL 3: MII has formulated an
internet access policy and the
same specifically addresses the
issue of use of social media
sites and / or cloud based
storage sites / clients, however
the System Audit /
Comprehensive review has
highlighted observations
pertaining to the same.
MIL 4: MII has formulated an
internet access policy and the
same specifically addresses the
issue of use of social media
sites and / or cloud based
storage sites / clients and the
System Audit /
Comprehensive review has no
observations pertaining to the
same. The MII has not
reviewed the policy in the past
year.
MIL 5: MII has formulated an

22 Proper ‘end of life’ mechanism should be
adopted to deactivate access privileges of
users who are leaving the organization or
who access privileges have been
withdrawn.
Sub-Domain : Physical Security
23 Physical access to the critical systems
should be restricted to minimum. Physical
access of outsourced staff / visitors should
be properly supervised by ensuring at the
minimum that outsourced staff / visitors
are accompanied at all times by authorised
employees.
397
internet access policy and the
same specifically addresses the
issue of use of social media
sites and / or cloud based
storage sites / clients and the
System Audit /
Comprehensive review has no
observations pertaining to the
same. The MII has reviewed
the policy in the past year.
MIL 1: MII has no policy for 3 2
‘end of life’ mechanism for all
users.
MIL 2: MII has a documented
and approved policy for ‘end
of life’ mechanism for all users.
MIL 3: MII has a documented
and approved policy for ‘end
of life’ mechanism for all users,
based on a need-to-use basis
and on the principle of least
privilege.
MIL 1: Physical access to 3 2
critical systems is not
monitored.
MIL 2: Physical access to
critical systems is restricted to
minimum, but outsourced staff
/ visitors are not accompanied
at all times by authorised
employees
 MIL 3: Physical access to
critical systems is restricted to
minimum, and outsourced
staff / visitors are
accompanied at all times by
authorised employees.

24 Physical access to the critical systems MIL 1: Physical access to 2 1

should be revoked immediately if the same critical systems is not revoked,
is no longer required. even if it is no longer required.

MIL 2: Physical access to

critical systems is revoked
immediately, when it is no
longer required.

25 MII should ensure that the perimeter of the
critical equipment’s room are physically
secured and monitored by employing
physical, human and procedural controls
such as the use of security guards, CCTVs,
card access systems, mantraps, bollards,
etc. where appropriate.
MIL 1: Critical equipment’s 3 2
room is not physically secured.
MIL 2: Critical equipment’s
room is physically secured.
MIL 3: Critical equipment’s
room is physically secured,
and is utilizing latest security
systems which is being
updated on continuous basis.

Sub-Domain : Network Security Management

26 MII should establish baseline standards to MIL 1: No baseline standard of 4 3

facilitate consistent application of security
configurations to operating systems,
databases, network devices and enterprise
mobile devices within the IT environment.
The MII should conduct regular
enforcement checks to ensure that the
398
security configurations is
implemented.
MIL 2: Baseline standard of
security configurations is
implemented. But no regular
enforcement checks are being
 baseline standards are applied uniformly. conducted.

MIL 3: Baseline standard of

security configurations is
implemented and regular
enforcement checks are being
conducted.

MIL 4: Baseline standard of

security configurations is
implemented and regular
enforcement checks are being
conducted. Further, security
configurations are being
reviewed regularly.

27 MII should install network security MIL 1: No firewalls and 3 2

devices, such as firewalls as well as intrusion detection and
intrusion detection and prevention prevention systems are
systems, to protect its IT infrastructure installed.
from security exposures originating from
internal and external sources. MIL 2: Firewalls and intrusion
detection and prevention
systems are installed.

MIL 3: Firewalls and intrusion

detection and prevention
systems are installed. The same
are patched and updated
regularly.

399
28 Anti-virus software should be installed on
servers and other computer systems.
Updation of Anti-virus definition files and
automatic anti-virus scanning should be
done on a regular basis.
Sub-Domain : Security of Data
29 Data-in motion and Data-at-rest should be
in encrypted form by using strong
encryption methods such as Advanced
Encryption Standard (AES), RSA, SHA-2,
etc.
400
MIL 1: No anti-virus software 3 2
installed on servers and other
computer systems.
MIL 2: Anti-virus software
installed on servers and other
computer systems, but is not
updated on regular basis.
MIL 3: Anti-virus software
installed on servers and other
computer systems. The same is
being updated on regular
basis.
MIL 1: MII has not identified 5 4
critical data / classified data
and is not encrypting data-in-
motion/rest.
MIL 2: MII is encrypting data-
in-motion/rest but has not
identified critical data /
classified data.
MIL 3: MII is encrypting data-
in-motion/rest using strong
encryption methods and has
identified critical data /
classified data , however the
System Audit /
Comprehensive review has
highlighted observations
pertaining to the encryption of
data-in-motion/rest.
 MIL 4: MII is encrypting data-
in-motion/rest using strong
encryption methods and has
identified critical data /
classified data, and the System
Audit / Comprehensive
review has no observation(s)
pertaining to the encryption of
data-in-motion/rest and/or
classification/ identification of
critical data.

MIL 5: MII is encrypting data-

in-motion/rest using strong
encryption methods and has
identified critical data /
classified data , and the System
Audit / Comprehensive
review has no observation(s)
pertaining to the encryption of
data-in-motion/rest and/or
classification/ identification of
critical data. Additionally the
MII either reviews the data
classification methodology on
an annual basis or the MII
improves upon the encryption
standards deployed
periodically.

30 MII should implement measures to MIL 1: MII has not identified 4 3

prevent unauthorised access or copying or critical data / classified data
transmission of data / information held in and does not have an
contractual or fiduciary capacity. It should approved data leakage
be ensured that confidentiality of prevention policy.
information is not compromised during
the process of exchanging and transferring MIL 2: MII has identified
critical data / classified data
401
information with external parties. however it does not have an
approved data leakage
prevention policy.

MIL 3: MII has identified

critical data / classified data
and has an approved data
leakage prevention policy
however the System Audit /
Comprehensive review has
highlighted observations
pertaining to leakage of data.

MIL 4: MII has identified

critical data / classified data
and has an approved data
leakage prevention policy and
the System Audit /
Comprehensive review has no
observations pertaining to
leakage of data.

402
31 The information security policy should
also cover use of devices such as mobile
phone, faxes, photocopiers, scanners, etc.
that can be used for capturing and
transmission of data.
32 MII should allow only authorized data MIL 1: MII does not have an 4
storage devices through appropriate approved
validation processes. software
management policy.
403
MIL 1: The MIIs information 3 2
security policy does not
address the usage of, security
of and prevention of data
leakage through, various
devices that can be used for
capturing and transmission of
data.
MIL 2: The MIIs information
security policy addresses the
usage of, security of and
prevention of data leakage
through, various devices that
can be used for capturing and
transmission of data however
the System Audit /
Comprehensive review has
highlighted observations
pertaining to the same.
MIL 3: The MIIs information
security policy addresses the
usage of, security of and
prevention of data leakage
through, various devices that
can be used for capturing and
transmission of data and the
System Audit /
Comprehensive review has no
observations pertaining to the
same.
3
hardware &
inventory
 MIL 2: MII has an approved
hardware & software
inventory management policy
however it has not maintained
a software and hardware
inventory. (not even at a
rudimentary level).

MIL 3: MII has an approved

hardware & software
inventory management policy
and it has maintained a basic
software and hardware
inventory. However, the
System Audit /
Comprehensive review has
highlighted observations
pertaining to the storage of
data on devices without
following the approved
process.

MIL 4: MII has an approved

hardware & software
inventory management policy
and it has maintained a basic
software and hardware
inventory and the System
Audit / Comprehensive
review has no observations
pertaining to the storage of
data on devices without
following the approved
process.

Sub-Domain : Hardening of Hardware and Software

404
33 Only a hardened and vetted hardware / MIL 1: Hardening of 4 3
software should be deployed by the MII. hardware/ software utilized
During the hardening process, MII should by MIIs is not being conducted.
inter-alia ensure that default passwords
are replaced with strong passwords and all MIL 2: The hardware/
unnecessary services are removed or software utilized by MIIs is
disabled in equipments / software. hardened and vetted.

MIL 3: During the hardening

process default passwords are
replaced with strong
passwords and all unnecessary
services are removed or
disabled.

MIL 4: The hardening process

is regularly reviewed to plug
vulnerabilities in the system.

34 All open ports which are not in use or can MIL 1: Open ports not in use 4 3
potentially be used for exploitation of data are not blocked.
should be blocked. Other open ports
should be monitored and appropriate MIL 2: Open ports which are
measures should be taken to secure the not in use or can potentially be
ports. used for exploitation of data
are blocked.

MIL 3: Open ports which are

not in use or can potentially be
used for exploitation of data
are blocked. Other open ports
are monitored and measures
are taken to secure the same.

MIL 4: Status of open ports are

reviewed regularly to decide
whether the port should be

405
 kept open or not.

Sub-Domain : Application Security and Testing

35 MII should ensure that regression testing is MIL 1: No regression testing is 3 2

undertaken before new or modified system
is implemented. The scope of tests should
cover business logic, security controls and
system performance under various stress-
load scenarios and recovery conditions.
undertaken.
MIL 2: Regression testing is
undertaken, but the scope is
not as per SEBI guidelines.

MIL 3: Regression testing is

undertaken and the scope of
tests is as per SEBI guidelines.

Sub-Domain : Patch Management

36 MII should establish and ensure that the MIL 1: No patch management 4 3
patch management procedures include the procedures are established.
identification, categorisation and
prioritisation of security patches. An MIL 2: Patch management
implementation timeframe for each procedures are established to
category of security patches should be include the identification,
established to implement security patches categorisation and
in a timely manner. prioritisation of security
patches

MIL 3: Patch management

procedures and
implementation timeframe for
each category of security
patches are established.

MIL 4: Patch management

procedure is periodically
reviewed to ensure quick
updation of patches.

406
37 MII should perform rigorous testing of
security patches before deployment into
the production environment so as to
ensure that the application of patches do
not impact other systems.
Sub-Domain : Disposal of Systems and Storage Devices
38 MII should frame suitable policy for
disposals of the storage media and
systems. The data / information on such
devices and systems should be removed by
using methods viz. wiping / cleaning /
overwrite, degauss and physical
destruction, as applicable.
Sub-Domain : Vulnerability Assessment and Penetration Testing
39 MII should regularly conduct vulnerability
assessment to detect security
vulnerabilities in the IT environment. MII
should also carry out periodic penetration
tests, atleast once in a year, in order to
conduct an in-depth evaluation of the
security posture of the system through
simulations of actual attacks on its systems
and networks.
407
MIL 1: No testing of security 3 2
patches undertaken.
MIL 2: Testing of security
patches undertaken before
deployment into the
production environment so as
to ensure that the application
of patches do not impact other
systems.
MIL 3: Patch testing policy has
been adopted so that untested
patches are not deployed in
production environment.
MIL 1: No policy for disposals 2 1
of the storage media and
systems.
MIL 2: Policy for disposals of
the storage media and systems
is adopted and is being
implemented at all times.
MIL 1: MII’s information 5 4
security policy doesn’t
encompass periodically
conducting VA and PT.
MIL 2: MII’s information
security policy encompasses
periodically conducting VA
and PT however the MII has
40 Remedial actions should be immediately not been conducting either VA
taken to address gaps that are identified or PT as per the approved
during vulnerability assessment and policy.
penetration testing.
MIL 3: MII’s information
security policy encompasses
periodically conducting VA
and PT and the MII has been
conducting VA and PT as per
the approved policy, however
the System Audit /
Comprehensive review has
highlighted observations
pertaining to the open areas
found during the VA/PT.

MIL 4: MII’s information

security policy encompasses
periodically conducting VA
and PT and the MII has been
conducting VA and PT as per
the approved policy, however
the System Audit /
Comprehensive review has no
observations pertaining to the
open areas found during the
VA/PT. (i.e. all vulnerabilities
found in the VA/PT were
addressed by the MII in a time-
bound manner.)

MIL 5: In addition to MIL 4,

the MII also fine tunes its VA
and or PT (based on learnings)
and also periodically changes
vendors.

408
41 In addition, MII should perform (For new systems built 5 4
vulnerability scanning and conduct internally or owned by the MII
penetration testing prior to the / its subsidiary) MIL 1: MII’s
commissioning of a new system which information security policy
offers internet accessibility and open doesn’t encompass periodically
network interfaces. conducting VA and PT for new
systems (including those which
offer internet accessibility and
open network interfaces).

MIL 2: MII’s information

security policy encompasses
periodically conducting VA
and PT for new systems
(including those which offer
internet accessibility and open
network interfaces), however
the MII has not been
conducting either VA or PT as
per the approved policy.

MIL 3: MII’s information

security policy encompasses
periodically conducting VA
and PT for new systems
(including those which offer
internet accessibility and open
network interfaces) and the
MII has been conducting VA
and PT as per the approved
policy, however the System
Audit / Comprehensive
review has highlighted
observations pertaining to the
open areas found during the
VA/PT for new systems
(including those which offer
internet accessibility and open

409
 network interfaces).

MIL 4: MII’s information

security policy encompasses
periodically conducting VA
and PT for new systems
(including those which offer
internet accessibility and open
network interfaces) and the
MII has been conducting VA
and PT as per the approved
policy, however the System
Audit / Comprehensive
review has no observations
pertaining to the open areas
found during the VA/PT. (i.e.
all vulnerabilities found in the
VA/PT were addressed by the
MII in a time-bound manner.)
for new systems (including
those which offer internet
accessibility and open network
interfaces)

MIL 5 : In addition to MIL 4,

the MII also fine tunes its VA
and or PT for new systems
(including those which offer
internet accessibility and open
network interfaces) (based on
learnings) and also periodically
changes vendors.

Domain : Monitoring of Critical Assets/Infrastructure and Detection of Intrusion/Unauthorized Access

410
42 MII should establish appropriate security MIL 1: MII has not established 5 4
monitoring systems and processes to a C-SOC.
facilitate continuous monitoring of security
events and timely detection of MIL 2: The MII has a C-SOC ,
unauthorised or malicious activities, share with other MIIs
unauthorised changes, unauthorised access (subsidiaries etc) , however the
and unauthorised copying or transmission C-SOC doesn’t have separate
of data / information held in contractual or consoles for each MII and the
fiduciary capacity, by internal and external C-SOC does not differentiate
parties. The security logs of systems, between the traffic of different
applications and network devices should MIIs it caters to.
also be monitored for anomalies.
MIL 3: The MII has a C-SOC,
shared with other MIIs with
separate consoles for each MII
and the C-SOC differentiates
between the traffic of different
MIIs however the System
Audit / Comprehensive
review has highlighted
observations pertaining to the
C-SOC’s monitoring ability or
the evaluation of logs by the C-
SOC.

MIL 4: The MII has a C-SOC,

shared with other MIIs with
separate consoles for each MII
and the C-SOC differentiates
between the traffic of different
MIIs and the System Audit /
Comprehensive review has no
observations pertaining to the
C-SOC’s monitoring ability or
the evaluation of logs by the C-
SOC.

411
 MIL 5: The MII has a C-SOC,
shared with other MIIs with
separate consoles for each MII
and the C-SOC differentiates
between the traffic of different
MIIs and the System Audit /
Comprehensive review has no
observations pertaining to the
C-SOC’s monitoring ability or
the evaluation of logs by the C-
SOC. Additionally, the C-SOC
also periodically updates its
monitoring parameters and has
demonstrated in pre-emptive
warding-off attacks.

43 Further, to ensure high resilience, high MIL 1: The MII does not have a 5 4
availability and timely detection of attacks dedicated capacity utilization
on systems and networks, MII should monitoring mechanism
implement suitable mechanism to monitor consisting of appropriate
capacity utilization of its critical systems systems and dedicated in-
and networks. house staff.

MIL 2: The MII does has a

capacity utilization monitoring
mechanism consisting of
appropriate systems however
the same is outsourced.
Additionally, not all critical
systems are being monitored
by the same.

MIL 3: The MII does has a

capacity utilization monitoring
mechanism consisting of
appropriate systems however
the same is outsourced. All
critical systems are being

412
 monitored by the same,
however the thresholds set for
alerts are too high to timely
ward-off attacks / untoward
incidents.

MIL 4: The MII does has a

capacity utilization monitoring
mechanism consisting of
appropriate systems however
the same is outsourced. All
critical systems are being
monitored by the same, the
thresholds set for alerts are
appropriate to timely ward-off
attacks / untoward incidents
as per the System Auditor.

MIL 5: The MII does has a

capacity utilization monitoring
mechanism consisting of
appropriate systems however
the same is outsourced. All
critical systems are being
monitored by the same, the
thresholds set for alerts are
appropriate to timely ward-off
attacks / untoward incidents
as per the System Auditor.
Additionally the MII is also
quarterly reviewing the
threshold parameters and also
monitors shadow systems
deployed for new projects.

413
44 Suitable alerts should be generated in the MIL 1: The MII does not have 3 2
event of detection of unauthorized or an alert generation system in
abnormal system activities, transmission place
errors or unusual online transactions.
MIL 2 : The MII has a well
defined, robust system in place
for generation of alerts

MIL 3 : In addition to MIL 2,

the MII has a dedicated team of
experts which continuously
monitor and refine the alert
definitions and alert generation
system

Domain : Response and Recovery

45 Alerts generated from monitoring and MIL 1: The MII does not have a 4 3
detection systems should be suitably SOP in place for segmenting
investigated, including impact and forensic the security alerts based on its
analysis of such alerts, in order to internal criteria, investigating
determine activities that are to be the security alerts, and
performed to prevent expansion of such thereafter mitigating the
incident of cyber attack or breach, mitigate incidents which led to the
its effect and eradicate the incident. alerts.

MIL 2: The MII has a

documented and approved
SOP in place for segmenting
the security alerts based on its
internal criteria, investigating
the security alerts, and
thereafter mitigating the
incidents which led to the
alerts.

MIL 3: The MII has

demonstrated instances where
it has been regularly
414
 monitoring the alerts,
investigating relevant security
alerts, and has also been taking
corrective actions to avoid /
mitigate instances which led to
the alerts.

MIL 4: The MII has

demonstrated instances where
it has been regularly
monitoring the alerts,
investigating relevant security
alerts, and has also been taking
corrective actions to avoid /
mitigate instances which led to
the alerts. The MII has also
been updating its security
policy based on dominant /
high risk alerts received.

46 The response and recovery plan of the MII
should aim at timely restoration of systems
affected by incidents of cyber attacks or
breaches. The recovery plan should be in
line with the Recovery Time Objective
(RTO) and Recovery Point Objective (RPO)
specified by SEBI.
MIL 1: The MII does not have 4 3
an approved BCP/DR Policy
independent for itself (in case
of sharing of DR Sites with
subsidiary companies who are
also MIIs). The same may be a
document pertaining to the
parent MII.

MIL 2: The MII has an

approved BCP/DR Policy
independent for its own MII
(incase of sharing of DR Sites
with subsidiary companies
who are also MIIs).

MIL 3: The MII has an

approved BCP/DR Policy
415
 independent for its own MII
(incase of sharing of DR Sites
with subsidiary companies
who are also MIIs) and has
been conducting mock and live
DR Drills as per frequency
specified by SEBI, however the
System Audit /
Comprehensive review has
highlighted observations
pertaining to the BCP/DR Plan
or the DR Site or controls
pertaining to the same. The MII
also conforms to the RTO and
RPO requirements as relevant
to it.

MIL 4: The MII has an

approved BCP/DR Policy
independent for its own MII
(incase of sharing of DR Sites
with subsidiary companies
who are also MIIs) and has
been conducting mock and live
DR Drills as per frequency
specified by SEBI, and the
System Audit /
Comprehensive review has no
observations pertaining to the
BCP/DR Plan or the DR Site or
controls pertaining to the same.
The MII also conforms to the
RTO and RPO requirements as
relevant to it.

47 The response plan should define MIL 1: The MII does not have 3 2
responsibilities and actions to be an approved BCP/DR Policy
performed by its employees and support / independent for itself (in case
416
outsourced staff in the event of cyber of sharing of DR Sites with
attacks or breach of cyber security subsidiary companies who are
mechanism. also MIIs). The same may be a
document pertaining to the
parent MII.

MIL 2: The MII has an

approved BCP/DR Policy
independent for its own MII
(incase of sharing of DR Sites
with subsidiary companies
who are also MIIs). However
the same does not enunciate
the responsibilities and actions
to be performed by its
employees and support /
outsourced staff in the event of
cyber-attacks or breach of
cyber security mechanism.

MIL 3: The MII has an

approved BCP/DR Policy
independent for its own MII
(incase of sharing of DR Sites
with subsidiary companies
who are also MIIs). The same
enunciates the responsibilities
and actions to be performed by
its employees in the event of
cyber-attacks or breach of
cyber security mechanism.
However the policy does not
lay down responsibilities and
action for support /
outsourced staff, as may be
applicable.

417
48 Any incident of loss or destruction of data
or systems should be thoroughly analyzed
and lessons learned from such incidents
should be incorporated to strengthen the
security mechanism and improve recovery
planning and processes.
418
MIL 1: The MII does not have a 4 3
documented and approved
policy for analyzing the
incidents pertaining to system
glitches, cyber incidents.
MIL 2: The MII has a
documented and approved
policy for analyzing the
incidents pertaining to system
glitches, cyber incidents, which
also outlines the mechanism to
place the RCA before the
respective technology / Cyber
security committees of the MII
and thereafter the Board of the
MII.
MIL 3: The MII has been
incorporating the learnings
from the incidents occurred.
The MII has also been timely
been incorporating security
control(s) measures.
MIL 4: The MII has been
incorporating the learnings
from the incidents occurred.
The MII has also been timely
been incorporating security
control(s) measures. The MII
has also fine-tuned its recovery
planning process based on
such learnings.
49 MII should also conduct suitable periodic MIL 1: The MII does not 4 3
drills to test the adequacy and conduct the minimum number
effectiveness of response and recovery of mock and live drills from its
plan. DR site as specified by SEBI.

MIL 2: The MII conducts the

minimum number of mock and
live drills from its DR site as
specified by SEBI. However the
scenarios developed do not
include Cyber Attacks/ events.

MIL 3: The MII conducts the

minimum number of mock and
live drills from its DR site as
specified by SEBI. And the
scenarios developed include
Cyber Attacks/ events.

MIL 4: The MII conducts the

minimum number of mock and
live drills from its DR site as
specified by SEBI. And the
scenarios developed include
Cyber Attacks/ events.
Additionally, the MII also
conducts dedicated Cyber
Drills , which may be in co-
ordination with relevant
agencies and its subsidiary
companies who may be MIIs.

Domain : Sharing of Information

50 Quarterly reports containing information MIL 1: Quarterly reports are 2 1

on cyber attacks and threats experienced not being submitted.
by MII and measures taken to mitigate
vulnerabilities, threats and attacks MIL 2: Quarterly reports on

419
 including information on bugs / cyber attacks and counter
vulnerabilities / threats that may be useful measures taken are submitted
for other MIIs, should be submitted to to SEBI.
SEBI.

51 Such details as are felt useful for sharing NA NA NA

with other MIIs in masked and anonymous
manner shall be shared using mechanism
to be specified by SEBI from time to time.

Domain : Training

52 MII should conduct periodic training MIL 1: No training programs 4 3

programs to enhance awareness level are being conducted.
among the employees and outsourced
staff, vendors, etc. on IT / Cyber security MIL 2: Training programs are
policy and standards. Special focus should conducted but not
be given to build awareness levels and periodically/or not all
skills of staff from non-technical employees are involved.
disciplines.
MIL 3: Periodic training
programs are conducted for all
the employees

MIL 4: Periodic training

programs are conducted for all
the employees with special
focus given to building
awareness levels and skills of
staff from non-technical
disciplines

53 The training program should be reviewed MIL 1: Training program not 2 1

and updated to ensure that the contents of reviewed.
the program remain current and relevant.
MIL 2: Training program
reviewed and updated
periodically.

420
 Domain : Periodic Audit

54 The Terms of Reference for the System MIL 1: Terms of Reference for 2 1
Audit of MII specified vide circular the System Audit have not
CIR/MRD/DMS/13/2011 dated been modified.
November 29, 2011 shall be accordingly
modified to include audit of MIL 2: Terms of Reference for
implementation of the aforementioned the System Audit have been
areas. modified to include areas
mentioned in SEBI Cyber
security circular dated July 06,
2015.

421
 Calculation Methodology for Cyber Capability Index
ANNEXURE-2
Parame
Maxi Mini Index
ters
S mum mum Weight Index Index on
Total used Sample
r. Permi Cut- in the on min on max sampl
Domain Sub-Domain Paramete for score
N ssible Off Index (C score score e
rs scoring (F)
o. Score Score ) (D) (E) score
in the
(A) (B) (G)
Index
1 Governance of 9 9 26 9 11.0% 3.81 11.00 25.00 10.58
Critical
NA
Infrastructure
and Personnel
2 Identification 3 3 8 3 10.0% 3.75 10.00 7.00 8.75
of critical assets NA
and risks
3 Access 10 10 26 10 5.0% 1.92 5.00 25.00 4.81
Controls
Physical 3 3 5 3 4.0% 2.40 4.00 4.00 3.20
Security
Protection of Network 3 3 7 3 4.0% 1.71 4.00 6.00 3.43
Critical Assets Security
and Management
Infrastructure Security of 4 4 12 4 4.0% 1.33 4.00 11.00 3.67
Data
Hardening of 2 2 6 2 3.0% 1.00 3.00 5.00 2.50
Hardware
and Software

422
 Application 1 1 2 1 3.0% 1.50 3.00 1.00 1.50
Security and
Testing
Patch 2 2 5 2 3.0% 1.20 3.00 4.00 2.40
Management
Disposal of 1 1 1 1 3.0% 3.00 3.00 1.00 3.00
Systems and
Storage
Devices
Vulnerability 3 3 8 3 4.0% 1.50 4.00 7.00 3.50
Assessment
and
Penetration
Testing
4 Monitoring of 3 3 10 3 11.0% 3.30 11.00 9.00 9.90
Critical Assets/
Infrastructure
and Detection NA
of Intrusion/
Unauthorized
Access
5 Response and 5 5 14 5 10.0% 3.57 10.00 13.00 9.29
NA
Recovery
6 Sharing of 2 1 1 1 5.0% 5.00 5.00 1.00 5.00
NA
Information
7 Training NA 2 2 4 2 10.0% 5.00 10.00 3.00 7.50
8 Periodic Audit NA 1 1 1 1 10.0% 10.00 10.00 1.00 10.00
Total 54 53 136 53 100.00% 50.00 100.00 123.00 89.02

423
 CIRCULARS
1. Circular No. SMDRP/Policy/Cir-28/99 dated August 23, 1999.
2. Circular No. SMDRP/Policy/Cir-05/2001 dated February 1, 2001.
3. Circular No. D&CC/FITTC/Cir-09/2002 dated July 4, 2002.
4. Circular No. D&CC/FITTC/Cir-10/2002 dated September 25, 2002.
5. Circular No. D&CC/FITTC/Cir-13/2002 dated November 1, 2002.
6. Circular No. D&CC/FITTC/CIR - 12/2002 dated October 30, 2002.
7. Circular No. D&CC/FITTC/Cir-15/2002 dated December 27, 2002.
8. Circular No. LGL/Cir-2/2003 dated February 19, 2003.
9. Circular No. DCC/FITTC/Cir-19/2003 dated March 4, 2003
10. Circular No. SEBI/MRD/Policy/AT/Cir-19/2004 dated April 21, 2004.
11. Circular No. MRD/DoP/Dep/Cir-27/2004 dated August 16, 2004.
12. Circular No. MRD/DoP/Dep/Cir-29/2004 dated August 24, 2004.
13. Circular No. MRD/DoP/SE/Dep/Cir-36/04 dated October 27, 2004.
14. Circular No. SEBI/MRD/SE/DEP/Cir-4/2005 dated January 28, 2005.
15. Circular No. SEBI/MRD/SE/Cir-16/2005 dated August 04, 2005.
16. Circular No. MRD/DoP/SE/Dep/Cir-18/2005 dated September 2, 2005.
17. Circular No. MRD/DoP/Dep/Cir-22 /05 dated November 09, 2005.
18. Circular No. SEBI/MRD/DEP/Cir-24/05 dated December 22, 2005.
19. Circular No. SEBI/MRD/DEP/Cir-2/06 dated January 19, 2006.
20. Circular No. SEBI/MRD/DEP/Cir-3/06 dated February 21, 2006.
21. Circular No. MRD/DoP/Dep/Cir-09/06 dated July 20, 2006.
22. Circular No. MRD/DoP/Dep/SE/Cir-13/06 dated September 26, 2006.
23. Circular No. MRD/DoP/Dep/SE/Cir-17/06 dated October 27, 2006.
24. Circular No. MRD/Dep/Cir- 20/06 dated December 11, 2006.
25. Circular No. MRD/DoP/Dep/SE/Cir-22/06 dated December 18, 2006.
26. Circular No. MRD/DSA/SE/Dep/Cust/Cir-23/06 dated December 22,
2006.
27. Circular No. SEBI/CFD/DILDIP/29/2008/01/02 dated February 1, 2008.
28. Circular No. SEBI/MRD/Dep/Cir-03/2007 dated February 13, 2007.
29. Circular No. MRD/DoP/Cir- 5/2007 dated April 27, 2007.
30. Circular No. MIRSD/DPS-III/Cir-9/07 dated July 3, 2007.
31. Circular No. MIRSD/DPS- III/Cir-23/08 dated July 25, 2008.
32. Circular No. SEBI/MRD/Dep/Cir-03/2008 dated February 28, 2008.
424
33. Circular No. MRD/DoP/Cir-20/2008 dated June 30, 2008.
34. Circular No. MRD/DoP/SE/Dep/Cir-2/2009 dated February 10, 2009.
35. Circular No. CIR/MRD/DP/19/2010 dated June 10, 2010.
36. Circular No. CIR/MRD/DP/20/2010 dated July 1, 2010.
37. Circular No. CIR/MRD/DP/22/2010 dated July 29, 2010.
38. Circular No. CIR/MRD/DO/37/2010 dated December 14, 2010.
39. Circular No. CIR/MRD/DP/04/2011 dated April 07, 2011.
40. Circular No. CIR/MRD/DP/05/2011 dated April 27, 2011.
41. Circular No. MIRSD/SE/Cir-21/2011 dated October 5, 2011.
42. Circular No. CIR/MRD/DMS/13/2011 dated November 29, 2011.
43. Circular No. CIR/MRD/DMS/12/2012 dated April 13, 2012
44. Circular No. CIR/MRD/ DMS/17/2012 dated June 22, 2012
45. Circular No. CIR/MRD/ICC/16/2012 dated June 15, 2012.
46. Circular No. CIR/MRD/DP/21/2012 dated August 02, 2012.
47. Circular No. CIR/MIRSD/09/2012 dated August 13, 2012.
48. Circular No. CIR/MRD/DP/22/2012 dated August 27, 2012.
49. Circular No. CIR SEBI/MIRSD /11/2012 dated September 05, 2012.
50. Circular No. CIR/MRD/DP/24/2012 dated September 11, 2012.
51. Circular No. CIR/MRD/DP/DA/25/2012 dated September 21, 2012.
52. Circular No. CIR/MRD/DP/27/2012 dated November 01, 2012.
53. Circular No. CIR/MRD/DP/32/2012 dated December 06, 2012.
54. Circular No. CIR SEBI/MIRSD/01/2013 dated January 04, 2013.
55. Circular No. CIR/MRD/DP/10/2013 dated March 21, 2013.
56. Circular No. CIR SEBI/MRD/DRMNP/26/2013 dated September 04,
2013.
57. Circular No. CIR SEBI/MIRSD /07/2013 dated September 12, 2013.
58. Circular No. CIR SEBI/MIRSD/09/2013 dated October 08, 2013.
59. Circular No. CIR/MIRSD/10/2013 dated October 28, 2013.
60. Circular No. CIR SEBI/MIRSD/ 12/2013 dated December 04, 2013.
61. Circular No. CIR SEBI/MRD/DOP/01/2014 dated January 07, 2014.
62. Circular No. CIR MRD/DMS/03/2014 dated January 21, 2014.
63. Circular No. CIR SEBI/MRD/DMS/05/2014 dated February 07, 2014.
64. Circular No. CIR/MRD/DP/21/2014 dated July 01, 2014.
65. Circular No. CIR/MRD/DP/22/2014 dated July 04, 2014.

425
66. Circular No. CIR/MRD/DP/31/2014 dated November 12, 2014.
67. Circular No. CIR/MRD/DP/1/2015 dated January 12, 2015.
68. Circular No. CIR/ MIRSD/1/2015 dated March 04, 2015.
69. Circular No. CIR/MRD/DP/10/2015 dated June 05, 2015.
70. Circular No. CIR/MRD/DP/13/2015 dated July 06, 2015.
71. Circular No. CIR/MIRSD/2/2015 dated August 26, 2015.
72. Circular No. CIR/MRD/DP/18/2015 dated December 09,2015.
73. Circular No. CIR/MRD/DP/19/2015 dated December 09, 2015.
74. Circular No. CIR/MRD/DP/20/2015 dated December 11, 2015.
75. Circular No. CIR/MIRSD/29/2016 dated January 22, 2016
76. Circular No. SEBI/HO/MRD/DP/CIR/P/2016/58 dated June 07, 2016.
77. Circular No. CIR/MIRSD/64/2016 dated July 12, 2016
78. Circular No. CIR/MIRSD/66/2016 dated July 21, 2016
79. Circular No. SEBI/HO/MIRSD/MIRSD2/CIR/P/2016/95 dated
September 26, 2016
80. Circular No. CIR/IMD/FPIC/123/2016 dated November 17, 2016
81. Circular No. SEBI/HO/DMS/CIR/P/2017/15 dated February 23, 2017
82. Circular No. SEBI/HO/MIRSD/MIRSD6/CIR/P/2017/20 dated March
10, 2017
83. Circular No. SEBI/HO/MRD/DP/CIR/P/2017/29 dated April 03, 2017
84. Circular No. SEBI/HO/MIRSD/MIRSD1/CIR/P/2017/38 dated May 02,
2017
85. Circular number SEBI/HO/GSD/T&A/CIR/P/2017/42 dated May 16,
2017
86. Circular number CIR/MRD/DP/56/2017 dated June14, 2017
87. Circular number CIR/HO/MIRSD/MIRSD2/CIR/P/2017/64 dated June
22, 2017
88. Circular number SEBI/HO/IMD/FIIC/CIR/P/2017/068 dated June 30,
2017
89. Circular number CIR/IMD/DF-1/67/2017 dated June 30,2017
90. Circular number SEBI/HO/MRD/DSA/CIR/P/2018/1 dated January 29,
2018
91. Circular number CIR/DDHS/P/59/2018 dated March 28, 2018
92. Circular number SEBI/HO/OIAE/IGRD/CIR/P/2018/58 dated March
26, 2018
426
 93. Circular number IMD/FPIC/CIR/P/2018/61 dated April 05, 2018
94. Circular number SEBI/ HO/ MIRSD/ DOS3/ CIR/ P/ 2018/ 140 dated
November 13, 2018
95. Circular number SEBI/HO/MIRSD/CIR/PB/2018/147 dated December
03, 2018
96. Circular number CIR/MRD/CSC/148/2018 dated December 07, 2018
97. Circular number SEBI/HO/MIRSD/DOP/CIR/P/2018/153 dated
December 17, 2018
98. Circular number CIR/MRD/DP/158/2018 dated December 27, 2018
99. Circular No. SEBI/HO/MIRSD/DOS2/CIR/P/2019/10 dated Jan 04,
2019
100. Circular number SEBI/HO/MIRSD/DOP/CIR/P/2019/05 dated
January 04, 2019
101. Circular No. SEBI/HO/MRD/DOP2DSA2/CIR/P/2019/13 dated
January 10, 2019
102. Circular No. SEBI/HO/MRD/DOP2-DSA2/CIR/P/2019/22 dated
January 23, 2019
103. Circular number SEBI/HO/MRD/DOP1/CIR/P/2019/24 dated January
31, 2019
104. Circular number SEBI/HO/MRD/DOP2DSA2/CIR/P/2019/26 dated
February 05, 2019
105. Circular No. SEBI/HO/MRD/DOP2DSA2/CIR/P/2019/31 dated
February 15, 2019
106. Circular number CIR/HO/MIRSD/DOS2/CIR/PB/2019/038 dated
March 15, 2019
107. Circular number SEBI/HO/MRD/DMS1/CIR/P/2019/43 dated March
26, 2019
108. Circular No. SEBI/HO/CFD/DIL2/CIR/P/2019/50 dated April 03, 2019
109. Circular No. MRD/DoP2DSA2/CIR/P/2019/51 dated April 10, 2019
110. Circular No. IMD/FPIC/CIR/P/2019/62 dated May 08, 2019
111. Circular No. SEBI/MRD/CSC/CIR/P/2019/64 dated May 20, 2019
112. Circular No. SEBI/HO/CFD/DIL2/CIR/P/2019/67 dated May 22, 2019
113. Circular No. CIR/HO/MIRSD/DOP/CIR/P/2019/75 dated June 20,
2019

427
114. Circular No. SEBI/HO/CFD/DIL2/CIR/P/2019/76 dated June 28, 2019
115. Circular No. SEBI/HO/CFD/DIL2/CIR/P/2019/85 dated July 26, 2019
116. Circular No. SEBI/HO/MRD/DOP2DSA2/CIR/P/2019/87 dated
August 01, 2019
117. Circular No. SEBI/HO/OIAE/IGRD/CIR/P/2019/86 dated August 02,
2019
118. Circular No. SEBI/HO/MIRSD/DOP/CIR/P/2019/95 dated August 29,
2019
119. Circular No. SEBI/HO/MRD/DOP1/CIR/P/2019/106 dated October 10,
2019
120. Circular No. SEBI/HO/MIRSD/DOP/CIR/P/2019/109 dated October
15, 2019
121. Circular No. SEBI/HO/MIRSD/RTAMB/CIR/P/2019/122 dated
November 05, 2019
122. Circular No. SEBI/HO/MIRSD/DOP/CIR/P/2019/123 dated
November 05, 2019
123. Circular No. IMD/FPI&C/CIR/P/2019/124 dated November 05, 2019
124. Circular No. SEBI/HO/CFD/DCR2/CIR/P/2019/133 dated November
08, 2019
125. Circular No. SEBI/HO/DDHS/CIR/P/134/2019 dated November 13,
2019
126. Circular No. SEBI/HO/MIRSD/DOP/CIR/P/2019/136 dated
November 15, 2019
127. Circular No. SEBI/HO/MRD2/DCAP/CIR/P/2 dated November 28,
2019
128. Circular No. SEBI/HO/MRD1/ICC1/CIR/P/2020/03 dated January 07,
2020
129. Circular No. SEBI/HO/CFD/CMD/CIR/P/2020/12 dated January 22,
2020
130. Circular No. SEBI/HO/CFD/DIL2/CIR/P/2020/13 dated January 22,
2020
131. Circular No. IMD/FPI&C/CIR/P/2020/07 dated January 16, 2020
132. Circular No. SEBI/HO/MRD/DDAP/CIR/P/2020/16 dated January 28,
2020

428
133. Circular No. IMD/FPI&C/CIR/P/2020/022 dated February 04, 2020
134. Circular No. SEBI/HO/MIRSD/DOP/CIR/P/2020/28 dated February
25, 2020
135. Circular No. SEBI/HO/MRD1/DSAP/CIR/P/2020/29 dated February
26, 2020
136. Circular No. SEBI/HO/MIRSD/DOP/CIR/P/2020/73 dated April 24,
2020
137. Circular No. SEBI/HO/MIRSD/DOP/CIR/P/2020/80 dated May 12,
2020
138. Circular No. SEBI/HO/MIRSD/DOP/CIR/P/2020/88 dated May 25,
2020
139. Circular No. SEBI/HO/MIRSD/DOP/CIR/P/2020/90 dated May 29,
2020
140. Circular No. SEBI/HO/MRD-1/CIR/P/2020/95 dated June 05, 2020
141. Circular No. SEBI/HO/DDHS/CIR/P/103/2020 dated June 23, 2020
142. Circular No. SEBI/HO/MIRSD/DPIEA/CIR/P/2020/115 dated July 01,
2020
143. Circular No. SEBI/HO/MRD2/DDAP/CIR/P/2020/137 dated July 24,
2020
144. Circular No. SEBI/HO/MIRSD/DOP/CIR/P/2020/143 dated July 29,
2020
145. Circular No. SEBI/HO/CFD/CMD1/CIR/P/2020/144 dated July 31,
2020
146. Circular No. SEBI/HO/OIAE/IGRD/CIR/P/2020/152 dated August 13,
2020
147. Circular No. SEBI/HO/MRD2/DDAP/CIR/P/2020/153 dated August
18, 2020
148. Circular No. SEBI/HO/MIRSD/DOP/CIR/P/2020/158 dated August
27, 2020
149. Circular No. SEBI/HO/MIRSD/DOP/CIR/P/2020/167 dated
September 08, 2020
150. Circular No. SEBI/HO/ISD/ISD/CIR/P/2020/168 dated September 09,
2020

429
151. Circular No. SEBI/HO/IMD/FPI&C/CIR/P/2020/177 dated September
21, 2020
152. Circular No. SEBI/CIR/CFD/DCR1/CIR/P/2020/181 dated September
23, 2020
153. Circular No. SEBI/HO/MRD/DCAP/CIR/P/2020/190 dated October
01, 2020
154. Circular No. SEBI/HO/MIRSD/DOP/CIR/P/2020/193 dated October
01, 2020
155. Circular No. SEBI/HO/IMD/DF3/CIR/P/2020/194 dated October 05,
2020
156. Circular No. SEBI/HO/DDHS/CIR/P/2020/198 dated October 05, 2020
157. Circular No. SEBI/HO/DDHS/CIR/P/2020/199 dated October 6, 2020
158. Circular No. SEBI/HO/OIAE/IGRD/CIR/P/2020/208 dated October
22, 2020

COMMUNICATIONS
1. SMDRP/NSDL / 3055 /1998 dated August 11, 1998.
2. SMDRP/RKD /NSDL/2494 /98 dated November 18, 1998.
3. SMDRP/NSDL/4615 /2000 dated March 13, 2000.
4. SMDRP/CDSL / 18300 /2000 dated November 16, 2000.
5. SMDRP/NSDL/26563/2001 dated April 10, 2001.
6. D&CC/ 1099 / 2002 dated November 01, 2002.
7. MRD/DRK/SU/16034/2003 dated August 22, 2003.
8. MRD/VSS/ARR/ 12255/2004 dated June 10, 2004.
9. MRD/DoP/ Dep/82334 /2006 dated December 14, 2006.
10. MRD/DEP/PP/123624 /2008 dated April 23, 2008.
11. MRD/DoP/MC/141442 /2008 dated October 17, 2008.
12. SEBI/ MRD/CDSL/ 149156 /2009 dated January 01, 2009.
13. MRD/CDSL/VM/ 155773 /2009 dated February 27, 2009.
14. MRD/NSDL/VM/158886 /2009 dated March 30, 2009.
15. MRD/DoP/NSDL/VM/ 162378 /2009 dated May 06, 2009.
16. MRD/DoP/NSDL/VM/168994 /2009 dated July 07, 2009.
17. MRD/CDSL/VM/168989 /2009 dated July 07, 2009.

430
18. SEBI/MRD/DEP/VM/169784 /09 dated July 15, 2009.
19. MRD/DoP/Dep/VM/182963/2009 dated November 12, 2009.
20. MRD/DoP/MAS – OW/16723/2010 dated August 17, 2010.
21. MRD/DP/SG-OW/202/2012 and MRD/DP/SG-OW/203/2012 dated
January 4, 2012.
22. MRD/DP/SG-OW/2010/2012 dated January 20, 2012.
23. CFD email dated November 05, 2015.
24. MIRSD email dated January 16, 2015.
25. SEBI Letter No. MRD//DP/OW/23881/2015 dated August 24, 2015SEBI
letter No. SEBI/HO/MRD/DP/OW/2016/25739/1 & 25740/1 dated
September 14, 2016
26. SEBI letter MIRSD2/DB/AEA/OW/2018/7292 dated March 07, 2018
27. SEBI letter SEBI/MRD/ICC/OW/P/2018/27066/1 dated September 25,
2018
28. SEBI letter MRD/DoPII/DSAII/MIRSD/DOS3/OW/2018/28162/1 dated
October 22, 2018
29. SEBI Letter no. SEBI/HO/MRD/CSC/OW/P/2019/10055 dated April 22,
2019
30. SEBI Letter no. MRD/DSA/OW/11447/2/2019 dated May 8, 2019
31. SEBI Letter no. SEBI/MIRSD/16742/2019 dated July 03, 2019
32. SEBI Letter no. SEBI/HO/MRD/DOP1/OW/P/20062/7/2019 dated
August 06, 2019
33. SEBI Letter no. SEBI/HO/MRD/CSC/OW/P/2019/22202/1 dated
August 28, 2019
34. MIRSD email dated October 16, 2019
35. SEBI/HO/MRD/CSC/OW/P/2019/28527/1 dated October 30, 2019 and
SEBI/HO/MRD/CSC/OW/P/2019/28517/1 dated October 30, 2019
36. MRD email dated November 04, 2019
37. MRD email dated February 06, 2020
38. DDHS email dated February 20, 2020
39. MRD email dated May 18, 2020

431