SEBI Master Circular for Stock Broker 2023

MASTER CIRCULAR
SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2023/71 May 17, 2023
To,
All Recognized Stock Exchanges
Stock Brokers through Recognized Stock Exchanges
Madam/Sir,
Subject: Master Circular for Stock Brokers
I. Securities and Exchange Board of India (SEBI), from time to time, has been issuing
various circulars/directions to Stock Brokers. In order to enable the users to have
access to the provisions of the applicable circulars at one place, this Master Circular
in respect of Stock Brokers has been prepared.
II. SEBI’s Master Circular for Stock Brokers dated June 01, 2018 was a compilation of
relevant circulars issued by SEBI which were operational as on June 01, 2018.
Subsequently, various guidelines/directions were issued to Stock Brokers by way of
circulars/advisory. Further, some of the references to the Statutes/ Regulations in the
Master Circular now stand repealed.
III. In view of the same, the instant Master Circular has been prepared which supersedes
the Master Circular for Stock Brokers dated June 01, 2018 and the subsequent
circulars on the subject. With the issuance of this Master Circular, the
directions/instructions contained in the circulars listed out in the Appendix to this
Master Circular, to the extent they relate to the Stock Brokers, shall stand rescinded.
IV. Notwithstanding such rescission,

a) anything done or any action taken or purported to have been done or taken under
the rescinded circulars, prior to such rescission, shall be deemed to have been
done or taken under the corresponding provisions of this Master Circular;
1
b) any application made to the Board under the rescinded circulars, prior to such
rescission, and pending before it shall be deemed to have been made under the
corresponding provisions of this Master Circular;
c) the previous operation of the rescinded circulars or anything duly done or suffered
thereunder, any right, privilege, obligation or liability acquired, accrued or
incurred under the rescinded circulars, any penalty, incurred in respect of any
violation committed against the rescinded circulars, or any investigation, legal
proceeding or remedy in respect of any such right, privilege, obligation, liability,
penalty as aforesaid, shall remain unaffected as if the rescinded circulars have
never been rescinded;
V. This circular is issued in exercise of powers conferred under Section 11(1) of the
Securities and Exchange Board of India Act, 1992.
VI. This circular is available on SEBI website at www.sebi.gov.in.
Yours faithfully,
Aradhana Verma
General Manager
Tel. No: 022 26449633
[email protected]
2
TABLE OF CONTENTS
S. Page
Subject
No. No.
I. REGISTRATION OF STOCK BROKERS
1. Registration of Brokers – Verification of antecedents of the applicant 9
2. Conversion of individual membership into corporate membership 9
Additional information to be submitted at the time of registration of Stock
3. 9
Broker with SEBI
Additional requirements for processing applications of Stock Brokers for
4. Registration/ Prior approval for sale of membership/ Change of name/ 10
Trade name
5. Merger/ Amalgamation of Trading Members 11
Admission of Limited Liability Partnerships as Members of Stock
6. 12
Exchanges
7. Single registration for Stock Brokers & Clearing Members 12
8. Registration of Members of Commodity Derivatives Exchanges 14
Integration of broking activities in Equity Markets and Commodity
9. 14
Derivatives Markets under single entity
10. Uniform membership structure across segments 15
11. Online Registration Mechanism for Securities Market Intermediaries 16
Transfer of business by SEBI Registered intermediaries to other legal
12. 16
entity
II. SUPERVISION & OVERSIGHT
Oversight of Members (Stock Brokers/Trading Members/Clearing
13. Members of any Segment of Stock Exchanges and Clearing 18
Corporations)
Policy of Annual Inspection of Members by Stock Exchanges/Clearing
14. 21
Corporations
15. Enhanced Supervision of Stock Brokers / Depository Participants 23
16. Annual System Audit of Stock Brokers / Trading Members 44
17. Early Warning Mechanism to prevent diversion of client securities 47
Enhanced obligations and responsibilities on Qualified Stock Brokers
18. 51
(QSBs)
III. DEALINGS WITH CLIENT
19. Unique Client Code 62
20. Simplification And Rationalization Of Trading Account Opening Process 63
21. Nomination for Eligible Trading Accounts 65
Requirements relating to dealings between a Client and a Stock Broker
22. 67
(Trading Members included)
23. Regulation of Transactions Between Clients and Brokers 70
24. Collateral deposited by Clients with Brokers 73
25. Severance of connections with other businesses 74
3
Applicability of Rule 8(1)(f) and 8(3)(f) of the Securities Contract
26. 74
(Regulation) Rules, 1957
27. Mode of payment and delivery 74
28. Pre- funded instruments / Electronic fund transfers 75
29. Disclosure of proprietary trading by Broker to Client 75
30. “Pro – account” trading terminal 76
31. Review of norms relating to trading by Members/ Sub-Brokers 77
32. Market Access through Authorised Persons 77
33. SMS and E-mail alerts to investors by Stock Exchanges 82
34. Prevention of Unauthorised Trading by Stock Brokers 83
Execution of Power of Attorney (PoA) by the Client in favour of the Stock
35. 84
Broker/ Stock Broker and Depository Participant
Execution of ‘Demat Debit and Pledge Instruction’ (DDPI) for transfer of
36. securities towards deliveries / settlement obligations and pledging / re- 89
pledging of securities
Modification of Client Codes of Non-institutional Trades Executed on
37. 91
Stock Exchanges (All Segments)
38. Margin Trading Facility 93
Collection and reporting of margins by Trading Member (TM) /Clearing
39. 98
Member (CM) in Cash Segment.
Framework to Enable Verification of Upfront Collection of Margins from
40. 100
Clients in Cash and Derivatives segments
Margin obligation to be given by way of Pledge/ Re-pledge in the
41. 102
Depository System
42. Segregation and Monitoring of Collateral at Client Level 108
43. Maintenance of current accounts in multiple banks by Stock Brokers 119
Block Mechanism in demat account of clients undertaking sale
44. 119
transactions
45. Handling of Client’s Securities by Trading Members/ Clearing Members 121
Validation of Instructions for Pay-In of Securities from Client demat
46. account to Trading Member (TM) Pool Account against obligations 123
received from the Clearing Corporations
Settlement of Running Account of Client’s Funds lying with Trading
47. 125
Member (TM)
IV. TECHNOLOGY RELATED PROVISIONS
48. Electronic Contract Note 128
Conditions to be met by Broker for providing Internet Based Trading
49. 132
Service
Securities Trading through Wireless medium on Wireless Application
50. 137
Protocol (WAP) platform
51. Securities Trading using Wireless Technology 139
4
Additional Requirements for Internet Based Trading (IBT) and Securities
52. 140
trading using Wireless Technology (STWT)
53. Direct Market Access facility 141
54. Smart Order Routing 152
55. Broad Guidelines on Algorithmic Trading 155
56. Testing of Software used in or related to Trading and Risk Management 160
Safeguards to avoid trading disruption in case of failure of software
57. 166
vendor
58. Cyber Security and Cyber resilience framework for Stock Brokers. 167
Reporting for Artificial Intelligence (AI) and Machine Learning (ML)
59. 181
applications and systems offered and used by market intermediaries
Advisory for Financial Sector Organizations regarding Software as a
60. 182
Service(SaaS) based solutions
Framework to address the ‘technical glitches’ in Stock Brokers’
61. 183
Electronic Trading Systems
Advisory for SEBI Regulated Entities (REs) regarding Cybersecurity best
62. 188
practices
Framework for Adoption of Cloud Services by SEBI Regulated Entities
63. 189
(REs)
V. CHANGE IN STATUS, CONSTITUTION, CONTROL, AFFILIATION
Periodical Report – Grant of prior approval to members of Stock
64. 193
Exchanges
65. Procedure for seeking prior approval for change in control 194
Guidelines for seeking NOC by Stock Brokers / Clearing Members for
66. setting up Wholly Owned Subsidiaries, Step Down Subsidiaries, Joint 197
Ventures in GIFT IFSC
VI. FOREIGN ACCOUNTS TAX COMPLIANCE ACT RELATED PROVISIONS
Inter-Governmental Agreement with United States of America under
67. 199
Foreign Accounts Tax Compliance Act – Registration
Implementation of the Multilateral Competent Authority Agreement and
68. 200
Foreign Account Tax Compliance Act
VII. INVESTOR GRIEVANCE REDRESSAL
69. Exclusive e-mail ID for redressal of Investor Complaints 202
Redressal of investor complaints against Stock Brokers in SEBI
70. 202
Complaints Redress System (SCORES)
71. Information regarding Grievance Redressal Mechanism 203
Publishing Investor Charter and disclosure of Investor Complaints by
72. 203
Stock Brokers on their websites
VIII. DEFAULT RELATED PROVISIONS
Standard operating procedure in the cases of Trading Member / Clearing
73. 204
Member leading to default
5
Recovery of assets of defaulter member and recovery of funds from
74. debit balance clients of defaulter member for meeting the obligations of 212
clients / Stock Exchange / Clearing Corporation
IX. MISCELLANEOUS
75. Advertisement by Brokers and grant of trading terminals 213
Registration Number of Brokers to be quoted on all correspondences
76. 213
with SEBI
Maintenance of books of accounts and other documents sought by
77. 213
Enforcement Agencies from Stock Exchanges and Brokers
78. Display of details by Stock Brokers (including Trading Members) 214
Unauthenticated news circulated by SEBI Registered Market
79. 214
Intermediaries through various modes of communication
80. Guidelines on Outsourcing of Activities by Stock Brokers 215
General Guidelines for dealing with Conflicts of Interest of Stock Brokers
81. 223
and their Associated Persons in Securities Market.
82. Digital Mode of Payment 225
83. Regulatory Framework for Commodity Derivatives Brokers 225
Approach to securities market data access and terms of usage of data
84. 226
provided by data sources in Indian securities market
Introduction of Investor Risk Reduction Access (IRRA) platform in case
85. 226
of disruption of trading services provided by the Trading Member (TM)
86. Maintenance of a website by stock brokers 229
87. Framework for Regulatory Sandbox 230
X. REPORTING REQUIREMENTS 231
Annexures
Annexure-1 - Additional information to be submitted at the time of
1. 238
registration of Stock Broker with SEBI
Annexure-2 – An Illustrative list of common violations/deficiencies
2. 244
observed by SEBI in its inspections of members
Annexure-3 - Stock Broker System Audit Framework - Terms of
3. 248
Reference (ToR) for Type I Broker
Annexure-4 - Stock Broker System Audit Framework – ToR for Type II
4. 253
Broker
Annexure-5 - Stock Broker System Audit Framework – ToR for Type III
5. 260
Broker
Annexure-6 - Stock Broker System Audit Framework – Executive
6. 269
Summary Reporting Format
Annexure-7 - Index of documents giving details of various documents for
7. 271
client account opening process
Annexure-8 - Additional information about the client related to trading
8. 273
account
6
Annexure-9 - Rights & Obligations of stock broker, and client for trading
9. on exchanges (including additional rights & obligations in case of internet 277
/ wireless technology based trading)
Annexure-10 - Uniform Risk Disclosure Documents (for all segments /
10. 284
exchanges)
Annexure-11- Guidance Note detailing Do’s and Don’ts for trading on
11. 290
exchange(s) for investors
12. Annexure-12 - Format for nomination form 292
13. Annexure-13 - Declaration Form for opting out of nomination 294
14. Annexure-14 - Demat Debit and Pledge Instruction 295
Annexure-15 - Format of the Daily Reporting by the members to the
15. Exchange on the amount financed by them under the Margin Trading 296
Facility
16. Annexure-16 - Allocation of collateral 297
17. Annexure-17 - Treatment of unfunded portion of BG 299
Annexure-18 – Monitoring of the minimum 50% cash-equivalent
18. 300
collateral requirement
19. Annexure-19 - Blocking of margins 302
20. Annexure-20 - Monitoring of risk reduction mode 304
21. Annexure-21 – Change of Allocation 306
Annexure-22 - Procedures to be followed in the Stage-2 and the Stage-
22. 307
3 of Default Management Process
Annexure-23 - Procedures to be followed in the Stage-4 of Default
23. 309
Management Process
Annexure-24 - Incident Reporting Form regarding cyber incidents by
24. 312
stock brokers
25. Annexure-25 - Form to report on AI and ML technologies 316
26. Annexure-26 - Systems deemed to be based on AI and ML technology 318
27. Annexure-27 – Consolidated Quarterly Reporting Form 319
Annexure-28 – Advisory for Financial Sector Organizations regarding
28. 320
Software as a Service(SaaS) based solutions
29. Annexure-29 –Root Cause Analysis (RCA) Form 322
Annexure-30 – Advisory for SEBI Regulated Entities (REs) regarding
30. 324
Cybersecurity best practices
Annexure-31 - Framework for Adoption of Cloud Services by SEBI
31. 327
Regulated Entities (REs)
Annexure-32 - Format for reporting changes in "status or constitution" of
32. 372
Members
7
33. Annexure-33 - Declaration cum undertaking 373
Annexure-34 – Application to SEBI for opening of wholly owned
34. subsidiaries, step down subsidiaries or entering into joint ventures in 375
GIFT IFSC
35. Annexure-35 - Information regarding Grievance Redressal Mechanism 379
36. Annexure-36 - Investor Charter - Stock Brokers 380
Annexure-37 – Format for Investor Complaints Data to be displayed by
37. 387
Stock Brokers on their respective websites
Annexure-38 - Affidavit of undertaking cum indemnity bond to be
38. 389
submitted by member to Stock Exchange / Clearing Corporation
39. Annexure-39 - Digital Mode of Payment 392
Annexure -40 - Details of FMC circulars which shall stand repealed and
40. 393
relevant SEBI circulars which shall be applicable
Annexure -41 - Details of FMC circulars contents/norms of which shall
41. 397
continue as they are specific to commodity derivative markets
42. Annexure -42 - Details of FMC circulars which shall stand repealed 398
43. Appendix - List of Circulars / Communication 399
List of Abbreviations
API Application Programming Interface

CC Clearing Corporation
CM Clearing Member
CTCL Computer-to-Computer Link
DP Depository Participant
EPI Early Pay-in
FII Foreign Institutional Investor
GIFT Gujarat International Finance Tec-City International Financial Services
IFSC Centre
IPF Investor Protection Fund
ISIN International Securities Identification Number
KYC Know Your Customer
LAN Local Area Network
MoA Memorandum of Association
NOC No Objection Certificate
PAN Permanent Account Number
PoA Power of Attorney
SGF Settlement Guarantee Fund
T-Day Trading Day
TM Trading Member
UCC Unique Client Code
VaR Value-at-Risk
8
I. REGISTRATION OF STOCK BROKERS
1. Registration of Brokers - Verification of antecedents of the applicant1
1.1. In terms of Rule 8(1)(e) of Securities Contracts (Regulation) Rules, 1957, "no
person shall be eligible to be elected as a member if he has been convicted of an
offence involving fraud or dishonesty".
1.2. Stock Exchanges shall verify the antecedents of the applicant before granting
admission as a member of Stock Exchange and also submit a declaration at the
time of forwarding the applications for registration with SEBI, to the effect that the
member has not been convicted of any offence involving fraud or dishonesty.
2. Conversion of individual membership into corporate membership2
2.1. In case of corporatisation of individual membership, the individual member may

trade in his individual name pending registration of the corporate member by
SEBI.
2.2. In case the corporate member acquires the membership through purchase of
membership card of an individual member, the corporate member shall not be
entitled to trade because of the provisions of Section 12 of the Securities and
Exchange Board of India Act, 1992 (hereinafter referred to as “SEBI Act 1992”),
till registration is granted to the corporate member by SEBI.
3. Additional information to be submitted at the time of registration of Stock

Broker with SEBI3
3.1 In terms of Regulation 3(2) of the Securities and Exchange Board of India (Stock
Brokers) Regulations, 1992 (hereinafter referred to as “Stock Brokers
Regulations 1992”), a Stock Broker has to apply in Form A, Schedule I of the
aforesaid Regulations, duly recommended by the Stock Exchange of which he is
a member, for registration as a Stock Broker by SEBI.
3.2 While forwarding the applications in Form A, Stock Exchanges shall ensure that
additional information as per the format at Annexure-1 is also submitted along
1 Reference: Circular SMD/POLICY/CIRCULAR/30/97 dated November 25, 1997.

2 Reference: Circular SMD/POLICY/CIR-34/97 dated December 11, 1997.
3 Reference: Circular SMD/POLICY/CIR-11/98 dated March 16, 1998.
9
with the application for all the cases sent for registration.
4. Additional requirements for processing applications of Stock Brokers for

Registration/ Prior approval for sale of Membership/ Change of name/ Trade
name4
4.1 The applications for grant of registration / requisite approvals are processed by
SEBI based on information communicated by the Exchange/ members to SEBI.
Such information can undergo a change within a very short period of time. It has
been observed that in many cases information/ documents enclosed along with
the applications are outdated for SEBI to take any cognizance of the same.
4.2 In order to improve the standard of information flow so as to enable SEBI to take
an informed decision while processing applications, the following norms may be
adhered to:
4.2.1 Application for registration of stock brokers:
a. Stock Exchanges shall ensure that the following documents which are
forwarded by the Exchanges along with registration applications are not
more than three months old from the date of forwarding of the
application.
i. Form A
ii. Additional Information Form
iii. Undertakings furnished by the Applicant
4.2.2 Change of name applications for Brokers
a. Stock Exchanges shall ensure that change of name applications should

be accompanied by information from the Exchange as to whether the
change in name is accompanied by / associated with change in majority
shareholding / management / control. Applications not accompanied
with such information from the Exchange would be returned to the
concerned exchanges.
b. Stock Exchanges shall instruct all the member brokers of the exchange
to comply with the above instructions and ensure that applications
4 Reference: Circular SMD/DBA-II/CIR-22/2002 dated September 12, 2002.

10
forwarded to SEBI strictly adhere with the above time schedules /
documents failing which the applications would be returned to the
concerned Exchange.
4.3 Clarification regarding eligibility for availing fee continuity benefit by corporate
entity formed by converting partnership membership card of the Exchange
4.3.1 In order to get benefit of clause I (4) of Schedule III of the Stock Brokers
Regulations 1992, all erstwhile partner(s) should be whole-time directors
in the corporate entity so formed, and the whole-time director shall
individually (in case there is one whole-time director) or jointly (in case
there are more than one whole-time directors) have to hold at least 40%
of the paid up equity capital of the corporate entity formed for a period of
at least three years from the date of such conversion.
4.3.2 In case of Exchanges which do not grant membership to the partnership

firms, but permit individual members to form partnerships, each of the
erstwhile member partner, now whole-time director of the corporate entity,
will have to individually or jointly hold at least 40% of the paid-up capital of
the corporate entity so formed for a period of at least three years from the
date of such conversion.
5. Merger/ Amalgamation of Trading Members5
5.1 When two or more corporate broking firms merge leading to creation of a new
entity, the SEBI registration granted to the extinguishing entity does not
automatically devolve upon the emerging entity and the new entity has to fulfil the
eligibility criteria and apply afresh for registration and pay the registration fees.
5.2 The emerging entity may be allowed to trade on the registration of the
extinguishing entity for a period of say 45 days. However, the emerging entity
should apply to SEBI at the earliest and give an undertaking to be liable for the
act of the extinguishing entity and such applications in any case should be made
5 Reference: Circular SMD/POLICY(BRK.REG.)/CIR-18/98 dated July 09, 1998.

Paragraph in Circular SMD/POLICY(BRK.REG.)/CIR-18/98 dated July 09, 1998, which read “It is generally
seen that while the application comes to SEBI after the court has approved the scheme of amalgamation/ merger, the
existing entity is required to seek prior approval from SEBI in case of any change in its constitution, in terms of Rule
4(c) of SEBI (Stock Brokers) Regulations, 1992. Therefore, you are advised that as soon as the application for merger
is filed before the High Court, the extinguishing broking entity should approach SEBI through the Stock Exchange for
obtaining prior permission, to the scheme of merger/ amalgamation giving all necessary details of the proposal.”
deleted in view of Notification LAD-NRO/GN/2011-12/03/12650 dated April 19, 2011.
11
not later than 30 days of the registration granted by the Registrar of companies
to the emerging entity.
6. Admission of Limited Liability Partnerships as Members of Stock Exchanges6
6.1 Securities Contract (Regulation) Rules, 1957 (hereinafter referred to as “SCRR

1957”) do not explicitly mention Limited Liability Partnerships (LLPs) as the
Limited Liability Partnership Act, 2008 (hereinafter referred to as “LLP Act
2008”) was a subsequent development. As per the LLP Act 2008, LLP is a body
corporate. Sub-rule 4A and 5 of Rule 8 of the SCRR 1957 provide that Limited
Liability Companies (LLC) and partnership firms are eligible to be admitted as
members of Stock Exchanges. In this context it may be stated that LLPs are akin
to LLC and partnership firms.
6.2 In view of the above and since the Parliament has put in place a legal framework
for LLPs, Stock Exchanges may consider granting membership to LLPs subject
to LLP complying with the conditions laid down in Rule 8(4A) of the SCRR 1957,
as far as it can apply to LLPs.
7. Single registration for Stock Brokers & Clearing Members7
7.1 As per the amendment to the Stock Brokers Regulations 1992 vide Notification
No. LAD-NRO/GN/2014-15/15/1671 dated October 08, 2014, the requirement of
obtaining registration as stock broker/ clearing member for each Stock Exchange/
Clearing Corporation has been done away with and instead a single registration
with any Stock Exchange/ Clearing Corporation shall be required. For operating
in any other Stock Exchange(s)/ Clearing Corporation (s), approval will be
required from the concerned Stock Exchange or Clearing Corporation.
7.2 Registration requirements will be as per the following guidelines:
7.2.1 If a new entity desires to register as a stock broker or clearing member

with any Stock Exchange or Clearing Corporation, as the case may be,
then the entity shall apply to SEBI through the respective Stock Exchange
or Clearing Corporation in the manner prescribed in the Stock Brokers
Regulations 1992. The entity shall be issued one certificate of registration,
irrespective of the Stock Exchange(s)/ Clearing Corporation(s) or number
of segment(s).
6 Reference: Circular CIR/MIRSD/12/2011 dated July 11, 2011.

7 Reference: Circular CIR/MIRSD/4/2014 dated October 13, 2014.
12
7.2.2 If the entity is already registered with SEBI as a stock broker with any Stock
Exchange, then for operating on any other Stock Exchange(s) or any
Clearing Corporation, the entity can directly apply for approval to the
concerned Stock Exchange or Clearing Corporation, as per the procedure
prescribed in the Stock Brokers Regulations 1992 for registration. The
Stock Exchange/ Clearing Corporation shall report to SEBI about such
grant of approval.
7.2.3 Similarly, if any entity is already registered with SEBI as a clearing member
in any Clearing Corporation, then for operating in any other Clearing
Corporation(s) or any Stock Exchange, the entity shall follow the procedure
as prescribed in para 7.2.2 above.
7.2.4 Fees shall be applicable for all the stock brokers, self-clearing members
and clearing members as per Schedule V of the Stock Brokers Regulations
1992. As per current requirement, the entity shall continue to be liable to
pay fees for each segment approved by the Stock Exchange or Clearing
Corporation, as per the Schedule to the Stock Brokers Regulations 1992.
7.3 The Stock Exchange or Clearing Corporation shall grant approval for operating
in any segment(s) or additional segment(s) to the SEBI registered stock broker,
self-clearing member or clearing member, as the case may be, after exercising
due diligence and on being satisfied about the compliance of all relevant eligibility
requirements, and shall also, inter-alia ensure:
7.3.1 The applicant, its directors, proprietor, partners and associates satisfy the
Fit and Proper Criteria as defined in the Securities and Exchange Board of
India (Intermediaries) Regulations, 2008 (hereinafter referred to as
“Intermediaries Regulations 2008”);
7.3.2 The applicant has taken satisfactory corrective steps to rectify the
deficiencies or irregularities observed in the past in actions initiated/ taken
by SEBI/ Stock Exchanges(s) or other regulators. The Stock Exchange or
Clearing Corporation may also seek details whether the Board of the
applicant is satisfied about the steps taken. They may also carry out
inspection, wherever considered appropriate; and
7.3.3 Recovery of all pending fees/ dues payable to SEBI, Stock Exchange and
Clearing Corporation.
13
8. Registration of Members of Commodity Derivatives Exchanges8
8.1 Any person desirous of becoming a member of any commodity derivatives

exchange(s), shall have to meet the eligibility criteria to become a member of an
exchange and conditions of registration, as specified in SCRR 1957 and Stock
Brokers Regulations 1992, respectively.
8.2 The application for registration shall be made in the manner prescribed in the
Stock Brokers Regulations 1992, through the commodity derivatives exchange,
of which it holds membership, in the prescribed form, along with the applicable
fees. The application shall be accompanied by additional information as
prescribed in Annexure-1 to this circular regarding additional information to be
submitted at the time of registration of stock broker with SEBI.
8.3 The minimum net worth specified for members of commodity derivatives
exchanges, shall have to be computed as prescribed in the Stock Brokers
Regulations 1992.
8.4 “Business in goods related to the underlying” and/ or “business in connection with
or incidental to or consequential to trades in commodity derivatives”, by a member
of a Stock Exchange, would not be disqualified under Rule 8(1)(f) and Rule 8(3)(f)
of the SCRR 1957.
9. Integration of broking activities in Equity Markets and Commodity Derivatives

Markets under single entity9
10.1 A stock broker can deal in commodity derivatives and other securities under a
single entity, thereby facilitating ease of doing business.
10.2 As per the existing procedure under single registration mechanism, a one-time
certificate of registration as stock broker / clearing member shall be granted by
SEBI and subsequent permissions to act as a stock broker / clearing member of
other Stock Exchanges / Clearing Corporation, shall be granted by the respective
Stock Exchange / Clearing Corporation after proper due diligence.
10.3 Prior approval from SEBI will be required to be obtained by the stock broker only
in cases where integration leads to change in control of the stock broker/clearing
8 Reference: Circular CIR/MIRSD/4/2015 dated September 29, 2015

9 Reference: Circular SEBI/HO/MIRSD/MIRSD1/CIR/P/2017/104 dated September 21, 2017.
14
member.
10.4 Further, to facilitate integration between stock brokers, it is clarified that client
account may be transferred from one stock broker to the other stock broker, by
taking the express consent of the client through a verifiable mode of
communication and thereby continuing with the existing set of documentation in
respect of broker client relationship.
10. Uniform Membership structure across segments10
10.1 SEBI has implemented the mechanism of single registration, whereby a

registered TM /CM can operate in any segment of the recognized Stock
Exchange / Clearing Corporation under the single registration number granted
by SEBI.
10.2 In order to implement uniform membership structure across equity cash and
derivatives segments, following course of action is provided:
10.2.1 The membership structure as TM, Self-clearing Member (SCM), CM and

Professional Clearing Member (PCM) as prevalent in equity derivatives
segment has been implemented in cash segment with effect from April
01, 2019
10.2.2 The existing Stock Brokers in cash segment of a Stock Exchange who
are already registered as SCM / CM in derivatives segment have
automatically become SCM / CM, as the case may be, in cash segment
with effect from April 01, 2019.
10.2.3 The existing Stock Brokers in cash segment of a Stock Exchange who
are not registered as SCM / CM in derivatives segment shall continue as
SCM in cash segment with effect from April 01, 2019. However, -
10.2.3.1 Existing Stock Brokers in cash segment shall meet with the
net-worth requirement as per formula prescribed by Dr. L.C.
Gupta Committee as applicable to SCM / CM in equity
derivatives segment on or before September 30, 2019.
10.2.3.2 Existing Stock Brokers in cash segment who fail to meet the
net-worth requirement for SCM / CM on or before September
30, 2019 shall continue to trade as Trading Member in cash
segment provided that they shall tie up with a CM / PCM for
10
Reference: Circular SEBI/HO/MIRSD/DOP/CIR/P/2019/14 dated January 11, 2019.
15
clearing and settlement of their trades on or before September
30, 2019.
11. Online Registration Mechanism for Securities Market Intermediaries11
11.1 SEBI Intermediary Portal (https://siportal.sebi.gov.in) has been operationalized

for the intermediaries to submit all the registration applications online. The SEBI
Intermediary Portal includes online application for registration, processing of
application, grant of final registration, application for surrender / cancellation,
submission of periodical reports, requests for change of name / address / other
details etc.
11.2 All applications for registration / surrender / other requests shall be made
through SEBI Intermediary Portal only. The application in respect of stock
brokers and depository participants shall continue to be made through the Stock
Exchanges and Depositories respectively.
11.3 The applicants will be separately required to submit relevant documents viz.
declarations / undertakings, in physical form, only for records without impacting
the online processing of applications for registration.
11.4 Where applications are made through the Stock Exchanges / Depositories, the
hard copy of the applications made by their members shall be preserved by
them and shall be made available to SEBI, as and when called for.
12. Transfer of business by SEBI registered intermediaries to other legal entity12
12.1 The transferee shall obtain fresh registration from SEBI in the same capacity
before the transfer of business if it is not registered with SEBI in the same
capacity. SEBI shall issue new registration number to transferee different from
transferor’s registration number in the following scenario:
“Business is transferred through regulatory process (pursuant to merger/

amalgamation / corporate restructuring by way of order of primary regulator
/government / NCLT, etc.) or non-regulatory process (as per private agreement
/MOU pursuant to commercial dealing / private arrangement) irrespective of
transferor continues to exist or ceases to exist after the said transfer.
11 Reference: Circular SEBI/HO/MIRSD/MIRSD1/CIR/P/2017/38 dated May 02, 2017.

12
Reference: Circular SEBI/HO/MIRSD/DOR/CIR/P/2021/46 dated March 26, 2021.
16
12.2 In case of change in control pursuant to both regulatory process and non-
regulatory process, prior approval and fresh registration shall be obtained. While
granting fresh registration to same legal entity pursuant to change in control,
same registration number shall be retained.
12.3 If the transferor ceases to exist, its certificate of registration shall be

surrendered.
12.4 In case of complete transfer of business by transferor, it shall surrender its

certificate of registration.
12.5 In case of partial transfer of business by transferor, it can continue to hold

certificate of registration.
17
II. SUPERVISION & OVERSIGHT
13. Oversight of Members (Stock Brokers/Trading Members/Clearing Members of

any Segment of Stock Exchanges and Clearing Corporations)13
13.1 Inspection of Members by Stock Exchanges / Clearing Corporations
13.1.1 The Stock Exchange or the Clearing Corporation, as the case may be,
shall, in consultation with SEBI, formulate a policy for annual inspection
of their members in various segments and follow up action thereon. The
policy shall also cover various kinds of risks posed to the investors and
market at large on account of the activities/business conduct of their
members.
shall conduct inspection of their members in various segments in terms
of the above policy and in case of members who hold multiple
memberships of the exchanges, the Stock Exchanges shall establish an
information sharing mechanism with one another on the important
outcome of inspection in order to improve the effectiveness of
supervision.
13.1.3 The inspection shall cover:
a. Compliance with the relevant provisions of the Act, Rules and

Regulations made there under, Rules and Regulation of the Stock
Exchange / Clearing Corporation and the circulars issued by SEBI
and Stock Exchanges / Clearing Corporations from time to time, and
b. Efficacy of the investor grievance redressal mechanism and

discharge of various obligations towards clients, for the preceding
one year unless a longer period is warranted in the circumstances.
13.1.4 An illustrative list of common violations/deficiencies observed by SEBI in

its inspections of members is enclosed as Annexure-2. The Stock
Exchanges and Clearing Corporations are advised to bring this list to the
notice of members with an advice to them to avoid these
13 Reference: Circular SEBI/MIRSD/MASTER CIR-04/2010 dated March 17, 2010 and Circular
CIR/MIRSD/13/2012 dated December 07, 2012.
18
violations/deficiencies.
shall initiate all the follow up action – remedial, penal and disciplinary -
required on inspection findings, within six months from the conclusion of
the inspection.
13.2 Internal Audit
13.2.1 The member shall carry out complete internal audit on a half yearly basis
by an independent qualified Chartered Accountant, Company Secretary
or Cost and Management Accountant who is in practice and does not
have any conflict of interest.
13.2.2 The audit shall cover, inter alia,
a. the existence, scope and efficiency of the internal control system,
b. compliance with the provisions of the SEBI Act, 1992, Securities

Contracts (Regulation) Act 1956 (hereinafter referred to as “SCRA
1956”), Intermediaries Regulations 2008, Stock Brokers Regulations
1992, circulars issued by SEBI from time to time, Bye Laws and
Regulations and circulars issued by the Stock Exchange / Clearing
Corporation,
c. data security and insurance in respect of operations, and
d. efficacy of the investor grievance redressal mechanism and

discharge of various obligations towards clients.
13.2.3 The internal auditor shall submit the audit report to the member, who shall
place it before its Board of Directors/Proprietor/Partners and shall forward
the same along with para-wise comments to the respective Stock
Exchange/ Clearing Corporation within two months from the end of the
half year period.
13.2.4 The Stock Exchange/Clearing Corporation shall analyze the audit reports
so received and take appropriate follow up action.
13.2.5 The Stock Exchange/Clearing Corporation shall initiate appropriate

19
actions – remedial, penal or disciplinary - against the members where
deficiencies are noticed in audit reports or where audit report has not
been received, and inform the details of action taken to SEBI, within six
months from the end of the half year period.
13.3 Default in case of Multiple Membership
13.3.1 Whenever a member of any segment is declared defaulter, the

concerned Stock Exchange/Clearing Corporation shall immediately
declare it a defaulter in all its segments. It shall also immediately inform
all other Stock Exchanges/Clearing Corporations the details of the
defaulter member such as name of the member, the names of the
proprietors/partners/promoters/dominant shareholders, as applicable.
13.3.2 Immediately on receipt of the information about default of a member, the

Stock Exchange / Clearing Corporation shall declare the said member
defaulter on all its segments.
13.3.3 The Stock Exchanges / Clearing Corporations shall take appropriate

action against the associates of defaulter member. For this purpose, the
term ‘associate’ shall include a person:
a. who, directly or indirectly, by itself, or in combination with other

persons, exercises control over the member, whether individual,
body corporate or firm or holds substantial share of not less than 15%
in the capital of such entities; or
b. in respect of whom the member, individual or body corporate or firm,

directly or indirectly, by itself or in combination with other persons,
exercises control; or
c. whose director or partner is also a director or partner of the member,

body corporate or the firm, as the case may be.
Explanation: The expression “control" shall have the same meaning as

defined under clause (e) of Regulation 2 of the Securities and Exchange
Board of India (Substantial Acquisition of Shares and Takeovers)
Regulations, 2011 (hereinafter referred to as “Takeover Regulations
2011”).
20
14. Policy of Annual Inspection of Members by Stock Exchanges/Clearing
Corporations14
14.1 Policy for annual inspection of members, as decided in consultations with the
Stock Exchanges/Clearing Corporations is specified below.
14.2 The criteria for selection of members for annual inspection are as follows:
14.2.1 Stock Brokers servicing investors, getting disabled on account of funds

shortages on more than three times in a month shall be inspected
irrespective of the fact of when they were last inspected.
14.2.2 Stock Brokers servicing investors, having overnight disablement on

account of margin shortage for more than two days shall be inspected
irrespective of the fact of when they were last inspected.
14.2.3 Top twenty-five stock brokers paying high and recurring penalties for non-
reporting or short reporting of margin/Client Code modification/CTCL
mismatch fines or any other similar high risk compliance issue shall be
inspected irrespective of when they were last inspected.
14.2.4 Top twenty-five stock brokers in terms of investor complaints and

arbitration cases filed by investors shall be inspected irrespective of the
fact of when they were last inspected.
14.2.5 Stock Brokers having adverse observations in the internal audit report on
high risk issues like wrong reporting of margins, transfer of trades,
pledging of client securities, dealing with unregistered intermediaries etc.,
shall be inspected irrespective of the fact of when they were last
inspected.
14.2.6 Subsidiaries of Regional Stock Exchanges shall be inspected every year.
14.2.7 Stock Exchange shall frame internal policy for selection of stock brokers
for inspection based on inputs/alerts from Risk Based Supervision.
14.2.8 Besides the above, the special purpose/limited inspections shall be

carried out based on any triggers like patterns found during investor
14 Reference: Circular CIR/HO/MIRSD/MIRSD2/CIR/P/2017/73 dated June 30, 2017.

21
complaint resolution/Arbitration, complaints on specific malpractices of a
broker or references from various authorities. The inspection shall be
irrespective of the fact of when the last inspection was carried out.
14.2.9 Apart from the above few stock brokers shall be selected by the Stock
Exchanges on a random basis for inspection.
14.2.10 Stock Brokers who do not fall under any of the above category shall be
inspected by the Stock Exchanges at least once in three years.
14.2.11 Stock Brokers selected on the above category shall be inspected for all
segments and also for clearing activity if the stock broker is undertaking
clearing for other stock brokers.
14.2.12 Inspections of Professional Clearing Members shall be conducted by

Clearing Corporations once in two years.
14.3 Clearing activity undertaken by stock brokers for other stock brokers shall be
inspected by Clearing Corporations. Other activities of stock brokers shall be
inspected by Stock Exchanges. If Stock Exchanges and Clearing Corporations
so desire, they can conduct joint inspections of stock brokers. Where Clearing
Corporation has not been set up, Stock Exchange shall inspect all activities of
stock brokers including activity of clearing for other stock brokers.
14.4 The Stock Exchanges/Clearing Corporations are advised to continuously

assess the risks posed by their members and review/revise the policy of annual
inspection, as and when required, in consultation with SEBI.
14.5 The Stock Exchanges shall establish an information sharing mechanism with
one another on the important outcome of inspection of members who hold
multiple memberships of the exchanges in order to improve the effectiveness of
supervision and shall also bring cases of repetitive and / or serious violations to
the notice of SEBI.
22
15. Enhanced Supervision of Stock Brokers / Depository Participants15
15.1 SEBI constituted a committee on “Enhanced Supervision of Stock Brokers”,

which included representatives from Stock Exchanges, Depositories and
Brokers. With a view to implement the recommendations, the guidelines in para
15.3 to 15.11 below have been issued. These guidelines cover the following
broad areas:
15.1.1 Uniform nomenclature to be followed by stock brokers for

Naming/Tagging of Bank and Demat Accounts and the reporting of such
accounts to the Stock Exchanges/Depositories.
15.1.2 Monitoring of Clients’ Funds lying with the stock broker by the Stock
Exchanges, through a sophisticated alerting and reconciliation
mechanism, to detect any misutilisation of clients’ fund.
15.1.3 Changes in the existing system of internal audit for stock

brokers/depository participants viz. appointment, rotation of Internal
Auditors, formulation of objective sample criteria, monitoring of quality of
Internal Audit Reports, timeline for submissions of Internal Audit Reports,
etc.
15.1.4 Monitoring of Financial Strength of Stock Brokers by Stock Exchanges

so as to detect any signs of deteriorating financial health of stock brokers
and serve as an early warning system to take preemptive and remedial
measures.
15.1.5 Imposition of uniform penal action on stock brokers/depository

participants by the Stock Exchanges/Depositories in the event of non-
compliance with specified requirements.
15.1.6 Other Requirements:
a) Uploading client's funds and securities balances by Stock Brokers to

Stock Exchange System and onwards transmission of the same to the
clients for better transparency.
15Reference: Circular SEBI/HO/MIRSD/MIRSD2/CIR/P/2016/95 dated September 26, 2016,

Circular CIR/HO/MIRSD/MIRSD2/CIR/P/2017/64 dated June 22, 2017,
Circular CIR/HO/MIRSD/MIRSD2/CIR/PB/2017/107 dated September 25, 2017 and
Circular SEBI/HO/MIRSD/MIRSD2/CIR/P/2017/123 dated November 29, 2017.
23
b) Clarification on Running Account Settlement
c) Providing PAN details of Directors, Key Management Personnel and

Dealers, to Stock Exchanges and any change thereof.
15.2 The provisions of enhanced supervision circular is not applicable to Regional

Commodity Exchanges till further notice.
15.3 Naming/Tagging of Bank and Demat Accounts by Stock Broker16
15.3.1 Bank accounts and Demat accounts maintained by all stock brokers shall
have appropriate nomenclature to reflect the purpose for which those
bank/demat accounts are being maintained.
15.3.2 The nomenclature for bank accounts and demat accounts to be followed
is given as under:
15.3.2.1 Bank account(s) which hold clients’ funds shall be named as

"Name of Stock Broker - Client Account".
15.3.2.2 Bank account(s) held for the purpose of settlement would be

named as "Name of Stock Broker - Settlement Account".
15.3.2.3 Stock brokers are required to maintain demat accounts only

under the following 5 categories:
Table 1
S.No. Demat Account Category Purpose of Demat Account
1. Proprietary Account Hold Own Securities

2. Pool account Settlement Purpose
3. Client Unpaid Securities For pledging of Unpaid Securities
Pledgee Account of Clients
4. Client Securities Margin For Margin obligations to be
Pledge Account given by way of Pledge/ Re-
pledge
16
Reference: Circular SEBI/HO/ MIRSD/ MIRSD_DPIEA/P/CIR/2022/83 dated June 20, 2022 and
Circular SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2022/153 dated November 11, 2022
24
5. Client Securities under Hold funded securities in respect
Margin Funding Account of margin funding
15.3.3 Naming proprietary bank accounts of the stock broker as 'Stock Broker-
Proprietary Account' is voluntary. It is however clarified that bank account
which do not fall under the above para of 15.3.2.1 and 15.3.2.2 would be
deemed to be proprietary.
15.3.4 All demat accounts maintained by stock brokers should be appropriately

tagged. Further, it is prescribed that:
15.3.4.1 Credit of securities shall not be allowed in any demat account left
untagged from July 01, 2022 onwards. Credits on account of
corporate actions shall be permitted.
15.3.4.2 Debit of securities shall also not be allowed in any demat account
left untagged from August 01, 2022.
15.3.4.3 Stock Broker shall obtain permission from Stock Exchanges to

allow tagging of such demat accounts from August 01, 2022
onwards. Stock Exchange shall grant such approval within two
working days after imposing penalty as per their internal policy.
15.3.4.4 The provision at 15.3.4 shall not be applicable for the demat
accounts which are used exclusively for banking activities by
stock brokers which are also banks.
15.4 Reporting of Bank and Demat accounts maintained by Stock Broker:
15.4.1 The stock brokers shall inform the Stock Exchanges of existing and new
bank account(s) in the following format:
Table 2
Name and Name of Account IFSC Name Purpose of Date of
address of the Number Code of Account Opening
Bank Branch Account (Own/Client/
Settlement)
25
15.4.1.1 Stock Broker which is also Bank, may be required to report to the
Stock Exchanges only those bank accounts that are used for their
stock broking activities.
15.4.2 The stock brokers shall inform the Stock Exchanges of existing and new
demat account(s) in the following format:
Table 3
Name Account DP Name of PAN Sub-type/ tag Date of
of DP Number/ ID Account of Demat Opening
Client ID Holder Account18
15.4.3 Stock Exchanges and/or Depositories, as the case may be, shall ensure
the following:
15.4.3.1 All new bank and demat accounts opened by the stock brokers
shall be named as per the above given nomenclature and the
details shall be communicated to the Stock Exchanges within one
week of the opening of the account.
15.4.3.2 In case of closure of any of the reported bank and demat accounts,
the same shall be communicated to the Stock Exchanges within
one week of its closure.
15.4.3.3 Depositories shall ensure that once the nomenclature for a

particular demat account has been assigned by the stock broker,
then the same shall not be modified.
15.4.3.4 Any non-compliance/non-reporting in this regard by the stock

broker shall attract penal action as per the provisions of Stock
Exchanges.
15.4.3.5 Based on the list of stock brokers (including PANs) provided by

the respective Stock Exchanges, Depositories shall also provide
stock broker-wise details of all the demat accounts opened by a
stock broker to the concerned Stock Exchanges to facilitate
reconciliation with the data submitted by the stock broker.
18
Reference: SEBI Circular SEBI/HO/MIRSD/ MIRSD_DPIEA/P/CIR/2022/83 dated June 20, 2022
26
15.4.4 In line with the prevalent regulatory requirement, it is reiterated that;
15.4.4.1 Stock Broker shall not use client funds and securities for
proprietary purposes including settlement of proprietary
obligations.
15.4.4.2 Transfer of funds between "Name of Stock Broker - Client

Account" and "Name of Stock Broker - Settlement Account"
and client's own bank accounts is permitted. Transfer of funds
from "Name of Stock Broker - Client Account" to "Name of
Stock Broker - Proprietary Account" is permitted only for
legitimate purposes, such as, recovery of brokerage, statutory
dues, funds shortfall of debit balance clients which has been
met by the stock broker, etc. For such transfer of funds, stock
broker shall maintain daily reconciliation statement clearly
indicating the amount of funds transferred.
15.4.4.3 The Stock Exchanges shall monitor compliance with the above
requirements, during inspections and the same shall be
reviewed by the internal auditor of the broker during the half
yearly internal audits.
15.4.4.4 Stock Brokers shall not grant further exposure to the clients
when debit balances arise out of client's failure to pay the
required amount and such debit balances continues beyond
the fifth trading day, as reckoned from date of pay-in, except,
in accordance with the margin trading facility provided vide
SEBI circular CIR/MRD/DP/54/2017 dated June 13, 2017 or
as may be issued from time to time.
15.5 Monitoring of Clients’ Funds lying with the Stock Broker by the Stock
Exchanges
15.5.1 Stock Exchanges shall put in place a mechanism for monitoring clients’
funds lying with the stock broker to generate alerts on any misuse of
clients’ funds by stock brokers, as per the guidelines stipulated in para
15.5.2 & 15.5.3 below.
15.5.2 The uploading of the following data by the stock broker to the Stock
Exchanges shall be on weekly basis i.e. stock brokers shall submit the
27
data as on last trading day of every week on or before the next three
trading days. Further, the Stock Broker shall not be required to upload
data with respect to custodian settled clients.
A- Aggregate of fund balances available in all Client Bank Accounts,

including the Settlement Account, maintained by the stock broker
across Stock Exchanges.
B- Aggregate value of collateral deposited with Clearing Corporation

and/or clearing member (in cases where the trades are settled through
clearing member) in form of Cash and Cash Equivalents (Fixed deposit
(FD), Bank guarantee (BG), etc.) (across Stock Exchanges). Only
funded portion of the BG, i. e. the amount deposited by stock broker
with the bank to obtain the BG, shall be considered as part of B.
C- Aggregate value of Credit Balances of all clients as obtained from

trial balance across Stock Exchanges (after adjusting for open bills of
clients, uncleared cheques deposited by clients and uncleared
cheques issued to clients and the margin obligations).
D- Aggregate value of Debit Balances of all clients as obtained from

trial balance across Stock Exchanges (after adjusting for open bills of
clients, uncleared cheques deposited by clients, uncleared cheques
issued to clients and the margin obligations).
E- Aggregate value of proprietary non-cash collaterals i.e. securities

which have been deposited with the Clearing Corporation and/or
clearing member (across Stock Exchanges).
F- Aggregate value of Non-funded part of the BG across Stock

Exchanges.
P- Aggregate value of Proprietary Margin Obligation across Stock

Exchanges.
MC- Aggregate value of Margin utilized for positions of Credit Balance

Clients across Stock Exchanges.
MF- Aggregate value of Unutilized collateral lying with the Clearing

Corporation and/or clearing member across Stock Exchanges.
28
15.5.3 Based on the aforesaid information submitted by the stock broker,
Stock Exchanges shall put in place a mechanism for monitoring of
clients’ funds lying with the stock brokers on the principles enumerated
below:
15.5.3.1 Funds of credit balance clients used for settlement obligation

of debit clients or for own purpose:
Principle:
The total available funds i.e. cash and cash equivalents with
the stock broker and with the Clearing Corporation/clearing
member (A + B) should always be equal to or greater than
Clients’ funds as per ledger balance (C).
Stock Exchanges shall calculate the difference i.e. G as

follows –
G = (A+B) - C
If difference G is negative, then the total available fund is less

than the ledger credit balance of clients. The value of G may
indicate utilization of clients' funds for other purposes i.e.
funds of credit balance clients are being utilized either for
settlement obligations of debit balance clients or for the stock
brokers' own purposes. The negative value of G acts as an
alert to the Stock Exchanges.
Thereafter, the absolute value of G shall be compared with

debit balance of all clients as per client ledger D as follows:
If the absolute value of (G) is lesser than |D|, then the stock
broker has possibly utilised funds of credit balance clients
towards settlement obligations of debit balance clients to the
extent of value of G.
If the absolute value of (G) is greater than |D|, then the stock
broker has possibly utilised a part of funds of credit balance
clients towards settlement obligations of debit balance clients
and remaining part for his own purposes. In such cases the
29
amount of client funds used for own purpose is calculated as
follows:
H= |G|- |D|
15.5.3.2 Funds of clients used for Margin obligation of proprietary

trading:
Stock Exchanges shall thereafter, verify whether the

proprietary margin obligations (across Stock Exchanges) is
less than the own funds and securities lying with the Stock
Exchanges as collateral deposit, as follows:
Principle:
The sum of Proprietary funds and securities i.e. (G + E + F)

lying with the Clearing Corporation/clearing member should
be greater than or equal to Proprietary margin obligations
(P).
If value of G is positive (i.e. A+B > C), then proprietary funds

are lying with the Clearing Corporation/clearing member
and/or client bank accounts along with the clients funds to
the extent of positive value of G.
The sum of the proprietary funds (positive value of G), the

value of proprietary securities (E) and the non-funded portion
of bank guarantee (F) available in the Stock Exchanges is
compared with the Proprietary margin obligations (P).
If P > (G+E+F), then Stock Exchange shall calculate the

difference I, which is the amount of proprietary margin
obligation funded from clients assets.
I = P - (G+E+F)
If G is negative, then, value of G is considered as 0, as there

is no proprietary funds lying with the Stock Exchange.
The value of I indicates the extent of funds and securities of

clients which is possibly utilised towards proprietary margin
30
obligations. This value of I acts as an alert to the Stock
Exchanges on the possible mis-utilisation of clients' assets
towards proprietary margin obligations.
15.5.3.3 Funds of credit balance clients used for Margin obligations of

debit balance clients and proprietary trading:
Stock Exchanges shall thereafter, verify whether the clients

funds lying with the Clearing Corporation/clearing member are
utilised towards margin obligations of debit balance clients
and proprietary margin obligations.
Principle:
The clients' funds lying with the Clearing Corporation/clearing

member should be less than or equal to sum of credit clients'
margin obligations (MC) and free collateral deposits available
with the Clearing Corporation/clearing member (MF).
If value of G is negative (i.e. A+B < C), then fund lying with the
Clearing Corporation/ clearing member (B) is entirely clients'
fund. In such cases, B is compared with Margin obligations of
credit balance clients and the free deposits available with the
Clearing Corporation/ clearing member. The value of J is
calculated as under:
J = B - (MC + MF)
If value of G is positive (i.e. A+B > C), then fund lying with the
Clearing Corporation/clearing member (B) may contain
proprietary and clients' fund. Hence, the value of clients funds
lying with the Clearing Corporation/ clearing member i.e. (C-
A) shall be considered in the place of B.
In such cases, (C-A) is compared with Margin obligations of

credit balance clients and the free deposits available with the
Clearing Corporation/clearing member. The value of J, which
is clients' funds utilised towards margin obligations of debit
balance clients and proprietary margin obligations, is
calculated as under:
31
J = (C - A) - (MC + MF)
The value of J, if positive, indicates the extent of clients' funds

utilised towards margin obligations of debit balance clients
and proprietary margin obligations. This value of J acts as an
alert to the Stock Exchanges on the possible misutilisation of
clients' funds towards margin obligations of debit balance
clients and proprietary margin obligations.
15.5.4 Based on the alerts generated, Stock Exchange shall, inter-alia, seek
clarifications, carry out inspections and initiate appropriate actions to
protect the clients’ funds from being misused. Stock Exchanges shall
also maintain records of such clarifications sought and details of such
inspections. The aforesaid calculations are illustrated in tabular format
in Table 5, 6 & 7 given after para 15.11.
15.5.5 Stock Exchanges shall carry out the monitoring of clients’ funds for all
stock brokers, except for those who are carrying out only proprietary
trading and/or only trading for institutional clients.
15.5.6 Stock Brokers shall ensure due compliance in submitting the

information to the Exchanges within the stipulated time.
15.6 Internal Audit of Stock Broker
15.6.1 SEBI has mandated half yearly internal audit for stock brokers/clearing
members. The following additional requirements in relation to internal
auditors shall become applicable:
15.6.2 Appointment and Rotation of Internal auditors
15.6.2.1 Stock Exchanges shall ensure that;
i. Stock Broker obtains from the internal auditor the following

details and shares the same with the Stock Exchange:
a. Declaration stating that the internal auditor or its
directors/partners have no interest in or relation with the
stock broker concerned other than the proposed internal
audit assignment, and
32
b. Details of the internal auditor viz., Name, Address, PAN,
Designation of Auditor, Name & Address of the Audit Firm,
registration number of the Auditor and the Audit firm, any
regulatory action taken against internal
auditor/partner/director, if any, etc.
ii. No stock broker shall appoint or re-appoint—

a. an individual as internal auditor for more than one term of five
consecutive years; and
b. an audit firm as internal auditor for more than two terms of five
consecutive years.
Provided that—
iii. An individual internal auditor who has completed his term under
para ii(a) above shall not be eligible for re-appointment as
internal auditor for the same stock broker for five years from the
completion of his term.
iv. An audit firm which has completed its term under para ii(b) above,
shall not be eligible for re-appointment as internal auditor for the
same stock broker for five years from the completion of such
term; Provided further that as on the date of appointment no audit
firm having a common partner or partners to the other audit firm,
whose tenure has expired in a stock broker immediately
preceding the financial year, shall be appointed as internal
auditor for the same stock broker for a period of five years.
v. The block of five years shall start from FY 2016-17.
15.6.3 Formulation of objective sample criteria for Internal Audit
15.6.3.1 The Stock Exchanges shall, in consultation with each other,

develop for each theme/area of the internal audit, a pre-
defined objective sample criteria, which shall mention not
only the sample size but also the method used for arriving at
the sample size. For example, with respect to verification of
compliance with KYC norms, instead of the current practice
of selecting a minimum number of KYCs, the sample
selected may be a certain percentage of the top clients in
33
each client category (Corporate, Partnership, Individual,
Trust, Others) based on total turnover on the Stock
Exchange and whose account has been opened during the
audit period. For each theme/area of audit, internal audit
report shall clearly specify the sample size verified, number
of instances where adverse observations have been made
as also the details of the adverse observations.
15.6.4 Monitoring of quality of Internal Audit Reports
15.6.4.1 The Stock Exchange shall every year identify a certain

number of internal auditors based on criteria, such as,
number and size of stock brokers audited, discrepancy in
findings of auditor vis-à-vis Stock Exchange inspection,
regulatory actions taken against the
auditor/partners/directors, etc. A certain number of stock
brokers who have been audited by these identified internal
auditors shall be selected for inspection by the Stock
Exchanges. The selection of these stock brokers shall be on
the basis of the Supervisory Risk Rating Score derived from
the Risk Based Supervisory System. Further, the sample and
period of inspection shall be the same as that used for
internal audit.
15.6.4.2 In cases where material deviations are observed between

the findings of the internal audit report and the Stock
Exchange inspection report, the Stock Exchanges shall
caution the stock broker to reconsider the appointment of that
particular internal auditor. The same shall also be brought to
notice of all the stock brokers who are audited by that
particular internal auditor. The Stock Exchange shall also
bring the deviations to the notice of the internal auditor. The
Stock Exchange inspections shall be so planned that at least
one client (i.e. stock broker) of each internal auditor is
covered at least once in three years.
15.6.5 Submissions of Internal Audit Report
15.6.5.1 Stock Brokers shall ensure that the internal audit reports are
submitted to the Exchanges within two months of the end of
34
respective half years for which the audit is being conducted.
The due date for submissions shall be as under:
Table 4
S. Period of Audit Due date for
No. submission
1 For half year ending September November 30th
30th
2 For half year ending March 31st May 31st
15.6.6 Other requirements
15.6.6.1 The Stock Exchanges shall provide a mechanism to enable

the internal auditor to report directly to the Stock Exchanges
in the event of non-cooperation by the stock broker.
15.6.6.2 Stock Exchanges shall ensure that, the Internal Auditors also
monitor the corrective steps taken by the stock brokers to
rectify the deficiencies observed in the inspection carried out
by SEBI/Stock Exchanges and the compliance thereof. The
compliance status shall be made as part of the internal audit
report.
15.7 Monitoring of Financial Strength of Stock Brokers
15.7.1 The Stock Exchanges shall monitor the following financial indicators
and ratios of stock brokers.
15.7.1.1 Financial Indicators:

a. Percentage change in net worth over last year/last
submission.
b. Percentage change in reserves and surplus or in
accumulated losses over last year.
c. Percentage change in advance/margin/collaterals from
customers over last year/submission.
d. Percentage change in inter corporate deposits given over
last year/submission.
35
15.7.1.2 Financial Ratios:
a. (Total outside liabilities i.e. all liabilities of a broker except
those owed to his shareholders) / (Net worth).
b. (Value of Investments or advances or loans to group
companies or associates or firms or entities) / (Net worth).
c. (Value of maximum outstanding inter corporate debt during
the year) / (Net worth).
d. Value of maximum outstanding inter corporate debt during
the year) / (Share capital).
15.7.2 Stock Brokers shall submit financial statements to Stock Exchanges in

the same format as prescribed under the Companies Act, 2013
irrespective of whether they fall under the purview of the Companies
Act, 2013 or not. The due date for submission of the aforesaid financial
statements to Stock Exchanges shall be the same as prescribed under
the Companies Act, 2013 for submission to Registrar of Companies.
15.7.3 No stock broker shall appoint or re-appoint—
15.7.3.1 an individual as statutory auditor for more than one term of five
consecutive years;
and
15.7.3.2 an audit firm as statutory auditor for more than two terms of
five consecutive years:
Provided that –
15.7.4 An individual statutory auditor who has completed his term under para
15.7.3.1 above shall not be eligible for re-appointment as statutory
auditor in the same stock broker for five years from the completion of
his term.
15.7.5 A statutory audit firm which has completed its term under para 15.7.3.2
above, shall not be eligible for re-appointment as statutory auditor in the
same stock broker for five years from the completion of such term.
Provided further that as on the date of appointment no statutory audit

firm having a common partner or partners to the other audit firm, whose
tenure has expired in a stock broker immediately preceding the financial
year, shall be appointed as statutory auditor of the same stock broker
36
for a period of five years.
15.8 Standard Operating Procedures for Stock Brokers/Depository

Participants - Actions to be contemplated by Stock
Exchanges/Depositories for any event based discrepancies
15.8.1 As per existing norms, Stock Exchanges /Depositories are required to

monitor their members/depository participants. It has been decided that
the Stock Exchanges and Depositories shall frame various event based
monitoring criteria based on market dynamics and market intelligence.
An illustrative list of such monitoring criterias are given below:
15.8.1.1 Monitoring criteria for Stock Brokers

a. Failure to furnish Networth certificate to Stock Exchange
within 60 days for half year ending September 30th and half
year ending March 31st.
b. Failure to furnish Internal Audit report to Stock Exchanges for
half year ending September 30th by November 30th and half
year ending March 31st by May 31st.
c. Failure to furnish Annual Audited Accounts by September
30th of the relevant year.
d. Failure to co-operate with the Stock Exchange for conducting
inspection by not submitting all the information/records
sought within 45 days from the due date specified in the letter
of intimation.
e. Failure to submit data for the half yearly Risk Based
Supervision within the time specified by Stock Exchange.
f. Failure to assign appropriate Bank and Demat nomenclature
within the time specified and to report the same to the Stock
Exchanges.
g. Failure to report new bank and demat accounts opened by
the stock broker to exchanges within the time specified for
reporting of such accounts.
h. Complaints pending for more than 30 days and total value of
which is more than 50 per cent of the Networth of the Broker.
i. If, at any point of time, Net worth of the Broker is negative or
lower than 75 per cent of the requirement.
j. In case stock broker shares incomplete/wrong data or fails to
submit data on time.
37
k. Failure to submit financial statements as per timeline
prescribed under Companies Act, 2013.
15.8.1.2 Monitoring criteria for Depository Participants

a. Failure to furnish Networth certificate to Depository for year
ending March 31st by September 30th.
b. Failure to furnish Internal Audit report to Depository for half
year ending September 30th by November 15th and half year
ending March 31st by May 15th.
c. Failure to co-operate with the Depository for conducting
inspection by not submitting all the information/records
sought within 45 days from the due date specified in the letter
of intimation.
d. Failure to submit data for the half yearly Risk Based
Supervision within the time specified by Depositories.
e. Failure to furnish half yearly compliance certificate/report to
Depository for half year ending June 30th by July 30th and
half year ending December 31st by January 31st.
f. Failure to furnish monthly Investor grievance report by 10th
day of next month.
g. In case depository participant shares incomplete/wrong data
or fails to submit data on time.
h. Failure to submit financial statements as per timeline
prescribed by the Depositories.
15.8.1.3 The Stock Exchanges and Depositories shall jointly frame

uniform penal action on stock brokers and depository participants
respectively, in the event of noncompliance with the illustrative
criteria listed above. Provided further that Stock Exchanges and
Depositories may also frame more stringent criteria than as
mentioned above.
15.9 Uploading clients' fund balance and securities balance by the Stock
Brokers on Stock Exchange system
15.9.1 The Stock Exchanges shall put in place a mechanism and ensure that
stock brokers upload the following data on a monthly basis for every client
onto each Stock Exchange system where the broker is a member:
15.9.1.1 Exchange-wise end of day fund balance as per the client ledger,
38
consolidated across all segments and also net funds payable or
receivable by the broker to/from the client across all Exchanges.
15.9.1.2 End of day securities balances ISIN wise (as on last trading day
of the month) and End of day securities balances (as on last
trading day of the month) consolidated ISIN wise (i.e., total
number of ISINs and total number of securities across all ISINs).
15.9.1.3 ISIN wise number of securities pledged, if any, and the funds
raised from the pledging of such securities and consolidated
number of securities pledged (i.e., total number of ISINs and
total number of securities across all ISINs), if any and the funds
raised from the pledging of such securities.
15.9.1.4 The data at Para 15.9.1.1, 15.9.1.2 and 15.9.1.3 pertains to the
last trading day of the month. The stock broker shall submit the
aforesaid data within seven calendar days of the last trading
day of the month.
15.9.1.5 Stock Broker shall not be required to upload the data for the
following clients onto the Stock Exchange system:
a. Custodian settled clients

b. Client with zero funds and securities zero balances and also
not traded in the last 12 months.
15.9.2 Each Stock Exchange shall in turn forward –
15.9.2.1 Information at Para 15.9.1.1, 15.9.1.2 and 15.9.1.3 to clients via

Email on the email IDs uploaded by the stock broker to the
exchange for their clients.
15.9.2.2 Information at Para 15.9.1.1, 15.9.1.2 (only consolidated data)

and 15.9.1.3 (only consolidated data) to clients via SMS on
mobile numbers uploaded by the stock broker to the Exchange
for their clients.
39
15.10 Running Account Settlement19
15.10.1 The stock broker shall ensure that;
15.10.1.1 The settlement of running account of funds of the client

shall be done after considering the End of the day (EOD)
obligation of funds as on the date of settlement across all
the Exchanges on first Friday of the Quarter (i.e., Apr-
Jun, Jul-Sep, Oct-Dec, Jan–Mar) for all the clients i.e.,
the running account of funds shall be settled on first
Friday of October 2022, January 2023, April 2023, July
2023 and so on for all the clients. If first Friday is a trading
holiday, then such settlement shall happen on the
previous trading day.
15.10.1.2 For clients, who have opted for Monthly settlement,

running account shall be settled on first Friday of every
month. If first Friday is a trading holiday, then such
settlement shall happen on the previous trading day.
15.10.1.3 For the purpose of settlement of funds, the mode of

transfer of funds shall be by way of electronic funds
transfer viz., through National Electronic Funds Transfer
(NEFT), Real Time Gross Settlement (RTGS), etc.
15.10.1.4 The required bank details for initiating electronic fund

transfers shall be obtained from new clients and shall be
updated for existing clients. Only in cases where
electronic payment instructions have failed or have been
rejected by the bank, then the stock broker may issue a
physical payment instrument.
15.10.1.5 In cases where physical payment instrument (cheque or

demand draft) is issued by the TM towards the
settlement of running account due to failure of electronic
payment instructions, the date of realization of physical
19
Reference: Circular MIRSD/ SE /Cir-19/2009 dated December 03, 2009,
Circular SEBI/HO/MIRSD/MIRSD2/CIR/P/2016/95 dated September 26, 2016
Circular SEBI/HO/MIRSD/DOP/P/CIR/2021/577 dated June 16, 2021 and
Circular SEBI/HO/MIRSD/DoP/P/CIR/2022/101 dated July 27, 2022
40
instrument into client’s bank account shall be considered
as settlement date and not the date of issue of physical
instrument.
15.10.1.6 Once the TM settles the running account of funds of a

client, an intimation shall be sent to the client by SMS on
mobile number and also by email. The intimation should
also include details about the transfer of funds (in case
of electronic transfer – transaction number and date; in
case of physical payment instruments – instrument
number and date). TM shall send the retention statement
along with the statement of running accounts to the
clients as per the existing provisions within five working
days.
15.11 Providing PAN Number
15.11.1 The stock brokers shall provide Permanent Account Numbers of all
their Directors, Key Management Personnel and dealers to the
Stock Exchanges. Any change in the aforesaid details/information
shall be intimated to the Stock Exchanges within seven days of such
change.
Table 5
RECONCILIATION - Funds of credit balance clients used for settlement obligation

of debit balance clients or for own purpose:
Funds Available in client Clients' Difference Calculate only if G is negative

bank accounts and Funds as
cash/cash equivalent per the
deposits with Clearing client
Corporation/ clearing ledger
member - across all across all
Stock Exchanges Stock
Exchanges
Total of Collateral Total Total Amount Amount of
end of the deposited Credit debit of funds fund used
day with Balance of balance of one for own
balance in Clearing all clients (after client purpose
41
all Client Corporation/ (after adjusting used for (only if
Bank clearing adjusting for open another absolute
Accounts member in for open bills and client value G is
form of bills and uncleared greater
Cash and uncleared cheques) than debit
Cash cheques) balance
Equivalents* clients)
A B C G=(A+B)- D G, if H = |G| -
C |G|< |D| |D|
* Cash equivalents contains other components of collateral deposited by the stock broker,
such as, FD, bank Guarantee etc. excluding the Non- cash component. If G is negative,
then there is utilization of clients' funds for other purposes i.e. either funds of credit
balance clients are being utilized for settlement obligations of debit balance clients or for
the stock brokers' own purposes. The difference has following two components:
Component I: Use of fund of one client for giving exposure to another client
Component II: Use of client fund for own purposes by stock broker
Amount of funds of one client used for settlement obligation another client = Total Debit
balances of all Clients (after adjusting for open bills and uncleared cheques)
Misuse of client’s fund for own purpose = Absolute value of G - Total Debit balances
of all clients (after adjusting for open bills and uncleared cheques)
Table 6
RECONCILIATION - Funds of clients used for Margin obligation of proprietary

trading:
G(if positive) - own Value of Own Non funded Proprietary Difference

money Securities portion of the margin
Deposited as Bank Obligation
Collateral with Guarantee (F) - across all
Clearing across all Stock
Corporation/ Stock Exchanges
Clearing Exchanges
member -
42
across all Stock
Exchanges
G (from the E F P I = P -
reconciliation stage (G+E+F)
I - positive value)
Proprietary Obligation mentioned in column P shall be the sum of cash margin obligations
and derivative margin obligations for proprietary trading as on reporting day.
Table 7
RECONCILIATION - Funds of credit balance clients used for Margin obligations of

debit balance clients and proprietary trading:
Total of end Total Collateral Margin Free/unblocked Difference

of the day Credit deposited utilized for Collateral
balance in all Balance of with positions of deposited with
Client Bank all clients Clearing Credit Clearing
Accounts (after Corporation/ Balance Corporation/
across all adjusting clearing Clients (all clearing
Stock for open member in exchanges) member (MF)
Exchanges bills and form of
uncleared Cash and
cheques)- Cash
across all Equivalents
Stock across all
Exchanges Stock
Exchanges
A (from the C B MC MF B-
reconciliation (MC+MF)
stage 1 - Or (C-A)-
positive (MC+MF)
value)
43
16. Annual System Audit of Stock Brokers / Trading Members20
16.1 System audit guidelines for Stock Brokers / Trading members prescribed below
includes System Audit Process, Auditor Selection Norms and Terms of
Reference (TOR).
16.2 The Stock Exchanges should ensure that system audit of stock brokers / trading
members is conducted in accordance with the prescribed guidelines.
16.3 Exchanges are advised to keep track of findings of system audits of all brokers
on quarterly basis and ensure that all major audit findings, specifically in critical
areas, are rectified / complied in a time bound manner failing which follow up
inspection of such brokers may be taken up for necessary corrective steps /
actions thereafter, if any.
16.4 Stock Exchange should report all major non-compliances / observations of

system auditors, broker wise, on a quarterly basis to SEBI.
Table 8
Stock Broker System Audit Framework
1. Audit Process
1.1. System Audit of stock brokers should be conducted with the following
periodicity:
1.1.1. Annual system audit is prescribed for stock brokers who satisfy any of
the following criteria:
a. Stock Brokers who use [Computer-to-Computer Link (CTCL) or

Intermediate Messaging Layer (IML)] (or other similar trading
facilities) / Internet Based Trading (IBT)/ Direct Market Access
(DMA)/ Securities Trading using Wireless Technology (STWT) /
Smart Order Routing (SOR) and have presence in more than 10
locations or number of terminals are more than fifty.
b. Stock Brokers who are depository participants or are involved in
offering any other financial services.
20 Reference: Circular CIR/MRD/DMS/34/2013 dated November 06, 2013.

44
1.1.2. Half yearly system audit has been prescribed for stock brokers who
use Algorithmic Trading or provide their clients with the facility of
Algorithmic Trading as per SEBI Circular CIR/MRD/16/2013 dated May
21, 2013.
1.1.3. For all other stock brokers, system audit shall be conducted once in
two years.
1.2. Such audit shall be conducted in accordance with the Norms, Terms of
Reference (ToR) and Guidelines issued by SEBI and / or by Stock
Exchanges. Separate ToRs are specified for the following categories of
brokers:
1.2.1. Type I Broker: Brokers who trade through exchange provided

terminals such as NSE’s NEAT, BSE’s BOLT, MCX-SX’s TWS, etc.
(ToR attached as Annexure-3 below);21
1.2.2. Type II Broker: Brokers who trade through API based trading terminals
like [CTCL or IML] or IBT/DMA/STWT or SOR facility and who may
also be TYPE I Brokers. (ToR attached as Annexure-4 below)
1.2.3. Type III Broker: Brokers who use Algorithmic Trading facility to trade
and who may also be TYPE II Brokers. (ToR attached as Annexure-5
below)
1.3. Stock brokers shall select auditors as per the selection norms provided in the
guidelines and directions issued by Stock Exchanges and SEBI from time to
time. The Auditor may perform a maximum of three successive audits of the
stock broker.
1.4. The Stock Exchanges shall periodically review ToR of such system audit
and, if required, shall suitably revise the ToR after taking into consideration
developments that have taken place in the securities market since the last
review of ToR, observations reported in the audit reports of the stock brokers
and directions issued by SEBI from time to time in this regard.
1.5. The auditor in its report shall specify compliance / non-compliance status with
21Vide Letter MRD/DMS/OW/9500/2015 dated March 31, 2015, SEBI informed Stock Exchanges that
System Audit requirement for Type I brokers may be kept on hold till further communication from SEBI.
45
regard to areas mentioned in ToR. Observations on minor / major deviations
as well as qualitative comments for scope for improvement shall also be
specified in the report. The auditor shall also take into consideration the
observations / issues mentioned in the previous audit reports and cover open
items in the report. The audit report submitted by the auditor should be
forwarded to the Stock Exchange by the Stock Broker along with
management comments, within one month of submission of report by the
auditor.
1.6. Stock Exchange shall ensure that the management of the stock broker
provides their comment about the non-compliance / non-conformities (NCs)
and observations mentioned in the report. For each NC, specific time-bound
(within 3 months of submission of report by the exchange) corrective action
must be taken and reported to the Stock Exchange. The auditor should
indicate if a follow-on audit is required to review the status of NCs.
1.7. In order to ensure that the corrective actions are taken by the stock broker,
follow-on audit, if any, shall be scheduled by the stock broker within 6 months
of submission of the audit report by the system auditor.
1.8. The system auditors should follow the reporting standard as specified in
Annexure-6 of this Framework for the executive summary of the System
Audit report to highlight the major findings of the System Audit.
2. Auditor Selection Norms
2.1. The Auditor shall have minimum three years of experience in IT audit of
securities market participants e.g. Stock Exchanges, Clearing Corporation,
Depositories, stock brokers, depository participants etc. The audit
experience should cover all the major areas mentioned under Terms of
Reference (ToR) of the system audit specified by SEBI / Stock Exchange.
2.2. It is recommended that resources employed shall have relevant industry

recognized certifications e.g. D.I.S.A. (ICAI) Qualification, CISA (Certified
Information System Auditor) from ISACA, CISM (Certified Information
Securities Manager) from ISACA, CISSP (Certified Information Systems
Security Professional) from International Information Systems Security
Certification Consortium, commonly known as (ISC).
2.3. The Auditor should have experience of IT audit/governance frameworks and

46
processes conforming to industry leading practices like CobiT.
2.4. The Auditor shall not have any conflict of interest in conducting fair, objective
and independent audit of the stock broker. Further, the directors / partners of
Auditor firm shall not be related to any stock broker including its directors or
promoters either directly or indirectly.
2.5. The Auditor shall not have any cases pending against its previous audited
companies/firms, which fall under SEBI’s jurisdiction, which point to its
incompetence and/or unsuitability to perform the audit task.
17. Early Warning Mechanism to prevent diversion of client securities22
17.1 It has been decided to put in place an Early Warning Mechanism and sharing
of information between Stock Exchanges, Depositories and Clearing
Corporations to detect the diversion of client’s securities by the stock broker at
an early stage so as to take appropriate preventive measures. The threshold
for such early warning signals shall be decided by the Stock Exchanges,
Depositories and Clearing Corporations with mutual consultation.
17.2 Early warning signals, for prevention of diversion of clients' securities, may
include the following:
17.2.1 Deterioration in financial health of the stock broker/ depository

participant based on any of the following parameters:
a) Significant reduction in net worth over previous half-year /year.
b) Significant losses in the previous half years / years.
c) Delay in reporting of Annual Report, Balance Sheet, Internal Audit
Reports, Risk Based Supervision (RBS) data and any other data
related to its financial health to the Stock Exchanges /Depositories.
d) Failure to submit information sought by the Stock Exchange/
Depositories on its dealing with related parties / promoters.
e) Significant mark-to-market loss on proprietary account/ related party
accounts
f) Repeated instances of pay-in shortages.
g) Significant trading exposure or amount of loans or advances given to
and investments made in related parties/ group.
22
Reference: Circular SEBI/HO/MIRSD/DOP/CIR/P/2018/153 dated December 17,2018
47
h) Sudden activation of significant number of dormant client's accounts
and / or significant activity in the dormant account/s.
i) Significant number of UCC modifications.
j) Resignation of Statutory Auditors or Directors.
17.2.2 Early warning signals in relation to securities pledge transactions by the

stock broker to be identified by the Depositories and shall be shared
with Stock Exchanges which may include:
a) Alerts for stock brokers maintaining multiple proprietary demat
accounts and opening any new demat account in the name of stock
broker for client purpose.
b) Movement of shares to / from a large number of clients' demat
accounts or large value shares to stock broker proprietary accounts
and vice a versa.
c) Transfer of large value of shares through off-market transfers other
than for settlement purposes.
d) Invocation of pledge of securities by lenders against stock broker or
his clients.
e) Significant depletion of client's shares in the stock broker client
account maintained by the stock broker.
17.2.3 Increase in number of investor complaints against the stock

broker/depository participant alleging un-authorized trading /
unauthorized delivery instructions being processed and non-receipt of
funds and securities and non-resolution of the same.
17.2.4 Alerts generated from the monthly / weekly submissions made by stock
broker under Risk Based Supervision (RBS) or Enhanced Supervision
to the Stock Exchanges.
a) Non-recovery of significant dues from debit balance clients over a
period of time.
b) Significant dues to credit balance clients over a period of time.
c) Failure by stock broker to upload weekly data regarding monitoring
of clients' funds as specified in SEBI's circular on Enhanced
Supervision, for three consecutive weeks.
d) Pledging securities in case of clients having credit balance and using
the funds so raised against them for own purposes or for funding
debit balance of clients.
e) Mis-reporting / wrong reporting about the client funds / securities.
f) Significant increase in RBS score.
48
17.2.5 Stock broker’s terminal disabled for certain number of days in any
segment / Stock Exchange in previous quarter.
17.2.6 Stock Exchanges and Depositories shall frame an internal policy

/guidelines regarding non-cooperation by stock brokers and depository
participants during inspections which shall lay down the time period, the
type of documents critical for closing the inspections, which if not
submitted, can be treated as non-cooperation.
I. Failure to submit data sought for inspections especially relating to
bank/demat accounts. client ledgers etc. despite repeated reminders.
II. Failure to provide reasonable access to the records or any office
premises.
17.3 Stock Exchanges/ Clearing Corporations/ Depositories, shall devise a

mechanism to detect diversion of clients’ securities and to share information
among themselves in respect of:
17.3.1 Diversion of pay-out of securities to non-client accounts
17.3.2 Mis-matches between gross (client-wise) securities pay-in and pay-out

files of a stock brokers generated by the Clearing Corporation which
shall be compared with actual transfer of securities to/from the client’s
depository accounts by the Depository. The cases of any mismatch
found out by the Depository shall be informed to the concerned Stock
Exchange / Clearing Corporation.
17.3.3 Stock Exchange shall seek clarification from the concerned stock broker
on the mismatches reported by Depository and identify transfer to a non-
client/third party, without any trade obligation.
17.3.4 Such information on wrong / fraudulent / unauthorized transfer shall be

shared by the Stock Exchange with other Stock Exchanges.
17.4 Any other alerts as the Stock Exchanges / Clearing Corporations and
Depositories may deem fit.
17.5 Alerts triggered at one Stock Exchange / Clearing Corporation/ Depository

through early warning mechanism shall be immediately shared with other Stock
Exchanges / Depositories with respect to the stock broker / depository
participant.
49
17.6 Based on the analysis of the early warning data, if it is established that the stock
broker's financial health has deteriorated and/ or he has made unauthorized
transfer of funds / securities of the client, in such cases Stock Exchanges /
Depositories shall jointly take preventive actions on the stock broker which may
include one or more of, but not limited, to the following:
17.6.1 Actions to be initiated by the Stock Exchanges like:

17.6.1.1 Blocking of certain percentage of available collaterals
towards margin.
17.6.1.2 Check securities register in respect of securities received

and transferred against pay-in /pay-out against settlement
17.6.1.3 Check details of funds and securities available with the

clearing member, Clearing Corporation and the Depository
of that stock broker.
17.6.1.4 Impose limits on proprietary trading by the stock broker.
17.6.1.5 Prescribe and monitor shorter time duration for settlement

of Running Account of clients.
17.6.1.6 Conduct meeting with the designated directors of the stock

broker to seek appropriate explanation.
17.6.1.7 Uniform action of deactivation of trading terminals by all

Stock Exchanges based on the communication received
from other Stock Exchange.
17.6.1.8 Initiate inspection of the stock broker / depository

participant.
17.6.1.9 Cross check information submitted by stock broker with

other independent sources like collateral details with the
Clearing Corporation, transactions in Bank and
Depositories, with statement collected directly etc.
17.6.1.10 Where client money and securities diversion is suspected,

appointed forensic auditor to trace trails of entire funds and
50
securities of clients.
17.6.2 Actions to be taken by the Depositories:
17.6.2.1 Imposition of 100% concurrent audit on the depository

participant.
17.6.2.2 Cessation/ restriction on uses of Power of Attorney (POA)

given to stock broker by clients mapped to such brokers
only to meet settlement obligation of that client. Clients to
issue instructions electronically or through Delivery
Instruction Slip (DIS) for delivery of shares for off market
transfers.
17.6.3 Any other measures that Stock Exchanges/ Clearing Corporations/

Depositories may deem fit.
18. Enhanced obligations and responsibilities on Qualified Stock Brokers

(QSBs)23
18.1 In order to further strengthen the compliance and monitoring requirements

relating to stock brokers and to ensure efficient functioning of securities
market, SEBI, vide Gazette Notification dated January 17, 2023, amended the
SEBI (Stock Broker) Regulations, 1992 for designating certain stock brokers,
having regard to their size and scale of operations, likely impact on investors
and securities market, as well as governance and service standards, as
Qualified Stock Brokers (QSBs), on the basis of certain parameters and
appropriate weightages thereon.
18.2 The stock broker designated as a QSB shall be required to meet enhanced
obligations and discharge responsibilities to ensure appropriate governance
structure, appropriate risk management policy and processes, scalable
infrastructure and appropriate technical capacity, framework for orderly
winding down, robust cyber security framework, and investor services
including online compliant redressal mechanism.
18.3 This circular details the parameters which shall be considered for designating
a stock broker as QSB, enhanced obligations and responsibilities which shall
23
Reference: Circular SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2023/24 dated February 06, 2023
51
be cast on such QSBs and guidelines on enhanced monitoring of QSBs which
shall be carried out by Market Infrastructure Institutions (MIIs).
18.4 Parameters for designating a stock broker as QSB:
18.4.1 Initially, the following parameters shall be considered for designating a

stock broker as QSB:
18.4.1.1 the total number of active clients of the stock broker;

18.4.1.2 the available total assets of clients with the stock broker;
18.4.1.3 the trading volumes of the stock broker (excluding the
proprietary trading volume of the stock broker); and
18.4.1.4 the end of day margin obligations of all clients of a stock broker
(excluding the proprietary margin obligation of the stock broker
in all segments)
Procedure for assigning score to a stock broker:
18.4.2 The following procedure shall be followed to assign score to a stock
broker, based on the parameters enumerated at para 18.4.1 above:
18.4.2.1 For each stock broker, individual score for a particular

parameter shall be calculated by dividing the individual
parameter by the aggregate of the respective parameter
summed across all stock brokers, i.e., a stock broker’s count
of active clients will be divided by the aggregate count of active
clients of all stock brokers and similarly individual scores shall
be calculated for other parameters as well.
18.4.2.2 Then, total score shall be calculated by adding individual score

of all the parameters. For calculating the scores for a particular
financial year, parameters as on December 31st of such
financial year shall be considered.
Identification of QSBs:
18.4.3 Initially, stock brokers with a total score greater than or equal to five
based on the parameters enumerated at para 18.4.1 above, shall be
identified as QSBs. The first such list of QSBs shall be prepared on the
basis of parameters as on December 31, 2022.
18.4.4 The framework may be extended to more stock brokers in due course,
if necessary, including, by considering the following additional
52
parameters:
18.4.4.1 compliance score of the stock broker;
18.4.4.2 grievance redressal score of the stock broker; and
18.4.4.3 the proprietary trading volumes of the stock broker.
18.4.5 The scores shall be calculated on annual basis (financial year) and the
revised list of QSBs shall be released jointly by stock exchanges, in
consultation with SEBI.
18.4.6 The QSBs which no longer belong to the revised list, shall continue to
comply with the enhanced obligations and responsibilities, for an
additional period of 3 financial years or such time, as may be specified
by SEBI/stock exchanges.
18.5 Enhanced obligations and responsibilities for QSBs:
18.5.1 Governance structure and processes:

18.5.1.1 The Board of Directors (BoD) or analogous body of QSBs shall
exercise oversight over incidents/vulnerabilities having an
impact on functioning of the QSB in the securities market and
investor protection including data security breaches that can
affect investor data.
18.5.1.2 Further, QSBs shall have committees of the Board of Directors

(BoD) or analogous body such as Audit Committee (for listed
QSBs), Nomination and Remuneration Committee, Risk
Management Committee, Information Technology (IT)
Committee, Cybersecurity Committee and any other
committee as mandated by SEBI from time to time.
a) The Chief Financial Officer (CFO) or analogous person of

the QSB shall submit to the audit committee, details in
respect of financial status of the entity, disclosure of any
related party transactions, inter-corporate loans and
investments, internal financial controls and risk
management systems, compliance with listing and other
legal requirements relating to financial statements,
adherence to regulatory provisions etc.
b) QSBs shall, before appointing directors, Key Managerial

53
Personnel (KMP) and other employees, consult the
nomination and remuneration committee with regard to their
appointment, tenure and remuneration.
c) QSBs shall seek inputs from various committees such as

risk management committee and cybersecurity committee
while framing policies relating to respective areas such as
risk management of the organization and, establishing a
robust cyber security framework and augmenting IT
infrastructure and scalability of operations.
18.5.1.3 QSBs shall submit an annual report to the stock exchanges

regarding the observations of the committees of BOD or
analogous body, corrective action taken by the QSB and
measures taken to prevent recurrence of such incidents.
18.5.2 Risk Management Policy and Processes:

18.5.2.1 QSBs shall devise a clear and a well-documented risk
management policy which encompasses the following:
a) List of all relevant risks which may have to be borne by the

QSBs such as:
i. risks which can arise during KYC and account opening

process such as submission of incomplete KYC forms by
the clients, submission of fake information with an
intention to commit frauds and non-updation of
information submitted as and when there is any change
in the information submitted during KYC;
ii. operational risks such as faulty systems which can cause

erroneous execution of orders from clients’ account
and/or unauthorized trading on behalf of the client and
misutilization of client’s sensitive information by any
employee of the QSBs;
iii. technology risks which include technical glitches and

cyber-attacks; and
iv. general risks such as fraud risk, credit risk, market risk,
54
legal risk, reputation risk and risk due to outsourcing of
activities to third parties.
18.5.2.2 Such risk management policy shall:
a) strive to address the root cause of the risks and try to

prevent recurrence of such risks;
b) enable early identification and prevention of risk;
c) assess the likely impact of a probable risk event on various

aspects of the functioning of the QSB such as impact on
investors, financial loss to the QSB, impact on other
stakeholders in the market, reputational loss etc. and lay
down measures to minimize the impact of such event and
d) assign accountability and responsibility of Key Managerial

Personnel (KMP) in the organization.
Surveillance of client behaviour:

18.5.2.3 The risk management framework shall have measures for
carrying out surveillance of client behaviour through analyzing
the pattern of trading done by clients, detection of any unusual
activity being done by such clients, reporting the same to stock
exchanges and taking necessary measures to prevent any
kind of fraudulent activity in the market in terms of the
regulatory requirements prescribed by SEBI and MIIs.
Ensuring Integrity of Operations:

18.5.2.4 QSBs shall maintain adequate human resources, systems,
processes and procedures for seamless running of operations
and protection of investor data.
18.5.2.5 The staff of the QSBs shall be given the necessary resources
and support to carry out their duties effectively and efficiently.
The QSBs shall train their employees at regular intervals in
matters relating to the activities being handled by them.
18.5.2.6 A CXO level officer shall be designated as responsible for

managing key risks, i.e., Chief Compliance Officer
55
(responsible for all regulatory compliance related activities),
Chief Information Security Officer (responsible for all cyber
security related activities), Chief Risk Officer (responsible for
overall risk management associated with functioning of the
QSB).
18.5.2.7 QSBs shall employ adequate tools to automate process of risk

management, reporting and compliance.
18.5.2.8 The risk management policy shall be reviewed on half yearly

basis by the QSB and a report in this regard shall be submitted
by the risk management committee of the QSB to the stock
exchange.
18.5.2.9 The BoD/senior management shall view any recurrence of a

particular incident seriously and take prompt and appropriate
action including fixation of accountability.
18.5.3 Scalable infrastructure and appropriate technical capacity:

18.5.3.1 The QSBs shall put in place a policy framework, approved by
its IT committee, for upgradation of infrastructure and
technology from time to time to ensure smooth functioning and
scalability for delivering services to investors at all times. Such
framework should be reviewed on half-yearly basis.
18.5.3.2 QSBs shall, at all times, maintain adequate technical capacity

to process 2 times the peak transaction load encountered
during the preceding half year and shall also fulfill all other
requirements as specified by SEBI/MIIs from time to time, in
this regard.
18.5.4 Framework for orderly winding down:

18.5.4.1 QSB shall put in place, a framework for orderly wind down of
its business to ensure continuity of services to its clients in
case of closure of business by the QSB due to its inability to
provide services to its clients or meet the prescribed regulatory
requirements or any other reason. Such wind-down framework
shall encompass the following:
a) Seamless portability of its clients to other SEBI registered

56
stock brokers while protecting the funds and securities of
such clients;
b) Providing all necessary support to the clients to ensure a

smooth and secure transfer process;
c) Providing adequate notice to the clients before winding

down of the operations after taking approval of the stock
exchanges; and
d) Preventing any significant impact on the market and

inconvenience to the investors.
18.5.4.2 In case of wind down which may happen due to regulatory

action, erosion of networth of the QSB etc., such wind down of
operations of the QSB will be implemented under the
supervision of the stock exchange.
18.5.5 Robust cyber security framework and processes:

18.5.5.1 Digitalization and online platforms have given rise to need for
effective mitigation of information and cyber risks. SEBI, has
specified the framework on cybersecurity and cyber resilience
to be followed by all stock brokers.
18.5.5.2 However, QSBs handle sensitive data of a large number of the

investors in the securities market and any cyber-attack on the
systems of a QSB can compromise the confidentiality and
integrity of such data.
18.5.5.3 Hence, QSBs shall have additional features in their cyber

security framework which would be commensurate with the
amount of data handled by them. The cyber security
committee of the QSB shall review the framework on half-
yearly basis and review the instances of cyber-attacks, if any,
and take steps to strengthen the cyber security framework of
the QSB.
18.5.5.4 The QSBs shall have a dedicated team of security analysts,

which may include domain experts in the field of cyber security
and resilience, network security and data security which shall
57
carry out the following activities:
a) Prevention of cyber security incidents through continuous

threat analysis, network and host scanning for
vulnerabilities and breaches, deploying adequate and
appropriate technology to prevent attacks originating from
external environment and internal controls to manage
insider threats etc.
b) Monitoring, detection and analysis of potential

intrusions/security incidents in real time and through
historical trending on security-relevant data sources.
c) Operating network defence technologies such as Intrusion

Detection Systems (IDSes) and data collection/analysis
systems.
d) Conducting cyber-attack simulation on quarterly basis to aid

in developing cyber resiliency measures and test the
adequacy and effectiveness of the framework adopted.
e) Conducting awareness and training programs for its

employees with regard to cyber security and situational
awareness on quarterly basis.
f) Prevention of attacks similar to those already faced.
18.5.5.5 Such dedicated team shall submit a quarterly report to the BoD
of QSB, on above mentioned activities carried out by them
along with details of cybersecurity incidents which occurred
and details of incidents which were prevented from occurring.
18.5.5.6 The dedicated team of security analysts shall report to Chief

Information Security Officer (CISO) of the QSB and such CISO
shall be designated as a Key Managerial Personnel (KMP)
and shall directly report to the MD &CEO of the QSB.
18.5.5.7 The QSB should have well-defined and documented

processes for monitoring of its systems and networks, analysis
of cyber security threats and potential intrusions / security
58
incidents, usage of appropriate technology tools, classification
of threats and attacks, escalation hierarchy of incidents,
response to threats and breaches, and reporting of the
incidents.
Vulnerability Assessment and Penetration Testing (VAPT)
18.5.5.8 QSBs shall carry out continuous assessment of the threat
landscape faced by them and on half yearly basis, conduct
vulnerability assessment to detect security vulnerabilities in
their IT environments exposed to internet.
18.5.5.9 QSB shall also carry out penetration tests on half-yearly basis,
in order to conduct an in-depth evaluation of the security
posture of the system through simulations of actual attacks on
its systems and networks that are exposed to the internet.
Business Continuity Plan:
18.5.5.10 QSB shall put in place a comprehensive Business Continuity
Plan (BCP) and such policy shall be reviewed on half-yearly
basis to minimize the incidents affecting the business
continuity.
18.5.5.11 QSB shall develop and document mechanisms and standard

operating procedures to recover from the cyber-attacks within
the stipulated Recovery Time Objective (RTO) of the QSB,
various scenarios and standard operating procedures for
resuming operations from Disaster Recovery (DR) site of
QSB.
18.5.5.12 The CISO of the QSB shall review the implementation of the
BCP and SOP on DR on monthly basis and submit a report to
the board of QSBs.
18.5.5.13 All the provisions applicable to specified stock brokers (as

stated in SEBI circular SEBI/HO/MIRSD/TPD-
1/P/CIR/2022/160 dated November 25, 2022 regarding
Framework to address the ‘technical glitches’ in Stock Brokers’
Electronic Trading Systems) shall also be applicable to the
QSBs.
Periodic Audit
18.5.5.14 QSBs shall arrange to have their systems audited on half-
59
yearly basis by a CERT-IN empanelled auditor to check
compliance with the above mentioned requirements related to
cyber security and other circulars of SEBI on cybersecurity
and technical glitches, to the extent they are relevant to them
and shall submit the report to stock exchanges along with the
comments of the cybersecurity committee within one month of
completion of the half year.
18.5.6 Investor Services including online complaint redressal

mechanism:
18.5.6.1 QSBs must have investor service centers in all cities where
they have branches.
18.5.6.2 QSBs shall have online capabilities for engaging with clients,
responding to investor queries and seamless facility for filing
complaints by investors and clearly defined escalation
procedures.
18.5.6.3 The complaints redressal mechanism should be investor

friendly and convenient. The same should have capabilities of
being retrieved easily by the complainant online through
complaint reference number, e-mail id, mobile no. etc.
18.6 Enhanced Monitoring of QSBs:

18.6.1 QSBs shall be subjected to enhanced monitoring and surveillance
including additional submissions to be made to MIIs/SEBI, as and when
sought.
18.6.2 Stock Exchanges, in consultation with SEBI, shall carry out annual
inspection of QSBs and communicate the findings of such inspection
along with action taken report to SEBI.
18.6.3 Stock Exchanges shall devise a comprehensive framework to carry out

enhanced monitoring of such QSBs. An illustrative list of areas is as
follows:
i. Funds and securities of clients which are handled by the QSB;
ii. Significant changes in net-worth of the QSB;
iii. Significant changes in profits/losses, as compared to previous
financial year;
60
iv. Adverse findings in audit reports;
v. Adherence to prescribed timelines in case of various periodic
submissions to be made by QSB;
vi. Timely submission of any information sought by SEBI/MIIs;
vii. Adherence to enhanced obligations and responsibilities stated in this
circular; and
viii. Quality of services being provided to investors.
18.6.4 In case of any deviation/violation observed, Stock Exchanges shall take

necessary steps to ensure that the same is corrected by QSBs including
initiating disciplinary action, wherever found necessary, in accordance
with the relevant regulatory provisions/bye-laws.
18.7 The provisions at para 18 (excluding para 18.4) shall come into effect from July
01, 2023.
61
III. DEALINGS WITH CLIENT
19. Unique Client Code24
19.1. It shall be mandatory for the broker to use unique client code for all clients. For
this purpose, the broker shall collect and maintain in their back office the
Permanent Account Number (PAN) allotted by the Income Tax Department for
all their clients.
19.2. In case of other entities –
19.2.1. Brokers shall verify the documents with respect to the unique code and
retain a copy of the document.
19.2.2. The brokers shall also be required to furnish the above particulars of
their clients to the Stock Exchanges/Clearing Corporations and the
same would be updated on a monthly basis. Such information for a
specific month should reach the exchange within seven working days of
the following month.
19.2.3. The Stock Exchanges shall be required to maintain a database of client

details submitted by brokers. Historical records of all quarterly
submissions shall be maintained for a period of seven years by the
exchanges.
19.3. Mapping of Unique Client Code(UCC) with demat account of clients:25
For mapping of UCC with the demat account of the clients, the following
Mechanism has been implemented in discussion with the Stock exchange and
Depositories.
19.3.1. UCC allotted by the trading member (TM) to the client shall be mapped
with the demat account of the client.
19.3.2. A client may trade through multiple TMs in which case each such UCC
shall be mapped with one or more demat account(s).
24 Reference: Circular SMDRP/POLICY/CIR-39/2001 dated July 18, 2001 and Circular

SEBI/MRD/SE/CIR-34/2003/29/09 dated September 29, 2003.
25
Reference: Circular SEBI/HO/MIRSD/DOP/CIR/P/2019/136 dated November 15, 2019
62
19.3.3. Stock Exchanges shall share the UCC data with the Depositories which
shall include the PAN, segment, TM/CM code and UCC allotted. Such
UCC data, in respect of new UCCs created, shall be shared with the
Depositories, on a daily basis.
19.3.4. Depositories shall map the UCC data in the demat account based on
the PAN provided in the UCC database.
19.3.5. Clients may make a request to their depository participants to delink or

add UCC details which shall be processed by the Depository through
depository participants. Before any addition of UCC in the demat
account, the Depositories shall validate the same with the Stock
Exchanges / client.
19.3.6 Stock Exchanges and Depositories shall have a mechanism in place to

address clients’ complaints with regard to UCC mapping with their
demat accounts.
19.3.7 Stock Exchanges and Depositories shall have a mechanism in place to

ensure that inactive, non-operational UCCs are not misused and also a
mechanism to ensure that inactive, non-operational UCCs are weeded
out in the process of mapping clients’ UCC with their demat account.
20. Simplification and Rationalization of Trading Account Opening Process26
20.1. SEBI has devised the uniform documentation to be followed by all the stock
brokers / trading members; a copy thereof to be provided by them to the clients.
The details of such documents are listed below:
20.1.1 Index of documents giving details of various documents for client

account opening process: Annexure-7
20.1.2 Client Account Opening Form in two parts:
26Reference: Circular CIR/MIRSD/16/2011 dated August 22, 2011,

Circular MIRSD/SE/CIR-21/2011 dated October 05, 2011,
Circular CIR/MIRSD/13/2013 dated December 26, 2013 and
Circular CIR/MIRSD/64/2016 dated July 12, 2016,
Circular CIR/MIRSD/66/2016 dated July 21, 2016 and
Circular SEBI/HO/MIRSD/DOP/CIR/P/2021/31 dated March 10, 2021.
63
20.1.2.1 Know Your Client (KYC) form capturing the basic information
about the client and instruction/check list to fill up the form:
The KYC template finalised by Central Registry of Securitization

and Asset Reconstruction and Security interest of India (CERSAI)
and as specified by SEBI through various circulars issued from
time to time, shall be used by the registered intermediaries as Part
I of AOF for individuals and legal entities.
20.1.2.2 Document capturing additional information about the client related

to trading account: Annexure-8
20.1.3 Document stating the Rights & Obligations of stock broker, and client
for trading on exchanges (including additional rights & obligations in
case of internet / wireless technology based trading): Annexure-9
20.1.4 Uniform Risk Disclosure Documents (for all segments / exchanges):

Annexure-10
20.1.5 Guidance Note detailing Do’s and Don’ts for trading on exchanges:
Annexure-11
20.2. In the account opening process, the stock brokers / trading members would
also give the following useful information to the clients:
20.2.1 A tariff sheet specifying various charges, including brokerage, payable

by the client to avoid any disputes at a later date.
20.2.2 Information on contact details of senior officials within the stock broking
firm and investor grievance cell in the Stock Exchange, so that the client
can approach them in case of any grievance.
20.3. It may be noted that any voluntary clause / document added by the stock
brokers shall form part of the non-mandatory documents. The stock broker
shall ensure that any voluntary clause/document shall neither dilute the
responsibility of the stock broker nor it shall be in conflict with any of the
clauses in the mandatory documents, Rules, Bye-laws, Regulations, Notices,
Guidelines and Circulars issued by SEBI and the Stock Exchanges from time
to time. Any such clause introduced in the existing as well as new documents
shall stand null and void.
64
20.4. The client will now be required to sign only on one document i.e. Account
Opening Form. Further, in the same form, the client shall continue to put his
signatures instead of saying ‘yes’ or ‘tick mark’ while indicating preferences for
trading in different exchanges / segments, in accordance with existing
requirements. However, in case the investor wants to avail Running Account
facility, execute Power of Attorney, Demat Debit and Pledge Instruction27 etc.,
he would have to give specific authorization to the stock broker in order to
avoid any dispute in the future.
20.5. In case the stock broker is also a depository participant, he can use the same
KYC form (as specified at para 20.1.2.1 above) for basic details and take
additional information pertaining to demat account.
20.6. Stock Broker shall make available these standard documents to the clients,
either in electronic or physical form, depending upon the preference of the
client as part of account opening kit. The preference of the client shall be
sought as part of the account opening form. In case the documents are made
available in electronic form, stock broker shall maintain logs of the same.
20.7. Stock Exchanges / stock brokers shall continue to make the documents
mentioned in para 20.1.3 to 20.1.5 above, available on their website and keep
the clients informed about the same.
20.8. Further, with a view to bring about uniformity in securities markets, the KYC
form at para 20.1.2.1 above and supporting documents shall also be used by
Depository Participants, Mutual Funds, Portfolio Managers, Collective
Investment Schemes and Venture Capital Funds. The KYC form shall be filled
by an investor at the account opening stage while dealing with any of the above
intermediaries. Additional details specific to the area of activity of the
intermediary being obtained now but not covered in the KYC form shall also
be obtained from the investors in Part II of the account opening form.
21. Nomination for Eligible Trading Accounts28
21.1 In line with Section 72 of Companies Act, 2013 on nomination by a holder of

securities, investors opening new trading account(s) shall have the choice of
27
Reference: Circular SEBI/HO/MIRSD/DoP/P/CIR/2022/44 dated April 04, 2022.
28
Reference: Circular SEBI/HO/MIRSD/RTAMB/CIR/P/2021/601 dated July 23, 2021, Circular
SEBI/HO/MIRSD/MIRSD_RTAMB/P/CIR/2022/23 dated February 24, 2022 and Circular
SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2023/42 dated March 27, 2023.
65
providing nomination or opting out nomination, as follows;
a. The format for nomination form is given in Annexure-12 to this circular
b. Opt out of nomination through ‘Declaration Form’, as provided in
Annexure-13 to this circular.
21.2 In this regard, Trading Members shall activate new trading accounts only upon
receipt of above formats.
21.3 The nomination and Declaration form shall be signed under wet signature of
the account holder(s) and witness shall not be required. However, if the
account holder(s) affixes thumb impression (instead of wet signature), then
witness signature shall be required in the forms.
21.4 The on-line nomination and Declaration form may also be signed using e-Sign
facility and in that case witness will not be required.
21.5 Trading Members shall ensure that adequate systems are in place including
for providing for e-Sign facility and also take all necessary steps to maintain
confidentiality and safety of client records.
21.6 Existing investors who have not submitted nomination details till date and
intend to submit their nomination or opt out of nomination (not to nominate any
one) may also be allowed to do so by way of two factor authentication (2FA)
login on the internet trading platform for Stock Brokers providing such services.
21.7 Further, all existing eligible trading account holders shall provide choice of
nomination as per the option given in para 21.1 above, on or before September
30, 2023, failing which the trading accounts shall be frozen for trading.
21.8 Stock Brokers shall encourage their clients to update ‘choice of nomination’ by
sending a communication on fortnightly basis by way of emails and SMS to all
such UCCs wherein the ‘choice of nomination’ is not captured. The
communication shall provide guidance through which the client can provide
his/her ‘choice of nomination’.
21.9 Re-submission of nomination details shall be optional for the existing investors
who have already provided the nomination details prior to July 23, 2021.
21.10 The details required in the form at Annexure 12 of the circular viz. mobile number,
66
e-mail ID and identification details of the nominee(s)/ guardian(s) of the minor
nominee(s) are optional.
22. Requirements relating to dealings between a Client and a Stock Broker

(Trading Members included)29
22.1. Running Account Authorization30
22.1.1. Unless otherwise specifically agreed to by a Client, the settlement

of funds shall be done within twenty-four hours of the payout.
However, a client may specifically authorize the stock broker to
maintain a running account subject to the following conditions:
a. The authorization shall be signed by the client only and not by

any authorised person on his behalf or any holder of the Power
of Attorney.
b. The authorisation shall be dated and shall contain a clause that

the clients may revoke the authorisation at any time. The stock
brokers, while sending periodical statement of accounts to the
clients, shall mention therein that their running account
authorisation would continue until it is revoked by the clients.
c. The settlement of running account of funds of the client shall be

done by the TM after considering the End of the day (EOD)
obligation of funds as on the date of settlement across all the
Exchanges on first Friday of the Quarter (i.e., Apr-Jun, Jul-Sep,
Oct-Dec, Jan–Mar) for all the clients i.e., the running account of
funds shall be settled on first Friday of October 2022, January
2023, April 2023, July 2023 and so on for all the clients. If first
Friday is a trading holiday, then such settlement shall happen
on the previous trading day.
d. For clients, who have opted for Monthly settlement, running
29 Reference: Circular MIRSD/SE/CIR-19/2009 dated December 03, 2009,

Circular SEBI/MIRSD/CIR/01/2011 dated May 13, 2011 and
Circular SEBI/HO/MIRSD/MIRSD2/CIR/P/2016/95 dated September 26, 2016.
30
Reference: Circular SEBI/HO/MIRSD/DoP/P/CIR/2022/101 dated July 27, 2022
Circular SEBI/HO/MIRSD/DOP/P/CIR/2021/577 dated June 16, 2021
67
account shall be settled on first Friday of every month. If first
Friday is a trading holiday, then such settlement shall happen
on the previous trading day.
e. Once the TM settles the running account of funds of a client, an

intimation shall be sent to the client by SMS on mobile number
and also by email. The intimation should also include details
about the transfer of funds (in case of electronic transfer –
transaction number and date; in case of physical payment
instruments – instrument number and date). TM shall send the
retention statement along with the statement of running
accounts to the clients as per the existing provisions within five
working days.
f. Client shall bring any dispute on the statement of running

account, to the notice of TM within thirty working days from the
date of the statement.
g. Such periodic settlement of running account may not be

necessary:
i. for clients availing margin trading facility as per SEBI
circular.
ii. for funds received from the clients towards
collaterals/margin in the form of bank guarantee (BG)/Fixed
Deposit receipts (FDR).
h. The stock broker shall transfer the funds / securities lying in the
credit of the client within one working day of the request if the
same are lying with him and within three working days from the
request if the same are lying with the Clearing Member/Clearing
Corporation.
i. There shall be no inter-client adjustments for the purpose of

settlement of the ‘running account’.
j. These conditions shall not apply to institutional clients settling

trades through custodians. The existing practice may continue
for them.
22.2.Authorization for Electronic Contract Notes

68
22.2.1. The stock broker may issue electronic contract notes (ECN) if specifically
authorized by the client subject to the following conditions:
a. The authorization shall be in writing and be signed by the client only

and not by any authorised person on his behalf or holder of the Power
of Attorney.
b. The email id shall not be created by the broker. The client desirous
of receiving ECN shall create/provide his own email id to the stock
broker.
c. The authorization shall have a clause to the effect that that any
change in the email-id shall be communicated by the client through a
physical letter to the broker. In respect of internet clients, the request
for change of email id may be made through the secured access by
way of client specific user id and password.
22.3.The stock broker shall have documentary evidence of financial details provided
by the clients who opt to deal in the derivative segment. In respect of other
clients, the stock broker shall obtain the documents in accordance with its risk
management system.
22.4.There shall be a mandatory document dealing with policies and procedures for
each of the following under appropriate headings:
22.4.1. refusal of orders for penny stocks
22.4.2. setting up client’s exposure limits
22.4.3. applicable brokerage rate
22.4.4. imposition of penalty/delayed payment charges by either party,

specifying the rate and the period (This must not result in funding by the
broker in contravention of the applicable laws)
22.4.5. the right to sell clients’ securities or close clients’ positions, without
giving notice to the client, on account of non-payment of client’s dues
(This shall be limited to the extent of settlement/margin obligation)
22.4.6. shortages in obligations arising out of internal netting of trades
69
22.4.7. conditions under which a client may not be allowed to take further
position or the broker may close the existing position of a client
22.4.8. temporarily suspending or closing a client’s account at the client’s

request, and
22.4.9. deregistering a client
22.5.All the documents in both the mandatory and the non-mandatory parts shall be
printed in minimum font size of 11.
22.6.A copy of all the documents executed by client shall be given to him, free of
charge, within seven days from the date of execution of documents by the client.
The stock broker shall take client’s acknowledgement for receipt of the same.
22.7.The stock brokers having own web-sites shall display all the documents executed
by a client, client’s position, margin and other related information, statement of
accounts, etc. in the web-site and allow secured access by way of client-specific
user id and password.
22.8.The stock broker shall frame the policy regarding treatment of inactive accounts
which should, inter-alia, cover aspects of time period, return of client assets and
procedure for reactivation of the same. It shall display the same on its web site,
if any.
22.9.As on 31st March of every year, a statement of balance of Funds and Securities
in hard form and signed by the broker shall be sent to all the clients.
23. Regulation of Transactions Between Clients and Brokers31
23.1. It shall be compulsory for all Member brokers to keep the money of the clients
in a separate account and their own money in a separate account. No
payment for transactions in which the Member broker is taking a position as
a principal will be allowed to be made from the client’s account. The above
principles and the circumstances under which transfer from client’s account
to Member broker’s account would be allowed are enumerated below.
31 Reference: Circular SMD/SED/CIR/93/23321 dated November 18, 1993 and Circular

CIR/HO/MIRSD/DOP/CIR/P/2019/75 dated June 20, 2019.
70
23.1.1. Member Broker to keep accounts: Every member broker shall keep
such books of accounts, as will be necessary, to show and
distinguish in connection with his business as a member:
a. Moneys received from or on account of each of his clients and

b. the moneys received and the moneys paid on Member’s own
account
23.1.2. Obligation to pay money into "clients’ accounts". Every member

broker who holds or receives money on account of a client shall
forthwith pay such money to current or deposit account at bank to be
kept in the name of the member in the title of which the word "clients"
shall appear (hereinafter referred to as "clients account"). Member
broker may keep one consolidated clients account for all the clients
or accounts in the name of each client, as he thinks fit. Provided that
when a Member broker receives a cheque or draft representing in
part money belonging to the client and in part money due to the
Member, he shall pay the whole of such cheque or draft into the
clients account and effect subsequent transfer as laid down below in
para 23.1.4(b).
23.1.3. What moneys to be paid into "clients account". No money shall be

paid into clients account other than
a. money held or received on account of clients.

b. such money belonging to the Member as may be necessary for
the purpose of opening or maintaining the account.
c. money for replacement of any sum which may by mistake or
accident have been drawn from the account in contravention of
para 23.1.4 given below.
d. a cheque or draft received by the Member representing in part
money belonging to the client and in part money due to the
Member.
23.1.4. What moneys to be withdrawn from "clients account". No money shall

be drawn from clients account other than
a. money properly required for payment to or on behalf of clients or

for or towards payment of a debt due to the Member from clients
or money drawn on client’s authority, or money in respect of
71
which there is a liability of clients to the Member, provided that
money so drawn shall not in any case exceed the total of the
money so held for the time being for such each client;
b. such money belonging to the Member as may have been paid
into the client account under para 23.1.3(b) or 23.1.3(d) given
above;
c. money which may by mistake or accident have been paid into
such account in contravention of para 23.1.3 above.
23.1.5. Right to lien, set-off etc., not affected. Nothing in this para 23.1 shall
deprive a Member broker of any recourse or right, whether by way
of lien, set-off, counter-claim charge or otherwise against moneys
standing to the credit of clients account.
23.2. It shall be compulsory for all Member brokers to keep separate accounts for
client’s securities and to keep such books of accounts, as may be necessary,
to distinguish such securities from his/their own securities. Such accounts for
client’s securities shall, inter-alia provide for the following:
23.2.1. Securities received for sale or kept pending delivery in the market.
23.2.2. Securities fully paid for, pending delivery to clients.

23.2.3. Securities received for transfer or sent for transfer by the Member, in
the name of client or his nominee(s).
23.2.4. Securities that are fully paid for and are held in custody by the Member
as security/margin etc. Proper authorization from client for the same
shall be obtained by Member.
23.2.5. Fully paid for client’s securities registered in the name of Member, if any,
towards margin requirements etc.
23.2.6. Securities given on Vyaj-badla. Member shall obtain authorization from

clients for the same.
23.3. Member Brokers shall make payment to their clients or deliver the securities
purchased within 24 hours of pay-out unless the client has requested
otherwise.
23.4. Member brokers shall issue the contract note for purchase/sale of securities to
72
a client within 24 hours of the execution of the contract.
23.5. In case of sales on behalf of clients, Member broker shall be at liberty to close
out the contract by effecting purchases if the client fails to deliver the securities
sold with valid transfer documents within 48 hours of the contract note having
been delivered or before delivery day (as fixed by Stock Exchange authorities
for the concerned settlement period), whichever is earlier. Loss on the
transaction, if any, will be deductible from the margin money of that client.
24. Collateral deposited by Clients with Brokers32
24.1. For brokers to maintain proper records of client collateral and to prevent
misuse of client collateral, it is advised that:
24.1.1. Brokers should have adequate systems and procedures in place to

ensure that client collateral is not used for any purposes other than
meeting the respective client’s margin requirements / pay-ins.
Brokers should also maintain records to ensure proper audit trail of
use of client collateral.
24.1.2. Brokers should further be able to produce the aforesaid records

during inspection. The records should include details of:
a. Receipt of collateral from client and acknowledgement issued to

client on receipt of collateral.
b. Client authorization for deposit of collateral with Stock Exchange
/ Clearing Corporation / clearing house towards margin.
c. Record of deposit of collateral with Stock Exchange / Clearing
Corporation / Clearing House.
d. Record of return of collateral to client.
e. Credit of corporate action benefits to clients.
24.1.3. The records should be periodically reconciled with the actual

collateral deposited with the broker.
24.1.4. Brokers should issue a daily statement of collateral utilization to

clients which shall include, inter-alia, details of collateral deposited,
collateral utilised and collateral status (available balance / due from
32 Reference: Circular MRD/DoP/SE/CIR-11/2008 dated April 17, 2008.

73
client) with break up in terms of cash, Fixed Deposit Receipts (FDRs),
Bank Guarantee and securities.
24.1.5. In case of complaints against brokers related to misuse of collateral

deposited by clients, exchanges should look into the allegations,
conduct inspection of broker if required and based on its findings take
necessary action.
24.2. In case client collateral is found to be mis-utilised, the broker would attract
appropriate deterrent penalty for violation of norms provided under SCRA
1956, SEBI Act 1992, SEBI Regulations and circulars, Exchange Byelaws,
Rules, Regulations and circulars.
25. Severance of connections with other businesses33
25.1 Rule 8(1)(f) and Rule 8(3)(f) of the SCRR 1957, requires that members of a
Stock Exchange, whether individual, partnership or corporate, shall not
engage in any business other than that of securities. Stock Exchanges should
be ensured that the applicants do not attract the above stated rule.
26. Applicability of Rule 8(1)(f) and 8(3)(f) of the Securities Contract (Regulation)
Rules, 195734
26.1 Borrowing and lending of funds, by a trading member, in connection with or

incidental to or consequential upon the securities business, would not be
disqualified under Rule 8(1)(f) and 8(3)(f) of the SCRR 1957.
27. Mode of payment and delivery35
27.1 Brokers should not accept cash from the client whether against obligations or
as margin for purchase of securities and / or give cash against sale of securities
to the clients.
27.2 All payments shall be received / made by the stock brokers from / to the clients
strictly by account payee crossed cheques/ demand drafts or by way of direct
credit into the bank account through electronic fund transfer, or any other mode
33 Reference: Circular SMD/VRN/1476/95 dated April 27, 1995.

34 Reference: Circular SMD/POLICY/CIR-6/97 dated May 07, 1997.
35 Reference: Circular SEBI/MRD/SE/CIR-33/2003/27/08 dated August 27, 2003 and
Circular: SEBI/HO/MIRSD/DOP/CIR/P/2018/113 dated July 12, 2018

74
permitted by the Reserve Bank of India. The stock brokers shall accept
cheques drawn only by the clients and also issue cheques in favour of the
clients only, for their transactions. Stock Brokers shall not accept cash from
their clients either directly or by way of cash deposit to the bank account of
stock broker.
27.3 Similarly, in the case of securities also, giving / taking delivery of securities in
“demat mode” should be directly to / from the “beneficiary accounts” of the
clients except delivery of securities to a recognized entity under the approved
scheme of the Stock Exchange and / or SEBI.
28. Pre- funded instruments / Electronic fund transfers36
28.1 To address the concerns regarding flow of third party funds / unidentified
money, following guidelines shall be followed:
28.1.1 If the aggregate value of pre-funded instruments is Rs. 50,000/- (fifty

thousand rupees) or more, per day per client, the stock brokers may
accept the instruments only if the same are accompanied by the name
of the bank account holder and number of the bank account debited for
the purpose, duly certified by the issuing bank. The mode of certification
may include the following:
a. Certificate from the issuing bank on its letterhead or on a plain paper

with the seal of the issuing bank.
b. Certified copy of the requisition slip (portion which is retained by the
bank) to issue the instrument.
c. Certified copy of the passbook/bank statement for the account
debited to issue the instrument.
d. Authentication of the bank account-number debited and name of the
account holder by the issuing bank on the reverse of the instrument.
28.1.2 Maintain an audit trail of the funds received through electronic fund
transfers to ensure that the funds are received from their clients only.
29. Disclosure of proprietary trading by Broker to Client37
29.1 With a view to increase the transparency in the dealings between the broker
36 Reference: Circular CIR/MIRSD/03/2011 dated June 09, 2011.

37 Reference: Circular SEBI/MRD/SE/CIR-42/2003 dated November 19, 2003.
75
and the client, every broker shall disclose to his client whether he does client
based business or proprietary trading as well.
29.2 The broker shall disclose this information upfront to his new clients at the time
of entering into the Know Your Client agreement.
29.3 In case of a broker who at present does not trade on proprietary account,
chooses to do so at a later date, he shall be required to disclose this to his
clients before carrying out any proprietary trading.
30. “Pro – account” trading terminal38
30.1 During the course of inspections carried out by SEBI and Stock Exchanges of
the books of accounts and other documents of members, following
observations were made:
30.1.1 Certain members are putting large number of orders on pro-account

from various locations rather than using “pro-account” at the terminals
located at the corporate office from where the owner / directors normally
function.
30.1.2 These trades executed from various locations under “pro-account” are,
many a time, transferred subsequently to the respective clients in the
back office of the members.
30.2 The aforementioned practices clearly violate the requirement of putting the
orders of clients under the appropriate client code through trading terminals.
30.3 With a view to check such misuse of the above facility, if any, Stock Exchanges
are directed to ensure the following: -
30.3.1 Facility of placing orders on “pro-account” through trading terminals

shall be extended only at one location of the members as specified /
required by the members.
30.3.2 Trading terminals located at places other than the above location shall
have a facility to place orders only for and on behalf of a client by
entering client code details as required / specified by the Exchange /
38 Reference: Circular SEBI/MRD/SE/CIR-32/2003/27/08 dated August 27, 2003

76
SEBI.
30.3.3 In case any member requires the facility of using “pro-account” through
trading terminals from more than one location, such member shall be
required to submit an undertaking to the Stock Exchange stating the
reason for using the “pro-account” at multiple locations and the Stock
Exchange may, on case to case basis after due diligence, consider
extending the facility of allowing use of “pro-account” from more than
one location.
31. Review of norms relating to trading by Members39
31.1 Stock Exchanges are directed to ensure the following:
31.1.1 A stock broker of an exchange cannot deal with the brokers of the same
exchange either for proprietary trading or for trading on behalf of clients,
except with the prior permission of the exchange. The Stock Exchanges
while giving such permission, shall consider the reasons stated by the
brokers for dealing with brokers of the same exchange and after
carrying out due diligence allow such brokers to deal with only one stock
broker of the same exchange.
31.1.2 A stock broker of an exchange can deal with only one broker of another
exchange for proprietary trading after intimating the names of such
stock broker to his parent Stock Exchange.
32. Market Access through Authorised Persons40
The framework governing the market access through authorised persons is prescribed
below. This framework provides the minimum requirements and the Stock Exchanges
and stock brokers may prescribe additional requirements, as they may deem
appropriate, in the interest of investors and market.
Regulatory Framework for Market Access through Authorised Persons
32.1 Who is an “Authorised Person”?
39 Reference: Circular SEBI/MIRSD/CIR-06/2004 January 13, 2004

40Reference: Circular MIRSD/DR-1/CIR-16/09 dated November 06, 2009 and Circular
SEBI/CIR/MIRSD/AP/8/2010 dated July 23, 2010.
77
Any person - individual, partnership firm, LLP or body corporate – who is
appointed as such by a stock broker (including trading member) and who
provides access to trading platform of a Stock Exchange as an agent of the stock
broker.
32.2 Appointment of Authorised Person
A stock broker may appoint one or more authorised person(s) after obtaining
specific prior approval from the Stock Exchange concerned for each such
person. The approval as well as the appointment shall be for specific segment of
the exchange.
32.3 Procedure for Appointment
32.3.1 Stock Broker shall select a person in compliance with the criteria laid
down by the Exchange and this framework for appointment as an
authorized person and forward the application of the person to Stock
Exchange for approval.
32.3.2 On receipt of the aforesaid application, the Stock Exchange
a. may accord approval on satisfying itself that the person is eligible

for appointment as authorized person, or
b. may refuse approval on satisfying itself that the person is not eligible
for appointment as authorized person.
32.4 Eligibility Criteria
32.4.1 An individual is eligible to be appointed as authorised person if he:
a. is a citizen of India;
b. is not less than 18 years of age;
c. has not been convicted of any offence involving fraud or dishonesty;
d. has good reputation and character;
e. has passed at least 10th standard or equivalent examination from
an institution recognized by the Government
32.4.2 A partnership firm, LLP or a body corporate is eligible to be appointed

as authorized person
78
a. if all the partners or directors, as the case may be, comply with the
requirements contained in para 32.4.1 above.
b. the object clause of the partnership deed or of the Memorandum of
Association contains a clause permitting the person to deal in
securities business.
32.4.3 The person shall have the necessary infrastructure like adequate office
space, equipment and manpower to effectively discharge the activities
on behalf of the stock broker.
32.4.4 The approved users and/or sales personnel of Authorised Persons shall
have the necessary certification of the respective segments at all points
of time.
32.5 Conditions of Appointment
32.5.1 The following are the conditions of appointment of an authorised

person:
a. The stock broker shall be responsible for all acts of omission and
commission of the authorized person.
b. All acts of omission and commission of the authorized person shall
be deemed to be those of the stock broker.
c. The authorized person shall not receive or pay any money or
securities in its own name or account. All receipts and payments of
securities and funds shall be in the name or account of stock broker.
d. The authorised person shall receive his remuneration - fees, charges,
commission, salary, etc. - for his services only from the stock broker
and he shall not charge any amount from the clients.
e. A person shall not be appointed as authorized person by more than
one stock broker on the same Stock Exchange.
f. A partner or director of an authorised person shall not be appointed
as an authorised person on the same Stock Exchange.
g. The stock broker and authorised person shall enter into written
agreement(s) in the form(s) specified by Exchange. The agreement
shall inter-alia cover scope of the activities, responsibilities,
confidentiality of information, commission sharing, termination
clause, etc.
79
32.6 Withdrawal of Approval
32.6.1 Approval given to an authorised person may be withdrawn by the Stock

Exchange:
a. on receipt of a request to that effect from the stock broker concerned

or the authorised person, subject to compliance with the
requirements prescribed by the Stock Exchange, or
b. on being satisfied that the continuation of authorised person is
detrimental to the interest of investors or securities market or the
authorised person at a subsequent date becomes ineligible under
para 32.4 above.
32.7 Obligations of Stock Broker
32.7.1 The stock broker shall be responsible for all acts of omission and
commission of his authorised person(s) and/or their employees,
including liabilities arising there from.
32.7.2 If any trading terminal is provided by the stock broker to an authorised

person, the place where such trading terminal is located shall be treated
as branch office of the stock broker.
32.7.3 Stock Broker shall display at each branch office additional information
such as particulars of authorised person in charge of that branch, time
lines for dealing through authorised person, etc., as may be specified
by the Stock Exchange.
32.7.4 Stock Broker shall notify changes, if any, in the authorised person to all
registered clients of that branch at least thirty days before the change.
32.7.5 Stock Broker shall conduct periodic inspection of branches assigned to

authorised persons and records of the operations carried out by them.
32.7.6 The client shall be registered with stock broker only. The funds and
securities of the clients shall be settled directly between stock broker
and client and all documents like contract note, statement of funds and
securities would be issued to client by stock broker. Authorised person
may provide administrative assistance in procurement of documents
and settlement but shall not issue any document to client in its own
80
name. No fund/securities of clients shall go to account of authorized
person.
32.7.7 On noticing irregularities, if any, in the operations of authorised person,

stock broker shall seek withdrawal of approval, withhold all moneys due
to authorised person till resolution of investor problems, alert investors
in the location where authorised person operates, file a complaint with
the police, and take all measures required to protect the interest of
investors and market.
32.8 Obligations of Exchange
32.8.1 The Stock Exchange shall maintain a database of all the authorised
persons which shall include the following:
a. PAN Number of authorised person and in case of partnership or

body corporate, PAN Number of all the partners or directors as the
case may be.
b. Details of the broker with whom the authorised person is registered.
c. Locations of branch assigned to authorised person(s).
d. Number of terminals and their details, given to each authorised
person.
e. Withdrawal of approval of authorised person.
f. Change in status or constitution of authorised person.
g. Disciplinary action taken by the Exchange against the authorised
person.
All the above details, except (a) above, shall be made available on web
site of the Stock Exchange.
32.8.2 While conducting the inspection of the stock broker, the Stock
Exchange shall also conduct inspection of branches where the
terminals of authorised persons are located and records of the
operations carried out by them.
32.8.3 Dispute between a client and an authorised person shall be treated as

dispute between the client and the stock broker and the same shall be
redressed by the Stock Exchange accordingly.
32.8.4 In case of withdrawal of approval of authorised person due to

81
disciplinary action, the Stock Exchange shall issue a press release and
disseminate the names of such authorised persons on its website citing
the reason for cancellation.
33. SMS and E-mail alerts to investors by Stock Exchanges41
Stock Exchanges shall send details of the transactions to the investors, by the end
of trading day, through SMS and E-mail alerts. This would be subject to the following
guidelines:
33.1 Applicability –
33.1.1 These guidelines are applicable to equity - cash and derivative -

segments of the Stock Exchanges.
33.2 Uploading of mobile number and E-mail address by stock brokers
33.2.1 Stock Exchanges shall provide a platform to stock brokers to upload the
details of their clients, preferably, in sync with the UCC updation
module.
33.2.2 Stock Brokers shall upload the details of clients, such as, name, mobile
number, address for correspondence and E-mail address.
33.2.3 Stock Brokers shall ensure that the mobile numbers/E-mail addresses
of their employees /remisiers/authorized persons are not uploaded on
behalf of clients.
33.2.4 Stock Brokers shall ensure that separate mobile number/E-mail address
is uploaded for each client. However, under exceptional circumstances,
the stock broker may, at the specific written request of a client, upload
the same mobile number/E-mail address for more than one client
provided such clients belong to one family. ‘Family’ for this purpose
would mean self, spouse, dependent children and dependent parents.
33.3 Verification by the Stock Exchanges
33.3.1 After uploading of details by the stock brokers, the Stock Exchanges
41Reference: Circular CIR/MIRSD/15/2011 dated August 02, 2011 and SEBI communication SE/10118
dated October 12, 1992.
82
shall take necessary steps to verify the details by any mode as
considered appropriate by them which may include the following:
a. By way of sending SMS and E-mail directly to the investors at the

numbers/E-mail address uploaded by the stock brokers.
b. By way of sending letters to the address of the investors uploaded by
the stock brokers.
33.4 Sending of alerts by the Stock Exchanges
33.4.1 Upon receipt of confirmation from the investors, the Stock Exchanges
shall commence sending the transaction details generated based on
investors’ Permanent Account Number, directly to them.
33.5 Handling of discrepancies, if any
33.5.1 If any discrepancy is observed by the Stock Exchanges in the details

uploaded by the stock brokers including non-confirmation by investors,
bounced E-mails, undelivered SMS/letters, etc., the Stock Exchanges
shall inform the respective stock broker.
33.6 Meeting out the expenses for providing SMS and E-mail alerts
33.6.1 The Stock Exchanges may use the amount set aside from the listing
fees (20% of the listing fees) for providing services to the investing
public, to meet the expenses for providing this facility.
34. Prevention of Unauthorised Trading by Stock Brokers42
34.1 SEBI in the past has taken several steps to tackle the menace of “Unauthorized
Trades” viz Periodic Running Account Settlement, Post transactions
SMS/email by Stock Exchanges/Depositories, Ticker on broker/DP websites
etc. It was observed that in spite of measures taken, a considerable proportion
of investor complaints is of the nature of “Unauthorized Trades”.
34.2 To further strengthen regulatory provisions against un-authorized trades and

also to harmonise the requirements across markets, it has now been decided
that all brokers shall execute trades of clients only after keeping evidence of
42 Reference: Circular SEBI/HO/MIRSD/DOP1/CIR/P/2018/54 dated March 22, 2018.

83
the client placing such order, it could be, inter alia, in the form of:
a. Physical record written & signed by client,

b. Telephone recording,
c. Email from authorized email id,
d. Log for internet transactions,
e. Record of SMS messages,
f. Any other legally verifiable record.
34.3 When a dispute arises, the broker shall produce the above mentioned records
for the disputed trades. However, for exceptional cases such as technical
failure etc. where broker fails to produce order placing evidences, the broker
shall justify with reasons for the same and depending upon merit of the same,
other appropriate evidences like post trade confirmation by client,
receipt/payment of funds/ securities by client in respect of disputed trade, etc.
shall also be considered.
34.4 Further, wherever the order instructions are received from clients through the
telephone, the stock broker shall mandatorily use telephone recording system
to record the instructions and maintain telephone recordings as part of its
records.
34.5 The Brokers are required to maintain the records specified at para 34.2 above
for a minimum period for which the arbitration accepts investors’ complaints as
notified from time to time currently three years. However, in cases where
dispute has been raised, such records shall be kept till final resolution of the
dispute.
34.6 If SEBI desires that specific records be preserved, then such records shall be
kept till further intimation by SEBI.
35. Execution of Power of Attorney (PoA) by the Client in favour of the Stock
Broker/ Stock Broker and Depository Participant43
35.1 A Power of Attorney (PoA) is executed by the client in favour of the stock broker
/stock broker and depository participant to authorize the broker to operate the
client’s demat account and bank account to facilitate the delivery of shares and
pay – in/ pay – out of funds.
43Reference: Circular CIR/MRD/DMS/13/2010 dated April 23, 2010, Circular CIR/MRD/DMS/28/2010

dated August 31, 2010 and Circular SEBI/HO/MIRSD/DOP/CIR/P/2020/158 dated August 27, 2020
84
35.2 Generally, the PoA is taken from the clients who want to avail internet based
trading services. For offering internet based trading services, a Stock Broker
requires necessary authorizations for seamless trading, collection of margins
as well as settlement of funds and securities. Further, some of the Stock
Brokers also obtain authorizations from their clients to offer non-internet based
services.
35.3 It came to SEBI’s notice that the clients are compelled to give irrevocable
power of attorney to manage client’s demat account and bank account so that
the client is able to pay funds or deliver shares to its broker on time. In some
cases, the PoA even allows a broker to open and close accounts on behalf of
the client and to trade on client’s account without the consent of the client.
35.4 In order to standardize the norms to be followed by stock brokers/ stock broker
and depository participants while obtaining PoA from the clients, guidelines as
set out in the para 35.7, 35.8, 35.9, 35.10 and 35.11 below, shall be made
applicable to stock brokers/ stock broker and depository participants.
35.5 Standardizing the norms for PoA must not be construed as making the PoA a
condition precedent or mandatory for availing broking or depository participant
services. PoA is merely an option available to the client for instructing his
broker or depository participant to facilitate the delivery of shares and pay-
in/pay-out of funds etc. No stock broker or depository participant shall deny
services to the client if the client refuses to execute a PoA in their favour.
However, internet based trading is exempted from this clause.
35.6 Stock Broker/ DP may revoke those authorizations that are inconsistent with
the present guidelines by communicating the inconsistent clauses to the
existing clients. In the event, the deleted clauses are not accepted by the client,
Stock Broker/ DP may be required to either obtain fresh PoA or close the
account. In case of any addition to the existing PoA, Stock Broker / DP shall
be required to obtain a new PoA from clients.
35.7 PoA favouring Stock Brokers
35.7.1 PoA executed in favour of a stock broker by the client should be limited
to the following:
85
35.7.1.1 Securities44
a) For transfer of securities held in the beneficial owner accounts of the

client towards Stock Exchange related deliveries / settlement obligations
arising out of trades executed by clients on the Stock Exchange through
the same stock broker.
b) For pledging / re-pledging of securities in favour of TM / CM for the

purpose of meeting margin requirements of the clients in connection with
the trades executed by the clients on the Stock Exchange.
c) To apply for various products like Mutual Funds, Public Issues (shares
as well as debentures), rights, offer of shares, tendering shares in open
offers, redemptions etc. pursuant to the instructions of the Client(s).
However, a proper audit trail should be maintained by the stock broker
to prove that the necessary application/act was made/done pursuant to
receipt of instruction from Client. Further, redemptions are also included
in PoA pursuant to client’s instructions.
35.7.1.2 Funds
Transfer of funds from the bank account(s) of the clients for the following:
a. For meeting the settlement obligations of the client(s)/ margin

requirements of the client(s) in connection with the trades executed by
the clients on the Stock Exchange through the same stock broker.
b. For recovering any outstanding amount due from the client(s) arising
out of clients trading activities on the Stock Exchanges through the
same stock broker.
c. For meeting obligations arising out of the client subscribing to such

other products/facilities/services through the stock broker like Mutual
Funds, Public Issues (shares as well as debentures), rights, offer of
shares in etc.
d. Towards monies/fees/charges, etc. due to the stock broker /depository

participant/ principal payable by virtue of the client using/subscribing
44
Refer to para 36 of this Master Circular.
86
to any of the facilities/services availed by the client at his/her instance.
Necessary audit trail should be available with the stock broker for such
transactions.
35.8 PoA favouring Stock Brokers and Depository Participants
35.8.1 PoA executed in favour of a stock broker and Depository Participant by

the client should:
35.8.1.1 Identify/provide the particulars of the beneficial owner

account(s) and the bank account(s) of the client(s) that the
stock broker is entitled to operate.
35.8.1.2 Provide the list of clients’ & brokers’ Bank accounts & demat
accounts where funds and securities can be moved. Such
bank & demat accounts should be accounts of related party
only. The list of clients’ and brokers’ Bank account and demat
accounts may be updated / amended by proper
communication without executing a new PoA every time.
Copies of such communication may be preserved as annexure
to PoA.
35.8.1.3 Be executed in the name of the concerned SEBI registered

entity only and not in the name of any employee or
representative of the stock broker /depository participant.
35.8.1.4 Not provide the authority to transfer the rights in favour of any
assignees of the stock broker/depository participant.
35.8.1.5 Be executed and stamped as per the rules / law prevailing in

the place where the PoA is executed or the place where the
PoA is kept as a record, as applicable.
35.8.1.6 Contain a clause by which the stock broker would return to the
client(s), the securities or fund that may have been received
by it erroneously or those securities or fund that it was not
entitled to receive from the client(s).
35.8.1.7 Be revocable at any time. However, such revocation shall not

87
be applicable for any outstanding settlement obligation arising
out of the trades carried out prior to receiving request for
revocation of PoA. Further, the PoA revocation requests
should be dated and time stamped by the brokers for ensuring
proper audit trail.
35.8.1.8 Be executed by all the joint holders (in case of a demat

account held jointly). If the constitution of the account is
changed for whatever reason, a new PoA should be executed.
35.8.1.9 Authorize the stock broker/depository participant to send

consolidated summary of Client's scrip-wise buy and sell
positions taken with average rates to the client by way of SMS
/ email on a daily basis, notwithstanding any other document
to be disseminated as specified by SEBI from time to time.
35.9 General Guidelines
35.9.1 The PoA shall not facilitate the stock broker to do the following:
35.9.1.1 Off-market trades between parties other than the related

parties as mentioned in the PoA.
35.9.1.2 Transfer of funds from the bank account(s) of the Clients for
trades executed by the clients through another stock broker.
35.9.1.3 Open a broking / trading facility with any stock broker or for
opening a beneficial owner account with any depository
participant.
35.9.1.4 Execute trades in the name of the client(s) without the client(s)
consent.
35.9.1.5 Prohibit issue of Delivery Instruction Slips (DIS) to beneficial

owner (client).
35.9.1.6 Prohibit client(s) from operating the account.
35.9.1.7 Merging of balances (dues) under various accounts to nullify

debit in any other account.
88
35.9.1.8 Open an email ID/ email account on behalf of the client(s) for
receiving statement of transactions, bills, contract notes etc.
from stock broker / depository participant.
35.9.1.9 Renounce liability for any loss or claim that may arise due to
any blocking of funds that may be erroneously instructed by
the stock broker to the designated bank.
35.10 Stock Broker / Depository Participant should ensure that:
35.10.1 A duplicate/ certified true copy of the PoA is provided to the Client(s)
after execution.
35.10.2 In case of merger/ demerger of the stock broker/depository participant

with another entity/ into another entity, the scheme of merger/ demerger
should be approved by High Court and one month prior intimation given
to the client about the corporate restructuring to facilitate investor/ client
to continue or discontinue with the broker.
35.11 All off-market transfer of securities shall be permitted by the Depositories only
by execution of Physical Delivery Instruction Slip (DIS) duly signed by the
client himself or by way of electronic DIS. The Depositories shall also put in
place a system of obtaining client’s consent through One Time Password
(OTP) for such off market transfer of securities from client’s demat account.
36. Execution of ‘Demat Debit and Pledge Instruction’ (DDPI) for transfer of
securities towards deliveries / settlement obligations and pledging / re-
pledging of securities45
36.1 While executing a PoA, authorization is given by client to the stock broker /
stock broker and depository participant, to access the Beneficial Owner (BO)
account of the client to meet settlement obligations of the trade executed by
the client. In order to make the process more transparent and simpler, the
following conditions shall be made part of a separate document viz. ‘Demat
Debit and Pledge Instruction’ (DDPI) (Annexure-14):
36.1.1 Transfer of securities held in the beneficial owner accounts of the client
45
Reference: Circular SEBI/HO/MIRSD/DoP/P/CIR/2022/44 dated April 04, 2022
Circular SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2022/137 dated October 06, 2022
89
towards Stock Exchange related deliveries / settlement obligations
arising out of trades executed by clients on the Stock Exchange through
the same stock broker.
36.1.2 Pledging / re-pledging of securities in favour of TM/ CM for the purpose

of meeting margin requirements of the clients in connection with the
trades executed by the clients on the Stock Exchange.
36.1.3 Mutual Fund transactions being executed on stock exchange order

entry platforms and which shall be in compliance with SEBI circulars
SEBI/HO/IMD/IMD-I DOF5/P/CIR/2021/634 dated October 04, 2021,
SEBI/HO/IMD/IMD-I DOF5/P/CIR/2021/635 dated October 04, 2021
and SEBI/HO/IMD/IMD-I DOF5/P/CIR/2022/29 dated March 15, 2022
or any other circular which may be issued in this regard; and
36.1.4 Tendering shares in open offers which shall be in compliance with SEBI
circular SEBI/HO/CFD/DCR-III/CIR/P/2021/615 dated August 13, 2021
or any other circular which may be issued in this regard.
The DDPI shall serve the same purpose of PoA and significantly mitigate the
misuse of PoA. The use of DDPI shall be limited only for the purposes as
mentioned in para 36.1.1, 36.1.2, 36.1.3 and 36.1.4 above.
36.2 The client may use the DDPI or opt to complete the settlement by issuing
physical Delivery Instruction Slip (DIS) or electronic Delivery Instruction Slip
(eDIS) themselves. Hence, PoA shall no longer be executed for the conditions
specified in para 36.1.1 and 36.1.2.
36.3 The DDPI, which is indexed as part of the Voluntary Documents in Annexure-7
of this master circular, shall be executed only if the client provides his/her
explicit consent for the same, including internet based trading. The DDPI shall
also be adequately stamped. The DDPI can be digitally signed by the clients.
36.4 The existing PoAs shall continue to remain valid till the time client revokes the
same. Thus, the stock broker/stock broker and depository participant shall not
directly / indirectly compel the clients to execute the DDPI or deny services to
the client if the client refuses to execute the DDPI.
36.5 PoA is optional and should not be insisted upon by the stock broker / stock
broker depository participant for opening of the client account.
90
36.6 For the execution of the DDPI for fulfilling delivery / settlement obligations, prior
to executing actual transfer of securities based on details provided by
stock broker/stock broker and depository participant, the Depositories shall
ensure matching and confirming the transfer of securities with client-wise
net delivery obligation arising from the trade executed on the exchange,
as provided by the Clearing Corporation to Depositories for each settlement
date.
36.7 Securities transferred on the basis of the DDPI provided by the client shall be
credited to client’s TM pool account / CM pool account / demat account of
clearing corporation, as the case may be. The DDPI provided by the client shall
be registered in the demat account of the client by TM /CM. Stock Exchanges
and Depositories shall ensure that stock broker/stock broker and depository
participant providing DDPI facility, has enabled its clients to revoke / cancel the
DDPI provided by them.
36.8 For the clients who issue the DDPI to stock broker/stock broker and depository
participant, the following provisions of the SEBI circulars issued with respect
to PoA shall stand replaced with DDPI:
36.8.1 Para 35.7.1.1. (a) and (b) of this circular,
36.8.2 Para 35.7.1.1. (c) of this circular to the extent applicable for Mutual Fund
transactions and tendering shares in open offers.
37. Modification of Client Codes of Non-institutional Trades executed on Stock

Exchanges (All Segments)46
37.1 Stock Exchanges may allow modifications of client codes of non-institutional

trades only to rectify a genuine error in entry of client code at the time of placing
/ modifying the related order.
37.2 If a Stock Exchange wishes to allow trading members to modify client codes
of non-institutional trades, it shall
37.2.1 lay down strict objective criteria, with the approval of its Governing
Board, for identification of genuine errors in client codes which may be
46Reference: Circular CIR/DNPD/6/2011 dated July 05, 2011, Circular CIR/MRD/DP/29/2014 dated
October 21, 2014 and Circular SEBI/HO/CDMRD/DMP/CIR/P/2016/73 dated August 19, 2016
91
modified, and disclose the same to market in advance,
37.2.2 set up a mechanism to monitor that the trading members modify client
codes only as per the strict objective criteria, and
37.2.3 ensure that modification of client codes is covered in the internal audit
of trading members
37.3 Notwithstanding the above,
37.3.1 The Stock Exchanges shall levy a penalty from trading members and
credit the same to its Investor Protection Fund as under:
Table 9
‘a’ as % of ‘b’ Penalty as % of ‘a’
≤5 1
>5 2
Where
a = Value (turnover) of non-institutional trades where client codes have
been modified by a trading member in a segment during a month.
b = Value (turnover) of non-institutional trades of the trading member in
the segment during the month.
37.3.2 The Stock Exchange shall conduct a special inspection of the trading
member to ascertain whether the modifications of client codes are being
carried on as per the strict objective criteria set by the Stock Exchange,
as directed in Para 37.2 above, if ‘a’ as % of ‘b’, as defined above,
exceeds 1% during a month and take appropriate disciplinary action, if
any deficiency is observed.
37.4 Shifting of trades to the error account of broker would not be treated as
modification of client code, provided the trades in error account are
subsequently liquidated in the market and not shifted to some other code.
37.5 Further, brokers shall disclose the codes of accounts which are classified as
‘error accounts’ to the Stock Exchanges. Each broker should have a well-
documented error policy approved by the management of the broker. Stock
Exchanges shall periodically review the trades flowing to the error accounts of
the brokers.
92
37.6 Waiver of Penalty
37.6.1 Stock exchanges may waive penalty for a client code modification
where stock broker is able to produce evidence to the satisfaction of the
stock exchange to establish that the modification was on account of a
genuine error.
37.6.2 Not more than one such waiver per quarter may be given to a stock
broker for modification in a client code. Explanation: If penalty wavier
has been given with regard to a genuine client code modification from
client code AB to client code BA, no more penalty waivers shall be
allowed to the stock broker in the quarter for modifications related to
client codes AB and BA.
37.7 Proprietary trades shall not be allowed to be modified as client trade and vice
versa
37.8 Stock exchanges shall submit a report to SEBI every quarter regarding all such
client code modifications where penalties have been waived.
37.9 Stock exchanges shall undertake stringent disciplinary actions against stock
brokers who undertake frequent client code modifications.
38. Margin Trading Facility47
38.1 Equity Shares and units of Equity Exchange Traded Funds (ETFs)48 that are
classified as 'Group I security' shall be eligible for margin trading facility. Group
I securities are liquid securities which are traded at least eighty percent of the
days over the previous six months and impact cost for which over the previous
six months is less than or equal to one percent. (For securities that have been
listed for less than six months, the trading frequency and the impact cost shall
be computed using the entire trading history of the scrip)
38.2 Margin Requirement
38.2.1 In order to avail margin trading facility, initial margin required shall be
47 Reference: Circular CIR/MRD/DP/54/2017 dated June 13, 2017, Circular CIR/MRD/DP/86/2017 dated
August 01, 2017 and Circular SEBI/HO/MRD/MRD-PoD-3/P/CIR/2022/166 dated November 30, 2022.
48 Equity ETFs are included vide circular SEBI/HO/MRD/MRD-PoD-3/P/CIR/2022/166 dated
November 30, 2022, which shall come into force with effect from 30 th day of issuance of that circular.
93
as under:
Table 10
Category of Stock Applicable margin
Group I stocks available for VaR + 3 times of
trading in the F & O Segment applicable ELM*
Group I stocks other than F&O VaR + 5 times of
stocks and units of Equity applicable ELM*
ETFs
*For aforesaid purpose the applicable VaR and ELM shall be as in the cash
segment for a particular stock.
38.2.2 The initial margin payable by the client to the stock broker shall be in
the form of cash, cash equivalent or Group I equity shares or units of
Group I Equity ETFs, with appropriate haircut as specified by SEBI.
38.2.3 The stock brokers shall be required to comply with the following
conditions:
a. The stocks or units of Equity ETFs deposited as collateral with the

stock broker for availing margin trading facility (‘Collaterals’) and the
stocks purchased under the margin trading facility (‘Funded stocks’)
shall be identifiable separately and no comingling shall be permitted
for the purpose of computing funding amount;
b. Collateral and Funded stocks shall be marked to market on a daily
basis;
c. In case of increase in the value of Collaterals, stock brokers may have
the option of granting further exposure to their clients subject to
applicable haircuts;
d. However, no such exposure shall be permitted on the increased value
of funded stocks.
38.2.4 Stock Brokers shall ensure maintenance of the aforesaid margin at all
times during the period that the margin trading facility is being availed by
the client. In case of short fall, stock broker shall make necessary margin
calls.
38.2.5 The exchange/stock broker, based on the risk assessment, shall have the
discretion to impose/collect higher margin than the margin specified in para
38.2.1 above.
94
38.3 Liquidation of Securities by the stock broker in case of default by the client
38.3.1 The stock broker shall list out situations/conditions in which the
securities may be liquidated and such situations/conditions shall be
included in the “Rights and Obligations Document”. The broker shall
liquidate the securities, if the client fails to meet the margin call to
comply with the conditions as mentioned in this circular or specified in
the "Rights and Obligations Document" specified by exchange.
38.3.2 However, the broker shall not liquidate or use in any manner the
securities of the client in any situation other than the conditions
stipulated at para 38.3.1 above.
38.4 Eligibility requirements for stock brokers to provide Margin Trading Facility to
clients
38.4.1 Only corporate stock brokers with a net worth of at least three crore shall
be eligible to offer margin trading facility to their clients.
38.4.2 The “net worth” for the purpose of margin trading facility shall be as
specified in the Stock Brokers Regulations 1992.
38.4.3 The stock brokers shall submit to the Stock Exchange a half-yearly
certificate, as on 31st March and 30th September of each year, from an
auditor confirming the net worth. Such a certificate shall be submitted
not later than 30th April and 31st October of every year.
38.5 Source of Funds
38.5.1 For the purpose of providing the margin trading facility, a stock broker
may use own funds or borrow funds from scheduled commercial banks
and/or NBFCs regulated by the Reserve Bank of India, borrow funds by
way of issuance of Commercial Papers (CPs) and by way of unsecured
long term loans from their promoters and directors. The borrowing by
way of issuance of CPs shall be subject to compliance with relevant RBI
Guidelines. The borrowing by way of unsecured long term loans from
the promoters and directors shall be subject to the compliance with
appropriate provisions of the Companies Act, 2013.
38.5.2 A stock broker shall not be permitted to borrow funds from any other
95
source, other than the sources stated above para 38.5.1 above
38.5.3 The stock broker shall not use the funds of any client for providing the
margin trading facility to another client, even if the same is authorized
by the first client.
38.6 Leverage and Exposure Limits
38.6.1 At any point of time, the total indebtedness of a stock broker for the
purpose of margin trading shall not exceed five times of its net worth,
calculated as per para 38.4.2 above.
38.6.2 The maximum allowable exposure of the broker towards the margin
trading facility shall be within the self imposed prudential limits and shall
not, in any case, exceed the borrowed funds and fifty percent of his “net
worth”.
38.6.3 While providing the margin trading facility, the broker shall ensure that:
a) exposure to any single client at any point of time shall not exceed ten
percent of the broker’s maximum allowable exposure, as specified in
para 38.6.2 above.
b) exposure towards stocks and/or Equity ETFs purchased under
margin trading facility and collateral kept in the form of stocks and/or
units of Equity ETFs are well diversified. Stock Brokers shall have
appropriate Board approved policy in this regard.
38.6.4 For the purpose of applicable haircuts for units of Equity ETFs as
collateral for margin trading facility, it is clarified that the haircuts
applicable to Liquid (Group I) Equity Shares (under “Other Liquid
Assets” category) as per SEBI circular MRD/DoP/SE/Cir-07/2005 dated
February 23, 2005 shall be applicable to units of Equity ETFs.
38.7 Disclosure Requirement
38.7.1 The stock broker shall disclose to the Stock Exchanges details on gross
exposure towards margin trading facility including name of the client,
Category of holding (Promoter/promoter group or Non-promoter),
clients' PAN, name of the scrips (Collateral stocks and Funded stocks)
and if the stock broker has borrowed funds for the purpose of providing
96
margin trading facility, name of the lender and amount borrowed, on or
before 12 noon on the following trading day. The format for this
disclosure by the stock broker to the stock exchange is enclosed at
Annexure-15.
38.7.2 The Stock Exchanges shall disclose on their websites the scrip wise
gross outstanding in margin accounts with all brokers to the market.
Such disclosure regarding margin trading done on any day shall be
made available after the trading hours, on the following day, through its
website.
38.7.3 The Stock Exchanges shall put in place a suitable mechanism to

capture and maintain all relevant details including member-wise, client-
wise, scrip-wise information regarding outstanding positions in margin
trading facility and also source of funds of the stock brokers, on the
exchange both on daily as well as on cumulative basis.
38.8 Rights and Obligations for Margin Trading
38.8.1 The Stock Exchanges shall frame a Rights and Obligations document
laying down the rights and obligations of stock brokers and clients for
the purpose of margin trading facility. The Rights and Obligations
document shall be mandatory and binding on the Broker/Trading
Member and the clients for executing trade in the Margin Trading
framework.
38.8.2 The broker/exchange may modify the Rights and Obligations document
only for stipulating any additional or more stringent conditions, provided
that no such modification shall have the effect of diluting any of the
conditions laid down in the circular or in the Rights and Obligations
document.
38.9 Maintenance of Records
38.9.1 The stock broker shall maintain separate client-wise ledgers for funds
and securities of clients availing margin trading facility.
38.9.2 The stock broker shall maintain a separate record of details of the funds
used and sources of funds for the purpose of margin trading.
97
38.9.3 The books of accounts, maintained by the broker, with respect to the
margin trading facility offered by it, shall be audited on a half yearly
basis. The stock broker shall submit an auditor’s certificate to the
exchange within one month from the date of the half year ending 31st
March and 30th September of a year certifying, inter alia, the extent of
compliance with the conditions of margin trading facility. This certificate
is in addition to the certificate on net worth specified in para 38.4.2
above.
38.10 Other Conditions
38.10.1 A broker shall take adequate care and exercise due diligence before
providing margin trading facility to any client.
38.10.2 Any disputes arising between the client and the stock broker in
connection with the margin trading facility shall have the same treatment
as normal trades and should be covered under the investor grievance
redressal mechanism, arbitration mechanism of the Stock Exchange.
38.10.3 SGF and IPF shall be available for transactions done on the exchange,
whether through normal or margin trading facility. However, any losses
suffered in connection with the margin trading facility availed by the
client from the stock broker shall not be covered under IPF.
38.10.4 The stock brokers wishing to extend margin trading facility to their
clients shall be required to obtain prior permission from the exchange
where the margin trading facility is proposed to be offered. The
exchange shall have right to withdraw this permission at a later date,
after giving reasons for the same.
39. Collection and reporting of margins by Trading Member (TM) /Clearing

Member (CM) in Cash Segment. 49
39.1 Collection of margins from the clients by TM/CM in cash segment:
49
Reference: Circular CIR/HO/MIRSD/DOP/CIR/P/2019/139 dated November 19, 2019,
Circular SEBI/HO/MIRSD/DOP/CIR/P/2020/146 dated July 31,2020 and
Circular SEBI/HO/MIRSD/DOP/CIR/P/2020/173 dated September 15, 2020
98
39.1.1 The ‘margins’ for this purpose shall mean VaR margin, extreme loss
margin (ELM), mark to market margin (MTM), delivery margin, special /
additional margin or any other margin as prescribed by the Exchange to
be collected by TM/CM from their clients.
39.1.2 Henceforth, like in derivatives segment, the TMs/CMs in cash segment

are also required to mandatorily collect upfront VaR margins and ELM
from their clients. The TMs/CMs will have time till ‘T+2’ working days to
collect margins (except VaR margins and ELM) from their clients. (The
clients must ensure that the VaR margins and ELM are paid in advance
of trade and other margins are paid as soon as margin calls are made
by the Stock Exchanges/TMs/CMs. The period of T+2 days has been
allowed to TMs/CMs to collect margin from clients taking into account
the practical difficulties often faced by them only for the purpose of levy
of penalty and it should not be construed that clients have been allowed
2 days to pay margin due from them.)
39.1.3 If pay-in (both funds and securities) is made by T+2 working days, the
other margins would deemed to have been collected and penalty for
short / non collection of other margins shall not arise.
39.1.4 If Early Pay-In of securities has been made to the Clearing Corporation
(CC), then all margins would deemed to have been collected and
penalty for short / non-collection of margin including other margins shall
not arise.
39.1.5 If client fails to make pay-in by T+2 working days and TM / CM do not
collect other margins from the client by T+2 working days, the same
shall also result in levy of penalty as applicable.
39.1.6 As prescribed in clause 7 of SEBI circular MRD/DoP/SE/Cir-07/2005

dated February 23, 2005, the TM/CM shall be exempted from collecting
upfront margins from the institutional investors carrying out business
transactions and in cases where early pay-in of securities is made by
the clients.
39.1.7 If the TM/CM had collected adequate initial margins from the client to
cover the potential losses over time till pay-in, he need not collect MTM
from the client.
99
39.1.8 As like in derivatives segments, the TMs/CMs shall report to the Stock
Exchange on T+5 day the actual short-collection/ non-collection of all
margins from clients.
39.2 It is reiterated that CC shall continue to collect upfront VaR plus ELM and other
margins from TM / CM as applicable from time to time.
39.3 Penalty structure for short-collection/non-collection of margins and
false/incorrect reporting of margin collection from the clients by TMs/CMs:
39.3.1 For short-collection / non-collection of client margins, the Stock

Exchanges shall take the disciplinary action as per the framework
specified in SEBI Circular CIR/DNPD/7/2011 dated August 10, 2011.
39.3.2 If TM / CM collects minimum 20% upfront margin in lieu of VaR and ELM
from the client, then penalty for short-collection / non-collection of
margin shall not be applicable.
39.3.3 For false/incorrect reporting of margin collection from the clients by

TMs/CMs, the Stock Exchanges shall take disciplinary action as per the
framework CIR/HO/MIRSD/DOP/CIR/P/2019/88 dated August 01,
2019.
40. Framework to Enable Verification of Upfront Collection of Margins from

Clients in Cash and Derivatives segments50
40.1 With an objective to enable uniform verification of upfront collection of margins

from clients by TM/ CM and levy of penalty across segments, it has been
decided that the Stock Exchanges/ Clearing Corporations shall adopt the
framework specified in paras 40.2 to 40.5 below, for the purpose of
‘Mechanism for regular monitoring of and penalty for short collection/ non-
collection of margins from clients’ in Cash and Derivatives segments.
40.2 Clearing Corporations shall send minimum four snapshots of client wise
margin requirement to TMs/CMs for them to know the intraday margin
requirement per client in each segment. The number of times snapshots need
to be sent in a day may be decided by the respective Clearing Corporation
50
Reference: Circular SEBI/HO/MRD2/DCAP/CIR/P/2020/127 dated July 20, 2020,
Circular SEBI/HO/CDMRD/CDMRD_DRM/P/CIR/2021/689 dated December 16, 2021,
Circular SEBI/HO/MRD2/DCAP/P/CIR/2022/60 dated May 10, 2022 and
Circular SEBI/HO/MRD/MRD-PoD-2/P/CIR/2023/016 dated February 01, 2023
100
depending on market timings subject to a minimum of four snapshots in a day.
The snapshots would be randomly taken in pre-defined time windows.
Further, for commodity derivatives segment, clearing corporations shall send

an additional minimum two snapshots for commodity derivative contracts
which are traded till 9:00 PM and additional minimum three snapshots for the
commodity derivatives contracts which are traded till 11:30/11:55 PM.
Margins/EOD margins shall be determined as per the relevant Risk Parameter
Files.
40.3 The client wise margin file (MG-12/13) provided by the CCs to TMs/CMs shall
contain the EOD margin requirements of the client as well as the peak margin
requirement of the client, across each of the intra-day snapshots.
40.4 The member shall have to report the margin collected from each client, as at
EOD and peak margin collected during the day, in the following manner:
40.4.1 EOD margin obligation of the client shall be compared with the
respective client margin available with the TM/CM at EOD.
AND
40.4.2 Peak margin obligation of the client, across the snapshots, shall be
compared with respective client peak margin available with the TM/CM
during the day.
40.5 Higher of the shortfall in collection of the margin obligations at para 40.4.1 and
40.4.2 above, shall be considered for levying of penalty as per the extant
framework.
40.6 The verification of availability of margins with TM/ CM, as at para 40.4.1 and
40.4.2 above, shall be done by exchanges/ clearing corporations on a weekly
basis by verification of the balances in the books/ ledgers of the TM/ CM in
respect of the client.
40.7 The margin requirements to be considered for the intra-day snapshots in

derivatives segments (including commodity derivatives), shall be calculated
based on the fixed Beginning of Day (BOD) margin parameters. The BOD
margin parameters would include all SPAN margin parameters as well as ELM
requirements.
101
40.8 With effect from May 01, 2023, the End of Day (EOD) margin collection
requirement from clients, in derivatives segments (including commodity
derivatives), shall also be calculated based on the fixed BOD margin
parameters.
40.9 The provisions at para 40.7 and 40.8 are only for the purpose of verification of
upfront collection of margins from clients. The margin parameters applicable
for collection of margin obligation by Clearing Corporations shall continue to
be updated on intra-day and EOD basis, as per the extant provisions.
41. Margin obligation to be given by way of Pledge/ Re-pledge in the Depository

System51
41.1 TM / CM shall, inter alia, accept collateral from clients in the form of securities,
only by way of ‘margin pledge’, created in the Depository system in accordance
with Section 12 of the Depositories Act, 1996 read with Regulation 79 of the
Securities and Exchange Board of India (Depositories and Participants)
Regulations, 2018 and the relevant Bye Laws of the Depositories.
41.2 The above sections and regulations clearly enumerate the manner of creating
pledge of the dematerialised securities. Any procedure followed other than as
specified under the aforesaid provisions of law for creating pledge of the
dematerialised securities is prohibited. It is clarified that an off-market transfer
of securities leads to change in ownership and shall not be treated as pledge.
41.3 Transfer of securities to the demat account of the TM / CM for margin purposes
(i.e. title transfer collateral arrangements) shall be prohibited. In case, a client
has given a power of attorney in favour of a TM / CM, such holding of power
of attorney shall not be considered as equivalent to the collection of margin by
the TM / CM in respect of securities held in the demat account of the client.
41.4 The TM / CM shall open a separate demat account for accepting margin
pledge, which shall be tagged as ‘Client Securities Margin Pledge Account’.
41.5 For the purpose of providing collateral in form of securities as margin, a client
shall pledge securities with TM, and TM shall re-pledge the same with CM, and
CM in turn shall re-pledge the same to Clearing Corporation (CC). The
51
Reference: Circular SEBI/HO/MIRSD/DOP/CIR/P/2020/28 dated February 25,2020 and Circular no.
SEBI/HO/MIRSD/DOP/CIR/P/2020/88 dated May 25,2020
102
complete trail of such re-pledge shall be reflected in the de-mat account of the
pledgor.
41.6 The TM shall re-pledge securities to the CM’s ‘Client Securities Margin Pledge
Account’ only from the TM’s ‘Client Securities Margin Pledge Account’. The
CM shall create a re-pledge of securities on the approved list to CC only out of
‘Client Securities Margin Pledge Account’ (Re-pledge would mean
endorsement of pledge by TM / CM in favour of CM/CC, as per procedure laid
down by the Depositories)
41.7 The TM and CM shall ensure that the client’s securities re-pledged to the CC
shall be available to give exposure limit to that client only. Dispute, if any,
between the client, TM / CM with respect to pledge, re-pledge, invocation and
release of pledge shall be settled inter-se amongst client and TM / CM through
arbitration as per the bye-laws of the Depository. CC and Depositories shall
not be held liable for the same.
41.8 Securities that are not on the approved list of a CC may be pledged in favour
of the TM / CM. Each TM / CM may have their own list of acceptable securities
that may be accepted as collateral from client.
41.9 Funded stocks held by the TM / CM under the margin trading facility shall be
held by the TM / CM only by way of pledge. For this purpose, the TM / CM shall
be required to open a separate demat account tagged ‘Client Securities under
Margin Funding Account’ in which only funded stocks in respect of margin
funding shall be kept/ transferred, and no other transactions shall be permitted.
The securities lying in ‘Client Securities under Margin Funding Account’ shall
not be available for pledge with any other Bank/ NBFC.
41.10 The TM / CM shall be required to transfer all client’s securities lying in such
accounts to the respective clients’ demat accounts. Thereafter, TM / CM are
prohibited from holding any client securities in any beneficial owner accounts
of TM/CM, other than specifically tagged accounts as indicated above, and in
pool account(s), unpaid securities account.
41.11 The operational mechanism for margin pledge is provided below:
INITIATION OF MARGIN PLEDGE
41.11.1 For the purpose of providing collateral in form of dematerialised

103
securities as margin, a client shall initiate the margin pledge only in
favour of the TM / CM’s separate client securities margin account
tagged as ‘Client Securities Margin Pledge Account’ through physical
instruction or electronic instruction mechanism provided by the
Depositories. Such instructions shall have details of client UCC, TM, CM
and Default Segment.
41.11.2 In cases where a client has given a Power of Attorney (“POA”) to the
TM / CM, the TM / CM may be allowed to execute the margin pledge on
behalf of such client to the demat account of the TM / CM tagged as
‘Client Securities Margin Pledge Account’.
41.11.3 The ‘pledge request form’ shall have a clause regarding express
consent by the client for re-pledge of the securities by the TM to CM and
further by the CM to CC.
41.11.4 On receipt of the margin pledge instruction either from the client or by
TM / CM as per the POA, DP of a client shall initiate a margin pledge in
the client’s account and the status of instruction will remain pending till
confirmation is received from client / pledgor. The client will submit
acceptance by way of One Time Password (the “OTP”) confirmation on
mobile number / registered e-mail id of the client or other verifiable
mechanism. Further no other OTP confirmation from client shall be
required, if securities of such client are being re-pledged by TM/CM. The
Depositories shall develop a verifiable mechanism for confirmation of
the pledge by the client.
41.11.5 In client account, margin pledge or re-pledge shall be reflected against

each security, if it is pledged / re-pledged and in whose favour i.e. TM /
CM / CC.
41.11.6 The TM can re-pledge only in favour of CM’s demat account tagged as
‘Client Securities Margin Pledge Account’. The CM shall create a re-
pledge of securities on the approved list only to the CC out of ‘Client
Securities Margin Pledge Account’. While re-pledging the securities to
the CC, CM/TM shall fully disclose the details of the client wise pledge
to the CC/CM. CM would need to have visibility of client level position
and client collateral so that CM shall allow exposure and / or margin
credit in respect of such securities to that client to whom such securities
belong.
104
RELEASE OF MARGIN PLEDGE
41.11.7 In case of a client creating pledge of the securities in favour of the TM /

CM against margin, the TM / CM may release the ‘margin pledge’ after
their internal exposure and risk management checks. The request for
release of pledge can be made by the client to its DP or to the TM / CM,
who shall release the pledge in the Depository system.
41.11.8 For release of client securities given to TM/CM as margin pledge and
which are re-pledged in favour of the CC, the CM shall make a request
to the CC. The client through TM, or the TM on his own, may request
the CM to make an application to the CC for the release of margin
pledge. CC shall do margin utilisation check at the CM level before
releasing the re-pledge of securities to the CM. The CC will release the
re-pledged client securities to CM after blocking other available free
collateral of CM. The CM /TM in turn after doing their risk management
shall release the securities to TM / client, as the case may be.
INVOCATION OF MARGIN PLEDGE
41.11.9 In case of default by a client of TM where the clients securities are re-
pledged with the CM/ CC, the invocation request shall be made by the
TM to CM and CM in turn will make request to CC as per the procedure
laid down by the Depositories under their bye-laws.
41.11.10 In case of default by a client of TM who has pledged securities with TM,
the TM shall invoke the pledge.
41.11.11 In case of default by a client of TM whose securities are re-pledged by

TM with CM, the invocation request shall be made by TM to the CM.
The CM, after doing its internal exposure and risk management, shall
release the re-pledged securities to the ‘Client Securities Margin Pledge
Account’ of the TM. The TM in turn will invoke the pledge of client’s
securities.
41.11.12 In the event of default by a client of a TM, whose securities are re-
pledged by TM with CM and CM in turn has re-pledged with CC, the TM
shall make a request for invocation of pledge with CM and CM in turn
shall file a request with CC to release the re-pledged securities for
invocation. The CC shall block equivalent available free collateral
105
provided by CM and shall release the re-pledged securities of that
defaulting client of TM to CM in “Client Securities Margin Pledge
Account” of CM. The CM shall do his own risk assessment of TM and
would release re-pledged securities of the defaulting client of TM in
“Client Securities Margin Pledge Account” of TM and TM shall invoke
the pledge in Demat account of the client.
41.11.13 In case of default by a client/ TM of CM whose securities are re-pledged

with CC, CM shall file a request with CC for invocation of the pledged/
re-pledged securities of that client/TM. CC shall block the equivalent
available free collateral provided by CM and shall release the re-
pledged securities of that defaulting client/TM in “Client Securities
Margin Pledge Account” of CM and the CM shall invoke the pledge in
Demat account of the client/ TM.
41.11.14 In case of default by TM or client of TM, CM shall be entitled to invoke

pledged/ re-pledged securities of the TM. CM shall also be entitled to
invoke directly the repledged securities of client of TM having open
position with CM to close out such positions.
41.11.15 In case of default by the CM, CC shall invoke securities pledged by the
CM. After exhausting the CM own collateral, CC may also invoke re-
pledge securities of that client who has open position and their re-
pledged securities are blocked by CC to close out their open positions.
The re-pledge securities of other clients who did not have any open
position with CC, their securities shall not be available to CC for
invocation to meet settlement default of the CM.
41.12 The framework for utilisation of pledged clients’ securities for exposure and
margin is provided below:
41.12.1 At present, the margin requirement is computed in real time at client

level by the CC and is aggregated at the level of CMs to arrive at the
total margin requirement. The CC maintains and monitor the collateral
at the level of CM. The CM is required to provide the collateral in various
acceptable forms such as Cash, Bank Guarantee, Government
Securities, pledge of acceptable shares, etc.
41.12.2 The day to day real time risk management with respect to client / TM
exposure, and the margin requirement shall continue to be the
106
responsibility of the CM, and CC shall not monitor the client level
exposure against the available client level collateral in real time.
41.12.3 In order to provide exposure to CM and/or to the clients / TM of a CM,

CC shall aggregate margin requirement at CM level that shall be
compared against the available collateral in real time as aggregate of;
a. cash and cash equivalent deposited by CM,
b. own securities pledged by CM with CC,
c. CC requires minimum fifty percent of the collateral to be deposited in
cash and cash equivalent, if the total securities pledged by CM with
CC exceed the total cash and cash equivalent, the value of securities
will be restricted to amount of cash and cash equivalent.
d. The TM’s proprietary margin requirement will be treated as a client of
CM and aggregated along with other clients.
41.12.4 CM shall be allowed to re-pledge acceptable/approved client securities

with the CC by furnishing the UCC wise client details. CC shall not allow
any exposure to the CM on re-pledged securities of the client / TM. In
case of a trade by a client / TM whose securities are re-pledged with
CC, the CC shall first block the available collateral provided by CM as
mentioned in point 41.12.3 above. However, at periodical interval (latest
by end of day), CC shall release the blocked securities collateral of CM
to the extent of re-pledged securities collateral of that client / TM
available with the CC.
41.12.5 In the event of default by a client of TM, the TM shall make good the
default to CM. In the event of default by a client or TM on its proprietary
position, the CM shall make good the default to CC. However, in the
event of default by client/s leading to default of TM and also the CM, the
following process shall be applied by TM/CM/CC for invocation of
pledged and re-pledged securities of client/TM/CM:
a. In case of default by a client of TM/CM or default of TM leading to the
default of CM, CC shall:
i. encash the available collateral including cash, cash equivalent
collateral, CM’s own pledged securities.
ii. After encashing the available collateral of CM, also be entitled to
directly invoke the re-pledged securities of client / TM who has any
open position so as to close out the open positions of that client.
iii. not be entitled to invoke re-pledged securities of those clients who did
not have any open position to meet settlement obligation of the
107
defaulting CM
b. In case of default by a client of TM or default of TM, CM Shall:

i. be entitled to liquidate available cash, cash equivalent collateral and
TM’s own pledged /or re-pledged securities with CM/ CC to meet
settlement/margin obligations of defaulting TM or client(s) of that TM.
ii. After encashing the available collateral of TM, be entitled to directly
invoke re-pledged securities of the client of defaulting TM who has
open position through CM so as to close out his position.
iii. not be entitled to invoke re-pledged securities of those clients of
defaulting TM who did not have any open position,
iv. ensure that the client securities of TM/ CM re-pledged with the CC
are not utilized for meeting the margin requirement/ settlement
obligation of a TM’s/CM’s own proprietary position or margin
requirement/ settlement obligation of any other client of TM / CM.
42. Segregation and Monitoring of Collateral at Client Level52
42.1 In order to strengthen the mechanism of protection of client collateral from (i)
misappropriation/ misuse by TM/ CM and (ii) default of TM/CM and/or other
clients, the following framework for segregation and monitoring of collateral at
client level is specified:
Reporting Mechanism by TMs and CMs
42.2 With a view to providing visibility of client-wise collateral (for each client) at all
levels, viz., TM, CM and Clearing Corporation (CC), a reporting mechanism,
covering both cash and non-cash collateral, shall be specified by the CCs.
Details in respect of the same are as under:
a) The reporting structure shall entail disaggregated information (segment-

wise and asset type wise break-up) of each client collateral in the following
manner:
• TM shall report disaggregated information on collaterals up to the level
of its clients to the CM.
• CM shall report disaggregated information on collaterals up to the level
of clients of TM and proprietary collaterals of the TMs to the Stock
Exchanges (SEs) and CCs in respect of each segment.
52
Reference: Circular SEBI/HO/MRD2_DCAP/CIR/2021/0598 dated July 20,2021
108
b) The details to be submitted in the report shall essentially cover the following
information, in order to provide a holistic view of the entire client collateral
at various levels up to the level of CC:
Table 11
TM CM CM SE & CC
Client collateral received by TM Client collateral received by TM
Client collateral retained by TM Client collateral retained by TM
Client collateral placed with CM Client collateral placed with CM
Client collateral retained by CM
Client collateral placed with CC
c) The aforementioned information shall be required to be reported on a daily

basis.
42.3 A web portal facility shall be provided by the CCs/SEs to allow clients to view
aforesaid disaggregated collateral reporting by TM/CM.
Collateral Deposit and Allocation
42.4 In case of securities collateral provided to CC through margin pledge/re-pledge

in the Depository system, CC has visibility of the client to whom such securities
belong to, and accordingly is able to assign the value of the securities
collateral, based on applicable haircut, to that client’s account.
42.5 Similarly, for other forms of collateral placed with the CC, the CCs shall provide
a facility to CMs for upfront segment-wise allocation of collateral to a TM/ client
or CM’s own account. The CCs shall use such collateral allocation information
to ensure that the collateral allocated to a client is used towards the margin
obligation of that client only.
42.6 There shall be no change in the procedures pertaining to placing of securities

as collateral through the margin pledge/re-pledge mechanism in the
Depository system, and this collateral will be identified as belonging to a client
or as being proprietary securities of the TM or CM, as the case may be, as per
the existing procedures.
42.7 While depositing other forms of collateral i.e. Cash, Fixed Deposits (FDs),
Bank Guarantees (BGs) or Government Securities provided through the
109
SGL/CSGL route, etc, the CM shall allocate these collaterals into proprietary
account of CM, and/or proprietary account of any TM clearing through the CM,
and/or account of any of the clients (including Custodial Participants (CPs))
clearing through the CM, and/or of any of the clients trading through the TM
who in turn is clearing through the CM, segment-wise.
42.8 In case of such collateral received by the CM from any TM, the CM shall not
accept the same without the TM specifying break-up of such collateral into
proprietary account of the TM and/or uniquely identified client account.
Similarly, the CC shall not accept such collateral without the CM specifying
appropriate break-up of such collateral into proprietary account of CM/
proprietary account of TM/ client account. The CM shall ensure that the sum
of break-up of such collateral provided by TM is equal to the total value of such
collateral provided by TM, and that the allocation of such collateral to any entity
as reported to the CC does not exceed the allocation of collateral reported by
the TM for that entity.
42.9 The amount of collateral allocated shall not exceed the amount of collateral
received by the TM/CM from the client and reported as such under the
reporting mechanism (refer Para 42.2 above), excluding the securities
collateral re-pledged to CC through margin pledge mechanism. Further, the
sum of client collateral retained by the TM/CM and client collateral passed on
to CM/CC shall equal the amount of collateral received by the TM/CM from the
client. Also, the allocation of collateral at CC shall not be lower than the amount
of collateral (except securities collateral repledged to CC) reported as having
been passed on by the CM to the CC. The CC shall have appropriate
validations in place in respect of allocations and reporting done by CMs.
Further, CMs shall also perform validations at their end in respect of allocations
and reporting done by TMs.
42.10 An illustration is provided at Annexure-16 regarding permitted and non-

permitted allocation of collateral.
42.11 In case of BGs, the TM/CM may consider the unfunded portion of the BG as
proprietary collateral. An illustration is provided at Annexure-17.
42.12 The allocation thus provided by the CM to CC and by TM to CM shall be

considered as final by the CC and CM respectively for the purpose of granting
exposure and utilization during default.
110
42.13 The TM/CM shall ensure that sufficient collateral is allocated to clients to cover
their margin requirements. However, if the client margin applicable at the CC
for a client in a segment exceeds the collateral allocated to the client plus the
securities collateral re-pledged to CC (from that client’s account) in the
respective segment, then the proprietary collateral of the TM/CM shall be
blocked (including repledged/pledged securities and allocated collateral). Such
margin blocked from the proprietary collateral towards a client’s margin shall
be deemed to have been the collateral allocated to that client. This provision
shall include deemed allocation of TM’s proprietary collateral towards client
margins and deemed allocation of CM’s proprietary collateral towards
TM/CP/client margins.
42.14 The members shall ensure that allocated collateral plus value of securities
collateral re-pledged to the CC for a client is at all times greater than or equal
to the minimum margin collection requirement for the respective client in the
respective segment, since the amount of minimum margin collection
requirement for a client may be different from the margin applicable at CC.
CCs shall put in place effective deterrent mechanisms (penalty structure) in
consultation with SEBI, which shall be applicable in cases where the allocated
collateral plus the securities collateral re-pledged to CC in respect of a client,
is falling short of minimum margin collection requirement in the respective
segment.
42.15 Information regarding the collateral allocated by the CM shall be made

available on a daily basis on the web portal facility to clients to view
disaggregated collateral reporting by TM/CM (refer Para 42.3). Further, CC
shall also provide a facility to the TMs of the clients to view such collateral
allocation to the clients by the CM.
Collateral Valuation
42.16 CMs are required to maintain at least 50% of the total collateral in the form of
cash or cash equivalents. At individual client level, a client may have allocation
of cash equivalent, less than the value of non-cash collateral provided by the
client. In other words, the minimum 50% cash equivalent collateral requirement
may not be applied at the client level. For the purpose of monitoring of at least
50% cash-equivalent collateral at the level of CM, the excess cash-equivalent
collateral of a client shall not be considered for other client or for proprietary
account of TM/CM. However, the excess cash-equivalent collateral of
proprietary account of TM/CM can be considered for clients trading/clearing
111
through them, for the purpose of monitoring minimum 50% cash-equivalent
requirement.
42.17 An illustration of the above requirement is provided at Annexure-18.
Blocking of Margins
42.18 The procedure for blocking of margins only specifies the order of blocking of
collateral available with the CC. There shall be no change in the requirement
of collection of upfront margins by the TM/CM. The TM/CM shall be required
to ensure that sufficient collateral is allocated to clients to cover their margin
requirements. (refer 42.12 and 42.13 above)
42.19 The terms “Client Collateral”, “TM Collateral”, “CP Collateral” and “CM
Collateral” shall mean the total of the allocated collateral value plus the value
of demat securities collateral provided through margin pledge/re-pledge by any
individual client, TM, CP and CM respectively to the level of CC. The TM/CM
collateral shall mean the proprietary collateral of the TM/CM only and shall not
include the collateral of any of their clients.
42.20 On receipt of a trade from a client account by the CC, the margin shall first be
blocked from the value of the client collateral. If the client collateral is not
sufficient, the residual margin shall be blocked from the TM proprietary
collateral of the TM of such client. If the TM proprietary collateral is also not
sufficient, then the residual margin shall be blocked from the CM proprietary
collateral of the CM of such TM.
42.21 In case of a trade from the proprietary account of a TM, the margin shall first
be blocked from the TM proprietary collateral, and in case such collateral is not
sufficient, then the residual margin shall be blocked from the CM proprietary
collateral.
42.22 Margins based on trades from proprietary account of the CM shall be blocked
from the proprietary collateral of the CM only.
42.23 An illustration of blocking of margins is provided at Annexure-19.
42.24 For monitoring of the risk reduction mode (90% utilization or such applicable
limit), the following procedure shall be adopted:
112
a.) TM level risk reduction mode: Client margin in excess of 90% of the client
collateral shall be identified for each client under a TM. The total of such
client margin in excess of 90% of the client collateral, plus the proprietary
TM margin shall be assessed against the TM proprietary collateral for
monitoring of TM level risk reduction mode.
b.) CM level risk reduction mode: Sum of client margin in excess of 90% of the
client collateral for each client under a TM plus the proprietary TM margin,
in excess of 90% of TM proprietary collateral shall be calculated as TM
margin in excess of 90% of TM collateral. Sum of such margin for each TM
clearing through a CM, plus sum of client margin in excess of 90% of the
client collateral for each client clearing through such CM, plus the
proprietary CM margin shall be assessed against the proprietary CM
collateral for monitoring of CM level risk reduction mode.
42.25 An illustration for monitoring of risk reduction mode is provided at Annexure-

20.
42.26 In case of CP trades executed by TMs, the margin shall be blocked in the
following order- (i) CP collateral through the executing TM, if any, (ii) residual
margin from the proprietary collateral of the executing TM, and (iii) residual
margin from the proprietary collateral of the CM of the executing TM. Upon
confirmation of such trades by CM of the CP, the margin so blocked prior to
the confirmation shall be released, and shall be blocked in the following order-
(i) CP collateral through the confirming CM, and (ii) residual margin from the
proprietary collateral of the confirming CM. In case of CP trades, the
requirement to ensure that sufficient collateral is allocated to clients to cover
their margin requirements shall be on the confirming CM. However, if the trade
is confirmed under the auto approval facility provided by the CC, then margin
shall be directly blocked in the following order- (i) CP collateral through the
confirming CM, and (ii) residual margin from the proprietary collateral of the
confirming CM.
Change of Allocation
42.27 CMs shall be permitted to change the allocation of collateral deposited with the
CC, subject to the value allocated to any client not exceeding the value of
actual collateral received from that client (excluding the securities collateral re-
pledged to CC through margin pledge mechanism). However, such change of
allocation shall be permitted subject to adequacy of available collateral with
113
the CC after the change vis-à-vis the margin obligation. An illustration is
provided at Annexure-21.
42.28 CC shall also provide notification of such change of allocation of collateral to

the concerned client, in respect of whom the allocation has been changed,
pursuant to the change of allocation.
Client Margin Reporting
42.29 There shall be no change in the client margin reporting process.
Settlement
42.30 There shall be no change in the settlement process.
Withdrawal of Collateral
42.31 Subject to the CM not being in default and fulfilling all obligations on a going
concern basis, the CM may place requests for withdrawal of collateral to the
CC.
42.32 After validation of such requests, if the collateral is found to be releasable, the
CC shall release the collateral to the CM. CM may return the collateral to
TM/CP/Clients or utilize collateral of the entities who are in default.
42.33 CC shall also provide notification of such withdrawal of allocation of collateral

to the concerned clients, in respect of whom the allocation has been
withdrawn, pursuant to the withdrawal of allocation.
Default Management Process
42.34 The default management process by the CCs in case of default by a CM shall
take place in four stages:
a. Stage 1: Completion of settlement to non-defaulting CMs
b. Stage 2: Portability or immediate return of collateral
c. Stage 3: Close-out of positions and provisional appropriation of collateral
d. Stage 4: Identification of defaulting clients and final appropriation of collateral
114
Stage 1: Completion of settlement to non-defaulting CMs
42.35 CC shall utilize available financial resources to complete settlement in a timely

manner and complete the pay-outs to the non-defaulting members.
Stage 2: Portability or immediate return of collateral
42.36 CC shall put in place a mechanism/ process for TMs/clients/CPs of defaulting

CM to establish that they are not in default to the defaulting CM and have
deposited collateral to the extent of allocation (including deemed allocation).
This process shall be completed within a pre-specified time period. On
identification of such nondefaulting TMs/clients/CPs, CC shall provide them
opportunity for either porting of their positions and collateral to another CM or
immediate return of their collateral.
42.37 Portability of Positions and Collateral:

a.) Entities desirous of availing the facility of portability shall be required to have
established alternative trading/clearing arrangements with other TMs/CMs
other than the defaulting CM.
b.) If any pay-out is due to such entities, such pay-out shall be made to the
entities. As a result, the amount of such pay-out shall be added to the pay-
in shortfall of the defaulting CM.
42.38 Immediate return of collateral:
a.) Collateral of such entities shall only be utilized to the extent of losses due to
liquidation of their respective positions, and the remaining collateral shall be
returned, along with the pay-out due to such entities, if any. As a result, the
amount of such pay-out shall be added to the pay-in shortfall of the defaulting
CM.
42.39 In some circumstances, it may be desirable to liquidate the positions and even
the collateral, since both are subject to risks. Under such circumstances, not
closing out positions/collateral to allow for portability may lead to accumulation
of losses. Considering the nature of positions, market conditions and such
other risk assessment, the CC may at any stage decide to not provide the
facility of portability. If the CC decides to not provide the opportunity for
portability, the CC shall crystalize the profits/losses on close-out of positions
and the value of collateral arrived at after liquidation of the same.
115
Stage 3: Close-out of positions and provisional appropriation of collateral
42.40 For the remaining entities after Stage 2, i.e., entities other than the ones who
could avail the opportunity of either porting or immediate return of collateral in
Stage 2, following process shall be followed:
a.) CC shall close out all open positions of the defaulting CM, including the
positions of TMs/clients/CPs clearing through such CM.
b.) CC shall first utilize the CM/TM/Client/CP collateral for meeting any losses in
close-out of respective positions. It is clarified that TM/Client/CP collateral
shall include both allocated collateral (including deemed allocated collateral)
and the value of securities collateral provided through margin pledge/re-
pledge to the level of CC.
c.) In case of any shortfall in collateral of any entity under the CM, any excess
proprietary collateral of the TM / CM of such entity shall be used. This shall
follow the same order of utilization as in case of blocking of margins. Any
shortage in the proprietary collateral of the TM / CM shall be met by applying
the default waterfall of the CC.
d.) With regard to the defaulted settlement obligations, following process shall
be followed:
i.) Any pay-out made to the non-defaulting clients in Stage 2 shall be added
to the defaulted obligations.
ii.) The defaulted obligations (including pay-out in Para (i) above) shall be
first adjusted with the proprietary obligation of the defaulting CM to the
extent of funds/securities payable for the proprietary trades.
•Any shortage in the proprietary collateral of the defaulting CM shall be
met by applying the default waterfall of the CC.
•Any excess proprietary collateral of the CM shall also be used for

meeting the defaulted obligations.
iii.) Remaining defaulted obligations shall be attributed pro-rata: funds payin

shortfall shall be attributed pro-rata among TM/clients/CP having funds
payable and securities pay-in shortfall shall be attributed pro-rata among
116
TM/clients/CP having deliverable positions in the security. Such losses
shall be recovered from the collateral of the TM/clients/CP available, if
any.
• Any shortage in the collateral of such TM/clients/CP shall be met by
applying the default waterfall of the CC.
iv.) In case of any defaulted obligations attributed to a TM in Para (iii) above

(and in turn to its clients), the process enunciated above at Para (ii) and
(iii) above for a defaulting CM and its constituents shall apply, mutatis
mutandis, to the TM.
e.) The aforesaid pro-rata attribution of shortages shall be provisional. The actual
attribution of shortages to clients shall be done in Stage-4.
f.) In case there is any profit to a TM/client/CP during the close-out process,
such close-out profit shall be considered as pay-out due to the TM/client/CP.
42.41 An Illustration on the procedures to be followed in the Stage-2 and the Stage-
3 are given at Annexure-22.
Stage 4: Identification of defaulting clients and final appropriation of collateral
42.42 The procedure for verification and settlement of claims of constituents of

defaulting CM shall be as follows:
a.) The process for identification of defaulting TM/CP/clients and the return of
collateral of non-defaulting TM/CP/clients shall be administered by the
appropriate committee viz., Member and Core Settlement Guarantee Fund
Committee (MCSGFC) of the Exchange or the CC.
b.) The amount that can be claimed by the non-defaulting TM/CP/clients from
the CC shall be limited to the allocated collateral (including deemed allocated)
and the value of securities collateral provided through margin pledge/re-
pledge to the level of CC, plus the pay-out (including profit if any during close-
out) due to the constituent, less the losses in close-out of positions of the
constituent.
c.) The MCSGFC of the CC/Exchange shall implement the relevant procedures
for verification and settlement of claims of the non-defaulting TM/CP/clients
of the defaulting CM.
117
d.) The constituents actually in default shall be identified and the pro-rata
attribution of shortages performed in Stage-3 shall be replaced by the actual
attribution of shortages. If there has been any excess collateral appropriated
at Stage-3 due to pro-rata attribution, such excess appropriation shall be
corrected, and the constituents shall be returned the collateral in full along
with the pay-out due to such entities. This amount shall be recovered from
the constituents who have higher shortage (pursuant to actual attribution)
than the one attributed on pro-rata basis. If such clients do not have sufficient
collateral, then the default waterfall of the CC (including its Core Settlement
Guarantee Fund (Core SGF), as per the specified order of waterfall) shall be
applied.
e.) For any collateral of a client retained by TM/CM, and not allocated to that
client’s account, the Exchange or the CC shall initiate suitable actions before
appropriate court of law for liquidating the assets (movable and immovable)
of the defaulter member as per the existing provisions. Further, eligible clients
will also have the access to compensation from the Investor Protection Fund,
as per the existing provisions.
42.43 Illustration on procedures to be followed in Stage-4 are provided at Annexure-

23.
Default of TMs to CMs
42.44 The following procedure shall be adopted in case of default of TM to CM:
a.) The CM shall continue to meet its obligations towards its other constituents,
as well as the CC.
b.) The CM shall close-out all open positions of the defaulting TM (including
clients under the TM).
c.) Under the supervision of the CC, the CM shall appropriate the collateral
towards losses. The losses in closing-out open positions and the settlement
obligations due from clients of the TM shall be appropriated first from the
allocated collateral (as per allocation provided by TM to CM, including
deemed allocated) and securities collateral provided through margin pledge/
repledge to the level of CM/CC of respective clients. Any residual losses as
well as the losses in closing-out open positions and the settlement obligations
118
of the TM proprietary account shall be appropriated from the TM proprietary
collateral. In case of TM proprietary collateral being insufficient, the losses
shall not be appropriated from any other constituent of the CM or any
constituent of the defaulting TM.
d.) After the above utilization towards losses in closing-out open positions of the
defaulting TM (and clients under the TM) and net settlement shortfall, all
remaining collateral/funds received from the defaulting TM (lying with
CM/CC) shall be provided by the CM to the Stock Exchanges.
e.) Since the TM will be leading to default, the Stock Exchanges shall institute
relevant applicable procedures against the TM as per existing regulatory
provisions, byelaws, rules and regulations of the Stock Exchanges.
Violations
42.45 Any false allocation by members shall be treated as a violation and disciplinary
action shall be taken against the members.
42.46 The aforementioned framework for segregation and monitoring of collateral at

client level shall be applicable to all segments and product classes at Stock
Exchanges/ Clearing Corporations.
43. Maintenance of current accounts in multiple banks by Stock Brokers53
43.1 The Stock Brokers should maintain current accounts in appropriate number of
banks (subject to the maximum limit prescribed by Stock Exchanges/SEBI
from time to time) for holding the client funds (i.e., Client Account), for
settlement purposes (i.e., Settlement Account) and any other accounts
mandated by Stock Exchanges such as Exchange Dues Account subject to
the condition that brokers are using these accounts for their defined purposes.
44. Block Mechanism in demat account of clients undertaking sale transactions54
44.1 When the client intends to make a sale transaction, shares will be blocked in
the demat account of the client in favour of Clearing Corporation. If sale
53
Reference: Circular SEBI/HO/MIRSD/DOP/P/CIR/2021/653 dated October 28,2021
54
Reference: Circular SEBI/HO/MIRSD/DOP/P/CIR/2021/595 dated July 16,2021, Circular
SEBI/HO/MIRSD/DOP/P/CIR/2022/109 dated August 18, 2022 and Circular
SEBI/HO/MIRSD/DoP/P/CIR/2022/143 dated October 27, 2022
119
transaction is not executed, shares shall continue to remain in the client's
demat account and will be unblocked at the end of the T day. Thus, this
mechanism will do away with the movement of shares from client's demat
account for early pay-in and back to client's demat account if trade is not
executed.
44.2 Process for Block Mechanism:
44.2.1 The securities lying in client's demat account will be blocked either by
client himself using depository's online system or eDIS mandate or
through depository participant based on physical DIS given by client or
Power of Attorney (POA) holder.
44.2.2 Depositories may keep block on the securities in client's demat account
in respect of Intra or Inter depository transfer instruction till pay-in day.
The blocked securities will be transferred only after checking against the
client level net delivery obligation received from CCs.
44.2.3 Depositories will provide the details of transfer instructions viz., UCC,
TM ID, Exchange ID etc. to CCs for clients to avail EPI benefit.
44.2.4 CC will match the client level net obligations with the Block details
provided by depositories and CC will provide EPI benefit to client if the
client level net obligation exists for that client.
Matched orders:
44.2.5 In case of matched orders, block securities will be debited from Client's
demat account and will be credited to linked TM Pool account upto pay-
in day. TM shall further transfer such securities to CM Pool account.
44.2.6 TM shall not transfer the securities to any other pool account other than
CM pool account mapped to the TM account. Pool to Pool transfers
except TM pool to CM pool shall not be permitted.
44.2.7 Inter-settlement shall not be allowed from TM Pool account and CM pool
account.
44.2.8 Securities lying in CM pool account will be delivered in settlement
120
process on the Pay-in date. If TM Pool Account is also mapped as a CM
Pool Account, then, securities lying in such TM/CM Pool Account can
also be delivered in the settlement process.
Unblocking of Securities:
44.2.9 After receiving client level net obligations on T day from CCs,
depositories will match the Intra or Inter depository transfer instruction
details with CC obligation details based on UCC, TM ID, CM ID,
Exchange ID, etc.
44.2.10 ln case of unmatched orders, CCs shall upload cancellation of Block

instruction on T day so that securities are unblocked and become free
in client's demat account on T day itself.
44.2.11 Broker or client shall not be allowed to unblock securities if EPI benefit
is provided by CC to client for the same.
Margining of Trades:
44.2.12 When the client intends to block securities for a sale transaction, shares
will remain blocked in favour of CC. If securities are blocked in favour of
CC, then all Margin would deemed to have been collected and penalty
for short/non collection of margin including other margins shall not arise.
44.2.13 Blocking shall be on 'time basis' and would mean if the order is not
executed by the end of the T day, the block shall be released.
44.3 The facility of block mechanism shall be mandatory for all Early Pay-In
transactions.
44.4 The block mechanism shall not be applicable to clients having arrangements
with custodians registered with SEBI for clearing and settlement of trades.
45. Handling of Client’s Securities by Trading Members/ Clearing Members55
45.1 In order to provide clarity with respect to a TM/CM maintaining a running

account for client securities and pledging the client securities with
55
Reference: Circular CIR/HO/MIRSD/DOP/CIR/P/2019/75 dated June 20, 2019 and Circular
SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2022/153 dated November 11, 2022.
121
Banks/NBFCs, after discussions with the Exchanges, Depositories and
Clearing Corporations, the following advice is issued:
45.1.1 All the securities received in pay-out, shall be transferred to the demat
account of the respective clients directly from the pool account of the
TM/CM within one working day of the pay-out.
45.1.2 With regard to the unpaid securities (i.e., the securities that have not
been paid for in full by the clients), such securities shall be transferred
to respective client’s demat account followed by creation of an auto-
pledge (i.e., without any specific instruction from the client) with the
reason “unpaid”, in favor of a separate account titled – “client unpaid
securities pledgee account”, which shall be opened by TM/CM.
45.1.3 After the creation of pledge, a communication (email / SMS) shall be

sent by TM/CM informing the client about their funds obligation and also
about the right of TM/CM to sell such securities in event of failure by
client to fulfill their obligation.
45.1.4 If the client fulfills its funds obligation within five trading days after the
pay-out, TM/CM shall release the pledge so that the securities are
available to the client as free balance.
45.1.5 If the client does not fulfill its funds obligation, TM / CM shall dispose off
such unpaid securities in the market within five trading days after the
pay-out. TM/CM, before disposing the securities, shall give an intimation
(email / SMS) to the client, one trading day before such sale.
45.1.6 The unpaid securities shall be sold in the market with UCC of the
respective client. Profit/loss on the sale transaction of the unpaid
securities, if any, shall be transferred to/adjusted from the respective
client account.
45.1.7 TM / CM shall invoke the pledge only against the delivery obligation of
the client. On invocation, the securities shall be blocked for early pay-in
in the client’s demat account with a trail being maintained in the
TM/CM’s client unpaid securities pledgee account.
45.1.8 Once such securities are blocked for early pay-in in client’s demat
122
account, the depositories shall verify the block details against the client
level obligation.
45.1.9 In case, such pledge is neither invoked nor released within seven
trading days after the pay-out, the pledge on securities shall be auto
released and the securities shall be available to the client as free
balance without encumbrance.
45.1.10 Such unpaid securities pledged in client’s account shall not be

considered for the margin obligations of the client.
45.2 Monitoring with respect to handling of clients securities:
Stock Exchanges, Clearing Corporations and Depositories shall put in place a

mechanism for monitoring of the following:
45.2.1 Handling of unpaid clients’ securities by the TM/CM – Mechanism of

matching of transfer of securities with the securities obligation as
obtained from the clearing corporation with respect to the following:
i. Securities transferred from the client unpaid securities account to the
pool account
ii. Securities transferred from the client unpaid securities account to the
concerned client account,
iii. Securities transferred from pool account to the concerned client
account
45.2.2 Securities lying with TM/CM in client unpaid securities account shall not
be permitted to be pledged/transferred to Banks/NBFCs for raising
funds by TM/CM.
46. Validation of Instructions for Pay-In of Securities from Client demat account
to Trading Member (TM) Pool Account against obligations received from the
Clearing Corporations56
46.1 Depositories, prior to executing actual transfer of the securities for Pay-In from
client demat account to TM Pool account, shall validate the transfer instruction
received through any of the available channels for the purpose of Pay-in, i.e.
either initiated by clients themselves or by the Power of Attorney (POA) /
56
Reference: Circular SEBI/HO/MIRSD/DoP/P/CIR/2022/119 dated September 19, 2022.
123
Demat Debit and Pledge Instruction (DDPI) holder against the client-wise net
delivery obligation received from CCs.
46.2 For Early Pay-In transactions, the existing facility of Block mechanism shall
continue.
46.3 In order to validate the Pay-In Instructions, the following process shall be put
in place by the Depositories:
Validation of transfer instruction details with CC obligation details
46.3.1 Depositories receive the debit instruction for the purpose of Pay-In,
given either by client himself using depository’s online system or eDIS
mandate or through depository participant based on physical DIS /
digitally signed DIS given by client or POA / DDPI holder.
46.3.2 CCs shall provide client-wise net delivery obligations on T day to the
depositories.
46.3.3 Based on the obligation data provided by CCs, Depositories shall

validate the depository transfer instruction details with CC obligation
details based on UCC, TM ID, CM ID, Exchange ID, ISIN, quantity,
settlement details etc.
Matched instruction:
46.3.4 In case of matching of all details like UCC, TM ID, CM ID, ISIN, quantity,
settlement details etc. of the transfer instruction with the obligation data,
the instruction shall be carried out by the Depositories and such
securities will be debited from client’s demat account and credited to
linked TM Pool account on or before the settlement day.
Unmatched instruction:
46.3.5 In case of discrepancies in details like UCC, TM ID, CM ID, ISIN etc.,
between instruction and obligation, such transfer instructions will be
rejected by the depositories.
46.3.6 In case of discrepancies in quantity of securities between instruction

and obligation, the following shall be noted:
124
46.3.6.1 If the quantity in instruction is less than the obligation provided by
CC, then the instruction will be carried out by the depositories.
46.3.6.2 If the quantity in instruction is more than the obligation provided by

CC, then the instruction will be partially processed by the depositories
(i.e., upto the matching obligation quantity).
Trades Confirmed by Custodians:
46.3.7 This process shall not be applicable to clients having arrangements with
custodians registered with SEBI for clearing and settlement of trades.
47. Settlement of Running Account of Client’s Funds lying with Trading Member
(TM)57
47.1 Regarding Settlement of running account, following shall be complied with:
47.1.1 The settlement of running account of funds of the client shall be done
by the TM after considering the End of the day (EOD) obligation of funds
as on the date of settlement across all the Exchanges on first Friday of
the Quarter (i.e., Apr-Jun, Jul-Sep, Oct-Dec, Jan–Mar) for all the clients
i.e., the running account of funds shall be settled on first Friday of
October 2022, January 2023, April 2023, July 2023 and so on for all the
clients. If first Friday is a trading holiday, then such settlement shall
happen on the previous trading day.
47.1.2 For clients, who have opted for Monthly settlement, running account
shall be settled on first Friday of every month. If first Friday is a trading
holiday, then such settlement shall happen on the previous trading day.
47.2 In case of client having any outstanding trade position on the day on which
settlement of running account of funds is scheduled, a TM may retain funds
calculated in the manner specified below:
47.2.1 Entire pay-in obligation of funds outstanding at the end of the day on
settlement of running account, of T day & T-1 day.
47.2.2 Margin liability as on the date of settlement of running account, in all
57
Reference: Circular SEBI/HO/MIRSD/DOP/P/CIR/2021/577 dated June 16,2021 and Circular
SEBI/HO/MIRSD/DOP/P/CIR/2022/101 dated July 27, 2022
125
segments and additional margins (maximum upto 125% of total margin
liability on the day of settlement). The margin liability shall include the
end of the day margin requirement excluding the MTM and pay-in
obligation, therefore, TM may retain 225% of the total margin liability in
all the segments across exchanges. Computation for arriving at
retention of excess client funds based on above points would be as
under:
Table 12
Scen Fund pay EOD/pea 225% of Securitie Client Excess

ario in k margin the margin s fund client
obligation requirem pledged/ balance funds
of T day & ent repledge retained
T-1 day d
A B C=225%*B D E F=E-
[(C-D)
+A]
1 110000 100000 225000 200000 300000 165000
2 50000 20000 45000 15000 50000 0
3 150000 100000 225000 280000 180000 30000
^
^ Excess securities of Rs. 55,000 (i.e. 280000-225000) is not required to be
unpledged.
47.3 Client’s running account shall be considered settled only by making actual
payment into client’s bank account and not by making any journal entries.
Journal entries in client account shall be permitted only for levy / reversal of
charges in client’s account.
47.4 For the clients having credit balance, who have not done any transaction in the
30 calendar days since the last transaction, the credit balance shall be returned
to the client by TM, within next three working days irrespective of the date when
the running account was previously settled.
47.5 In cases where physical payment instrument (cheque or demand draft) is

issued by the TM towards the settlement of running account due to failure of
electronic payment instructions, the date of realization of physical instrument
into client’s bank account shall be considered as settlement date and not the
date of issue of physical instrument.
126
47.6 Retention of any amount towards administrative / operational difficulties in
settling the accounts of regular trading clients (active clients), shall be
discontinued.
47.7 The Authorized person is not permitted to accept client’s funds and securities.
The TM should keep a proper check. Proprietary trading by Authorized person
should be permitted only on his own funds and securities and not using any of
the client’s fund.
47.8 Once the TM settles the running account of funds of a client, an intimation shall
be sent to the client by SMS on mobile number and also by email. The
intimation should also include details about the transfer of funds (in case of
electronic transfer – transaction number and date; in case of physical payment
instruments – instrument number and date). TM shall send the retention
statement along with the statement of running accounts to the clients as per
the existing provisions within 5 working days.
47.9 Client shall bring any dispute on the statement of running account, to the notice
of TM within 30 working days from the date of the statement.
47.10 Stock Exchanges shall develop online system for effective monitoring of timely
settlement of running account for funds of client and to verify that excess
clients’ funds are not retained by the TM as on the date of settlement of running
account. The intent of the online system shall be to discourage TM from
retaining excess funds of clients after settlement of running account, by
considering all the client obligations across exchanges. The responsibility of
monitoring settlement of running account compliance of TM may be shared
among Stock Exchanges.
127
IV. TECHNOLOGY RELATED PROVISIONS
48. Electronic Contract Note58
48.1 Brokers are allowed to issue contract notes authenticated by means of digital
signatures provided that the broker has obtained digital signature certificate
from Certifying Authority under the Information and Technology Act, 2000
(hereinafter referred to as “IT Act 2000”).
48.2 Contract notes can be issued by the brokers in electronic form authenticated
by means of digital signatures.
48.3 All the members of stock exchanges who are desirous of issuing Electronic
Contract Notes (ECNs) to their clients shall comply with the following
conditions:
48.3.1 Authorization for Electronic Contract Notes - The stock broker may issue
electronic contract notes (ECN) if specifically authorized by the client
subject to the following conditions:
a. The authorization shall be in writing and be signed by the client only and
not by any authorised person on his behalf or holder of the Power of
Attorney.
b. The email id shall not be created by the broker. The client desirous of
receiving ECN shall create/provide his own email id to the stock broker.
c. The authorization shall have a clause to the effect that that any change
in the email-id shall be communicated by the client through a physical
letter to the broker. In respect of internet clients, the request for change
of email id may be made through the secured access by way of client
specific user id and password.
48.3.2 Issuing ECNs when specifically, consented
58Reference: Circular SMDRP/POLICY/CIR-56/00 dated December 15, 2000,

Circular SEBI/SMD/SE/15/2003/29/04 dated April 29, 2003,
Circular MRD/DoP/SE/CIR-20/2005 dated September 08, 2005 and
Circular MIRSD/SE/CIR-19/2009 dated December 03, 2009
128
a. The digitally signed ECNs may be sent only to those clients who have
opted to receive the contract notes in an electronic form, either in the
Member – Client agreement / Tripartite agreement or by a separate
letter. The mode of confirmation shall be as per the agreement entered
into with the clients.
48.3.3 Where to send ECNs
a. The usual mode of delivery of ECNs to the clients shall be through e-

mail. For this purpose, the client shall provide an appropriate e-mail
account to the member which shall be made available at all times for
such receipts of ECNs.
48.3.4 Requirement of digital signature
a. All ECNs sent through the e-mail shall be digitally signed, encrypted,
non-tamperable and shall comply with the provisions of the IT Act
2000. In case the ECN is sent through e-mail as an attachment, the
attached file shall also be secured with the digital signature, encrypted
and non-tamperable.
48.3.5 Requirements for acknowledgement, proof of delivery, log report etc.
a. Acknowledgement
i. The acknowledgement of the e-mail shall be retained by the

member in a soft and non-tamperable form.
b. Proof of delivery
i. The proof of delivery i.e., log report generated by the system at the
time of sending the contract notes shall be maintained by the
member for the specified period under the extant regulations of
SEBI/stock exchanges and shall be made available during
inspection, audit, etc.
ii. The member shall clearly communicate to the client in the
agreement executed with the client for this purpose that non-receipt
of bounced mail notification by the member shall amount to delivery
of the contract note at the e-mail ID of the client.
129
c. Log Report for rejected or bounced mails
i. The log report shall also provide the details of the contract notes
that are not delivered to the client/e-mails rejected or bounced back.
ii. Also, the member shall take all possible steps (including settings of
mail servers, etc) to ensure receipt of notification of bounced mails
by the member at all times within the stipulated time period under
the extant regulations of SEBI/stock exchanges.
48.3.6 When to issue or send in Physical mode
a. Issue in Physical mode
i. In the case of those clients who do not opt to receive the contract
notes in the electronic form, the member shall continue to send
contract notes in the physical mode to such clients.
b. Send in Physical mode
i. Wherever the ECNs have not been delivered to the client or has been
rejected (bouncing of mails) by the e-mail ID of the client, the
member shall send a physical contract note to the client within the
stipulated time under the extant regulations of SEBI/stock exchanges
and maintain the proof of delivery of such physical contract notes.
48.3.7 General requirements
a. ECNs through website
i. In addition to the e-mail communication of the ECNs in the manner

stated above, in order to further strengthen the electronic
communication channel, the member shall simultaneously publish
the ECN on his designated web-site in a secured way and enable
relevant access to the clients.
b. Access to the website
i. In order to enable clients to access the ECNs posted in the

designated website in a secured way, the member shall allot a
130
unique user name and password for the purpose, with an option to
the client to access the same and save the contract note
electronically or take a print out of the same.
c. Preservation/Archive of electronic documents
i. The member shall retain/archive such electronic documents as per

the extant rules/regulations/circulars/guidelines issued by
SEBI/Stock Exchanges from time to time.
48.3.8 Issuance of Electronic Contract Notes (ECN) through SMS/electronic

instant messaging services59
48.3.8.1 In addition to sending ECN through email, the Exchanges may

allow their respective members to send ECN through SMS/
electronic instant messaging services, however certain
safeguards as listed below, need to be ensured:
a. Necessary guidelines for obtaining client’s consent to select

the mode of receipt of such communications.
b. Members to send electronic instant messaging services/SMS
to clients only on registered mobile number as uploaded by
members on the Exchange portal/database.
c. Necessary guidelines to deal with the clients who have
changed their mobile number.
d. ECN sent through electronic instant messaging
services/SMS, shall be sent as an attachment and not as a
link. The attached file may be secured with the digital
signature, encrypted, non-tamperable and password
protected. The password of ECN attachment shall be shared
through the same mode as used for sending the password
protected attachment of ECN. However, it must be ensured
that password should be such that it is not easily guessed or
breached.
e. The messages sent through electronic instant messaging
services/SMS not to be covered under auto delete facility at
the option of the members.
f. The members shall ensure that all ECNs are sent from the
59
Email dated April 13, 2022 issued to Exchanges
131
same ID and appropriate logs (sent/delivered/seen/not
delivered/blocked etc.) are maintained by the members
regarding the same.
49. Conditions to be met by Broker for providing Internet Based Trading Service60
49.1 Internet Based trading can take place through order routing systems, which
will route client orders, to exchange trading systems, for execution of trades
on the existing stock exchanges. SEBI Registered Brokers can introduce the
service after obtaining permission from respective Stock Exchanges.
Exchanges while giving permission will be required to ensure minimum
conditions specified in the report which is available on the SEBI’s web site. The
salient conditions to be met are:
49.2 Application for permission by Brokers
49.2.1 SEBI registered Stock Brokers interested in providing Internet based

trading services will be required to apply to the respective stock
exchange for a formal permission. The stock exchange should grant
approval or reject the application as the case may be, and communicate
its decision to the member within thirty calendar days of the date of
completed application submitted to the exchange.
49.2.2 The stock exchange, before giving permission to brokers to start

Internet based services shall ensure the fulfilment of the following
minimum conditions:
a. Networth Requirement
i. The broker must have a minimum net worth of rupees fifty lacs if
the broker is providing the Internet based facility on his own.
However, if some brokers collectively approach a service provider
for providing the internet trading facility, net worth criteria as
prescribed in the Stock Brokers Regulations 1992 will apply.
b. Operational and System Requirements
i. Operational Integrity: The Stock Exchange must ensure that the
60 Reference: Circular SMDRP/POLICY/CIR-06/2000 dated January 31, 2000 and Circular

FITTC/DC/CIR-1/98 dated June 16, 1998.
132
system used by the broker has provision for security, reliability and
confidentiality of data through use of encryption technology. (Basic
minimum security standards are specified in following paras). The
Stock Exchange must also ensure that records maintained in
electronic form by the broker are not susceptible to manipulation.
ii. System Capacity: The Stock Exchange must ensure that the
brokers maintain adequate backup systems and data storage
capacity. The Stock Exchange must also ensure that the brokers
have adequate system capacity for handling data transfer, and
arranged for alternative means of communications in case of
Internet link failure.
iii. Qualified Personnel: The Stock Exchange must lay down the
minimum qualification for personnel to ensure that the broker has
suitably qualified and adequate personnel to handle
communication including trading instructions as well as other back
office work which is likely to increase because of higher volumes.
iv. Written Procedures: Stock Exchange must develop uniform written

procedures to handle contingency situations and for review of
incoming and outgoing electronic correspondence.
v. Signature Verification/ Authentication: It is desirable that

participants use authentication technologies. For this purpose it
should be mandatory for participants to use certification agencies
as and when notified by Government / SEBI. They should also
clearly specify when manual signatures would be required.
c. Client Broker Relationship
i. Know Your Client: The Stock Exchange must ensure that brokers
comply with all requirements of "Know Your Client" and have
sufficient, verifiable information about clients, which would
facilitate risk evaluation of clients.
ii. Broker-Client Agreement: Brokers must enter into an agreement

with clients spelling out all obligations and rights. This agreement
should also include inter alia, the minimum service standards to
be maintained by the broker for such services specified by
133
SEBI/Exchanges for the Internet based trading from time to time.
iii. Exchanges will prepare a model agreement for this purpose. The
broker agreement with clients should not have any clause that is
less stringent/contrary to the conditions stipulated in the model
agreement.
iv. Investor Information: The broker web site providing the internet
based trading facility should contain information meant for investor
protection such as rules and regulations affecting client broker
relationship, arbitration rules, investor protection rules etc. The
broker web site providing the Internet based trading facility should
also provide and display prominently, hyper link to the web site/
page on the web site of the relevant stock exchange(s) displaying
rules/ regulations/circulars. Ticker/quote/order book displayed on
the web-site of the broker should display the time stamp as well as
the source of such information against the given information.
v. Order/Trade Confirmation: Order/Trade confirmation should also

be sent to the investor through email at client’s discretion at the
time period specified by the client in addition to the other mode of
display of such confirmations on real time basis on the broker web
site. The investor should be allowed to specify the time interval on
the web site itself within which he would like to receive this
information through email. Facility for reconfirmation of orders
which are larger than that specified by the member’s risk
management system should be provided on the internet based
system.
vi. Handling Complaints by Investors: Exchanges should monitor

complaints from investors regarding service provided by brokers
to ensure a minimum level of service. Exchange should have
separate cell specifically to handle Internet trading related
complaints. It is desirable that exchanges should also have facility
for on-line registration of complaints on their web-site.
d. Risk Management
i. Exchanges must ensure that brokers have a system-based control

on the trading limits of clients, and exposures taken by clients.
134
Brokers must set pre-defined limits on the exposure and turnover
of each client.
ii. The broker systems should be capable of assessing the risk of the
client as soon as the order comes in. The client should be informed
of acceptance/rejection of the order within a reasonable period. In
case system based control rejects an order because of client
having exceeded limits etc., the broker system may have a review
and release facility to allow the order to pass through.
iii. Reports on margin requirements, payment and delivery

obligations, etc. should be informed to the client through the
system.
e. Contract Notes
i. Contract notes must be issued to clients as per existing

regulations, within twenty-four hours of the trade execution.
f. Cross Trades
i. As in the case of existing system, brokers using Internet based

systems for routing client orders will not be allowed to cross trades
of their clients with each other. All orders must be offered to the
market for matching.
ii. It is emphasised that in addition to the requirements mentioned

above, all existing obligations of the broker as per current
regulation will continue without changes. Exchanges may also like
to specify more stringent standards as they may deem fit for
allowing Internet based trading facilities to their brokers.
g. Network Security
The following security features are mandatory for all Internet based
trading systems:
i. User id
ii. First Level password (Private code)
iii. Automatic expiry of passwords at the end of a reasonable duration.
135
Reinitialise access on entering fresh passwords
iv. All transaction logs with proper audit facilities to be maintained in
the system.
v. Secured Socket Level Security for server access through Internet
vi. Suitable Firewalls between trading set-up directly connected to an
Exchange trading system and the Internet trading set-up.
The following advanced security products are advisable.
i. Microprocessor based SMART cards

ii. Dynamic Password (Secure ID Tokens)
iii. 64 bit/128 bit encryption **
iv. Second Level password (personal information e.g. village name,
birth date etc.)
**DOT policy and regulations will govern the level of encryption.
h. Standards for Web Interfaces and Protocols
i. Between a Trading Web Server and Trading Client Terminals,

Interfaces Standards as per recommendations of IETF (Internet
Engineering Task Force) and W3C (World Wide Web Consortium)
may be adopted. E.g.: HTTP Ver 4 or above HTML Ver 4/XML.
i. Systems Operations
i. Brokers should follow the similar logic/priorities used by the

Exchange to treat client orders.
ii. Brokers should maintain all activities/ alerts log with audit trail
facility
iii. Broker Web Server should have internally generated unique
numbering for all client order/trades
iv. Brokers should seek permission from the Exchange before
commencement of Internet trading facility after providing
complete details of the features of implemented systems.
v. Brokers should make periodic reporting to the Exchange as
specified by the Exchange.
136
50. Securities Trading through Wireless medium on Wireless Application
Protocol (WAP) platform61
50.1 A broker providing stock trading through WAP must be a SEBI registered
broker who also has an Internet website which complies with all the
requirements laid in para 49 above. With regard to the requirements mentioned
above, some additional requirements are to be met by the broker for providing
securities transaction through WAP. These requirements are provided in the
following criteria:
50.2 Network Security
50.2.1 The break in data encryption at the WAP gateway server raises security
issues. Until the shortcoming is addressed by WAP, the WAP server
should be hosted by the broker itself and not by a third party.
50.2.2 Suitable firewalls should be installed between trading set-up directly

connected to an Exchange trading system and the WAP server.
50.2.3 WTLS (Wireless Transport Layer Security) level security or a higher

level of security (as and when available) for wireless communication is
mandatory for wireless transactions.
50.2.4 The WTLS encrypts data upto the WAP Gateway server. Transmission
from the WAP Gateway server to the Internet server should be secured
using Secured Socket Level Security, preferably with 128 bit encryption,
for server access through Internet. Alternately, the WAP Gateway
server and Internet server may be co-hosted. The server resource
should not be shared for any other applications.
50.2.5 The following security measures applicable for fixed Internet based
systems should be made mandatory:
a. User ID
b. First Level password (Private code)
c. Automatic expiry of passwords at the end of a reasonable duration.
Reinitialize access on entering fresh passwords
d. All transaction logs with proper audit facilities to be maintained in the
61 Reference: Circular SMDRP/POLICY/CIR-48/2000 dated October 11, 2000.

137
system.
50.2.6 Digitally signed transactions ensure client authentication and support

nonrepudiation. Digital certification should be mandatory for participants
as and when certification agencies are notified by Government / SEBI.
50.2.7 In case of failure of the network, alternative means of communication

such as telephone, Internet or e-mail should be available.
50.3 Price Quotes/ Order/ Trade Confirmations
50.3.1 Stock quotes should be time-stamped.
50.3.2 All orders and trades must be identified by a unique ID. Order
confirmation must be provided to the user on submitting the order. Order
modification/ cancellation facilities must also be provided. This may be
provided using alternate protocols in case the same is not supported by
WAP.
50.3.3 Trade confirmation should be provided to the user through e-mail and/or
on the mobile phone.
50.4 System operations
50.4.1 Brokers should follow the similar logic/priorities used by the Exchange
to treat client orders.
50.4.2 Orders/ trades placed through either fixed Internet or WAP system
should be accessible from both systems.
50.4.3 Brokers should maintain all activities/ alerts log with audit trail facility.
50.4.4 Broker Web Server should have internally generated unique numbering
for all client order/trades.
50.5 Risk Management
50.5.1 It is emphasised that risk management should be comprehensive and

the risk management systems should take into account the overall
positions of clients, irrespective of the medium of trading.
138
51. Securities Trading using Wireless Technology62
51.1 SEBI registered brokers who provide Internet Based Trading shall be eligible
to provide securities trading using wireless technology. All relevant
requirements applicable to internet based trading shall also be applicable to
securities trading using wireless technology.
51.2 Securities Trading using Wireless technology shall include devices such as
mobile phone, laptop with data card, etc, that use Internet Protocol (IP).
51.3 In addition, the stock exchange shall ensure that the broker complies with the
following:
51.3.1 There shall be secure access, encryption and security of

communication for internet based trading and securities trading using
wireless technology. DOT policy and regulation shall govern the level of
encryption.
51.3.2 Adequate measures should be taken for user identification,

authentication and access control using means such as user-id,
passwords, smart cards, biometric devices or other reliable means, to
prevent misuse of facility by unauthorized persons.
51.3.3 Unique identification number as given in case of internet based trading

shall be made applicable for securities trading using wireless
technology.
51.3.4 In case of failure of the wireless network, alternative means of

communication for placing orders should be available.
51.3.5 Additional provisions specifying possible risks, responsibilities and

liabilities associated with securities trading using wireless technology
should be incorporated in the Broker-Client agreement as an addendum
or by bringing to the notice of clients, who are desirous of availing such
facility, and taking their concurrence on the same.
51.3.6 As it may not be possible to give detailed information to the investor on

a hand held device e.g. mobile phones, it may be ensured that minimum
62 Reference: Circular CIR/MRD/DP/ 25/2010 dated August 27, 2010.

139
information may be given with addresses of the Internet web site/web
page where detailed information would be available.
51.3.7 Order confirmation should be provided to the user on submitting the

order. Order modification / cancellation facilities should also be
provided. Trade confirmation should be provided to the user, along with
history of trades for the day.
51.3.8 Session login details should not be stored on the devices used for
internet based trading and securities trading using wireless technology.
51.3.9 Network security protocols and interface standards should be as per

prevalent industry standards and sound audit trails should be available
for all transactions conducted using wireless devices.
51.3.10 The broker’s server routing orders to the exchange trading system shall
be located in India.
51.3.11 Stock exchanges shall arrange for periodic systems audits of broker
systems to ensure that requirements specified in the circulars are being
met.
51.3.12 Stock exchange shall also include securities trading using wireless
technology in their ongoing investor awareness and educational
programme.
51.4 Stock exchanges may take such other measures and implement such other
safeguards as they deem fit to ensure security and integrity of transactions
conducted using wireless technology.
52. Additional Requirements for Internet Based Trading (IBT) and Securities
trading using Wireless Technology (STWT)63
52.1 The stock exchange shall ensure that the broker comply with the following
52.1.1 The broker shall capture the IP (Internet Protocol) address (from where
the orders are originating), for all IBT/ STWT orders.
63 Reference: Circular CIR/MRD/DP/08/2011 dated June 30, 2011.

140
52.1.2 The brokers system should have built-in high system availability to
address any single point failure.
52.1.3 There should be secure end-to-end encryption for all data transmission
between the client and the broker through a Secure Standardized
Protocol. A procedure of mutual authentication between the client and
the broker server should be implemented.
52.1.4 The broker system should have adequate safety features to ensure it is
not susceptible to internal/ external attacks
52.1.5 In case of failure of IBT/ STWT, the alternate channel of communication

shall have adequate capabilities for client identification and
authentication.
52.1.6 Two-factor authentication for login session may be implemented for all
orders emanating using Internet Protocol. Public Key Infrastructure
(PKI) based implementation using digital signatures, supported by one
of the agencies certified by the government of India, is advisable.
Further the two factors in the Two-factor authentication framework
should not be same.
52.1.7 In case of no activity by the client, the system should provide for
automatic trading session logout.
Further to the above, the following practice is advisable –
52.1.8 The back-up and restore systems implemented by the broker should be
adequate to deliver sustained performance and high availability. The
broker system should have on-site as well as remote site back-up
capabilities
53. Direct Market Access facility64
53.1 Direct Market Access (DMA) is a facility which allows brokers to offer clients
direct access to the exchange trading system through the broker’s
infrastructure without manual intervention by the broker. Some of the
64Reference: Circular MRD/DoP/SE/CIR-7/2008 dated April 03, 2008,

Circular MRD/DoP/SE/CIR-03/2009 dated February 20, 2009 and
Circular CIR/MRD/DP/20/2012 dated August 02, 2012.
141
advantages offered by DMA are direct control of clients over orders, faster
execution of client orders, reduced risk of errors associated with manual order
entry, greater transparency, increased liquidity, lower impact costs for large
orders, better audit trails and better use of hedging and arbitrage opportunities
through the use of decision support tools / algorithms for trading.
53.2 While ensuring conformity with the provisions of the SCRA 1956, Stock
Exchanges may facilitate Direct Market Access for investors subject to the
following conditions:
53.3 Application for Direct Market Access (DMA) facility
53.3.1 Brokers interested to offer DMA facility shall apply to the respective
stock exchanges giving details of the software and systems proposed
to be used, which shall be duly certified by a Security Auditor as reliable.
53.3.2 The stock exchange should grant approval or reject the application as
the case may be and communicate its decision to the member within
thirty calendar days of the date of completed application submitted to
the exchange.
53.3.3 The stock exchange, before giving permission to brokers to offer DMA
facility shall ensure the fulfillment of the conditions specified below.
53.4 Operational specifications
53.4.1 All DMA orders shall be routed to the exchange trading system through
the broker’s trading system. The broker’s server routing DMA orders to
the exchange trading system shall be located in India.
53.4.2 The broker should ensure sound audit trail for all DMA orders and trades
and be able to provide identification of actual user-id for all such orders
and trades. The audit trail data should available for at least five years.
53.4.3 Exchanges should be able to identify and distinguish DMA orders and
trades from other orders and trades. Exchanges shall maintain
statistical data on DMA trades and provide information on the same to
SEBI on a need basis.
53.4.4 The DMA system shall have sufficient security features including
142
password protection for the user ID, automatic expiry of passwords at
the end of a reasonable duration, and reinitialisation of access on
entering fresh passwords.
53.4.5 In case where the clients access the DMA server of the broker through
a third party service provider, the password maintenance and
authentication can be done either by the broker of by third party network
service provider, so long as the exchange/broker ensures secured
access and communication and a sound audit trail for all DMA orders/
trades. The authorized user and client details should be part of the order
details received and authenticated at the DMA server of the broker.65
53.4.6 Brokers should follow the similar logic/priorities used by the Exchange
to treat DMA client orders. Brokers should maintain all activities/ alerts
log with audit trail facility. The DMA Server should have internally
generated unique numbering for all such client order/trades.
53.4.7 A systems audit of the DMA systems and software shall be periodically
carried out by the broker as may be specified by the exchange and
certificate in this regard shall be submitted to the exchange.
53.4.8 The exchanges and brokers should provide for adequate systems and
procedures to handle the DMA trades.
53.5 Risk Management
53.5.1 The broker shall ensure that trading limits/ exposure limits/ position
limits are set for all DMA clients based on risk assessment, credit quality
and available margins of the client. The broker system shall have
appropriate authority levels to ensure that the limits can be set up only
by persons authorized by the risk / compliance manager.
53.5.2 The broker shall ensure that all DMA orders are routed through
electronic/automated risk management systems of the broker to carry
out appropriate validations of all risk parameters including Quantity
Limits, Price Range Checks, Order Value, and Credit Checks before the
orders are released to the Exchange.
65
Letter no MRD/DoP/NSE/129791/2008 dated June 24, 2008
143
53.5.3 All DMA orders shall be subjected to the following limits:
a. Order quantity / order value limit in terms of price and quantity

specified for the client.
b. All the position limits which are specified in the derivatives segment
as applicable.
c. Net position that can be outstanding so as to fully cover the risk
emanating from the trades with the available margins of the specific
client.
d. Appropriate limits for securities which are subject to FII limits as
specified by the Reserve Bank of India.
53.5.4 The broker may provide for additional risk management parameters as
they may consider appropriate.
53.6 Broker to be liable for DMA trades
The broker shall be fully responsible and liable for all orders emanating through
their DMA systems. It shall be the responsibility of the broker to ensure that
only clients who fulfill the eligibility criteria are permitted to use the DMA facility.
53.7 Cross Trades
Brokers using DMA facility for routing client orders shall not be allowed to cross
trades of their clients with each other. All orders must be offered to the market
for matching.
53.8 Other legal provisions
In addition to the requirements mentioned above, all existing obligations of the

broker as per current regulations and circulars will continue without change.
Exchanges may also like to specify additional safeguards / conditions as they
may deem fit for allowing DMA facilities to their brokers.
53.9 The facility of DMA provided by the stock broker shall be used by the client or
an investment manager of the client. A SEBI registered entity shall be
permitted to act as an investment manager on behalf of institutional clients. In
case the facility of DMA is used by the client through an investment manager,
the investment manager may execute the necessary documents on behalf of
the client(s).
144
53.10 The facility of DMA provided by the stock broker shall be used by the client or
an investment manager of the client. A SEBI registered entity shall be
permitted to act as an investment manager on behalf of institutional clients. In
case the facility of DMA is used by the client through an investment manager,
the investment manager may execute the necessary documents on behalf of
the client(s).
53.11 The exchange/ broker shall ensure that proper audit trails are available to
establish identity of the ultimate client. The exchange may put in place such
other safeguards as it deems fit to mitigate any concerns it may have.
53.12 The terms and Conditions for the purpose of DMA is specified in paras 53.13
to 53.49 below. The “Terms and Conditions” shall be provided to the client or
investment manager acting on behalf of a client (s) for availing the DMA facility.
In case the DMA facility provided by the stock broker is used by the client the
paras 53.13 to 53.30 shall be applicable. In case the DMA facility provided by
the stock broker is used by the client through an investment manager the paras
53.31 to 53.48 shall be applicable and additionally, the investment manager
shall provide to the stock broker the details as specified at para 53.49 (Table
13).
DMA FACILITY USED BY THE CLIENT
53.13 The client is expected to be fully aware of the risks associated with the market
and the financial instruments being traded on stock exchanges through DMA.
The client shall be responsible for complying with laws, rules, regulations,
notifications etc issued by regulatory authorities as may be applicable from
time to time.
53.14 The client shall ensure that DMA facility provided by the Broker is used only to
execute the trades of the client and shall not be used for transactions on behalf
of any other person / entity.
53.15 The client shall be responsible for ensuring that, only persons authorized by it
shall access and use the DMA facility provided by the Broker. All orders
originating from such facility / system shall be deemed to be authorized by the
client.
53.16 Where the client accesses or proposes to access the Broker’s DMA platform
through external applications, including but not restricted to services of third
145
party service provider(s), own application(s), etc., the client shall ensure that
such applications have adequate security features including but not limited to
access controls, password protection etc; and that appropriate agreement(s)
with such third party service provider(s) etc. for ensuring secured access and
communication has been executed and are in place.
53.17 The client shall ensure that no person authorized by them to place orders
through DMA facility provided by the broker has been / is involved in any
adverse action by any regulatory authorities in any jurisdiction.
53.18 The client shall provide the names of authorized individual users to the broker
prior to placing DMA orders.
53.19 The client shall not use or allow the use of DMA facility to engage in any form
of market misconduct including insider trading and market manipulation or
conduct that is otherwise in breach of applicable laws, rules and regulation.
53.20 The client is aware that Algorithmic trading i.e. generation of orders using
automated execution logic is governed by Algorithmic trading guidelines
issued by SEBI and Exchanges and requires prior approval of the exchanges.
The client shall ensure that new algorithms and changes to existing approved
algorithms are not used through the DMA facility without prior approval of
concerned stock exchanges. The client shall ensure that it has necessary
checks and balances, in place to identify and control dysfunctional algorithms
and the Broker shall have the right to shut down the DMA facility and remove
any outstanding client orders in case of any suspected dysfunctional algo.
53.21 The client is aware that authentication technologies and strict security
measures are required for routing orders through DMA facility and undertakes
to ensure that the password of the client and/or his representative are not
revealed to any third party.
53.22 The client acknowledges that all DMA orders placed by them through the DMA
facility would be validated by the risk management system of the broker. The
Broker has the right to accept or reject any DMA order placed by the client at
its sole discretion.
53.23 The client shall be solely responsible for all acts or omissions of any person
using a DMA facility and shall be bound to accept and settle all transactions
executed through the DMA facility provided by the Broker notwithstanding that
146
such order(s) may have been submitted erroneously or by an unauthorized
user, or that its data is inaccurate or incomplete when submitted, or the client
subsequently determines for whatever reason that the order should not have
been submitted.
53.24 The client shall notify the Broker in the event of DMA facility being
compromised. Upon receipt of this notice, client’s DMA facility shall be
promptly disabled but the client shall continue to be responsible for any misuse
of the DMA facility or any orders placed through the DMA facility as a result of
the compromise of the DMA facility at their end. The Broker shall not be liable
for any loss, liability or cost whatsoever arising as a result of any unauthorized
use of DMA facility at the client’s end.
53.25 In the event of winding-up or insolvency of the client or his otherwise becoming
incapable of settling their DMA obligation, broker may close out the transaction
of the client as permissible under bye-laws, rules, regulations of the
exchanges. The client shall continue to be liable for any losses, costs,
damages arising thereof.
53.26 The client is fully aware of the risks of transmitting DMA orders to the Broker’s
DMA facility through vendor systems or service providers and the Broker is not
responsible for such risks.
53.27 The client should be aware of the fact that neither the DMA facility will be
uninterrupted nor error free nor the results that may be obtained from the use
of the service or as to the timeliness, sequence, accuracy, completeness,
reliability or content of any information, service or transaction provided through
DMA. The DMA service is provided on an "as is", "as available" basis without
warranties of any kind, either express or implied, including, but not limited to,
those of information access, order execution, merchantability and fitness for a
particular purpose. The Broker shall not be liable for any loss, damage or injury
including but not limited to direct lost profits or trading losses or any
consequential, special, incidental, indirect, or similar damages from the use or
inability to use the service or any part thereof.
53.28 The Broker shall have the right to withdraw the DMA facility in case of:-
53.28.1 Breach of the limits imposed by the broker or any regulatory authority.
53.28.2 On account of any misuse of the DMA facility by the client or on

147
instructions from SEBI/Exchanges.
53.28.3 Any other reason, at the discretion of the broker.
Broker shall endeavor to give reasonable notice to the client in such instances.
53.29 The Broker shall not be liable or responsible for non-execution of the DMA
orders of the client due to any link/system failure at the client/ Broker/
exchange(s) end.
53.30 This document shall not be altered, amended and /or modified by the parties
in a manner that shall be in contravention of any other provisions of this
document. Any additional terms and conditions should not be in contravention
with rules / regulations /bye-laws/circulars, of the relevant authorities including
applicable stock exchanges as amended from time to time.
DMA FACILITY USED BY THE CLIENT THROUGH AN INVESTMENT MANAGER
53.31 The client shall be solely responsible for all acts or omissions of any person
using a DMA facility and shall be bound to accept and settle all transactions
executed through the DMA facility provided by the Broker to the investment
manager acting on behalf of the client, notwithstanding that such order(s) may
have been submitted erroneously or by an unauthorized user, or that its data
is inaccurate or incomplete when submitted, or the client subsequently
determines for whatever reason that the order should not have been submitted.
53.32 The investment manager is expected to be fully aware of the risks associated
with the market and the financial instruments being traded on stock exchanges
through DMA. The investment manager shall be responsible for complying with
laws, rules, regulations, notifications etc. issued by regulatory authorities as
may be applicable from time to time.
53.33 Where the DMA facility provided by the Broker is used to execute trade on
behalf of one or more clients, by the investment manager, then it is represented
and warranted that, at each time an order is placed by such investment
manager through the DMA facility of the Broker –
53.33.1 The investment manager has due authority to deal on behalf of the
client(s) through the Broker, specifying the roles and responsibilities of
the investment manager in execution of transactions on behalf of the
148
client(s).
53.33.2 The investment manager shall comply with any applicable laws, rules
and regulations affecting or relating to trading operations.
53.33.3 The investment manager and the client(s) are bound by the terms and
conditions hereof;
53.33.4 The investment manager using the DMA facility for routing client(s)
orders shall not cross trades of their client(s) with each other.
Accordingly, all orders should be offered in the market.
53.33.5 The stock exchange or SEBI may at any time call for any information
from a client(s) or an investment manager acting on behalf of the
client(s) with respect to any matter relating to the activity of the
investment manager. The investment manager shall also furnish any
information specifying the roles and responsibilities of the investment
manager in execution of transactions on behalf of the client(s), as and
when required by the exchanges or SEBI.
53.34 The investment manager shall be responsible for ensuring that, only persons
authorized by it shall access and use the DMA facility provided by the Broker.
All orders originating from such facility / system shall be deemed to be
authorized by the client.
53.35 Where the investment manager accesses or proposes to access the Broker’s
DMA platform through external applications, including but not restricted to
services of third party service provider(s), own application(s), etc., the
investment manager shall ensure that such applications have adequate
security features including but not limited to access controls, password
protection etc; and that appropriate agreement(s) with such third party service
provider(s) etc. for ensuring secured access and communication has been
executed and are in place.
53.36 The investment manager shall ensure that no person authorized by them to
place orders through DMA facility provided by the broker has been / is involved
in any adverse action by any regulatory authorities in any jurisdiction.
53.37 The investment manager shall provide the names of authorized individual
users to the broker prior to placing DMA orders.
149
53.38 The investment manager shall not use or allow the use of DMA facility to
engage in any form of market misconduct including insider trading and market
manipulation or conduct that is otherwise in breach of applicable laws, rules
and regulation.
53.39 The investment manager is aware that Algorithmic trading i.e. generation of
orders using automated execution logic is governed by Algorithmic trading
guidelines issued by SEBI and Exchanges and requires prior approval of the
exchanges. The investment manager shall ensure that new algorithms and
changes to existing approved algorithms are not used through the DMA facility
without prior approval of concerned stock exchanges. The investment
manager shall ensure that it has necessary checks and balances, in place to
identify and control dysfunctional algorithms and the Broker shall have the right
to shut down the DMA facility and remove any outstanding client orders in case
of any suspected dysfunctional algo.
53.40 The investment manager is aware that authentication technologies and strict
security measures are required for routing orders through DMA facility and
undertakes to ensure that the password of the investment manager and/or his
representative are not revealed to any third party.
53.41 The investment manager acknowledges that all DMA orders placed by them
through the DMA facility would be validated by the risk management system
of the broker. The Broker has the right to accept or reject any DMA order
placed by the investment manager at its sole discretion.
53.42 The investment manager shall notify the Broker in the event of DMA facility
being compromised. Upon receipt of this notice, client’s DMA facility shall be
promptly disabled but the client shall continue to be responsible for any misuse
of the DMA facility or any orders placed through the DMA facility as a result of
the compromise of the DMA facility at their end. The Broker shall not be liable
for any loss, liability or cost whatsoever arising as a result of any unauthorized
use of DMA facility at the client’s end.
53.43 In the event of winding-up or insolvency of the client or his otherwise becoming
incapable of honoring their DMA obligation, broker may close out the
transaction of the client as permissible under bye-laws, rules, regulations of
the exchanges. The client shall continue to be liable for any losses, costs,
damages arising thereof.
150
53.44 The investment manager is fully aware of the risks of transmitting DMA orders
to the Broker’s DMA facility through vendor systems or service providers and
the Broker is not responsible for such risks.
53.45 The investment manager should be aware of the fact that neither the DMA
facility will be uninterrupted nor error free nor the results that may be obtained
from the use of the service or as to the timeliness, sequence, accuracy,
completeness, reliability or content of any information, service or transaction
provided through DMA. The DMA service is provided on an "as is", "as
available" basis without warranties of any kind, either express or implied,
including, but not limited to, those of information access, order execution,
merchantability and fitness for a particular purpose. The Broker shall not be
liable for any loss, damage or injury including but not limited to direct lost profits
or trading losses or any consequential, special, incidental, indirect, or similar
damages from the use or inability to use the service or any part thereof.
53.46 The Broker shall have the right to withdraw the DMA facility in case of:-
53.46.1 Breach of the limits imposed by the broker or any regulatory authority.
53.46.2 On account of any misuse of the DMA facility by the client/ investment
manager or on instructions from SEBI/Exchanges.
53.46.3 Any other reason, at the discretion of the broker.
53.47 The Broker shall not be liable or responsible for non-execution of the DMA
orders of the client due to any link/system failure at the client/ Broker/
exchange(s) end.
53.48 This document shall not be altered, amended and /or modified by the parties
in a manner that shall be in contravention of any other provisions of this
document. Any additional terms and conditions should not be in contravention
with rules / regulations /bye-laws/circulars, of the relevant authorities including
applicable stock exchanges as amended from time to time.
151
53.49 DETAILS TO BE PROVIDED TO THE STOCK BROKER
Table 13
On the letter head of the Investment manager
PART A
DETAILS OF THE INVESTMENT MANAGER:

NAME OF THE INVESTMENT MANAGER:
NAME OF THE HOME REGULATOR
COUNTRY OF JURISDICTION OF HOME
REGULATOR REGISTERED /REGULATED IN HOME JURISDICTION AS:
SEBI REGISTRATION NUMBER:
PART B
CLIENT(s) DETAILS:
S. NAME OF NAME OF REGULATED REGISTRATION PAN
No. THE THE IN INDIA AS NUMBER
ENTITY REGULATOR
54. Smart Order Routing66
54.1 Smart Order Routing allows the brokers trading engines to systematically
choose the execution destination based on factors viz. price, costs, speed,
likelihood of execution and settlement, size, nature or any other consideration
relevant to the execution of the order.
54.2 Stock Exchanges are advised to ensure the following conditions with regard to
the Smart Order Routing facility:
54.2.1 Stock broker interested to offer Smart Order Routing facility shall apply
to the respective stock exchanges.
66 Reference: Circular CIR/MRD/DP/26/2010 dated August 27, 2010 and Circular

CIR/MRD/DP/36/2010 dated December 09, 2010.
152
54.2.2 Stock broker shall submit a third party system audit of its Smart Order
Routing system and software. Stock exchanges shall disseminate to its
stock brokers a list of approved system auditors (CISA or equivalent)
qualified to undertake such system audits.
54.2.3 Stock broker shall provide the following to the respective stock
exchanges:
a. An undertaking to the respective stock exchanges that Smart Order

Routing shall route orders in a neutral manner.
b. Provide the features of the Smart Order Routing to stock exchange.
54.2.4 Stock exchange shall communicate its decision to the broker within
thirty calendar days from the date of receipt of complete application by
the stock exchange. Stock exchange shall not consider testing and
demonstration of the SOR system/software as a criterion for declaring
the application of the broker as ‘complete’. Further, testing and
demonstration of SOR system/software, if required, shall be suitably
scheduled within the aforesaid period of thirty calendar days.
54.2.5 In case of rejection of the application on smart order routing of a stock

broker, the stock exchange shall communicate such reasons of
rejections to the stock broker. Further, the decision of the stock
exchange on the SOR application of the stock broker and reasons for
rejection of the SOR application shall also be communicated to all the
other stock exchanges where the broker’s SOR facility intends to route
orders.
54.2.6 Stock exchange shall ensure that brokers adhere to the best execution
policy while using Smart Order Routing.
54.2.7 Smart Order Routing facility shall be provided to all class of investors.
54.2.8 Stock Broker shall communicate to all clients the features, possible
risks, rights, responsibilities and liabilities associated with the smart
order routing facility. The client desirous of availing such facility shall do
so by entering into a broker-client agreement, as applicable. For the
existing clients, the same shall be implemented through an addendum
to the existing broker-client agreement, as applicable.
153
54.2.9 Stock broker shall maintain logs of all activities to facilitate audit trail.
Broker shall maintain record of orders, trades and data points for the
basis of decision.
54.2.10 Stock exchange shall permit smart order routing for all orders, without
restricting to any specific type of order. The choice on order types shall
be left to the client.
54.2.11 If stock exchange desires to advise its brokers to seek re-approval, it

may do so only in case of –
a. Inclusion of a new stock exchange for offering SOR facility; and/or,

b. Material changes in the software/system of the smart order routing
facility.
54.2.12 In case the client has availed Smart Order Routing facility and does not
want to use the same for a particular order, the same shall be well
documented by the stock broker.
54.2.13 System audit of the Smart Order Routing systems and software shall be
periodically carried out by the brokers as may be specified by the
exchange and certificate in this regard shall be submitted to the
exchange.
54.2.14 Stock exchange shall ensure that Smart Order Routing is not used to
place orders at venues other than the recognised stock exchanges.
54.2.15 The stock broker shall carry out appropriate validation of all risk
parameters before the orders are placed in the Smart Order Routing
system.
54.2.16 Stock exchange shall provide unique identification number for the
orders placed through Smart Order Routing system. Further, stock
exchanges shall maintain data on Smart Order Routing orders and
trades.
54.2.17 Stock exchange shall have necessary surveillance mechanism in place

to monitor trading done through Smart Order Routing.
54.2.18 Stock broker shall ensure that alternative mode of trading system is
154
available in case of failure of Smart Order Routing facility.
54.2.19 Stock exchange shall ensure that within a period of three months from
implementation of Smart Order Routing, a system is put in place to time
stamp market data feed that is disseminated to the market, if the same
is not already available.
54.2.20 Stock exchange shall strengthen investor grievance cell in order to

address complaints, if any, received with regard to Smart Order Routing.
Further, in case of any disputes or complaints, stock exchanges shall
share necessary data as and when required in order to facilitate
necessary examination.
54.2.21 Stock exchange shall synchronise their system clocks with atomic clock
before the start of market.
54.2.22 The broker server routing orders placed through Smart Order Routing
system to the exchange trading system shall be located in India. Stock
exchange shall permit SOR approved brokers to offer SOR facility
through all their servers irrespective of their location in India.
54.2.23 All other existing obligations for the broker as per current regulations
and circulars will continue.
54.2.24 Stock exchange may specify additional safeguards as they deem fit for
allowing Smart Order Routing facility to their brokers.
55. Broad Guidelines on Algorithmic Trading67
55.1 Any order that is generated using automated execution logic shall be known
as algorithmic trading.
Guidelines to the stock exchanges and the stock brokers
55.2 Stock exchanges shall ensure the following while permitting algorithmic
trading:
55.2.1 The stock exchange shall have arrangements, procedures and system
67Reference: Circular CIR/MRD/DP/09/2012 dated March 30, 2012, Circular CIR/MRD/DP/16/2013

dated May 21, 2013 and Circular SEBI/HO/MIRSD/DOP/P/CIR/2022/117 dated September 02, 2022.
155
capability to manage the load on their systems in such a manner so as
to achieve consistent response time to all stock brokers. The stock
exchange shall continuously study the performance of its systems and,
if necessary, undertake system upgradation, including periodic
upgradation of its surveillance system, in order to keep pace with the
speed of trade and volume of data that may arise through algorithmic
trading.
55.2.2 In order to ensure maintenance of orderly trading in the market, stock

exchange shall put in place effective economic disincentives with regard
to high daily order-to-trade ratio of algo orders of the stock broker.
Further, the stock exchange shall put in place monitoring systems to
identify and initiate measures to impede any possible instances of order
flooding by algos.
55.2.3 The stock exchange shall ensure that all algorithmic orders are
necessarily routed through broker servers located in India and the stock
exchange has appropriate risk controls mechanism to address the risk
emanating from algorithmic orders and trades. The minimum order-level
risk controls shall include the following:
a. Price check - The price quoted by the order shall not violate the
price bands defined by the exchange for the security. For securities
that do not have price bands, dummy filters shall be brought into
effective use to serve as an early warning system to detect sudden
surge in prices.
b. Quantity Limit check - The quantity quoted in the order shall not
violate the maximum permissible quantity per order as defined by
the exchange for the security.
55.2.4 In the interest of orderly trading and market integrity, the stock exchange
shall put in place a system to identify dysfunctional algos (i.e. algos
leading to loop or runaway situation) and take suitable measures,
including advising the member, to shut down such algos and remove
any outstanding orders in the system that have emanated from such
dysfunctional algos. Further, in exigency, the stock exchange should be
in a position to shut down the broker’s terminal.
55.2.5 Terminals of the stock broker that are disabled upon exhaustion of
collaterals shall be enabled manually by the stock exchange in
156
accordance with its risk management procedures.
55.2.6 The stock exchange may seek details of trading strategies used by the
algo for such purposes viz. inquiry, surveillance, investigation, etc.
55.2.7 In order to strengthen the surveillance mechanism related to algorithmic

trading and prevent market manipulation, stock exchanges shall take
necessary steps to ensure effective monitoring and surveillance of
orders and trades resulting from trading algorithms. Stock exchanges
shall periodically review their surveillance arrangements in order to
better detect and investigate market manipulation and market
disruptions.
55.2.8 The stock exchange shall include a report on algorithmic trading on the
stock exchange in the Monthly Development Report (MDR) submitted
to SEBI inter-alia incorporating turnover details of algorithmic trading,
algorithmic trading as percentage of total trading, number of stock
brokers / clients using algorithmic trading, action taken in respect of
dysfunctional algos, status of grievances, if any, received and
processed, etc.
55.2.9 The stock exchange shall synchronize its system clock with the atomic
clock before the start of market such that its clock has precision of
atleast one microsecond and accuracy of atleast +/- one millisecond.
55.3 Stock exchange shall ensure that the stock broker shall provide the facility of
algorithmic trading only upon the prior permission of the stock exchange. Stock
exchange shall subject the systems of the stock broker to initial conformance
tests to ensure that the checks mentioned below are in place and that the stock
broker’s system facilitate orderly trading and integrity of the securities market.
Further, the stock exchange shall suitably schedule such conformance tests
and thereafter, convey the outcome of the test to the stock broker.
55.4 For stock brokers already providing algo trading, the stock exchange shall
ensure that the risk controls specified herein are implemented by the stock
broker.
55.5 The stock brokers / trading members that provide the facility of algorithmic
trading shall subject their algorithmic trading system to a system audit every
six months in order to ensure that the requirements prescribed by SEBI / stock
157
exchanges with regard to algorithmic trading are effectively implemented.
Such system audit of algorithmic trading system shall be undertaken by a
system auditor who possess any of the following certifications:
55.5.1 CISA (Certified Information System Auditors) from ISACA;
55.5.2 DISA (Post Qualification Certification in Information Systems Audit)

from Institute of Chartered Accountants of India (ICAI);
55.5.3 CISM (Certified Information Securities Manager) from ISACA;
55.5.4 CISSP (Certified Information Systems Security Professional) from

International Information Systems Security Certification Consortium,
commonly known as (ISC)².
55.6 Deficiencies or issues identified during the process of system audit of trading
algorithm / software shall be reported by the stock broker / trading member to
the stock exchange immediately on completion of the system audit. Further,
the stock broker / trading member shall take immediate corrective actions to
rectify such deficiencies / issues.
55.7 In case of serious deficiencies / issues or failure of the stock broker / trading
member to take satisfactory corrective action, the stock exchange shall not
allow the stock broker / trading member to use the trading software till
deficiencies / issues with the trading software are rectified and a satisfactory
system audit report is submitted to the stock exchange. Stock exchanges may
also consider imposing suitable penalties in case of failure of the stock broker
/ trading member to take satisfactory corrective action to its system within the
time-period specified by the stock exchanges.
55.8 The stock broker, desirous of placing orders generated using algos, shall
satisfy the stock exchange with regard to the implementation of the following
minimum levels of risk controls at its end -
55.8.1 Price check – Algo orders shall not be released in breach of the price
bands defined by the exchange for the security.
55.8.2 Quantity check – Algo orders shall not be released in breach of the
quantity limit as defined by the exchange for the security.
158
55.8.3 Order Value check - Algo orders shall not be released in breach of the
‘value per order’ as defined by the stock exchanges.
55.8.4 Cumulative Open Order Value check – The individual client level
cumulative open order value check, may be prescribed by the broker for
the clients. Cumulative Open Order Value for a client is the total value
of its unexecuted orders released from the stock broker system.
55.8.5 Automated Execution check – An algo shall account for all executed,
unexecuted and unconfirmed orders, placed by it before releasing
further order(s). Further, the algo system shall have pre-defined
parameters for an automatic stoppage in the event of algo execution
leading to a loop or a runaway situation.
55.8.6 All algorithmic orders are tagged with a unique identifier provided by the
stock exchange in order to establish audit trail.
55.9 The other risk management checks already put in place by the exchange shall
continue and the exchange may re-evaluate such checks if deemed necessary
in view of algo trading.
55.10 The stock broker, desirous of placing orders generated using algos, shall
submit to the respective stock exchange an undertaking that -
55.10.1 The stock broker has proper procedures, systems and technical
capability to carry out trading through the use of algorithms.
55.10.2 The stock broker has procedures and arrangements to safeguard

algorithms from misuse or unauthorized access.
55.10.3 The stock broker has real-time monitoring systems to identify algorithms
that may not behave as expected. Stock broker shall keep stock
exchange informed of such incidents immediately.
55.10.4 The stock broker shall maintain logs of all trading activities to facilitate
audit trail. The stock broker shall maintain record of control parameters,
orders, trades and data points emanating from trades executed through
algorithm trading.
55.10.5 The stock broker shall inform the stock exchange on any modification
159
or change to the approved algos or systems used for algos.
55.11 The stock exchange, if required, shall seek conformance of such modified algo
or systems to the requirements specified above.
55.12 In order to discourage repetitive instances of high daily order-to-trade ratio,

stock exchanges shall impose an additional penalty in form of suspension of
proprietary trading right of the stock broker / trading member for the first trading
hour on the next trading day in case a stock broker / trading member is
penalized for maintaining high daily order-to-trade ratio, provided penalty was
imposed on the stock broker / trading member on more than ten occasions in
the previous thirty trading days.
55.13 Stock Brokers who provide services relating to algorithmic trading shall not:
55.13.1 directly or indirectly make any reference to the past or expected future
return/performance of the algorithm; and/or
55.13.2 directly or indirectly associate with any platform providing any reference
to the past or expected future return/performance of the algorithm.
56. Testing of software used in or related to Trading and Risk Management68
56.1 The term ‘software’ shall mean electronic systems or applications used by
stock brokers / trading members for connecting to the stock exchanges and for
the purposes of trading and real-time risk management, including software
used for Internet Based Trading (IBT), Direct Market Access (DMA), Securities
Trading using Wireless Technology (STWT), Smart Order Routing (SOR),
Algorithmic Trading (AT) etc.
56.2 Testing of Software
56.2.1 In addition to the testing and approval requirements specified by SEBI

on IBT, DMA, STWT, SOR and AT, stock exchanges shall frame
appropriate testing policies for functional as well as technical testing of
the software. Such framework shall at the minimum include the
following:
68 Reference: Circular CIR/MRD/DP/24/2013 dated August 19, 2013 and Circular

CIR/MRD/DP/06/2014 dated February 07, 2014 and Circular SEBI/HO/MRD1/DSAP/CIR/P/2020/234 dated
November 24, 2020.
160
a. Testing in a simulated test environment: Stock exchanges shall
provide suitable facilities to market participants / software vendors
to test new software or existing software that have undergone
change. Subjecting the new software or existing software that have
undergone change to such testing facility shall be mandatory for
market participants, before putting it in use.
b. Mock testing
i. Stock exchanges shall organize mock trading sessions on

regular basis, atleast once in a calendar month, to facilitate
testing of new software or existing software that has undergone
any change of functionality, in a close-to-real trading
environment. Stock exchanges shall suitably design and plan
such mock trading sessions to ensure maximum participation
and sufficient trading volumes for the purpose of testing.
ii. Stock exchanges shall mandate a minimum time period for such
testing in the mock trading sessions.
iii. In order to improve the efficacy of the mock trading sessions,

all stock brokers / trading members shall ensure that all user-
ids approved for Algo trading, irrespective of the algorithm
having undergone change or not, shall participate in the mock
trading sessions.
iv. The requirement of mandatory mock trading sessions to

facilitate testing of new software or existing software that has
undergone any change of functionality shall be optional if a
Stock Exchange provides suitable simulated test environment
to test new software or existing software that has undergone
any change of functionality and ensures the following:
i. The test environment shall be made available to all the

members.
ii. The test environment shall be made available for at least
two hours after market hours and at least on two trading
days in a week.
iii. For the purpose of testing, Stock Exchange shall make
available data from at least one trading day in all segments
161
and the same shall not be older than one month from the
day of the testing environment.
iv. All trading members (excluding those who use only
Exchange provided front end and/or ASP services) having
approved Algorithms available with the member,
irrespective of the algorithm having undergone change or
not, shall participate in the Simulated Environment at least
on one trading day during each calendar month at all the
exchanges where they are members. This shall be audited
and reported in the System Auditors report.
v. Exchange shall provide a daily log, including Algos used, of
members participation in Simulated Environment to all
participating members. The Exchange shall provide
summary report of such activity to SEBI in the monthly
development report (MDR).
c. User Acceptance Test (UAT): The stock broker / trading member

shall undertake UAT of the software to satisfy itself that the newly
developed / modified software meets its requirements.
d. With respect to testing of software related to (i) fixes to bugs in the

software, (ii) changes undertaken to the stock brokers’ software /
systems pursuant to a change to any stock exchange's trading
system, and (iii) software purchased from a software vendor that
has already been tested in the mock environment by certain number
of stock brokers, stock exchanges may prescribe a faster approval
process to make the process of approval expeditious.
56.2.2 Stock brokers / trading members shall also engage system auditor(s) to
examine reports of mock tests and UAT in order to certify that the tests
were satisfactorily undertaken.
56.2.3 Stock exchanges shall monitor compliance of stock brokers / trading

members, who use trading algorithm, with regard to the requirement of
participation in mock trading session as mandated herein. In cases
where stock exchanges find that the stock broker / trading member has
failed to participate in such mock trading sessions, stock exchange shall
call for reasons and if found unsatisfactory, shall suspend the
proprietary trading rights of the stock broker / trading member for a
minimum period of one trading day.
162
56.2.4 Stock exchanges shall also ensure that the system auditors examine
the compliance of stock broker / trading member, who use trading
algorithms, with regard to the requirement of participation in mock
trading session, as mandated herein, and provide suitable comments in
the periodic system audit report. In cases where the system audit report
indicate that the stock broker / trading member has failed to participate
in such mock trading sessions, stock exchange shall call for reasons
from the stock broker / trading member and if found unsatisfactory, shall
suspend the proprietary trading rights of the stock broker / trading
member for a minimum period of one trading day.
56.2.5 For pre-approval / periodic system audit of Computer-to-Computer Link

(CTCL) or Intermediate Messaging Layer (IML), IBT, DMA, STWT, SOR
and AT, stock brokers / trading members shall engage a system auditor
with any of the certifications specified in para 55.5.1 to 55.5.4 above.
While finalizing the system auditor, stock brokers / trading members
shall ensure the system auditor does not have any conflict of interest
with the stock broker and the directors / promoters of the system auditor
are not directly or indirectly related to the current directors or promoters
of stock broker / trading member.
56.3 Approval of Software of stock broker / trading member
56.3.1 Stock brokers / trading members shall seek approval of the respective
stock exchanges for deployment of the software in the securities market
by submitting necessary details required by stock exchange including
details of software, tests undertaken and certificate / report provided by
the system auditor. Stock exchange may seek additional details as
deemed necessary for evaluating the application of the stock broker /
trading member.
56.3.2 Stock exchanges shall grant approval or reject the application of the
stock broker as the case may be, and communicate the decision to the
stock broker / trading member within fifteen working days from the date
of receipt of completed application (or within any other such time period
specified vide SEBI circulars on DMA, IBT, STWT, SOR, AT, etc.). In
case of rejection of the application, the stock exchange shall also
communicate reasons of rejection to the stock broker / trading member
within such time period.
163
56.3.3 Before granting approval to use software in securities market, stock
exchange shall ensure that the requirements specified by SEBI / stock
exchange with regard to software are met by the stock broker / trading
member.
56.3.4 Stock exchanges may suitably schedule the requirements of mock

testing, certification of test reports by system auditor(s) and the software
approval process, so as to facilitate a speedy approval and a smooth
transition of the stock brokers to the new / upgraded software.
56.3.5 In order to ensure that stock brokers are not using software without
requisite approval of the stock exchanges, stock exchanges are advised
to put in place suitable mechanism to prevent any unauthorized change
to the approved software.
56.4 Undertaking to be provided by stock brokers / trading members
56.4.1 Stock brokers / trading members shall submit an undertaking to the

respective stock exchanges stating the following at the minimum:
a. M/s …….(name of the stock broker / trading member)…… will take

all necessary steps to ensure that every new software and any
change thereupon to the trading and/or risk management
functionalities of the software will be tested as per the framework
prescribed by SEBI / stock exchange before deployment of such
new / modified software in securities market.
b. M/s …….(name of the stock broker / trading member)…… will
ensure that approval of the stock exchange is sought for all new /
modified software and will comply with various requirements
specified by SEBI or the stock exchange from time to time with
regard to usage, testing and audit of the software.
c. The absolute liability arising from failure to comply with the above
provisions shall lie entirely with M/s …….(name of the stock broker
/ trading member)…….
56.4.2 Stock exchanges may include additional clauses as deemed necessary

in the undertaking.
56.5 Sharing of Application Programming Interface (API) specifications by the stock

164
exchange with stock brokers / trading members:
56.5.1 API is an interface that enables interaction of software with other

software and typically includes language and message format that is
used by an application program to communicate with the operating
system or other application program. Stock brokers / trading members
and software vendors require relevant API specifications to facilitate
interaction of the developed software with the systems of the stock
exchanges.
56.5.2 Stock exchanges shall provide relevant API specifications to all stock
brokers / trading members and software vendors who are desirous of
developing software for the securities market, after establishing their
respective credentials.
56.5.3 In case of refusal to share APIs, stock exchanges shall provide reasons
in writing to the desirous stock brokers / trading members or software
vendors within a period of fifteen working days from the date of receipt
of such request for sharing of API.
56.5.4 Further, stock exchanges shall not selectively release updates /

modifications, if any, of the existing API specifications to few stock
brokers / trading members or software vendors ahead of others and
shall provide such updated / modified API specifications to all stock
brokers / trading members and software vendors with whom the earlier
API specifications were shared.
56.6 Penalty on malfunction of software used by stock broker / trading member:
Stock exchanges shall examine the cases of malfunctioning of software used

by stock brokers / trading members and apply deterrent penalties in form of
fines or suspension to the stock broker / trading member whose software
malfunctioned. In addition, stock brokers / trading members shall implement
various mechanisms including the following to minimize their losses in the
event of software malfunction:
56.6.1 include suitable clauses in their agreement with the software vendors to
define liabilities of software vendor and stock broker / trading member
in case of software malfunction, and / or,
165
56.6.2 consider taking suitable insurance cover to meet probable losses in
case of software malfunction.
56.7 With regard to changes / updates to stock broker's trading software that intend
to modify the 'look and feel' and do not affect the risk management system of
the stock broker or the connectivity of the trading software with stock
exchange's trading system, it is clarified that mock testing and consequent
system audit may not be insisted upon by the stock exchanges.
56.8 Stock exchanges shall direct their stock brokers to put in place adequate
mechanism to restore their trading systems to 'production state' at the end of
testing session so as to ensure integrity of stock brokers' trading system.
57. Safeguards to avoid trading disruption in case of failure of software vendor69
57.1 Software vendors who provide software to market participants and market
infrastructure institutions for the purpose of trading, risk management, clearing
and settlement play a crucial role in the securities market. Any inability on the
part of such software vendors to provide software or related services in timely
and continuous manner may create a situation of stress in the securities
market.
57.2 Adequate mechanism / procedure should be in place to ensure smooth

transition by stock broker(s) to another software vendor in case of inability of
the existing software vendor to provide software and related services in timely
and continuous manner.
57.3 Stock exchanges may advise the stock brokers to take the following measures:
57.3.1 Explore the possibility of establishing a 'software escrow arrangement'

with their existing software vendors.
57.3.2 In case of large stock brokers, consider reducing dependence on a

single software vendor for trading and risk management systems, by
engaging more than one software vendor.
57.3.3 Consider including the following in their contracts with the software
vendors:
69 Reference: Circular CIR/MRD/DP/07/2014 dated February 11, 2014.

166
a. access to documents related to design and development
specifications in the event software vendor fails to provide
continuous and timely services to the stock broker;
b. development of expertise at the end of the stock broker through
appropriate training with regard to software usage and
maintenance;
c. appropriate penalty clauses for cases of disruptions to the trading
system of the stock broker on account of (i) software vendor failing
to provide continuous and timely services to the stock broker or (ii)
glitches to the software provided by the software vendor;
d. obligation on the part of the software vendor to cooperate in case of
audit of software including forensic audit, if required.
58. Cyber Security and Cyber resilience framework for Stock Brokers.70
58.1 Stock brokers perform significant functions in providing services to holder of

securities. So it is desirable that these entities have robust cyber security and
cyber resilience framework in order to provide essential facilities and perform
systematically critical functions relating to securities market. Accordingly, a
framework on Cyber security and cyber resilience has been designed and
prescribed at paras 58.3 to 58.6 below.
58.2 The Stock Brokers are mandated to conduct comprehensive cyber audit at
least once in a financial year. All Stock Brokers shall submit with Stock
Exchange a declaration from the MD/ CEO/ Partners/ Proprietors certifying
compliance by the Stock Brokers with all SEBI Circulars and advisories related
to Cyber security from time to time, along with the Cyber audit report.
58.3 Cyber-attacks and threats attempt to compromise the Confidentiality, Integrity

and Availability (CIA) of the computer systems, networks and databases
(Confidentiality refers to limiting access of systems and information to
authorized users, Integrity is the assurance that the information is reliable and
accurate, and Availability refers to guarantee of reliable access to the systems
and information by authorized users). Cyber security framework includes
Reference: Circular SEBI/HO/MIRSD/CIR/PB/2018/14 dated December

70
03, 2018, Circular
CIR/HO/MIRSD/DOS2/CIR/PB/2019/038 dated March 15, 2019, Circular
SEBI/HO/MIRSD/DOP/CIR/P/2019/109 dated October 15, 2019, Circular
SEBI/HO/MIRSD/TPD/P/CIR/2022/80 dated June 07, 2022 and Circular
SEBI/HO/MIRSD/TPD/P/CIR/2022/93 dated June 30, 2022
167
measures, tools and processes that are intended to prevent cyber-attacks and
improve cyber resilience. Cyber Resilience is an organization’s ability to
prepare and respond to a cyber-attack and to continue operation during, and
recover from, a cyber-attack.
Governance
58.4 As part of the operational risk management framework to manage risk to

systems, networks and databases from cyber-attacks and threats, Stock
Brokers should formulate a comprehensive Cyber Security and Cyber
Resilience policy document encompassing the framework mentioned
hereunder. In case of deviations from the suggested framework, reasons for
such deviations, technical or otherwise, should be provided in the policy
document. The policy document should be approved by the Board / Partners /
Proprietor of the Stock Broker. The policy document should be reviewed by the
aforementioned group at least annually with the view to strengthen and
improve its Cyber Security and Cyber Resilience framework.
58.5 The Cyber Security Policy should include the following process to identify,
assess, and manage Cyber Security risk associated with processes,
information, networks and systems:
a. ‘Identify’ critical IT assets and risks associated with such assets.
b. ‘Protect’ assets by deploying suitable controls, tools and measures.
c. ‘Detect’ incidents, anomalies and attacks through appropriate monitoring
tools/processes.
d. ‘Respond’ by taking immediate steps after identification of the incident,
anomaly or attack.
e. ‘Recover’ from incident through incident management and other
appropriate recovery mechanisms.
58.6 The Cyber Security Policy of Stock Brokers trading through APIs based
terminal should consider the principles prescribed by National Critical
Information Infrastructure Protection Centre (NCIIPC) of National Technical
Research Organization (NTRO), Government of India (titled ‘Guidelines for
Protection of National Critical Information Infrastructure’) and subsequent
revisions, if any, from time to time.
58.7 Stock Brokers trading through APIs based terminal may refer to best practices
from international standards like ISO 27001, COBIT 5, etc., or their subsequent
revisions, if any, from time to time.
168
58.8 Stock Brokers should designate a senior official or management personnel
(henceforth, referred to as the “Designated Officer”) whose function would be
to assess, identify, and reduce security and Cyber Security risks, respond to
incidents, establish appropriate standards and controls, and direct the
establishment and implementation of processes and procedures as per the
Cyber Security Policy.
58.9 The Board / Partners / Proprietor of the Stock Brokers shall constitute a
Technology Committee comprising experts. This Technology Committee
should on a half yearly basis review the implementation of the Cyber Security
and Cyber Resilience policy approved by their Board / Partners / Proprietor,
and such review should include review of their current IT and Cyber Security
and Cyber Resilience capabilities, set goals for a target level of Cyber
Resilience, and establish plans to improve and strengthen Cyber Security and
Cyber Resilience. The review shall be placed before the Board / Partners /
Proprietor of the Stock Brokers for appropriate action.
58.10 Stock Brokers should establish a reporting procedure to facilitate

communication of unusual activities and events to the Designated Officer in a
timely manner.
58.11 The Designated officer and the technology committee of the Stock Brokers
should periodically review instances of cyber-attacks, if any, domestically and
globally, and take steps to strengthen Cyber Security and cyber resilience
framework.
58.12 Stock Brokers should define responsibilities of its employees, outsourced staff,
and employees of vendors, members or participants and other entities, who
may have privileged access or use systems / networks of Stock Brokers
towards ensuring the goal of Cyber Security.
Identification
58.13 Stock Brokers shall identify and classify critical assets based on their sensitivity
and criticality for business operations, services and data management. The
critical assets shall include business critical systems, internet facing
applications /systems, systems that contain sensitive data, sensitive personal
data, sensitive financial data, Personally Identifiable Information (PII) data, etc.
All the ancillary systems used for accessing/communicating with critical
systems either for operations or maintenance shall also be classified as critical
169
system. The Board/Partners/Proprietor of the Stock Brokers shall approve the
list of critical systems. To this end, Stock Brokers shall maintain up-to date
inventory of its hardware and systems, software and information assets
(internal and external), details of its network resources, connections to its
network and data flows.
58.14 Stock Brokers should accordingly identify cyber risks (threats and
vulnerabilities) that it may face, along with the likelihood of such threats and
impact on the business and thereby, deploy controls commensurate to the
criticality.
Protection
Access controls
58.15 No person by virtue of rank or position should have any intrinsic right to access
confidential data, applications, system resources or facilities.
58.16 Any access to Stock Brokers systems, applications, networks, databases, etc.,
should be for a defined purpose and for a defined period. Stock Brokers should
grant access to IT systems, applications, databases and networks on a need-
to-use basis and based on the principle of least privilege. Such access should
be for the period when the access is required and should be authorized using
strong authentication mechanisms.
58.17 Stock Brokers should implement an access policy which addresses strong
password controls for users’ access to systems, applications, networks and
databases. Illustrative examples for this are given in Illustration C.
58.18 All critical systems of the Stock Broker accessible over the internet should have
two-factor security (such as VPNs, Firewall controls etc.)
58.19 Stock Brokers should ensure that records of user access to critical systems,
wherever possible, are uniquely identified and logged for audit and review
purposes. Such logs should be maintained and stored in a secure location for
a time period not less than two years.
58.20 Stock Brokers should deploy controls and security measures to supervise staff
with elevated system access entitlements (such as admin or privileged users)
to Stock Broker’s critical systems. Such controls and measures should inter-
170
alia include restricting the number of privileged users, periodic review of
privileged users’ activities, disallow privileged users from accessing systems
logs in which their activities are being captured, strong controls over remote
access by privileged users, etc.
58.21 Employees and outsourced staff such as employees of vendors or service

providers, who may be given authorized access to the Stock Brokers critical
systems, networks and other computer resources, should be subject to
stringent supervision, monitoring and access restrictions.
58.22 Stock Brokers should formulate an Internet access policy to monitor and
regulate the use of internet and internet based services such as social media
sites, cloud-based internet storage sites, etc. within the Stock Broker’s critical
IT infrastructure.
58.23 User Management must address deactivation of access of privileges of users

who are leaving the organization or whose access privileges have been
withdrawn.
Physical Security
58.24 Physical access to the critical systems should be restricted to minimum and
only to authorized officials. Physical access of outsourced staff/visitors should
be properly supervised by ensuring at the minimum that outsourced
staff/visitors are accompanied at all times by authorized employees.
58.25 Physical access to the critical systems should be revoked immediately if the
same is no longer required.
58.26 Stock Brokers should ensure that the perimeter of the critical equipment room,
if any, are physically secured and monitored by employing physical, human
and procedural controls such as the use of security guards, CCTVs, card
access systems, mantraps, bollards, etc. where appropriate.
Network Security Management
58.27 Stock Brokers should establish baseline standards to facilitate consistent

application of security configurations to operating systems, databases,
network devices and enterprise mobile devices within their IT environment.
The LAN and wireless networks should be secured within the Stock Brokers’
171
premises with proper access controls.
58.28 For algorithmic trading facilities, adequate measures should be taken to isolate
and secure the perimeter and connectivity to the servers running algorithmic
trading applications.
58.29 Stock Brokers should install network security devices, such as firewalls, proxy
servers, intrusion detection and prevention systems (IDS) to protect their IT
infrastructure which is exposed to the internet, from security exposures
originating from internal and external sources.
58.30 Adequate controls must be deployed to address virus / malware / ransomware

attacks. These controls may include host / network / application based IDS
systems, customized kernels for Linux, anti-virus and anti-malware software
etc.
Data security
58.31 Critical data must be identified and encrypted in motion and at rest by using
strong encryption methods. Illustrative measures in this regard are given in
Illustration A and B.
58.32 Stock Brokers should implement measures to prevent unauthorized access or

copying or transmission of data / information held in contractual or fiduciary
capacity. It should be ensured that confidentiality of information is not
compromised during the process of exchanging and transferring information
with external parties. Illustrative measures to ensure security during
transportation of data over the internet are given in Illustration B.
58.33 The information security policy should also cover use of devices such as
mobile phones, faxes, photocopiers, scanners, etc., within their critical IT
infrastructure, that can be used for capturing and transmission of sensitive
data. For instance, defining access policies for personnel, and network
connectivity for such devices etc.
58.34 Stock Brokers should allow only authorized data storage devices within their
IT infrastructure through appropriate validation processes.
172
Hardening of Hardware and Software
58.35 Stock Brokers should only deploy hardened hardware / software, including
replacing default passwords with strong passwords and disabling or removing
services identified as unnecessary for the functioning of the system.
58.36 Open ports on networks and systems which are not in use or that can be
potentially used for exploitation of data should be blocked and measures taken
to secure them.
Application Security in Customer Facing Applications
58.37 Application security for Customer facing applications offered over the Internet
such as IBTs (Internet Based Trading applications), portals containing
sensitive or private information and Back office applications (repository of
financial and personal information offered by Brokers to Customers) are
paramount as they carry significant attack surfaces by virtue of being available
publicly over the Internet for mass use. An illustrative list of measures for
ensuring security in such applications is provided in Illustration C.
Certification of off-the-shelf products
58.38 Stock Brokers should ensure that off the shelf products being used for core
business functionality (such as Back office applications) should bear Indian
Common criteria certification of Evaluation Assurance Level 4. The Common
criteria certification in India is being provided by (STQC) Standardisation
Testing and Quality Certification (Ministry of Electronics and Information
Technology). Custom developed / in-house software and components need
not obtain the certification, but have to undergo intensive regression testing,
configuration testing etc. The scope of tests should include business logic and
security controls.
Patch management
58.39 Stock Brokers should establish and ensure that the patch management
procedures include the identification, categorization and prioritization of
patches and updates. An implementation timeframe for each category of
patches should be established to apply them in a timely manner.
58.40 Stock Brokers should perform rigorous testing of security patches and updates,
173
where possible, before deployment into the production environment so as to
ensure that the application of patches do not impact other systems.
Disposal of data, systems and storage devices
58.41 Stock Brokers should frame suitable policy for disposal of storage media and
systems. The critical data / Information on such devices and systems should
be removed by using methods such as crypto shredding / degauss / Physical
destruction as applicable.
58.42 Stock Brokers should formulate a data-disposal and data retention policy to
identify the value and lifetime of various parcels of data.
Vulnerability Assessment and Penetration Testing (VAPT)
58.43 Stock Brokers shall carry out periodic Vulnerability Assessment and
Penetration Tests (VAPT) which inter-alia include critical assets and
infrastructure components like Servers, Networking systems, Security devices,
load balancers, other IT systems pertaining to the activities done as Stock
Brokers etc., in order to detect security vulnerabilities in the IT environment
and in-depth evaluation of the security posture of the system through
simulations of actual attacks on its systems and networks.
58.44 Stock Brokers shall conduct VAPT at least once in a financial year. All Stock
Brokers are required to engage only CERT-In empaneled organizations for
conducting VAPT. The final report on said VAPT shall be submitted to the
Stock Exchanges after approval from Technology Committee of respective
Stock Brokers, within 1 month of completion of VAPT activity. In addition, Stock
Brokers shall perform vulnerability scanning and conduct penetration testing
prior to the commissioning of a new system which is a critical system or part
of an existing critical system.
58.45 In case of vulnerabilities discovered in off-the-shelf products (used for core

business) or applications provided by exchange empanelled vendors, Stock
Brokers should report them to the vendors and the exchanges in a timely
manner.
58.46 Any gaps/vulnerabilities detected shall be remedied on immediate basis and

compliance of closure of findings identified during VAPT shall be submitted to
the Stock Exchanges within three months post the submission of final VAPT
174
report.
Monitoring and Detection
58.47 Stock Brokers should establish appropriate security monitoring systems and
processes to facilitate continuous monitoring of security events / alerts and
timely detection of unauthorised or malicious activities, unauthorised changes,
unauthorised access and unauthorised copying or transmission of data /
information held in contractual or fiduciary capacity, by internal and external
parties. The security logs of systems, applications and network devices
exposed to the internet should also be monitored for anomalies.
58.48 Further, to ensure high resilience, high availability and timely detection of
attacks on systems and networks exposed to the internet, Stock Brokers
should implement suitable mechanisms to monitor capacity utilization of its
critical systems and networks that are exposed to the internet, for example,
controls such as firewalls to monitor bandwidth usage.
Response and Recovery
58.49 Alerts generated from monitoring and detection systems should be suitably
investigated in order to determine activities that are to be performed to prevent
expansion of such incident of cyber-attack or breach, mitigate its effect and
eradicate the incident.
58.50 The response and recovery plan of the Stock Brokers should have plans for
the timely restoration of systems affected by incidents of cyber-attacks or
breaches, for instance, offering alternate services or systems to Customers.
Stock Brokers should have the same Recovery Time Objective (RTO) and
Recovery Point Objective (RPO) as specified by SEBI for Market Infrastructure
Institutions vide SEBI circular CIR/MRD/DMS/17/20 dated June 22, 2012 as
amended from time to time.
58.51 The response plan should define responsibilities and actions to be performed
by its employees and support / outsourced staff in the event of cyber-attacks
or breach of Cyber Security mechanism.
58.52 Any incident of loss or destruction of data or systems should be thoroughly

analyzed and lessons learned from such incidents should be incorporated to
strengthen the security mechanism and improve recovery planning and
175
processes.
58.53 Stock Brokers should also conduct suitable periodic drills to test the adequacy
and effectiveness of the aforementioned response and recovery plan.
Sharing of Information
58.54 All Cyber-attacks, threats, cyber-incidents and breaches experienced by Stock

Brokers shall be reported to Stock Exchanges & SEBI within six hours of
noticing / detecting such incidents or being brought to notice about such
incidents. This information shall be shared to SEBI through the dedicated e-
mail id: [email protected].
58.55 The incident shall also be reported to Indian Computer Emergency Response
team (CERT-In) in accordance with the guidelines / directions issued by CERT-
In from time to time. Additionally, the Stock Brokers, whose systems have been
identified as “Protected system” by National Critical Information Infrastructure
Protection Centre (NCIIPC) shall also report the incident to NCIIPC.
The quarterly reports containing information on cyber-attacks, threats,

cyber-incidents and breaches experienced by Stock Brokers and measures
taken to mitigate vulnerabilities, threats and attacks including information on
bugs / vulnerabilities, threats that may be useful for other Stock Brokers /
Exchanges and SEBI, shall be submitted to Stock Exchanges within 15 days
from the quarter ended June, September, December and March of every year
(Format for Submitting the reports is attached in below Annexure-24).
Training and Education
58.56 Stock Brokers should work on building Cyber Security and basic system
hygiene awareness of staff (with a focus on staff from non-technical
disciplines).
58.57 Stock Brokers should conduct periodic training programs to enhance

knowledge of IT / Cyber Security Policy and standards among the employees
incorporating up-to-date Cyber Security threat alerts. Where possible, this
should be extended to outsourced staff, vendors etc.
58.58 The training programs should be reviewed and updated to ensure that the
contents of the program remain current and relevant.
176
Systems managed by vendors
58.59 Where the systems (IBT, Back office and other Customer facing applications,
IT infrastructure, etc.) of a Stock Brokers are managed by vendors and the
Stock Brokers may not be able to implement some of the aforementioned
guidelines directly, the Stock Brokers should instruct the vendors to adhere to
the applicable guidelines in the Cyber Security and Cyber Resilience policy
and obtain the necessary self-certifications from them to ensure compliance
with the policy guidelines.
Systems managed by MIIs
58.60 Where applications are offered to customers over the internet by MIIs (Market
Infrastructure Institutions), for eg.: NSE’s NOW, BSE’s BEST etc., the
responsibility of ensuring Cyber Resilience on those applications reside with
the MIIs and not with the Stock Broker. The Stock Broker is exempted from
applying the aforementioned guidelines to such systems offered by MIIs such
as NOW, BEST, etc.
Periodic Audit
58.61 The Terms of Reference for the System Audit of Stock Brokers specified at
para 16 above, shall accordingly stand modified to include audit of
implementation of the areas mentioned at para 58.1 to 58.60 above.
58.62 The Type I Stock Brokers shall arrange to have their systems audited on an
annual basis by a CERT-IN empanelled auditor, an independent DISA (ICAI)
Qualification, CISA (Certified Information System Auditor) from ISACA, CISM
(Certified Information Securities Manager) from ISACA, CISSP (Certified
Information Systems Security Professional) from International Information
Systems Security Certification Consortium (commonly known as (ISC)2), to
check compliance with the above areas and shall submit the report to Stock
Exchanges along with the comments of the Board / Partners / Proprietor of
Stock Broker within three months of the end of the financial year.
58.63 The periodicity of audit for the compliance with the provisions of Cyber Security
and Cyber Resilience provisions for stock brokers, irrespective of number of
terminals and location presence, shall be as under:
177
Table 14
Type of stock broker as specified in SEBI circular Periodicity
CIR/MRD/DMS/34/2013 dated November 06, 2013
Type I Annual
Type II Annual
Type III Half-yearly
Table 15: Illustration A
Illustrative Measures for Data Security on Customer Facing

Applications
1. Analyse the different kinds of sensitive data shown to the Customer on

the frontend application to ensure that only what is deemed absolutely
necessary is transmitted and displayed.
2. Wherever possible, mask portions of sensitive data. For instance, rather

than displaying the full phone number or a bank account number, display
only a portion of it, enough for the Customer to identify, but useless to an
unscrupulous party who may obtain covertly obtain it from the Customer’s
screen. For instance, if a bank account number is “123 456 789”, consider
displaying something akin to “XXX XXX 789” instead of the whole
number. This also has the added benefit of not having to transmit the full
piece of data over various networks.
3. Analyse data and databases holistically and draw out meaningful and
“silos” (physical or virtual) into which different kinds of data can be
isolated and cordoned off. For instance, a database with personal
financial information need not be a part of the system or network that
houses the public facing websites of the Stock Broker. They should
ideally be in discrete silos or DMZs.
4. Implement strict data access controls amongst personnel, irrespective of

their responsibilities, technical or otherwise. It is infeasible for certain
personnel such as System Administrators and developers to not have
privileged access to databases. For such cases, take strict measures to
limit the number of personnel with direct access, and monitor, log, and
audit their activities. Take measures to ensure that the confidentiality of
data is not compromised under any of these scenarios.
178
5. Use industry standard, strong encryption algorithms (eg: RSA, AES etc.)
wherever encryption is implemented. It is important to identify data that
warrants encryption as encrypting all data is infeasible and may open up
additional attack vectors. In addition, it is critical to identify the right
personnel to be in charge of, and the right methodologies for storing the
encryption keys, as any compromise to either will render the encryption
useless.
6. Ensure that all critical and sensitive data is adequately backed up, and
that the backup locations are adequately secured. For instance, on
servers on isolated networks that have no public access endpoints, or on-
premise servers or disk drives that are off-limits to unauthorized
personnel. Without up-to-date backups, a meaningful recovery from a
disaster or cyber-attack scenario becomes increasingly difficult.
Table 16: Illustration B
Illustrative Measures for Data Transport Security
1. When an Application transmitting sensitive data communicates over the

Internet with the Stock Brokers’ systems, it should be over a secure,
encrypted channel to prevent Man-In-The-Middle (MITM) attacks, for
instance, an IBT or a Back office communicating from a Customer’s web
browser or Desktop with the Stock Brokers’ systems over the internet,
or intra or inter organizational communications. Strong transport
encryption mechanisms such as TLS (Transport Layer Security, also
referred to as SSL) should be used.
2. For Applications carrying sensitive data that are served as web pages
over the internet, a valid, properly configured TLS (SSL) certificate on
the web server is mandatory, making the transport channel HTTP(S).
3. Avoid the use of insecure protocols such as FTP (File Transfer Protocol)
that can be easily compromised with MITM attacks. Instead, adopt
secure protocols such as FTP(S), SSH and VPN tunnels, RDP (with
TLS) etc.
179
Table 17: Illustration C
Illustrative Measures for Application Authentication Security
1. Any Application offered by Stock Brokers to Customers containing

sensitive, private, or critical data such as IBTs, SWSTs, Back office etc.
referred to as “Application” hereafter) over the Internet should be
password protected. A reasonable minimum length (and no arbitrary
maximum length cap or character class requirements) should be
enforced. While it is difficult to quantify password “complexity”, longer
passphrases have more entropy and offer better security in general.
Stock Brokers should attempt to educate Customers of these best
practices.
2. Passwords, security PINs etc. should never be stored in plain text and
should be one-way hashed using strong cryptographic hash functions
(e.g.: bcrypt, PBKDF2) before being committed to storage. It is
important to use one-way cryptographic hashes to ensure that stored
password hashes are never transformed into the original plaintext
values under any circumstances.
3. For added security, a multi-factor (e.g.: two-factor) authentication

scheme may be used (hardware or software cryptographic tokens,
VPNs, biometric devices, PKI etc.). In case of IBTs and SWSTs, a
minimum of two-factors in the authentication flow are mandatory.
4. In case of Applications installed on mobile devices (such as

smartphones and tablets), a cryptographically secure biometric two-
factor authentication mechanism may be used.
5. After a reasonable number of failed login attempts into Applications, the

Customer’s account can be set to a “locked” state where further logins
are not possible until a password and authentication reset is
performed via an out-of-band channel validation, for instance, a
cryptographically secure unique link that is sent to the Customer’s
registered e-mail, a random OTP (One Time Password) that is sent as
an SMS to the Customer’s registered mobile number, or manually by
the Broker after verification of the Customer’s identity etc.
6. Avoid forcing Customers to change passwords at frequent intervals

180
which may result in successive, similar, and enumerated passwords.
Instead, focus on strong multi-factor authentication for security and
educate Customers to choose strong passphrases. Customers may be
reminded within reasonable intervals to update their password and
multi-factor credentials, and to ensure that their out-of-band
authentication reset information (such as e-mail and phone number) are
up-to-date.
7. Both successful and failed login attempts against a Customer’s account

may be logged for a reasonable period of time. After successive login
failures, it is recommended that measures such as CAPTCHAs or rate-
limiting be used in Applications to thwart manual and automated brute
force and enumeration attacks against logins.
59. Reporting for Artificial Intelligence (AI) and Machine Learning (ML)
applications and systems offered and used by market intermediaries71
59.1 Any set of applications / software / programs / executable / systems

(computer systems) –cumulatively called application and systems,
a) that are offered to investors (individuals and institutions) by market

intermediaries to facilitate investing and trading,
OR
b) to disseminate investments strategies and advice,
OR
c) to carry out compliance operations / activities,
where AI / ML is portrayed as a part of the public product offering or under

usage for compliance or management purposes, is included in the scope of
this circular. Here, “AI” / “ML” refers to the terms “Artificial Intelligence” and
“Machine Learning” used as a part of the product offerings. In order to
make the scope of this circular inclusive of various AI and ML technologies in
use, the scope also covers Fin-Tech and Reg-Tech initiatives undertaken by
market participants that involves AI and ML
59.2 Technologies that are considered to be categorized as AI and ML

technologies in the scope of this circular, are explained in Annexure-26.
71
Reference: Circular SEBI/HO/MIRSD/DOS2/CIR/P/2019/10 dated January 04,2019
181
59.3 All registered Stock Brokers offering or using applications or systems as
defined in Annexure-26, should participate in the reporting process by
completing the AI / ML reporting form (see Annexure-25).
59.4 All registered Stock Brokers using AI / ML based application or system as

defined in Annexure-26, are required to fill in the form (Annexure-25) and make
submissions on quarterly basis within fifteen calendar days of the expiry of the
quarter.
59.5 Stock Exchanges have to consolidate and compile a report, on AI / ML

applications and systems reported by registered Stock Brokers in the reporting
format (Annexure-27) on quarterly basis. The said report (Annexure-27) shall
be submitted in soft copy only at [email protected] to SEBI within thirty
calendar days of the expiry of the quarter.
60. Advisory for Financial Sector Organizations regarding Software as a

Service(SaaS) based solutions72
60.1 Indian Computer Emergency Response Team (CERT-in) issued an advisory

for Financial Sector organizations to improve their cyber Security Posture by
availing Software as a Service (SaaS) based solution for managing their
Governance, Risk & Compliance (GRC) functions.
60.2 The advisory was forwarded to SEBI for bringing the same to the notice of
financial sector organization. The advisory is enclosed at Annexure-28.
60.3 Stock brokers are advised to ensure complete protection and seamless control
over the critical systems at their organizations by continuous monitoring
through direct control and supervision protocol mechanisms while keeping the
critical data within the legal boundary of India.
60.4 The compliance of the advisory shall be reported in the half yearly report by
stock brokers to stock exchanges with an undertaking, “Compliance of the
SEBI circular for Advisory for Financial Sector Organizations regarding
Software as a Service (SaaS) based solutions has been made.”
72
Reference: Circular SEBI/HO/MIRSD2/DOR/CIR/P/2020/221 dated November 03, 2020
182
61. Framework to address the ‘technical glitches’ in Stock Brokers’ Electronic
Trading Systems73
61.1 Technology related interruptions and glitches (technical glitches) and their
impact on the investors’ opportunity to trade constitutes major technology
related risk. Thus, the following framework to deal with technical glitches
occurring in the trading systems of stock brokers shall be complied with.
61.2 Definition of Technical Glitch:
Technical glitch shall mean any malfunction in the systems of stock broker
including malfunction in its hardware, software, networks, processes or any
products or services provided by the stock broker in the electronic form. The
malfunction can be on account of inadequate Infrastructure / systems, cyber-
attacks / incidents, procedural errors and omissions, or process failures or
otherwise, in their own systems or the one outsourced from any third parties,
which may lead to either stoppage, slowing down or variance in the normal
functions / operations / services of systems of the stock broker for a contiguous
period of five minutes or more.
61.3 Reporting Requirements
61.3.1 Stock brokers shall inform about the technical glitch to the stock
exchanges immediately but not later than one hour from the time of
occurrence of the glitch.
61.3.2 Stock brokers shall submit a Preliminary Incident Report to the

Exchange within T+1 day of the incident (T being the date of the
incident). The report shall include the date and time of the incident, the
details of the incident, effect of the incident and the immediate action
taken to rectify the problem.
61.3.3 Stock brokers shall submit a Root Cause Analysis (RCA)Report

(as per Annexure-29) of the technical glitch to stock exchange, within
fourteen days from the date of the incident.
61.3.4 RCA report submitted by the stock brokers shall, inter-alia, include time
of incident, cause of the technical glitch (including root cause from
vendor(s), if applicable), duration, chronology of events, impact analysis
73
Reference: Circular SEBI/HO/MIRSD/TPD-1/P/CIR/2022/160 dated November 25, 2022
183
and details of corrective/ preventive measures taken (or to be taken),
restoration of operations etc.
61.3.5 Stock brokers shall submit information stated in para 61.3.1, 61.3.2 and
61.3.3 above, by e-mail at [email protected], a common email
address for reporting across all stock exchanges.
61.3.6 All technical glitches reported by stock brokers as well as independently

monitored by stock exchanges, shall be examined collectively by the
stock exchanges along with the report/ RCA and appropriate action
shall be taken.
61.4 Capacity Planning:
61.4.1 Increasing number of investors may create additional burden on the

trading system of the stock broker and hence, adequate capacity
planning is prerequisite for stock brokers to provide continuity of
services to their clients. Stock brokers shall do capacity planning for
entire trading infrastructure i.e. server capacities, network availability,
and the serving capacity of trading applications.
61.4.2 Stock brokers shall monitor peak load in their trading applications,
servers and network architecture. The Peak load shall be determined
on the basis of highest peak load observed by the stock broker during
a calendar quarter. The installed capacity shall be at least one and half
times (1.5x) of the observed peak load.
61.4.3 Stock brokers shall deploy adequate monitoring mechanisms within

their networks and systems to get timely alerts on current utilization of
capacity going beyond permissible limit of seventy percent of its
installed capacity.
61.4.4 To ensure the continuity of services at the primary data center, stock
brokers as may be specified from time to time by stock exchange
(hereafter referred to as specified stock brokers) shall strive to achieve
full redundancy in their IT systems that are related to trading
applications and trading related services.
184
61.4.5 Stock exchanges shall issue detailed guidelines with regard to
frequency of capacity planning to review available capacity, peak load,
and new capacity required to tackle future load on the system.
61.5 Software testing and change:
61.5.1 Software applications are prone to updates/changes and hence, it is

imperative for the stock brokers to ensure that all software changes that
are taking place in their applications are rigorously tested before they
are used in production systems. Software changes could impact the
functioning of the software if adequate testing is not carried out. In view
of this, stock brokers shall adopt the following framework for carrying
out software related changes / testing in their systems:
61.5.1.1 Stock brokers shall create test driven environments for all
types of software developed by them or their vendors.
Regression testing, security testing and unit testing shall be
included in the software development, deployment and
operations practices.
61.5.1.2 Specified stock brokers shall do their software testing in

automated environments.
61.5.1.3 Stock Brokers shall prepare a traceability matrix between

functionalities and unit tests, while developing any software
that is used in trading activities.
61.5.1.4 Stock brokers shall implement a change management process

to avoid any risk arising due to unplanned and unauthorized
changes for all its information security assets (hardware,
software, network, etc.).
61.5.1.5 Stock brokers shall periodically update all their assets

including Servers, OS, databases, middleware, network
devices, firewalls, IDS /IPS desktops etc. with latest applicable
versions and patches.
61.5.1.6 Stock exchanges shall issue detailed guidelines with regard to

testing of software, testing in automated environments,
185
traceability matrix, change management process and periodic
updation of assets etc.
61.6 Monitoring mechanism:
61.6.1 Proactively and independently monitoring technical glitches shall be one

of the approaches in mitigating the impact of such glitches. In this
context, the stock exchange shall build API based Logging and
Monitoring Mechanism (LAMA) to be operated between stock
exchanges and specified stock brokers’ trading systems. Under this
mechanism, specified stock brokers shall monitor key systems &
functional parameters to ensure that their trading systems function in a
smooth manner. Stock exchanges shall, through the API gateway,
independently monitor these key parameters to gauge the health of the
trading systems of the specified stock brokers.
61.6.2 Stock Exchanges shall identify the key parameters in consultation with
stock brokers. These key parameters shall be monitored by specified
stock brokers and by stock exchanges, on a real time or on a near real
time basis.
61.6.3 Stock exchanges shall maintain a dedicated cell for monitoring the key
parameters and the technical glitches occurring in stock brokers’ trading
systems. The cell also shall intimate the specified stock broker
concerned immediately about the breach of the key parameters
monitored under LAMA.
61.6.4 Stock brokers and stock exchanges shall preserve the logs of the key
parameters for a period of thirty days in normal course. However, if a
technical glitch takes place, the data related to the glitch, shall be
maintained for a period of two years.
61.7 Business Continuity Planning (BCP) and Disaster Recovery Site (DRS):
61.7.1 Stock brokers with a minimum client base across the exchanges, as
may be specified by stock exchanges from time to time, shall
mandatorily establish business continuity/DR set up.
61.7.2 Stock brokers shall put in place a comprehensive BCP-DR policy

document outlining standard operating procedures to be followed in the
186
event of any disaster. A suitable framework shall be put in place to
constantly monitor health and performance of critical systems in the
normal course of business. The BCP-DR policy document shall be
periodically reviewed to minimize incidents affecting the business
continuity.
61.7.3 The DRS shall preferably be set up in different seismic zones. In case,
due to any reasons like operational constraints, such a geographic
separation is not possible, then the Primary Data Centre (PDC) and
DRS shall be separated from each other by a distance of at least two
hundred and fifty (250) kilometers to ensure that both of them do not get
affected by the same natural disaster. The DR site shall be made
accessible from primary data center to ensure syncing of data across
two sites.
61.7.4 Specified stock brokers shall conduct DR drills / live trading from DR
site. DR drills / live trading shall include running all operations from DRS
for at least 1 full trading day. Stock exchanges in consultation with
specified stock brokers shall decide the frequency of DR drill / live
trading from DR site.
61.7.5 Stock brokers, shall constitute responsible teams for taking decisions
about shifting of operations from primary site to DR site, putting
adequate resources at DR site, and setting up mechanism to make DR
site operational from primary data center etc.
61.7.6 Hardware, system software, application environment, network and

security devices and associated application environments of DRS and
PDC shall have one-to-one correspondence between them. Adequate
resources shall be made available at all times to handle operations at
PDC or DRS.
61.7.7 Stock exchanges in consultation with stock brokers shall decide upon
Recovery Time Objective(RTO) i.e. the maximum time taken to restore
operations from DRS after declaration of Disaster and, Recovery Point
Objective (RPO) i.e. the maximum tolerable period for which data might
be lost due to a major incident.
61.7.8 Replication architecture, bandwidth and load consideration between the

DRS and PDC shall be within stipulated RTO and the whole system
187
shall ensure high availability, right sizing, and no single point of failure.
Any updates made at the PDC shall be reflected at DRS immediately.
61.7.9 Specified stock brokers shall obtain ISO certification as may be

specified by stock exchanges from time to time in the area of IT and IT
enabled infrastructure/processes of the stock brokers.
61.7.10 The System Auditor, while covering the BCP – DR as a part of

mandated annual System Audit, shall check the preparedness of the
stock broker to shift its operations from PDC to DRS and also comment
on documented results and observations on DR drills conducted by the
stock brokers.
61.7.11 Stock exchanges shall define the term ‘critical systems’, ‘disaster’ and
issue detailed guidelines with regard to review of BCP document, DR
drill/live trading, operating DR site from PDC, timeline for obtaining ISO
certification etc.
61.8 Stock exchanges shall put in place a structure of financial disincentives

applicable to stock brokers for technical glitches occurring in their trading
systems and non-compliance of the provisions made in this regard.
61.9 Stock exchanges shall disseminate on their websites the instances of

Technical glitches occurred in the trading system of stock brokers along with
Root Cause Analysis (RCA) on such glitches.
61.10 Stock exchanges shall build necessary systems for implementation of the
provisions of this circular and issue appropriate guidelines to the stock brokers
for compliance with the provisions of this circular.
62. Advisory for SEBI Regulated Entities (REs) regarding Cybersecurity

best practices74
62.1 Considering the interconnectedness and interdependency of the financial

entities to carry out their functions, the cyber risk of any given entity is no longer
limited to the entity’s owned or controlled systems, networks and assets
62.2 Further, given the sophistication and persistence of the threat with a high level
74
Reference: Circular SEBI/HO/ITD/ITD_VAPT/P/CIR/2023/032 dated February 22, 2023.
188
of coordination among threat actors, it is important to recognize that many
traditional approaches to risk management and governance that worked in the
past may not be comprehensive or agile enough to address the rapid changes
in the threat environment and the pace of technological change that is
redefining public and private enterprise.
62.3 Thus, an efficient and effective response to and recovery from a cyber-incident
by REs are essential to limit any related financial stability risks. For ensuring
the same, Financial Computer Security Incident Response Team (CSIRT-Fin)
has provided important recommendations in its report sent to SEBI. The
applicable recommendations, in the form of an advisory, are enclosed at
Annexure-30 of this circular.
62.4 This advisory should be read in conjunction with the applicable SEBI circulars
(including but not limited to Cybersecurity and Cyber Resilience framework,
Annual System Audit framework, etc.) and subsequent updates issued by
SEBI from time to time.
62.5 The compliance of the advisory shall be provided by the REs along with their
cybersecurity audit report (conducted as per the applicable SEBI
Cybersecurity and Cyber Resilience framework). The compliance shall be
submitted as per the existing reporting mechanism and frequency of the
respective cybersecurity audit.
63. Framework for Adoption of Cloud Services by SEBI Regulated Entities (REs)75
63.1. Background: In recent times, the dependence on cloud computing for

delivering the IT services is increasing. While cloud computing offers multiple
advantages viz. ready to scale, ease of deployment, no overhead of
maintaining physical infrastructure etc., the RE should also be aware of the
new cyber security risks and challenges which cloud computing introduces. In
view of the above, this cloud framework has been drafted to provide baseline
standards of security and for the legal and regulatory compliances by the RE.
The framework shall be seen as an addition to already existing SEBI circulars
/guidelines /advisories.
63.2. Objective: The major purpose of this framework is to highlight the key risks,
and mandatory control measures which REs need to put in place before
75
Reference: Circular SEBI/HO/ITD/ITD_VAPT/P/CIR/2023/033 dated March 06, 2023.
189
adopting cloud computing. The document also sets out the regulatory and legal
compliances by REs if they adopt such solutions.
63.3. Applicability:
The framework shall be applicable to the following REs:
i. Stock Exchanges
ii. Clearing Corporations
iii. Depositories
iv. Stock Brokers through Exchanges
v. Depository Participants through Depositories
vi. Asset Management Companies (AMCs)/ Mutual Funds (MFs)
vii. Qualified Registrars to an Issue and Share Transfer Agents
viii.KYC Registration Agencies (KRAs)
63.4. Transition Period

i. The framework shall come into force with immediate effect for all new or
proposed cloud onboarding assignments/ projects of the REs.
ii. REs which are currently availing cloud services (as on date of issuance of
this framework) shall ensure that, wherever applicable, all such
arrangements are revised and they (RE) shall be in compliance with this
framework not later than 12 (twelve) months from the date of issuance of
the framework.
iii. Additionally, the REs which are currently availing cloud services, shall
provide milestone-based updates as follows:
Table 18
SN. Timeline Milestone
1 Within one (1) month of REs shall provide 76details of the cloud
issuance of framework services, if any, currently deployed by
them.
2 Within three (3) months of The REs shall submit a roadmap
issuance of framework (including details of major activities,
timelines, etc.) for the implementation of
the framework.
76
The details of cloud deployment shall be submitted in the format provided in Appendix-A
190
3 From three (3) to twelve Quarterly progress report as per the
(12) months of issuance roadmap submitted by the RE.
of framework
4 After twelve (12) months Compliance with respect to the
of issuance of framework framework to be reported regularly
iv. The above-mentioned reporting shall be done to the authority as per the
existing mechanism of reporting for systems audit/ cybersecurity audit.
63.5. Scope:
i. As per NIST, cloud computing has four types of deployment models viz
public cloud, community cloud, private cloud and hybrid cloud-
a. This cloud framework is applicable for adoption of public cloud and

community cloud. Consequently, REs are permitted to deploy public
cloud and community cloud models, subject to the conditions specified
herein.
b. A private cloud shall be considered as an on-premise deployment model

and consequently, private cloud deployments shall be governed by SEBI
circulars (for example cybersecurity circular, outsourcing circular, BCP-
DR, etc.), guidelines, advisories, etc. issued from time to time. Therefore,
private cloud deployments (by REs) are permitted, however, such
deployments may not be governed by this cloud framework.
c. A hybrid cloud is a combination of two or more out of public cloud,

community cloud and private cloud. Therefore, this cloud framework as
well as the relevant SEBI circulars/ guidelines/ advisories shall be
applicable for hybrid cloud deployments. In view of the above, hybrid
cloud deployment is permitted, subject to the conditions specified herein.
ii. Deployment of any other cloud model is prohibited unless explicitly

permitted under this framework. However, as the field of cloud computing is
a dynamic and emerging area, SEBI may allow deployment of other models
after due consultations. The same may be specified by SEBI from time to
time.
63.6. Approach:
The cloud framework is a principle-based framework which covers
191
Governance, Risk and Compliance (GRC), selection of Cloud Service
Providers (CSPs), data ownership and data localization, due- diligence by
REs, security controls, legal and regulatory obligations, DR & BCP, and
vendor lock-in risk. The principles are broadly stated guidelines to set the
standards by which RE must comply with while adopting cloud services. The
principles are stated below:
i. Principle 1: Governance, Risk and Compliance Sub-Framework

ii. Principle 2: Selection of Cloud Service Providers
iii. Principle 3: Data Ownership and Data Localization
iv. Principle 4: Responsibility of the Regulated Entity
v. Principle 5: Due Diligence by the Regulated Entity
vi. Principle 6: Security Controls
vii. Principle 7: Contractual and Regulatory Obligations
viii. Principle 8: BCP, Disaster Recovery & Cyber Resilience
ix. Principle 9: Vendor Lock-in and Concentration Risk Management
The detailed framework is enclosed at Annexure-31 of this circular.
192
V. CHANGE IN STATUS, CONSTITUTION, CONTROL, AFFILIATION
64. Periodical Report – Grant of prior approval to members of Stock Exchanges77
64.1 With the amendment in the Stock Brokers Regulations 1992 vide Notification
No. LAD-NRO/GN/2011-12/03/12650 dated April 19, 2011, the requirement of
members of the Stock Exchanges to obtain prior approval from SEBI for
change in status or constitution has been done away with. However, the
members of the Stock Exchanges would be required to take prior approval
from SEBI for change in control.
64.2 The Stock Exchanges will continue to grant prior approval to their members for
change in status or constitution, which would include the following:
64.2.1 in case of a body corporate —
a. amalgamation, demerger, consolidation or any other kind of

corporate restructuring falling within the scope of section 230 of the
Companies Act, 2013 or the corresponding provision of any other law
for the time being in force;
b. change in its managing director, whole-time director or director
appointed in compliance with clause (v) of sub-rule (4A) of rule 8 of
the SCRR 1957; and
c. any change in control over the body corporate;
64.2.2 any change between the following legal forms - individual, partnership
firm, Hindu undivided family, private company, public company,
unlimited company or statutory corporation and other similar changes;
64.2.3 in case of a partnership firm any change in partners not amounting to

dissolution of the firm;
64.2.4 any other purpose as may be considered appropriate by the Stock

Exchanges.
64.3 The Stock Exchanges shall submit a periodical report with details of the
changes in status or constitution of the members, as per the format and in
accordance with guidelines given at Annexure-32.

193
65. Procedure for seeking prior approval for change in control78
65.1 Regulation 9(c) of the Stock Brokers Regulations 1992 and Regulation 9(c)
read with Regulation 10B of the Stock Brokers Regulations 1992 provide
respectively that stock broker and clearing member shall obtain prior approval
of SEBI in case of change in control.
65.2 To streamline the process of providing approval to the proposed change in

control of stock broker/clearing member (hereinafter referred as intermediary
or applicant), it has been decided as under:
65.2.1 The Intermediary shall make an online application to SEBI for prior
approval through the SEBI Intermediary Portal (‘SI Portal’)
(https://siportal.sebi.gov.in).
65.2.2 The online application in SI portal shall be accompanied by the following

information/declaration/undertaking about itself, the acquirer(s)/the
person(s) who shall have the control and the directors/partners of the
acquirer(s)/ the person(s) who shall have the control:
65.2.2.1 Current and proposed shareholding pattern of the applicant

65.2.2.2 Whether any application was made in the past to SEBI
seeking registration in any capacity but was not granted? If
yes, details thereof.
65.2.2.3 Whether any action has been initiated / taken under SCRA
1956/SEBI Act 1992 or rules and regulations made
thereunder? If yes, the status thereof along with the corrective
action taken to avoid such violations in the future. The
acquirer/ the person who shall have the control shall also
confirm that it shall honour all past liabilities / obligations of the
applicant, if any.
65.2.2.4 Whether any investor complaint is pending? If yes, steps
taken and confirmation that the acquirer/ the person who shall
have the control shall resolve the same.
65.2.2.5 Details of litigation(s), if any.
65.2.2.6 Confirmation that all the fees due to SEBI have been paid.
65.2.2.7 Declaration cum undertaking of the applicant and the
acquirer/ the person who shall have the control (in a format
78 Reference: Circular SEBI/HO/MIRSD/ MIRSD-PoD-2/P/CIR/2022/163 dated November 28, 2022

194
enclosed at Annexure-33), duly stamped and signed by their
authorized signatories that:
65.2.2.7.1 there will not be any change in the Board of

Directors of incumbent, till the time prior approval is
granted;
65.2.2.7.2 pursuant to grant of prior approval by SEBI, the
incumbent shall inform all the existing investors/
clients about the proposed change prior to effecting
the same, in order to enable them to take informed
decision regarding their continuance or otherwise
with the new management; and
65.2.2.7.3 the ‘fit and proper person’ criteria as specified in
Schedule II of the Intermediaries Regulations 2008
are complied with.
65.2.2.8 In case the incumbent is a registered stock broker, clearing

member, depository participant, in addition to the above, it
shall obtain approval /NOC from all the stock
exchanges/clearing corporations/depositories, where the
incumbent is a member/depository participant and submit self-
attested copy of the same to SEBI.
65.2.3 The prior approval granted by SEBI shall be valid for a period of six
months from the date of such approval within which the applicant shall
file application for fresh registration pursuant to change in control.
65.3 To streamline the process of providing approval to the proposed change in

control of an intermediary in matters which involve scheme(s) of arrangement
which needs sanction of the National Company Law Tribunal (“NCLT”) in terms
of the provisions of the Companies Act, 2013, the following has been decided:
65.3.1 The application seeking approval for the proposed change in control of
the intermediary shall be filed with SEBI prior to filing the application
with NCLT.
65.3.2 Upon being satisfied with compliance of the applicable regulatory

requirements, an in-principle approval will be granted by SEBI;
65.3.3 The validity of such in-principle approval shall be three months from the
195
date issuance, within which the relevant application shall be made to
NCLT.
65.3.4 Within fifteen days from the date of order of NCLT, the intermediary shall
submit an online application in terms of para 65.3 of this circular along
with the following documents to SEBI for final approval:
a) Copy of the NCLT Order approving the scheme;
b) Copy of the approved scheme;
c) Statement explaining modifications, if any, in the approved scheme
vis-à-vis the draft scheme and the reasons for the same; and
d) Details of compliance with the conditions/observations, if any,
mentioned in the in-principle approval provided by SEBI.
65.4 With respect to transfer of shareholding among immediate relatives and

transmission of shareholding, certain provisions are mentioned below: 79
65.4.1 Transfer /transmission of shareholding in case of unlisted body

corporate intermediary: In following scenarios, change in
shareholding of the intermediary will not be construed as change in
control:
a) Transfer of shareholding among immediate relatives shall not result
into change in control. Immediate relative shall be construed as
defined under Regulation 2(l) of the Takeover Regulations 2011
which inter-alia includes any spouse of that person, or any parent,
brother, sister or child of the person or of the spouse;
b) Transfer of shareholding by way of transmission to immediate
relative or not, shall not result into change in control.
65.4.2 Transfer /transmission of shareholding in case of a proprietary

firm type intermediary: In case of an intermediary being a proprietary
concern, the transfer or bequeathing of the business/capital by way of
transmission to another person is a change in the legal formation or
ownership and hence by the definition of change in control, such
transmission or transfer shall be considered as change in control. The
legal heir / transferee in such cases is required to obtain prior approval
and thereafter fresh registration shall be obtained in the name legal
heir/transferee.
79
Reference: Circular no. SEBI/HO/MIRSD/DOR/CIR/P/2021/42 dated March 25,2021
196
65.4.3 Transfer /transmission of ownership interest in case of partnership
firm type intermediary: Change in partners and their ownership
interest of the partnership firm type intermediary shall be dealt in
following manner:
a) Transfer of ownership interest in case of partnership firm: In

case a SEBI registered entity is registered as a partnership firm with
more than two partners, then inter-se transfer amongst the partners
shall not be construed to be change in control. Where the partnership
firm consists of two partners only, the same would stand as dissolved
upon the death of one of the partners. However, if a new partner is
inducted in the firm, then the same would be considered as a change in
control, requiring fresh registration and prior approval of SEBI.
b) Transmission of ownership interest in case of partnership firm:
Where the partnership deed contains a clause that in case of death of
a partner, the legal heir(s) of deceased partner be admitted, then the
legal heir(s) may become the partner (s) of the partnership firm. In such
scenario the partnership firm is reconstituted. Bequeathing of
partnership right to legal heir(s) by way of transmission shall not be
considered as change in control.
65.4.4 Incoming entities/ shareholders becoming part of controlling interest in

the intermediary pursuant to transfer of shares from immediate relative
/ transmission of shares (immediate relative or not), need to satisfy the
fit and proper person criteria stipulated in Schedule II of the
Intermediaries Regulations 2008.
66. Guidelines for seeking NOC by Stock Brokers / Clearing Members for setting
up Wholly Owned Subsidiaries, Step Down Subsidiaries, Joint Ventures in
GIFT IFSC80
66.1 SEBI receives applications from Stock Brokers / Clearing Members for granting
NOCs for setting up Wholly Owned Subsidiaries, Step Down Subsidiaries,
Joint Ventures, etc. in GIFT IFSC. With an endeavour to rationalise and
streamline the process of application, the following guidelines are being
issued.
80
Reference: Circular SEBI/HO/MIRSD/DoR/P/CIR/2022/61 dated May 13, 2022
197
66.1.1 The format of application along with list of supporting documents for
seeking NOC for setting up Wholly Owned Subsidiaries, Step Down
Subsidiaries or entering into Joint Ventures in GIFT IFSC is placed as
Annexure-34.
66.1.2 Stock Brokers and Clearing Members shall apply through a Stock
Exchange where the applicant is a member, along with the required
information, documents and NOC received from all Stock
Exchanges/Clearing Corporations/Depositories in which the applicant is
a member/participant.
66.1.3 Stock Exchanges / Clearing Corporations (where the applicant is only

clearing member) are directed to forward the complete application to
SEBI, after verification along with its recommendation.
198
VI. FOREIGN ACCOUNTS TAX COMPLIANCE ACT RELATED PROVISIONS
67. Inter-Governmental Agreement with United States of America under Foreign

Accounts Tax Compliance Act - Registration81
67.1 The Government of India has advised that India and the United States of
America (US) have reached an agreement in substance on the terms of an
Inter-Governmental Agreement (IGA) to implement Foreign Accounts Tax
Compliance Act (FATCA) and India is now treated as having an IGA in effect
from April 11, 2014. However, the IGA may be signed in due course.
Information on FATCA is available at:
http://www.irs.gov/Businesses/Corporations/Foreign-Account-Tax-
ComplianceAct-FATCA.
67.2 As advised by the Government, the following points may be noted by all SEBI
registered intermediaries:
67.2.1 Indian Financial Institutions would have time upto December 31, 2014
to register with US authorities and obtain a Global Intermediary
Identification Number (GIIN). This time limit would also be applicable
to Indian Financial Institutions having overseas branches in Model 1
jurisdictions, including those jurisdictions where an agreement under
Model 1 has been reached in substance. Registration should be done
only after the formal IGA is signed.
67.2.2 Overseas branches of Indian Financial Institutions in a jurisdiction

having IGA 2 agreement or in a jurisdiction that does not have an IGA
but permits financial institutions to register and agree to a Foreign
Financial Institution (FFI) agreement, may register with US authorities
within the stipulated time period and obtain a GIIN in accordance with
the requirements to avoid potential withholding under FATCA.
67.2.3 Overseas branches of Indian Financial Institutions in a jurisdiction that

does not have an IGA and does not permit financial institutions to
register and agree to an FFI agreement may not register and their
overseas branches would eventually be subject to withholding under
FATCA.

199
67.2.4 The Government has further advised that if registration of the parent
intermediary/ head office is a pre-requisite for a branch to register,
such intermediaries may register as indicated at para 67.2.1 and
67.2.2 above.
68. Implementation of the Multilateral Competent Authority Agreement and

Foreign Account Tax Compliance Act82
68.1 India joined the Multilateral Competent Authority Agreement (MCAA) on

Automatic Exchange of Financial Account Information on June 03, 2015. In
terms of the MCAA, all countries which are signatory to MCAA, are obliged to
exchange a wide range of financial information after collecting the same from
financial institutions in their country / jurisdiction.
68.2 On July 09, 2015, the Governments of India and United States of America
(USA) signed an agreement to improve international tax compliance and to
implement the Foreign Account Tax Compliance Act (FATCA) in India. The
USA enacted FATCA in 2010 to obtain information on accounts held by US
taxpayers in other countries. As per the aforesaid agreement, foreign
financial institutions (FFIs) in India will be required to report tax information
about US account holders / taxpayers directly to the Indian Government
which will, in turn, relay that information to the IS Internal Revenue Service
(IRS).
68.3 For implementation of the MCAA and agreement with USA, the Government
of India has made necessary legislative changes to Section 285BA of the
Income Tac Act, 1961. Further, the Government of India has notified Rules
114F to 114H (herein after referred to as “the Rules”) under the Income Tax
Rules, 1962 and form No. 61B for furnishing of statement of reportable
account specified in the Rules. The Rule is available at
http://www.incometaxindia.gov.in/communications/notification/notification%20
no.%2062%20dated%2007-08-2015.pdf
68.4 A “Guidance Note on implementation of Reporting Requirements under

Rules 114F to 114H of the Income Tax Rules” as issued by the Department
of Revenue, Ministry of Finance vide F.No.500/137/2011-FTTR-III dated
August 31, 2015 is available at
http://www.incometaxindia.gov.in/communications/notification/guidance_note
Reference: Circular CIR/MIRSD/2/2015 dated August 26, 2015 and Circular CIR/MIRSD/3/2015 dated
82
September 10, 2015.

200
s_on_im plementation_31_08_2015.pdf, for information and necessary
action.
68.5 All registered intermediaries shall take necessary steps to ensure compliance
with the requirements specified in the aforesaid Rules after carrying out
necessary due diligence.
201
VII. INVESTOR GRIEVANCE REDRESSAL
69. Exclusive e-mail ID for redressal of Investor Complaints83
69.1 All the registered stock brokers shall designate an e-mail ID of the grievance
redressal division/compliance officer exclusively for the purpose of registering
complaints by investors. Stock Brokers shall also display the email ID and
other relevant details prominently on their websites and in the various
materials/pamphlets/advertisement campaigns initiated by them for creating
investor awareness.
70. Redressal of Investor complaints against Stock Brokers in SEBI Complaints

Redress System (SCORES)84
70.1 SEBI commenced processing of investor complaints in a centralized web

based complaints redress system ‘SCORES’. The salient features of this
system are:
70.1.1 Centralised database of all complaints,
70.1.2 Online movement of complaints to the concerned listed companies,
70.1.3 Online upload of Action Taken Reports (ATRs) by the concerned

companies, and
70.1.4 Online viewing by investors of actions taken on the complaint and its
current status.
70.2 The investor grievances received by SEBI against stock brokers are taken up
electronically with the concerned Stock Exchange(s) through SCORES. The
Stock Exchange(s) in turn, take up the matter with the concerned stock
brokers.
70.3 Stock Exchanges shall ensure that the investor complaints shall be resolved
within fifteen working days from the date of receipt of the complaint. Additional
information, if any, required from the complainant, shall be sought within seven
working days from the date of receipt of the complaint. The period of fifteen
83Reference: Circular MRD/DoP/Dep/SE/CIR-22/06 dated December 18, 2006.

84 Reference: Circular CIR/MIRSD/18/2011 dated August 25, 2011 and Circular
SEBI/HO/MIRSD/MIRSD6/CIR/P/2017/20 dated March 10, 2017.
202
working days shall be counted from the date of receipt of additional information
sought.85
70.4 For redressal of investor grievances through the SEBI Complaints Redress
System (SCORES) platform, the master circular issued by SEBI in this regard
may be accessed at the following link:
https://www.sebi.gov.in/legal/master-circulars/nov-2022/master-circular-on-
the-redressal-of-investor-grievances-through-the-sebi-complaints-redress-
system-scores-platform_64742.html
71. Information regarding Grievance Redressal Mechanism86
71.1 For information of all investors who deal/ invest/ transact in the market, the
offices of all stock brokers (and its authorized person(s)) shall prominently
display basic information, as provided in Annexure-35, about the grievance
redressal mechanism available to investors.
72. Publishing Investor Charter and disclosure of Investor Complaints by Stock

Brokers on their websites87
72.1 The Investor Charter for Stock Brokers inter-alia provide details about the
services provided to Investors, Rights of Investors, various activities of Stock
Brokers with timelines, DOs and DON’Ts for Investors and Grievance
Redressal Mechanism. The same is placed at Annexure-36.
72.2 Stock Brokers shall bring the Investor Charter to the notice of their clients
(existing as well as new clients) through disclosing the Investor Charter on their
respective websites, making them available at prominent places in the office,
provide a copy of Investor Charter as a part of account opening kit to the
clients, through e-mails/ letters etc.
72.3 Additionally, in order to bring about transparency in the Investor Grievance

Redressal Mechanism, all the Stock Brokers shall disclose on their respective
websites, the data on complaints received against them or against issues dealt
by them and redressal thereof, latest by seventh of succeeding month, as per
the format enclosed at Annexure-37.
85
Reference: Circular SEBI/HO/MIRSD/DOC/CIR/P/2020/226 dated November 06, 2020
86 Reference: Circular CIR/MIRSD/3/2014 dated August 28, 2014.
87
Reference: Circular SEBI/HO/MIRSD/DOP/P/CIR/2021/676 dated December 02,2021
203
VIII. DEFAULT RELATED PROVISIONS
73. Standard operating procedure in the cases of Trading Member / Clearing

Member leading to default88
73.1 With the introduction of uniform membership structure of TM and CM across

all segments, the TM shall make good the default of its clients to the CM and
the CM shall make good the default of its clients / TM to the CC. The default
of TM may not necessarily lead to default of CM, if the CM continues to fulfill
the settlement obligation with the CC. To protect the interest of non-defaulting
clients of a TM and /or non-defaulting clients / TM(s) of the CM, in the likely
event of default by TM / CM, there is a need for Standard Operating Procedure
(“SoP”) enumerating the steps to be taken by the SEs / CCs / Depositories in
such cases where SE / CC is of the view that TM / CM is likely to default in
repayment of funds or securities to its clients.
73.2 In order to harmonize the action amongst all SEs / CCs / Depositories in a time
bound manner this SoP has been prepared in consultation with SEs, CCs and
Depositories so as to achieve uniformity in implementation of actions. The SoP
lays down the actions to be initiated by the SEs / CCs / Depositories within a
time frame after detection of the early warning signals as laid out in the Circular
dated December 17, 2018 and other triggers as laid down in this circular until
declaration of defaulter of TM / CM by the SE / CC. Once the TM is declared
defaulter, the proceedings shall be in compliance with the bye-laws, rules and
regulations of SE / CC respectively.
73.3 On analysis of early warning signals or any of the following triggers, if the SE /
CC is of the view that the TM / CM is likely to default in the repayment of funds
/ securities to its clients and / or fail to meet the settlement obligations to CM /
CC, where:
73.3.1 There is shortage of funds / securities payable to the clients by Rs. 10
crore (SE may have their own criteria) and / or
73.3.2 TM / CM has failed to meet the settlement obligations to CM / CC and /
or
73.3.3 There is sudden increase in the number of investor’s complaints against
the TM / CM for non-payment of funds and / or transfer of securities,
88
Reference: Circular SEBI/HO/MIRSD/DPIEA/CIR/P/2020/115 dated July 01,2020 and Circular
SEBI/HO/MIRSD/DPIEA/CIR/2022/72 dated May 27, 2022.
204
the following actions shall be taken by Initiating Stock Exchange (ISE) / SEs /
CCs and Depositories as per the timeline given below:
Table 19
S No. Action Timeline
Seek documents / explanation or Meeting with Within 3 trading
1.
designated directors of TM. days of trigger
A limited purpose joint inspection of TM shall Within 3 trading
be initiated. ISE along with other SEs shall days of the meeting
send a team of officials for taking possession / explanation with
of the copy of the books of accounts and other the designated
2. 2 relevant records including but not restricted to directors
securities register, trial balance, client
master, bank books, debtors and creditors
ledger (preferably in electronic mode) for the
last 3 years (if available).
a) The explanations offered by the Within 7 trading
designated director(s) of the TM shall be days of 4.2
analysed by the ISE and based on the
information available, to protect the
interest of non-defaulting clients, as an
interim measure, the trading terminal of the
3. 3
TM may be directed to be disabled by the
Managing Director of the ISE for reasons
to be recorded in writing.
b) A preliminary assessment of assets
and liabilities of the TM shall be completed
by the ISE.
ISE shall issue a notice / circular informing the Within 1 day of
4. 4
disablement of the TM in all segments. disablement
ISE shall communicate the decision of Within 1 trading day
disablement of the trading terminal(s) of the of
TM along with detailed reasons for disablement
5. 5
disablement to the TM and CM(s) with an
advice to CM(s) to square-off open positions
of TM and its clients.
ISE shall inform the Depositories about the Within 1 trading day
disablement immediately and advice of
6.
Depositories to freeze the demat accounts of disablement
the TM (including TM Pool Accounts). (ISE
205
shall give specific instructions along with PAN
to the Depositories). Any debit in the demat
account of TM shall be made under
supervision of ISE.
ISE shall inform other SEs about the Within 1 trading day
disablement immediately and the other SEs of receipt of
7. 7 shall disable the said TM on receipt of intimation of
information and the other SEs shall Issue a disablement from
notice / circular in this regard. ISE
TM may also stand suspended to act as a Within 1 trading day
client with any other TM / CM in any other of date receipt
segment / SEs. of information
8. 8
of
disablement from
ISE
In case of open positions of clients / TM, CM Within 15 trading
shall liquidate / square off the open positions. days from the date
9. 9 of receipt of
information by the
CM.
a) All SEs shall immediately direct other TM / Within 1 trading day
CM so as not to alienate the of the date of
unencumbered surplus funds / securities receipt of
held by them for such TM registered as a information of
client. disablement
from ISE
10. 1
0b) CM shall invoke the BGs of TM and all Upon
unencumbered funds of TM to be instructions from
transferred to SE on demand. CM shall SE
also ensure that the BG do not expire in the
intervening period else they shall invoke
even before the receipt of instructions from
SE.
All SEs shall inform the CM / CC regarding As and when
11. 1 pay-out proceeds due to the TM which shall payout is made
1 be credited to the settlement account of the
TM.
12. 1 If the open position of clients of TM could not Within 15 trading
2 be liquidated / squared off, the re-pledged days from the date
206
securities of the client of the TM lying with the of receipt of
CM in the Client Securities Margin Pledge information by the
Account and other identifiable collateral of the CM
client of TM such as cash / Bank Guarantee
(BG) / Fixed Deposit Receipts (FDR) / Mutual
Fund Units shall be taken / encashed over by
CM wherever possible in accordance with
guidelines issued in this regard from time to
time.
All the securities lying in client unpaid Within 15 trading
securities account of the TM (CUSA) shall be days from receipt of
liquidated by CM / CC / ISE and the sale information of
13. 1
proceeds shall be credited to respective disablement from
3
client’s financial ledger. In this situation ISE
depository shall not levy any penalty on such
transactions.
a) ISE, in consultation with SEs / CCs, Within 15 trading
shall appoint a forensic auditor to conduct days of disablement
forensic audit of books of accounts of the
concerned TM. All SEs shall obtain details
of the free securities / collateral available
with their respective CM and CC and Within 3 weeks of
14. 1 provide to the forensic auditor. appointment of
4 b) An assessment of assets and liabilities forensic
of the TM shall be undertaken by the auditor
forensic auditor. The liabilities to the clients
for funds and securities shall be
established with demarcation of securities
belonging to the fully paid clients or partly
paid / unpaid clients.
ISE shall also provide a report to SEBI on the Within 30 trading
reasons for trigger, the meetings held with days from the date of
directors of the TM / CM and the outcomes of trigger
15. 1
limited purpose inspection, the details of
5
actions taken and proposed to be taken under
the SoP and any other information that the
ISE may deem relevant.
Action by Depositories
16. 1Depositories to freeze the demat accounts of Within 1 trading day
6the TM (including TM Pool Accounts). from the receipt of
207
information of
disablement
Depositories shall not allow new account Within 1 trading
opening by the DP (Defaulting TM / CM) and days from the date
17. 1
shall suspend all Power of Attorney in favour of receipt of
7
of the defaulting TM given by its clients. information of
disablement
If the TM is also a Depository Participant (DP), Within 3 trading
the Depositories shall depute its officials / days from the date
18. 1auditor to monitor the transactions in demat of receipt of
8securities of the clients of TM and / or transfer information of
the demat accounts of the clients to another disablement
DP.
Depositories shall initiate concurrent audit for Within 7 trading
100% verification of debit transfers executed days from the date
19. 1
from the client accounts and account closures of receipt of
9
processed by the DP. information of
disablement
Depositories shall provide the details of Within 15 trading
pledges that were invoked by Banks/ NBFCs days from the date
20. 2
with whom TM’s own securities were pledged of receipt of
0
in the previous 30 days to the SE / CC. information of
disablement
Action by ISE /SEs / CCs and Banks
21. 2Issuance of instruction to the banks that the Within 1 trading day
1balance in all the bank accounts of TM / CM of receipt of
shall be frozen for debits by Banks. information of
disablement
22. 2SEs to direct CCs / CM to invoke the Within 1 trading day
2unencumbered collateral deposits including from disablement
BGs / FDRs
23. 2CCs / CM shall secure the unencumbered Within 1 trading day
3collateral deposits, electronic balances in the on receipt of
depository accounts of the TM / CM, including information of
BGs as per the directions received from SEs. disablement
Other actions by ISE/ SEs/ CCs
24. 2With regard to the restoration of securities of Within 30 trading
4clients lying with the CM, post crystallization days
of balances in the financial ledger of clients by from
208
forensic auditor or as per the Auditor’s crystallization of
certificate as may be provided by Member: balances
• ISE/ SE / CC shall endeavour to initiate the

process to settle debit balance of such
client accounts by selling their securities if
such clients fail to clear their debit balance
after giving notice period for 5 days.
• After reconciling the Register of Securities
(ROS), the securities of the credit balance
clients (fully paid clients) shall be restored
to their respective demat accounts.
In this regard, the related parties of the trading

member shall not be considered for
settlement, for which the TM shall provide an
undertaking to the SEs / CC.
25. ISE / SEs / CCs shall endeavour to settle the Within 30 trading
claims of maximum number of clients by way days
of interim measures, under their supervision from
prior to issuing show cause notice (SCN) for crystallization of
declaring the TM a defaulter. The TM shall be balances
instructed to pay small investors out of
available funds and own resources (movable
and immovable) under the supervision of the
ISE/ SEs.
Further, the unencumbered deposits

available with the SEs/ CCs, after adjusting
for any dues of the SE / CC and maintaining
the minimum BMC, shall also be utilised for
settling the credit balance of investors starting
from the smallest amount. Such amount shall
be paid in full to all such investors having
credit balance up to the amount of Rs.
25,00,000/- (Rupees twenty five lakh), subject
to availability of funds. Further, investors
having credit balance of more than Rs.
25,00,000/- (Rupees twenty five lakh) shall be
209
paid on pro-rata basis from the remaining
funds.
Also, any surplus available with any SEs /

CCs shall be utilised for settling the credit
balances of clients with respect to other SEs.
BGs of the TM shall be invoked and also the
FDRs shall be encashed for utilisation. SEs /
CC may settle such clients in tranches.For
this purpose, the balances of client will be
netted across exchanges to arrive at the final
credit balance due to such client.
The TM shall furnish the proof of payment to

the clients, to the SEs.
In this regard, the related parties of the TM

shall not be considered for settlement, for
which the TM shall provide an undertaking to
the SEs/ CC. TM shall provide indemnity to the
SEs to make available the funds to meet any
shortfall in meeting investor’s claim (other than
those who have withdrawn their claim). Clients
withdrawing their claim will have to submit
unconditional withdrawal letter to the SEs.
26. 2Issuance of SCN for declaration of TM as a After finalization of

6defaulter and the list of members to whom the assets and liabilities
notice is issued shall be placed on the as per forensic
website of the SE and on such other place, as audit or audit by
the relevant authority may deem fit. SEs
27. 2SEs shall intimate the clients about the Within 3 trading
7issuance of the notice / SCN to declare the days of the
TM as defaulter including through email / issuance of SCN
SMS.
210
73.4 The above action shall equally apply to a likely event of default by a CM who
is also a TM. However, in case of likely default of a Professional CM, the action
to be initiated by the CM shall fall upon the CC.
73.5 As soon as TM is disabled that information shall be shared by ISE with all SEs
/ CCs. On receipt of such information respective SE shall also conduct their
due diligence and may initiate action of disablement by issuing reasoned order
by MD of SE concern. However, when SCN has been issued for declaring a
TM / CM as a defaulter by any SE, its subsidiary / associate companies which
are also member(s) on other segment / SE / CC shall also be put in suspension
mode. All their open positions shall be squared off and their assets shall be
frozen.
73.6 Once the Member is disabled or SCN is issued for declaration of defaulter to
TM / CM (whichever is earlier), no further Investor Grievance Redressal
Committee (IGRC) / Arbitration meetings shall be conducted.
73.7 Default proceedings shall take place as per bye laws / rules / regulations of the
SE / CC. If the member is also a DP, Depositories shall take action as per its
bye laws for termination / transfer of its participant-ship based on record. SEs
shall not expel the TM immediately until the default proceedings are
completed.
73.8 The TM shall provide a list of all its bank accounts to the SEs /CCs and the
SEs / CCs shall obtain an undertaking from the TM within 90 days from the
date of issuance of this Circular, undertaking that the SEs / CCs shall be
empowered to instruct the bank(s) of the TM to freeze the bank account(s) for
debits. The draft of undertaking is enclosed at Annexure-38.
73.9 The above SoP enumerates the minimum action which shall be initiated by the
respective SEs / CCs / Depositories However, the respective SEs / CCs /
Depositories are free to initiate any other actions as may be necessary in
compliance with their bye laws / rules / regulations and / or to protect the
interest of investors. The ISE / SEs/ CCs and Depositories are expected to
follow the timelines with respect to each actions as enumerated, reasons shall
be recorded in case of for any deviation in timelines prescribed.
211
74. Recovery of assets of defaulter member and recovery of funds from debit
balance clients of defaulter member for meeting the obligations of clients /
Stock Exchange / Clearing Corporation 89
74.1 In the case of default by TM/CM, it has been noted that in certain cases there
is shortfall of funds/securities with defaulter member to meet the obligation of
clients / SE / CC. The bye-laws of SE/CC provide for the procedure for
declaring a member as defaulter when, amongst other reasons, the member
is not able to fulfil its obligations and also provide for initiation of proceedings
in a court of law whenever a member is declared as a defaulter and there is a
shortfall of funds/securities with the defaulter member.
74.2 The SE/CC are advised to initiate suitable actions for liquidating the assets
(movable and immovable) of defaulter member including that of debit balance
clients (to the extent of debit balance), within six months of declaration of
defaulter, for recovery of the assets not in possession of the SE/CC, before
appropriate court of law.
89
Reference: Circular SEBI/HO/MIRSD/DPIEA/CIR/P/2020/186 dated September 28,2020
212
IX. MISCELLANEOUS
75. Advertisement by Brokers and grant of trading terminals90
75.1 The Stock Exchanges shall ensure that brokers do not issue advertisements
of their business, including in their internet sites, by subsidiaries, group
companies etc. in contravention to Clause C(4) and C(5) of the Code of
Conduct specified in Schedule II of Regulation 9 of the Stock Brokers
Regulations 1992 and Bye Laws of the concerned Stock Exchange.
75.2 Stock Exchanges shall grant trading terminals only at the members’ registered
office and their branch offices.
76. Registration Number of Brokers to be quoted on all correspondences with

SEBI91
76.1 Stock Exchanges shall quote SEBI Registration Number of the concerned
Broker quoted on all correspondences with SEBI relating to them. Stock
Exchanges shall instruct the Brokers to quote their SEBI Registration Number
in all their correspondences with SEBI.
77. Maintenance of books of accounts and other documents sought by

Enforcement Agencies from Stock Exchanges and Brokers92
77.1 In terms of Rules 14 and 15 of SCRR 1957 (hereinafter referred to as SCRR,

1957), every recognized stock exchange and its members are required
to maintain and preserve the specified books of account and documents for a
period ranging from two years to five years. Further, as per Regulation 18 of
the Stock Brokers Regulations 1992 (hereinafter referred to as Stock Broker
Regulations), every stock broker shall preserve the specified books of account
and other records for a minimum period of five years.
77.2 Enforcement agencies like Central Bureau of Investigation, Police, Crime

Branch etc. have been collecting copies of the various records/documents
during the course of their investigation. These original documents both in
physical form and electronic form would be required by such enforcement
agencies during trial of the case also.
90 Reference: Circular SMD/POLICY/CIR-49/2001 dated October 22, 2001.

91 Reference: Circular SMD/DBA-II/Cir-16/9618/03 dated May 05, 2003.
92 Reference: Circular SEBI/MRD/SE/CIR-15/2005 dated August 04, 2005.
213
77.3 Notwithstanding anything contained in SCRR 1957 and the Stock Broker
Regulations 1992, it is advised to preserve the originals of the documents, both
in electronic and physical form, copies of which have been taken by CBI, Police
or any other enforcement agency during the course of any investigation till the
trial is completed.
78. Display of details by Stock Brokers (including Trading Members)93
78.1 While a stock broker may use the brand name / logo of its group companies, it
must display more prominently:
a. its name as registered with SEBI, its own logo, if any, its registration number,
and its complete address with telephone numbers in its portal /web site, if
any, notice / display boards, advertisements, publications, know your client
forms, and member client agreements;
b. its name as registered with SEBI, its own logo, if any, its registration number,
and its complete address with telephone numbers, the name of the
compliance officer, his telephone number and e-mail address in contract
notes, statement of funds and securities, and correspondences with the
clients.
79. Unauthenticated news circulated by SEBI Registered Market Intermediaries

through various modes of communication94
79.1 It has been observed by SEBI that unauthenticated news related to various
scrips are circulated in blogs/chat forums/e-mail etc. by employees of Broking
Houses/Other Intermediaries without adequate caution as mandated in the
Code of Conduct for Stock Brokers and respective Regulations of various
intermediaries registered with SEBI.
79.2 It was also observed that the Intermediaries do not have proper internal
controls and do not ensure that proper checks and balances are in place to
govern the conduct of their employees. Due to lack of proper internal controls
and poor training, employees of such intermediaries are sometimes not aware
of the damage which can be caused by circulation of unauthenticated news or
rumours. It is a well-established fact that market rumours can do considerable
93Reference: Circular CIR/MIRSD/9/2010 dated November 04, 2010.

94Reference: Circular CIR/ISD/1/2011 dated March 23, 2011 and Circular CIR/ISD/2/2011 dated March
24, 2011.
214
damage to the normal functioning and behaviour of the market and distort the
price discovery mechanisms.
79.3 In view of the above facts, SEBI Registered Market Intermediaries are directed
that:
79.3.1 Proper internal code of conduct and controls should be put in place.
79.3.2 Employees/temporary staff/voluntary workers etc. employed/working in

the Offices of market intermediaries do not encourage or circulate
rumours or unverified information obtained from client, industry, any
trade or any other sources without verification.
79.3.3 Access to Blogs/Chat forums/Messenger sites etc. should either be

restricted under supervision or access should not be allowed.
79.3.4 Logs for any usage of such Blogs/Chat forums/Messenger sites (called
by any nomenclature) shall be treated as records and the same should
be maintained as specified by the respective Regulations which govern
the concerned intermediary.
79.3.5 Employees should be directed that any market related news received
by them either in their official mail/personal mail/blog or in any other
manner, should be forwarded only after the same has been seen and
approved by the concerned Intermediary’s Compliance Officer. If an
employee fails to do so, he/she shall be deemed to have violated the
various provisions contained in SEBI Act/Rules/Regulations etc. and
shall be liable for action. The Compliance Officer shall also be held liable
for breach of duty in this regard.
80. Guidelines on Outsourcing of Activities by Stock Brokers95
80.1 SEBI Regulations for various intermediaries require that they shall render at
all times high standards of service and exercise due diligence and ensure
proper care in their operations.
80.2 It has been observed that often the stock brokers resort to outsourcing with a
view to reduce costs, and at times, for strategic reasons.
95 Circular CIR/MIRSD/24/2011 dated December 15, 2011.

215
80.3 Outsourcing may be defined as the use of one or more than one third party –
either within or outside the group - by a registered intermediary to perform the
activities associated with services which the intermediary offers.
80.4 Principles for Outsourcing
80.4.1 The risks associated with outsourcing may be operational risk,

reputational risk, legal risk, country risk, strategic risk, exit-strategy risk,
counter party risk, concentration and systemic risk. The principles for
outsourcing are given below at paras 80.7 to 80.14 below.
80.5 Activities that shall not be Outsourced
80.5.1 The stock brokers desirous of outsourcing their activities shall not,
however, outsource their core business activities and compliance
functions. An example of core business activity may be – execution of
orders and monitoring of trading activities of clients in case of stock
brokers. Regarding Know Your Client (KYC) requirements, the stock
brokers shall comply with the provisions of Securities and Exchange
Board of India {KYC (Know Your Client) Registration Agency}
Regulations, 2011 and Guidelines issued thereunder from time to time.
80.6 Other Obligations
80.6.1 Reporting to Financial Intelligence Unit (FIU) - The stock brokers shall
be responsible for reporting of any suspicious transactions / reports to
FIU or any other competent authority in respect of activities carried out
by the third parties.
PRINCIPLES FOR OUTSOURCING FOR INTERMEDIARIES
80.7 An intermediary seeking to outsource activities shall have in place a

comprehensive policy to guide the assessment of whether and how those
activities can be appropriately outsourced. The Board / partners (as the case
may be) {hereinafter referred to as the “the Board”} of the intermediary shall
have the responsibility for the outsourcing policy and related overall
responsibility for activities undertaken under that policy.
80.7.1 The policy shall cover activities or the nature of activities that can be
outsourced, the authorities who can approve outsourcing of such
216
activities, and the selection of third party to whom it can be outsourced.
For example, an activity shall not be outsourced if it would impair the
supervisory authority’s right to assess, or its ability to supervise the
business of the intermediary. The policy shall be based on an evaluation
of risk concentrations, limits on the acceptable overall level of
outsourced activities, risks arising from outsourcing multiple activities to
the same entity, etc.
80.7.2 The Board shall mandate a regular review of outsourcing policy for such
activities in the wake of changing business environment. It shall also
have overall responsibility for ensuring that all ongoing outsourcing
decisions taken by the intermediary and the activities undertaken by the
third-party, are in keeping with its outsourcing policy.
80.8 The intermediary shall establish a comprehensive outsourcing risk

management programme to address the outsourced activities and the
relationship with the third party.
80.8.1 An intermediary shall make an assessment of outsourcing risk which

depends on several factors, including the scope and materiality of the
outsourced activity, etc. The factors that could help in considering
materiality in a risk management programme include-
80.8.1.1 The impact of failure of a third party to adequately perform the

activity on the financial, reputational and operational
performance of the intermediary and on the investors / clients;
80.8.1.2 Ability of the intermediary to cope up with the work, in case of

non-performance or failure by a third party by having suitable
back-up arrangements;
80.8.1.3 Regulatory status of the third party, including its fitness and
probity status;
80.8.1.4 Situations involving conflict of interest between the intermediary

and the third party and the measures put in place by the
intermediary to address such potential conflicts, etc.
80.8.2 While there shall not be any prohibition on a group entity / associate of
the intermediary to act as the third party, systems shall be put in place
217
to have an arm’s length distance between the intermediary and the third
party in terms of infrastructure, manpower, decision-making, record
keeping, etc. for avoidance of potential conflict of interests. Necessary
disclosures in this regard shall be made as part of the contractual
agreement. It shall be kept in mind that the risk management practices
expected to be adopted by an intermediary while outsourcing to a
related party or an associate would be identical to those followed while
outsourcing to an unrelated party.
80.8.3 The records relating to all activities outsourced shall be preserved

centrally so that the same is readily accessible for review by the Board
of the intermediary and / or its senior management, as and when
needed. Such records shall be regularly updated and may also form part
of the corporate governance review by the management of the
intermediary.
80.8.4 Regular reviews by internal or external auditors of the outsourcing

policies, risk management system and requirements of the regulator
shall be mandated by the Board wherever felt necessary. The
intermediary shall review the financial and operational capabilities of the
third party in order to assess its ability to continue to meet its
outsourcing obligations.
80.9 The intermediary shall ensure that outsourcing arrangements neither diminish
its ability to fulfill its obligations to customers and regulators, nor impede
effective supervision by the regulators.
80.9.1 The intermediary shall be fully liable and accountable for the activities
that are being outsourced to the same extent as if the service were
provided in-house.
80.9.2 Outsourcing arrangements shall not affect the rights of an investor or

client against the intermediary in any manner. The intermediary shall be
liable to the investors for the loss incurred by them due to the failure of
the third party and also be responsible for redressal of the grievances
received from investors arising out of activities rendered by the third
party.
80.9.3 The facilities / premises / data that are involved in carrying out the
outsourced activity by the service provider shall be deemed to be those
218
of the registered intermediary. The intermediary itself and Regulator or
the persons authorized by it shall have the right to access the same at
any point of time.
80.9.4 Outsourcing arrangements shall not impair the ability of SEBI/SRO or

auditors to exercise its regulatory responsibilities such as
supervision/inspection of the intermediary.
80.10 The intermediary shall conduct appropriate due diligence in selecting the third
party and in monitoring of its performance.
80.10.1 It is important that the intermediary exercises due care, skill, and
diligence in the selection of the third party to ensure that the third party
has the ability and capacity to undertake the provision of the service
effectively.
80.10.2 The due diligence undertaken by an intermediary shall include

assessment of:
80.10.2.1 third party’s resources and capabilities, including financial

soundness, to perform the outsourcing work within the timelines
fixed;
80.10.2.2 compatibility of the practices and systems of the third party with
the intermediary’s requirements and objectives;
80.10.2.3 market feedback of the prospective third party’s business

reputation and track record of their services rendered in the
past;
80.10.2.4 level of concentration of the outsourced arrangements with a

single third party; and
80.10.2.5 the environment of the foreign country where the third party is
located.
80.11 Outsourcing relationships shall be governed by written contracts / agreements

/ terms and conditions (as deemed appropriate) {hereinafter referred to as
“contract”} that clearly describe all material aspects of the outsourcing
arrangement, including the rights, responsibilities and expectations of the
219
parties to the contract, client confidentiality issues, termination procedures,
etc.
80.11.1 Outsourcing arrangements shall be governed by a clearly defined and

legally binding written contract between the intermediary and each of
the third parties, the nature and detail of which shall be appropriate to
the materiality of the outsourced activity in relation to the ongoing
business of the intermediary.
80.11.2 Care shall be taken to ensure that the outsourcing contract:
80.11.2.1 clearly defines what activities are going to be outsourced,

including appropriate service and performance levels;
80.11.2.2 provides for mutual rights, obligations and responsibilities of the

intermediary and the third party, including indemnity by the
parties;
80.11.2.3 provides for the liability of the third party to the intermediary for
unsatisfactory performance/other breach of the contract
80.11.2.4 provides for the continuous monitoring and assessment by the

intermediary of the third party so that any necessary corrective
measures can be taken up immediately, i.e., the contract shall
enable the intermediary to retain an appropriate level of control
over the outsourcing and the right to intervene with appropriate
measures to meet legal and regulatory obligations;
80.11.2.5 includes, where necessary, conditions of sub-contracting by the

third-party, i.e. the contract shall enable intermediary to
maintain a similar control over the risks when a third party
outsources to further third parties as in the original direct
outsourcing;
80.11.2.6 has unambiguous confidentiality clauses to ensure protection of

proprietary and customer data during the tenure of the contract
and also after the expiry of the contract;
80.11.2.7 specifies the responsibilities of the third party with respect to the
IT security and contingency plans, insurance cover, business
220
continuity and disaster recovery plans, force majeure clause,
etc.;
80.11.2.8 provides for preservation of the documents and data by third

party;
80.11.2.9 provides for the mechanisms to resolve disputes arising from

implementation of the outsourcing contract;
80.11.2.10 provides for termination of the contract, termination rights,

transfer of information and exit strategies;
80.11.2.11 addresses additional issues arising from country risks and

potential obstacles in exercising oversight and management of
the arrangements when intermediary outsources its activities to
foreign third party. For example, the contract shall include
choice-of-law provisions and agreement covenants and
jurisdictional covenants that provide for adjudication of disputes
between the parties under the laws of a specific jurisdiction;
80.11.2.12 neither prevents nor impedes the intermediary from meeting its
respective regulatory obligations, nor the regulator from
exercising its regulatory powers; and
80.11.2.13 provides for the intermediary and /or the regulator or the
persons authorized by it to have the ability to inspect, access all
books, records and information relevant to the outsourced
activity with the third party.
80.12 The intermediary and its third parties shall establish and maintain contingency
plans, including a plan for disaster recovery and periodic testing of backup
facilities.
80.12.1 Specific contingency plans shall be separately developed for each

outsourcing arrangement, as is done in individual business lines.
80.12.2 An intermediary shall take appropriate steps to assess and address the
potential consequence of a business disruption or other problems at the
third party level. Notably, it shall consider contingency plans at the third
party; co-ordination of contingency plans at both the intermediary and
221
the third party; and contingency plans of the intermediary in the event
of non-performance by the third party.
80.12.3 To ensure business continuity, robust information technology security is

a necessity. A breakdown in the IT capacity may impair the ability of the
intermediary to fulfill its obligations to other market
participants/clients/regulators and could undermine the privacy
interests of its customers, harm the intermediary’s reputation, and may
ultimately impact on its overall operational risk profile. Intermediaries
shall, therefore, seek to ensure that third party maintains appropriate IT
security and robust disaster recovery capabilities.
80.12.4 Periodic tests of the critical security procedures and systems and review
of the backup facilities shall be undertaken by the intermediary to
confirm the adequacy of the third party’s systems.
80.13 The intermediary shall take appropriate steps to require that third parties
protect confidential information of both the intermediary and its customers from
intentional or inadvertent disclosure to unauthorised persons.
80.13.1 An intermediary that engages in outsourcing is expected to take

appropriate steps to protect its proprietary and confidential customer
information and ensure that it is not misused or misappropriated.
80.13.2 The intermediary shall prevail upon the third party to ensure that the
employees of the third party have limited access to the data handled
and only on a “need to know” basis and the third party shall have
adequate checks and balances to ensure the same.
80.13.3 In cases where the third party is providing similar services to multiple
entities, the intermediary shall ensure that adequate care is taken by the
third party to build safeguards for data security and confidentiality.
80.14 Potential risks posed where the outsourced activities of multiple intermediaries
are concentrated with a limited number of third parties.
80.14.1 In instances, where the third party acts as an outsourcing agent for
multiple intermediaries, it is the duty of the third party and the
intermediary to ensure that strong safeguards are put in place so that
there is no co-mingling of information /documents, records and assets.
222
81. General Guidelines for dealing with Conflicts of Interest of Stock Brokers and
their Associated Persons in Securities Market.96
81.1 Stock brokers are presently governed by the provisions for avoidance of
conflict of interest as mandated in the regulations read with relevant circulars
issued from time to time by SEBI. On the lines of Principle 8 of the International
Organisation of Securities Commissions (IOSCO) Objectives and Principles of
Securities Regulations, it has been decided to put in place comprehensive
guidelines to collectively cover such stock brokers, for elimination of their
conflict of interest, as detailed hereunder.
81.2 Stock Brokers shall adhere to these guidelines for avoiding or dealing with or
managing conflict of interest. They shall be responsible for educating their
associated persons for compliance of these guidelines.
81.3 For the purpose of these guidelines "associated persons" shall have the same
meaning as defined in the Securities and Exchange Board of India
(Certification of Associated Persons in the Securities Markets) Regulations,
2007.
81.4 Stock brokers and their associated persons shall,
81.4.1 lay down, with active involvement of senior management, policies and
internal procedures to identify and avoid or to deal or manage actual or
potential conflict of interest, develop an internal code of conduct
governing operations and formulate standards of appropriate conduct in
the performance of their activities, and ensure to communicate such
policies, procedures and code to all concerned;
81.4.2 at all times maintain high standards of integrity in the conduct of their
business;
81.4.3 ensure fair treatment of their clients and not discriminate amongst them;
81.4.4 ensure that their personal interest does not, at any time conflict with
their duty to their clients and client’s interest always takes primacy in
their advice, investment decisions and transactions;
96 Reference: Circular CIR/MIRSD/5/2013 dated August 27, 2013.

223
81.4.5 make appropriate disclosure to the clients of possible source or
potential areas of conflict of interest which would impair their ability to
render fair, objective and unbiased services;
81.4.6 endeavor to reduce opportunities for conflict through prescriptive

measures such as through information barriers to block or hinder the
flow of information from one department/ unit to another, etc.;
81.4.7 place appropriate restrictions on transactions in securities while

handling a mandate of issuer or client in respect of such security so as
to avoid any conflict;
81.4.8 not deal in securities while in possession of material non published

information;
81.4.9 not to communicate the material non published information while

dealing in securities on behalf of others;
81.4.10 not in any way contribute to manipulate the demand for or supply of
securities in the market or to influence prices of securities;
81.4.11 not have an incentive structure that encourages sale of products not
suiting the risk profile of their clients;
81.4.12 not share information received from clients or pertaining to them,

obtained as a result of their dealings, for their personal interest;
81.5 The Boards of Stock Brokers shall put in place systems for implementation of
the aforementioned guidelines and provide necessary guidance enabling
identification, elimination or management of conflict of interest situations. The
Boards shall review the compliance of the above guidelines periodically.
81.6 The said guidelines shall be in addition to the provisions, if any, contained in
respective regulations/ circulars issued by the Board from time to time
regarding dealing with conflict of interest, in respect of such entities.
224
82. Digital Mode of Payment97
82.1 SEBI had notified the SEBI (Payment of Fees and Mode of Payment)
(Amendment) Regulations, 2017 on March 06, 2017 to enable digital mode of
payment (RTGS/NEFT/IMPS etc.) of fees/penalties/remittance/other
payments etc.
82.2 Pursuant to above, SEBI has been receiving direct credit of amounts from
various intermediaries / other entities.
82.3 In order to identify and account such direct credit in the SEBI account,
intermediaries / other entities shall provide the information as mentioned in
Annexure-39 to SEBI once the payment is made.
82.4 The above information should be emailed to the respective department(s) as

well as to Treasury & Accounts division at [email protected].
83. Regulatory Framework for Commodity Derivatives Brokers98
83.1 Erstwhile Forward Markets Commission (FMC) issued various circulars/letters/

directions to exchanges dealing in commodity derivatives for compliance by
their members from time to time. Consequent to merger of FMC with SEBI, it
is important that regulatory provisions for brokers across equity and commodity
derivatives markets be harmonized. Accordingly, regulatory provisions have
been divided into three parts as described below.
83.1.1 Annexure-40 contains details of FMC circulars which shall stand

repealed and relevant SEBI circulars which shall be applicable.
83.1.2 Annexure-41 contains details of FMC circulars contents/norms of which

shall continue as they are specific to commodity derivative markets.
83.1.3 Annexure-42 contains details of FMC circulars which shall stand

repealed.
83.2 All commodity derivatives exchanges shall continue to levy penalties they are
currently levying and any revision thereof shall be decided in consultation with
97Reference: Circular SEBI/HO/GSD/T&A/CIR/P/2017/42 dated May 16, 2017.

98Reference: Circular SEBI/HO/MIRSD/MIRSD2/CIR/P/2016/92 dated September 23, 2016 and Circular
SEBI/HO/MIRSD/MIRSD1/CIR/P/2017/104 dated September 21, 2017.
225
SEBI. Accordingly, FMC circulars dealing with penalties including Uniform
Penalty Circular dated Mar 05, 2010 shall stand repealed.
84. Approach to securities market data access and terms of usage of data
provided by data sources in Indian securities market99
84.1 In order to further enhance the quantum as well as the ease of accessibility
and usability of data disseminated in public by various data sources in Indian
securities market and keeping in view the deliberations and recommendations
of Market Data Advisory Committee (MDAC), Stock Brokers are advised to
make note of the following:
“As far as the data provided by various data sources in Indian securities
markets pursuant to regulatory mandates for reporting and disclosure in
public domain are concerned, such data should be made available to users,
‘free of charge’ both for ‘viewing’ the data as also for download in the format
as specified by regulatory mandate for reporting, as well as their usage for
the value addition purposes.”
84.2 Further, apart from the data made available free of cost, data which is
chargeable should be appropriately identified as such in public domain.
85. Introduction of Investor Risk Reduction Access (IRRA) platform in case of

disruption of trading services provided by the Trading Member (TM)100
85.1 In recent times, with increasing dependence on technology in securities

market, there is a rise in instances of glitches in trading members’ systems,
some of which lead to disruption of trading services and investor complaints.
In such instances, investors with open positions are at risk of non-availability
of avenues to close their positions, particularly if markets are volatile.
85.2 To address the issue, SEBI had extensive consultations with stock exchanges,
clearing corporations (CCs) and TMs. As the respective business continuity
plans, if any, of the TMs, may not be able to prevent disruption in some cases
like TM being unable to move to Disaster Recovery Site within stipulated time,
cyber-attacks etc., it has been decided that a contingency service shall be
provided by the stock exchanges in the event of such disruption.
99
Reference: Circular SEBI/HO/DEPA-III/DEPA-III_SSU/P/CIR/2022/25 dated February 25,2022
100
Reference: Circular SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2022/177 dated December 30, 2022
226
85.3 In this regard, the following has been decided:
Development of the service:
85.3.1 A joint platform to provide Investor Risk Reduction Access (IRRA)

service shall be developed by the exchanges to provide the investors
an opportunity to square off/close the open positions and/or cancel
pending orders in case of disruption of trading services provided by the
Trading Member.
85.3.2 The IRRA service shall support multiple segments across multiple
exchanges.
Enablement of IRRA service:
85.3.3 TMs, upon facing technical glitches which lead to disruption of trading
services, can request for enablement of the IRRA service as per the
procedures specified by the stock exchanges from time to time and
IRRA shall be enabled on receipt of such requests.
85.3.4 In addition, stock exchanges shall also monitor the parameters like
connectivity, order flow, social media posts etc. and suo moto initiate
the enablement of the service, if needed, irrespective of any such
request by the TM.
85.3.5 This service shall be enabled by the exchanges, suo moto, only in case
of disruption of trading services of TM across all the exchanges, where
the TM is member. In case of disruption of trading services of TM with
one/some of the exchanges, where the TM is member, TM may request
the enablement, in which case TM shall use the service for all the
exchanges.
Access to Investors:
85.3.6 Once the service is enabled, all the investors of the TM shall be
informed by the exchange of the availability of the service through
email/SMS and a public notice on exchanges’ website. TMs shall also
communicate the same by displaying on their website.
85.3.7 Investors can login to the service using either the Unique Client Code
227
(UCC) or the PAN number and they shall be authorized by a One Time
Password (OTP) to be sent to their registered mobile numbers and
email ids.
Actions on IRRA service:
85.3.8 Once successfully authorized, the investors can-

85.3.8.1 square off/close the open positions across segments and
exchange/s and/or
85.3.8.2 cancel the orders across segments which are pending at the
exchange/s.
85.3.9 The IRRA service shall not permit any action that increases the risk of
the investor.
85.3.10 Further, IRRA service shall also provide the TM with access to an Admin
Terminal, through which the TM can monitor the actions of investors
and also carry out the actions as mentioned at para 85.3.8 above, on
instructions of investors. The TM shall maintain evidence of such
instructions. The form of such evidence shall be as specified by
SEBI/stock exchanges, through various circulars, from time to time.
85.3.11 In case of enablement of IRRA due to cyber-attacks, such Admin

Terminal shall be on a network other than the network, which was
subjected to the attack, to protect the other critical infrastructure.
85.3.12 The TM shall continue to be responsible for all the activities on the IRRA
with respect to all obligations including settlement and margin
requirements.
Reverse Migration to the TM’s systems:
85.3.13 Stock exchanges shall design a detailed framework for reverse

migration from IRRA system to the TM’s trading system, as and when
the TM’s trading system is revived successfully and a request is made
in this regard.
85.3.14 Upon revival of the TM’s trading system, TM shall update their systems
taking data from the exchanges thus ensuring that latest status of orders
and trades is available to the investors.
228
85.3.15 Stock exchanges shall decide on the reverse migration based on
various parameters including the size of the broker, time required for
reverse migration and remaining time of the trading session.
85.4 Exchanges shall ensure that credible and periodic testing of the IRRA platform
is carried out from time to time for smooth functioning of the service.
85.5 Stock exchanges shall issue guidelines in this regard giving details like cut-off
times for enablement of IRRA service, handling of various scenarios of open
positions, framework for reverse migration etc.
85.6 In case of disruptions after the cut off time for enablement of IRRA service,
exchanges, based on their assessment and in consultation with SEBI, may
extend the market hours, if needed.
85.7 Stock exchanges and CCs shall put in place appropriate systems to ensure
compliance of the provisions at para 85.3 to 85.6 on or before October 01,
2023.
86. Maintenance of a website by stock brokers 101
86.1 With effect from August 16, 2023, all stock brokers are mandated to maintain
a designated website.
86.2 Such website shall mandatorily display the following information, in addition to
all such information, which have been mandated by SEBI/stock
exchanges/depositories from time to time.
i. Basic details of the stock broker such as registration number, registered
address of Head Office and branches, if any.
ii. Names and contact details such as email ids etc. of all key managerial
personnel (KMPs) including compliance officer.
iii. Step-by-step procedures for opening an account, filing a complaint on a
designated email id, and finding out the status of the complaint, etc.
iv. Details of Authorized Persons.
86.3 The URL to the website of a stock broker shall be reported to the stock
exchanges within a week of the provisions at para 86.1 of this master circular,
coming into effect. Any modification in the URL shall be reported to stock
101
Reference: Circular SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2023/30 dated February 15, 2023
229
exchanges within 3 days of such changes.
87. Framework for Regulatory Sandbox102
87.1 The Objective of Regulatory Sandbox is to grant certain facilities and

flexibilities to the entities regulated by SEBI so that they can experiment with
FinTech solutions in a live environment and on limited set of real users for a
limited time frame.
87.2 The guidelines pertaining to the functioning of the Regulatory Sandbox are
available at the link below:
https://www.sebi.gov.in/legal/circulars/jun-2021/revised-framework-for-
regulatory-sandbox_50521.html
and
https://www.sebi.gov.in/legal/circulars/nov-2021/framework-for-regulatory-
sandbox_53982.html
*******
Reference: Circular SEBI/HO/ITD/ITD/CIR/P/2021/575 dated June 14, 2021 and

102
Circular SEBI/HO/MIRSD/MIRSD_IT/P/CIR/2021/0000000658 dated November 16, 2021

230
X. REPORTING REQUIREMENTS
Para No. of the

S No. Master circular Reporting requirement
Reporting to Stock Exchanges
The member shall carry out complete internal audit on a half
yearly basis and shall forward the report along with para-wise
comments to the respective Stock Exchange/ Clearing
Corporation within two months from the end of the half year
1. 13.2 period.
The stock brokers shall inform the Stock Exchanges of
existing and new bank account(s) in the format specified at
2. 15.4.1 Table 2.
The stock brokers shall inform the Stock Exchanges of
existing and new demat account(s) in the format specified at
3. 15.4.2 Table 3.
The uploading of the data (specified at 15.5.2) by the stock
broker to the Stock Exchanges shall be on weekly basis i.e.
stock brokers shall submit the data as on last trading day of
4. 15.5.2 every week on or before the next three trading days.
Stock Brokers shall ensure that the internal audit reports are
submitted to the Exchanges within two months of the end of
5. 15.6.5.1 respective half years for which the audit is being conducted.
Stock Brokers shall submit financial statements to Stock
Exchanges in the same format as prescribed under the
Companies Act, 2013 irrespective of whether they fall under
the purview of the Companies Act, 2013 or not. The due date
for submission of the aforesaid financial statements to Stock
Exchanges shall be the same as prescribed under the
Companies Act, 2013 for submission to Registrar of
6. 15.7.2 Companies.
The Stock Brokers shall upload the data (specified at para
15.9.1) on a monthly basis for every client onto each Stock
7. 15.9.1 Exchange system where the broker is a member
The brokers shall be required to furnish the particulars
(mentioned at para 19.1 and 19.2.1) of their clients to the
Stock Exchanges/Clearing Corporations and the same would
be updated on a monthly basis. Such information for a
specific month should reach the exchange within seven
8. 19.2.2 working days of the following month.
231
As on 31st March of every year, a statement of balance of
Funds and Securities in hard form and signed by the broker
9. 22.9 shall be sent to all the clients.
Stock Brokers shall upload the details of clients, such as,
name, mobile number, address for correspondence and E-
10. 33.2.2 mail address to Stock Exchanges
The stock brokers shall submit to the Stock Exchange a half-
yearly certificate, as on 31st March and 30th September of
each year, from an auditor confirming the net worth. Such a
certificate shall be submitted not later than 30th April and 31st
11. 38.4.3 October of every year.
The stock broker shall disclose to the Stock Exchanges
details on gross exposure towards margin trading facility
including name of the client, Category of holding
(Promoter/promoter group or Non-promoter), clients' PAN,
name of the scrips (Collateral stocks and Funded stocks) and
if the stock broker has borrowed funds for the purpose of
providing margin trading facility, name of the lender and
amount borrowed, on or before 12 noon on the following
trading day. The format for this disclosure by the stock broker
12. 38.7.1 to the stock exchange is enclosed at Annexure-15.
The books of accounts, maintained by the broker, with
respect to the margin trading facility offered by it, shall be
audited on a half yearly basis. The stock broker shall submit
an auditor’s certificate to the exchange within one month from
the date of the half year ending 31st March and 30th
September of a year certifying, inter alia, the extent of
13. 38.9.3 compliance with the conditions of margin trading facility.
On a daily basis,
 TM shall report disaggregated information on collaterals
up to the level of its clients to the CM.
 CM shall report disaggregated information on collaterals

up to the level of clients of TM and proprietary collaterals
of the TMs to the Stock Exchanges (SEs) and CCs in
14. 42.2 respect of each segment.
The stock brokers / trading members that provide the facility
of algorithmic trading shall subject their algorithmic trading
system to a system audit every six months in order to ensure
15. 55.5 & 55.6 that the requirements prescribed by SEBI / stock exchanges
232
with regard to algorithmic trading are effectively
implemented.
Deficiencies or issues identified during the process of system
audit of trading algorithm / software shall be reported by the
stock broker / trading member to the stock exchange
immediately on completion of the system audit.
All registered Stock Brokers using AI / ML based application
or system as defined in Annexure 26, are required to fill in the
form (Annexure 25) and make submissions on quarterly basis
16. 59.4 within fifteen calendar days of the expiry of the quarter.
Stock Brokers shall disclose on their respective websites, the
data on complaints received against them or against issues
dealt by them and redressal thereof, latest by seventh of
succeeding month, as per the format enclosed at Annexure-
17. 72.3 37.
The URL to the website of a stock broker shall be reported to
the stock exchanges within a week of the provisions at para
86.1 of this master circular, coming into effect. Any
modification in the URL shall be reported to stock exchanges
18. 86.3 within 3 days of such changes.
Reporting to clients
Once the TM settles the running account of funds of a client,
an intimation shall be sent to the client by SMS on mobile
number and also by email. The intimation should also include
details about the transfer of funds (in case of electronic
transfer – transaction number and date; in case of physical
payment instruments – instrument number and date). TM
shall send the retention statement along with the statement
of running accounts to the clients as per the existing
19. 15.10.1.6 & 47.8 provisions within five working days.
In addition to the e-mail communication of the ECNs in the
manner stated above, in order to further strengthen the
electronic communication channel, the member shall
simultaneously publish the ECN on his designated web-site
20. 48.3.7.a in a secured way and enable relevant access to the clients.
Contract notes must be issued to clients as per existing
21. 49.2.2.e.i regulations, within twenty-four hours of the trade execution.
For information of all investors who deal/ invest/ transact in
the market, the offices of all stock brokers (and its authorized
22. 71.1 person(s)) shall prominently display basic information, as
233
provided in Annexure-35, about the grievance redressal
mechanism available to investors.
Stock Brokers shall bring the Investor Charter to the notice of
their clients (existing as well as new clients) through
disclosing the Investor Charter on their respective websites,
making them available at prominent places in the office,
provide a copy of Investor Charter as a part of account
23. 72.2 opening kit to the clients, through e-mails/ letters etc.
Technology related reporting requirements
The system audit report submitted by the auditor should be
forwarded to the Stock Exchange by the Stock Broker along
with management comments, within one month of
24. 16-Table – 8 (1.5) submission of report by the auditor.
QSBs shall arrange to have their systems audited on half-
compliance with the above mentioned requirements related
to cyber security and other circulars of SEBI on cybersecurity
comments of the cybersecurity committee within one month
25. 18.5.5.14 of completion of the half year.
A systems audit of the DMA systems and software shall be
periodically carried out by the broker as may be specified by
the exchange and certificate in this regard shall be submitted
26. 53.4.7 to the exchange.
System audit of the Smart Order Routing systems and
software shall be periodically carried out by the brokers as
may be specified by the exchange and certificate in this
27. 54.2.13 regard shall be submitted to the exchange.
The Stock Brokers are mandated to conduct comprehensive
cyber audit at least once in a financial year. All Stock Brokers
shall submit with Stock Exchange a declaration from the MD/
CEO/ Partners/ Proprietors certifying compliance by the
Stock Brokers with all SEBI Circulars and advisories related
to Cyber security from time to time, along with the Cyber audit
28. 58.2 report.
Stock Brokers shall conduct VAPT at least once in a financial
year. All Stock Brokers are required to engage only CERT-In
empaneled organizations for conducting VAPT. The final
29. 58.44 report on said VAPT shall be submitted to the Stock
234
Exchanges after approval from Technology Committee of
respective Stock Brokers, within 1 month of completion of
VAPT activity.
All Cyber-attacks, threats, cyber-incidents and breaches
experienced by Stock Brokers shall be reported to Stock
Exchanges & SEBI within six hours of noticing / detecting
such incidents or being brought to notice about such
incidents. This information shall be shared to SEBI through
30. 58.54 the dedicated e-mail id: [email protected].
The incident shall also be reported to Indian Computer
Emergency Response team (CERT-In) in accordance with
the guidelines / directions issued by CERT-In from time to
time. Additionally, the Stock Brokers, whose systems have
been identified as “Protected system” by National Critical
Information Infrastructure Protection Centre (NCIIPC) shall
also report the incident to NCIIPC.
The quarterly reports containing information on cyber-

attacks, threats, cyber-incidents and breaches experienced
by Stock Brokers and measures taken to mitigate
vulnerabilities, threats and attacks including information on
bugs / vulnerabilities, threats that may be useful for other
Stock Brokers / Exchanges and SEBI, shall be submitted to
Stock Exchanges within 15 days from the quarter ended
June, September, December and March of every year
(Format for Submitting the reports is attached in below
31. 58.55 Annexure 24).
The Type I Stock Brokers shall arrange to have their systems
audited on an annual basis by a CERT-IN empanelled
auditor, an independent DISA (ICAI) Qualification, CISA
(Certified Information System Auditor) from ISACA, CISM
(Certified Information Securities Manager) from ISACA,
CISSP (Certified Information Systems Security Professional)
from International Information Systems Security Certification
Consortium (commonly known as (ISC)2), to check
compliance with the above areas and shall submit the report
to Stock Exchanges along with the comments of the Board /
Partners / Proprietor of Stock Broker within three months of
32. 58.62 the end of the financial year.
235
The compliance of the advisory shall be reported in the half
yearly report by stock brokers to stock exchanges with an
undertaking, “Compliance of the SEBI circular for Advisory
for Financial Sector Organizations regarding Software as a
33. 60.4 Service (SaaS) based solutions has been made.”
Stock brokers shall inform about the technical glitch to the
stock exchanges immediately but not later than one hour
34. 61.3.1 from the time of occurrence of the glitch.
Stock brokers shall submit a Preliminary Incident Report to
the Exchange within T+1 day of the incident (T being the date
of the incident). The report shall include the date and time of
the incident, the details of the incident, effect of the incident
35. 61.3.2 and the immediate action taken to rectify the problem.
Stock brokers shall submit a Root Cause Analysis (RCA)
Report (as per Annexure 29) of the technical glitch to stock
36. 61.3.3 exchange, within fourteen days from the date of the incident.
Stock brokers shall submit information stated in para 61.3.1,
61.3.2 and 61.3.3 above, by e-mail at
[email protected], a common email address for
37. 61.3.5 reporting across all stock exchanges.
The compliance of the advisory shall be provided by the REs
along with their cybersecurity audit report (conducted as
per the applicable SEBI Cybersecurity and Cyber
Resilience framework). The compliance shall be submitted as
per the existing reporting mechanism and frequency of the
38. 62.5 respective cybersecurity audit.
Reporting requirements for QSBs
QSBs shall submit an annual report to the stock exchanges
regarding the observations of the committees of BOD or
analogous body, corrective action taken by the QSB and
39. 18.5.1.3 measures taken to prevent recurrence of such incidents.
The risk management framework shall have measures for
carrying out surveillance of client behaviour through
analyzing the pattern of trading done by clients, detection of
any unusual activity being done by such clients, reporting the
40. 18.5.2.3 same to stock exchanges.
The risk management policy shall be reviewed on half yearly
basis by the QSB and a report in this regard shall be
submitted by the risk management committee of the QSB to
41. 18.5.2.8 the stock exchange.
236
QSBs shall arrange to have their systems audited on half-
compliance with the above mentioned requirements related
to cyber security and other circulars of SEBI on cybersecurity
comments of the cybersecurity committee within one month
42. 18.5.5.14 of completion of the half year.
Other reporting requirements
Reporting to Financial Intelligence Unit (FIU) - The stock
brokers shall be responsible for reporting of any suspicious
transactions / reports to FIU or any other competent authority
43. 80.6.1 in respect of activities carried out by the third parties.
237
Annexures
Annexure-1
1. Name of the Stock Exchange
2. Name of the Applicant Member Broker
3. Exchange Clearing Code No. (If allotted by the Stock Exchange)
4. Trade Name of Member
5. Address of Member
Tel. No. (O):

Tel No. (R):
Fax No.
6. Form of Organisation: Please tick the relevant entity

6.1 Partnership
6.2 Corporate Body
a. Financial Institution
b. Others
c. Foreign Joint Ventures
(If an Indian Company is holding more than 25% of total equity in the joint venture,
please give details of top five shareholders of Indian Company).
Name of Indian Company

Top five Shareholders % Holding
1
2
3
4
5
FIPB Approval, if applicable
Sole Proprietorship:
Name of proprietor Educational Age (on the date of Experience (specify

Qualification filing of the nature and
application) years)
Partnership:
Name of Age (on the Educational Experience In case

partners date of Qualification (specify the partner(s)
application) nature and is/are
years) registered
with SEBI,
238
give SEBI
Regd. No.
Corporate Body (Financial Institution /Others)
MOA object clause contains stock broking as one of the object in
Main Object
Other Object
Incidental Object
(If, stock broking clause appears in other object please attach a copy of special resolution to
amend the MOA to incorporate Stock Broking in main object clause)
Mention relevant clause no. (Please enclose copy of the relevant clause of the MOA duly
certified by the Stock Exchange. If certified copy is not enclosed application would be
returned).
Information regarding directors
Name of Percentage of Educational Experience Whether

directors with Share holding Qualification (specify nature directors in
designation and years) other corporate
(whether whole bodies
time/designated/ engaged in
additional capital
markets
(please give
names and
SEBI Regd.
No.)
Details of top five shareholders
Name of Percentage of Educational Experience Whether

shareholders Share Qualification (specify shareholders in
holding nature and other corporate
years) bodies engaged
in capital
markets (please
give names and
SEBI Regd. No.)
7. Date of Admission to Membership of the Stock Exchange.
239
8. Mode of Acquiring Membership (Please attach old SEBI Registration certificate in all
cases other than the cases of new membership)
8.1 New Membership
8.2 Conversion
8.3 Succession
8.4 Auction Purchase
(In case member has become defaulter)
8.5 Market Purchase
8.6 Transfer to another Company under same management
(please specify reasons)
8.7 Others, please specify
9. Please give the following information in all the cases other than the case of new
membership
9.1 Name of the previous holder of the card

9.2 SEBI Registration No.
9.3 Date of Registration with SEBI
10. Whether the applicant is member of more than one Stock Exchange? YES/ NO
11. If yes, please give name(s) of the Stock Exchange(s) with Code No. and SEBI
registration no.
12. Whether any of the Associate Companies/Partnership/ Proprietorship Firm is /are

having direct/indirect interest (* as defined below) in capital market? YES / NO
* The member is deemed to have direct/indirect interest in the following conditions:
12.1 Where he is individual, he or any of his relative being a broker/any intermediary,

he or any of his relative being a partner in a broking firm/any intermediary, he
or any of his relative being a director in a broking company/any intermediary or
he or any of his relatives clubbed together holding substantial equity in any
broking company/any intermediary engaged in capital market.
12.2 Where it is partnership firm/company, the relative(s) of partner(s)/director(s) in

the firm(s)/corporate body being a broker/any intermediary or being
partner(s)/director(s) in any broking/intermediary or the same set of
shareholders holding substantial equity in other broking / any intermediary
engaged in capital market.
12.3 Relative shall mean husband, wife, brother, unmarried sister or any linear
ascendant or descendant of an individual.
12.4 If yes, please give details (you may attach separate sheet, if required)
240
Name Form of Type of Whether Nature of
Organisation Intermediary# registered with interest
SEBI (give
Regd. No.)
# Merchant Banker, Portfolio Manager, Registrar to Issue & Share Transfer Agent, Banker
to an Issue, Mutual Fund, Venture Capital , Underwriter, Debenture Trustee, FII.
13. Disciplinary Action initiated/taken against the Associate entities, as indicated in 12.4
above. (Please state details of nature of violation, action initiated/taken and by which
authority)
13.1 Disciplinary action taken by SEBI (if yes, please attach details mentioning nature
of violation and action taken) YES / NO
13.2 Disciplinary action taken by any other authority (please attach details of nature
of violation and action initiated) YES / NO
13.3 Disciplinary action initiated by SEBI (if yes, please attach details of nature of
violation and action taken) YES / NO
13.4 Disciplinary action initiated by any other authority (please attach details of
nature of violation and action initiated ) YES / NO
14. Net-worth as per the requirement of the exchange (Rs in Lakhs)
15. Applicant’s net-worth as prescribed in SEBI (Stock Brokers) Regulations, 1992 (Rs in
Lakhs) (Certificate from a qualified CA certifying the above should be enclosed)
I/we declare that the information given in this form is true to the best of my knowledge
and belief.
Date: Signature
Name and Address of the applicant
List of Enclosures:
a. Registration fees –Rs 50,000/- payable by the applicant by way of direct credit in the
bank account through online payment using SEBI payment gateway.103
103
Amended by the SEBI (Payment of Fees and Mode of Payment) (Amendment) (Regulations) 2021 w.e.f. 05-05-
2021
241
b. Copy of relevant clause of MOA duly certified by the Stock Exchange.
c. Certificate from the qualified Chartered Accountant certifying the networth and paid
up capital.
d. Undertaking by applicant that he/ it had not introduced through any member brokerof
the Exchange any fake/forged/stolen shares in the Exchange/market. If yes, details
thereof including action taken, if any, by the applicant.
Certification by Stock Exchange
The above details have been scrutinized as per record made available to the Stock
Exchange.
SIGNATURE:
NAME:
DESIGNATION:
SEAL OF STOCK EXCHANGE
Certification from the Stock Exchange:
This is to certify that

i) The member is eligible to be admitted as the member of the Exchange as per the
provisions of SC(R)A, SC(R)R, bye-laws of the exchange and circulars issued by
Government of India and SEBI, in particular the GOI guidelines dated November 09, 1989
and SEBI circular dated May 14, 1993.
ii) ------------------- is admitted as a member of this exchange as approved by the Council of
Management in its meeting held on _.
iii) No complaints/ arbitration cases/ disciplinary action are pending against the transferor
M/s _ and all the complaints received by the Exchange or referred by SEBI have been
settled to the satisfaction of the Stock Exchange.
iv) We have verified the educational qualification, age, experience of the member with
respect to the original record and found it to be correct as per the information given in the
application.
v) No litigation with regard to transfer of card is pending in court of law.
The application is recommended for registration with the Securities and Exchange Board
of India under Securities and Exchange Board of India (Stock Brokers) Regulations, 1992.
Signature:
Name:
Designation:
List of Enclosures along with application:

242
1. Turnover fee details of the transferor in the prescribed format (enclosed).
2. Disciplinary record of the transferor
3. Board Resolution approving the membership (will be submitted by the Exchange)
243
Annexure-2104
The common irregularities observed in the Stock Brokers/trading members books
are brought to the notice of all. They are as follows:
S. No. Description
I Relating to KYC
1. ‘In person verification’ not done while opening the account. Photo copy
of KYC &Rights and Obligations document are not provided to clients;
if provided proof of delivery/dispatch is not maintained.
2. Adding clauses in Rights and Obligations document which are contrary

to the clauses as prescribed by SEBI. Voluntary clauses are not
highlighted as ‘voluntary’ and signatures of clients taken on all the
documents.
II Relating to Contract notes
3. Contract notes are not bearing serial numbers, SEBI registration

numbers, Order no. & time. Contract notes are not issued in the
prescribed format/not issued within twenty-hours of trade
execution/not signed properly by the broker or his authorized
representatives.
4. Duplicates/counterfoils/acknowledged copies of the contract notes

issued not being maintained or maintained with inadequate details.
5. Not issuing contracts in the prescribed format while acting as principal.
6. Appropriate stamp duty not paid and charging Securities Transaction

Tax (STT) on non-equity funds transactions by the brokers.
7. Brokerage is not shown separately on contract notes. The correct rate

at which the transaction was executed is not passed on to the client.
8. Charges other than brokerage and statutory charges levied on the

clients which are not specifically agreed upon by the clients or
charging more than the limits prescribed.
9. In case the Electronic Contract Notes (ECN) are issued, the same are
not made available on brokers’ websites/ sending ECN on single
email-id for a group of clients/not maintaining ECN logs for ECN sent
to the clients.
104
Para VI(37) of Annexure of Circular SEBI/MIRSD/MASTER CIR-04/2010 dated March 17, 2010, deleted
in view of Notification LAD-NRO/GN/2011-12/03/12650 dated April 19, 2011.
244
III Relating to Investor services
10. Deficiency in service to the clients.
11. Non maintenance of investor grievance register and lack of proper

system for receipt and reconciliation of investor grievances/not taking
adequate steps for redressal of grievances of investors within one
month from the date of receipt of the complaint.
12. Non maintenance of client database or details captured wrongly in the

database.
13. There are delays between pay-out by the exchange to their members
and the transmission of shares/money received in such pay-out to their
clients by brokers without any record of reasons for such delay.
14. Non dissemination of email ID created for receiving investor

grievances to the investors.
15. Freezing of accounts of clients without giving adequate reason.
16. Providing multiple client codes to one client/using same PAN no. for
more than one client.
17. Frequent trade modification/client code modification done in client

account
18. Daily margin statement and quarterly statements not sent to clients
19. Relationship managers acting as portfolio managers by entering into

verbal agreement with clients for trading on their behalf.
IV Relating to funds and securities
20. Unauthorized trading activities carried out in client’s account.
21. Not having separate account for clients' funds/securities or having

separate accounts for clients but not segregating clients'
funds/securities from its own funds/securities.
22. The brokers are found involved in funding activities - with the exception
of those in connection with or incidental to or consequential upon the
securities business.
23. Non collection of margin from clients/wrong reporting of collection of

margins to exchanges/clearing members.
245
24. Accepting cash from the clients. Accepting/giving third party
payments/receipts.
V Relating to terminals
25. Not putting the unique client code (UCC) of clients while placing orders
in the trading system.
26. The broker granting the trading terminals at places other than that
specified by SEBI e.g. registered office, branch office.
27. Terminals operated by personnel without having proper qualification/

persons operating the terminal are not employees/remisiers.
VI Others
28. Non-maintenance or improper maintenance of Books of Accounts

which are required to be maintained as per Rule 15 of SCRA Rules
1957 and Regulation 17 of Stock Brokers Regulations 1992.
29. Non-compliance with provisions relating to spot/negotiated deals.
30. Instances of the broker/dealers/others connected with the broker,

involved in front running, circular trading, creating false markets,
misuse of the exchange mechanism for securing financing
transactions, entering fictitious transactions and illegal transactions.
31. Non submission of audit report/internal audit reports within the

prescribed time limit.
32. Involved in business other than the securities business in violation of

applicable laws.
33. Non-payment/ inadequate payment of SEBI registration fees by the

stock brokers.
34. Not complying with the provisions of advertisements/internet based

trading
35. Non appointment of compliance officer.
36. Non- compliance with trading restrictions imposed by Stock

Exchanges
37. Trading in unlisted securities and in securities prior to their admission

to dealings by Exchanges
246
38. Not reporting off-the-floor transactions (e.g.) (a) The transactions with
stock brokers of other exchanges (b) Principal to principal transactions
with clients (c) Transactions done after the trading hours.
39. Non-formation of policies related to internal controls, employee/insider

trading, Prevention of Money Laundering (PML) etc. If policies are
formulated, they are not implemented.
40. Delivery vs payment (DvP) trades are done in other than those
circumstances as prescribed.
247
Annexure-3
1. Terms of Reference (ToR) for Type I Broker
The system auditor shall at the minimum cover the following areas:
1.1. System controls and capabilities
1.1.1. Order Tracking – The system auditor should verify system process and
controls at exchange provided terminals with regard to order entry,
capturing of IP address of order entry terminals, modification / deletion of
orders, status of the current order/outstanding orders and trade
confirmation.
1.1.2. Order Status/ Capture – Whether the system has capability to generate /
capture order id, time stamping, order type, scrip details, action, quantity,
price and validity etc.
1.1.3. Rejection of orders – Whether system has capability to reject orders

which do not go through order level validation at the end of the stock broker
and at the servers of respective Stock Exchanges.
1.1.4. Communication of Trade Confirmation / Order Status – Whether the

system has capability to timely communicate to Client regarding the
Acceptance/ Rejection of an Order / Trade via various media including e-
mail; facility of viewing trade log.
1.1.5. Client ID Verification – Whether the system has capability to recognize

only authorized Client Orders and mapping of Specific user Ids to specific
predefined location for proprietary orders.
1.2. Risk Management System (RMS)
1.2.1. Online risk management capability – The system auditor should check
whether the system of online risk management (including upfront real-time
risk management) is in place for all orders placed through exchange
provided terminals.
1.2.2. Trading Limits –Whether a system of pre-defined limits / checks such as

Order Quantity and Value Limits, Symbol wise User Order / Quantity limit,
User / Branch Order Limit, Order Price limit, etc) are in place and only such
orders which are within the parameters specified by the RMS are allowed
to be pushed into exchange trading engines. The system auditor should
check that no user or branch in the system is having unlimited limits on the
above parameters.
248
1.2.3. Order Alerts and Reports –Whether the system has capability to generate
alerts when orders that are placed are above the limits and has capability
to generate reports relating to Margin Requirements, payments and
delivery obligations.
1.2.4. Order Review –Whether the system has capability to facilitate review of
such orders were not validated by the system.
1.2.5. Back testing for effectiveness of RMS – Whether the system has
capability to identify trades which have exceeded the pre-defined limits
(Order Quantity and Value Limits, Symbol wise User Order / Quantity limit,
User / Branch Order Limit, Order Price limit) and also exceed
corresponding margin availability of clients. Whether deviations from such
pre-defined limits are captured by the system, documented and corrective
steps taken.
1.2.6. Log Management – Whether the system maintains logs of alerts / changes
/ deletion / activation / deactivation of client codes and logs of changes to
the risk management parameters mentioned above. Whether the system
allows only authorized users to set the risk parameter in the RMS.
1.3. Password Security
1.3.1. Organization Access Policy – Whether the organization has a well-

documented policy that provides for a password policy as well as access
control policy for the exchange provided terminals.
1.3.2. Authentication Capability – Whether the system authenticates user

credentials by means of a password before allowing the user to login, and
whether there is is a system for authentication of orders originating from
Internet Protocol by means of two-factor authentication, including Public
Key Infrastructure (PKI) based implementation of digital signatures.
1.3.3. Password Best Practices – Whether there is a system provision for

masking of password, system prompt to change default password on first
login, disablement of user id on entering multiple wrong passwords (as
defined in the password policy document), periodic password change
mandate and appropriate prompt to user, strong parameters for password,
deactivation of dormant user id, etc.
1.4. Session Management
1.4.1. Session Authentication – Whether the system has provision for

Confidentiality, Integrity and Availability (CIA) of the session and the data
transmitted during the session by means of appropriate user and session
249
authentication mechanisms like SSL etc.
1.4.2. Session Security – Whether there is availability of an end-to-end

encryption for all data exchanged between client and broker systems. or
other means of ensuring session security.
1.4.3. Inactive Session – Whether the system allows for automatic trading
session logout after a system defined period of inactivity.
1.4.4. Log Management – Whether the system generates and maintain logs of
Number of users, activity logs, system logs, Number of active clients.
1.5. Network Integrity
1.5.1. Seamless connectivity – Whether stock broker has ensured that a

backup network link is available in case of primary link failure with the
exchange.
1.5.2. Network Architecture – Whether the web server is separate from the
Application and Database Server.
1.5.3. Firewall Configuration – Whether appropriate firewall is present between

stock broker's trading setup and various communication links to the
exchange. Whether the firewall is appropriately configured to ensure
maximum security.
1.6. Access Controls
1.6.1. Access to server rooms – Whether adequate controls are in place for
access to server rooms and proper audit trails are maintained for the same.
1.6.2. Additional Access controls – Whether the system provides for any
authentication mechanism to access to various components of the
exchange provided terminals. Whether additional password requirements
are set for critical features of the system. Whether the access control is
adequate
1.7. Backup and Recovery
1.7.1. Backup and Recovery Policy – Whether the organization has a well
documented policy on periodic backup of data generated from the broking
operations.
1.7.2. Log generation and data consistency - Whether backup logs are
maintained and backup data is tested for consistency.
250
1.7.3. System Redundancy – Whether there are appropriate backups in case of
failures of any critical system components.
1.8. BCP/DR (Only applicable for Stock Brokers having BCP / DR site)
1.8.1. BCP / DR Policy – Whether the stock broker has a well documented BCP/
DR policy and plan. The system auditor should comment on the
documented incident response procedures.
1.8.2. Alternate channel of communication – Whether the stock broker has

provided its clients with alternate means of communication including
channel for communication in case of a disaster. Whether the alternate
channel is capable of authenticating the user after asking for additional
details or OTP (One-Time-Password).
1.8.3. High Availability – Whether BCP / DR systems and network connectivity

provide high availability and have no single point of failure for any critical
operations as identified by the BCP/DR policy.
1.8.4. Connectivity with other FMIs – The system auditor should check whether
there is an alternative medium to communicate with Stock Exchanges and
other FMIs.
1.9. Segregation of Data and Processing facilities – The system auditor should
check and comment on the segregation of data and processing facilities at the
stock broker in case the stock broker is also running other business.
1.10.Back office data
1.10.1. Data consistency – The system auditor should verify whether

aggregate client code data available at the back office of broker matches
with the data submitted / available with the Stock Exchanges through online
data view / download provided by exchanges to members.
1.10.2. Trail Logs – The system auditor should specifically comment on the
logs of Client Code data to ascertain whether editing or deletion of records
have been properly documented and recorded and does not result in any
irregularities.
1.11.IT Infrastructure Management (including use of various Cloud computing

models such as Infrastructure as a service (IaaS), Platform as a service (PaaS),
Software as a service (SaaS), Network as a service (NaaS))
1.11.1. IT Governance and Policy – The system auditor should verify

whether the relevant IT Infrastructure-related policies and standards exist
and are regularly reviewed and updated. Compliance with these policies is
251
periodically assessed.
1.11.2. IT Infrastructure Planning – The system auditor should verify

whether the plans/policy for the appropriate management and replacement
of aging IT infrastructure components have been documented, approved,
and implemented. The activities, schedules and resources needed to
achieve objectives related to IT infrastructure have been integrated into
business plans and budgets.
1.11.3. IT Infrastructure Availability (SLA Parameters) – The system

auditor should verify whether the broking firm has a process in place to
define its required availability of the IT infrastructure, and its tolerance to
outages. In cases where there is huge reliance on vendors for the provision
of IT services to the brokerage firm the system auditor should also verify
that the mean time to recovery (MTTR) mentioned in the Service Level
Agreement (SLA) by the service provider satisfies the requirements of the
broking firm.
1.11.4. IT Performance Monitoring (SLA Monitoring) – The system

auditor should verify that the results of SLA performance monitoring are
documented and are reported to the management of the broker.
1.12.Exchange specific exceptional reports – The additional checks

recommended by a particular exchange need to be looked into and commented
upon by the system auditor over and above the ToR of the system audit.
252
Annexure-4
2. ToR for Type II Broker
2.1. System controls and capabilities (CTCL / IML terminals and servers)
controls at CTCL / IML terminals and CTCL/ IML servers covering order
entry, capturing of IP address of order entry terminals, modification /
deletion of orders, status of current order/outstanding orders and trade
confirmation.
2.1.2. Order Status/ Capture – Whether the system has capability to generate
/ capture order id, time stamping, order type, scrip details, action, quantity,
price and validity, etc.
2.1.3. Rejection of orders – Whether system has capability to reject orders

which do not go through order level validation at CTCL servers and at the
servers of respective Stock Exchanges.

system has capability to timely communicate to Client regarding the

2.1.6. Order type distinguishing capability – Whether system has capability

to distinguish the orders originating from (CTCL or IML) / IBT/ DMA /
STWT.
2.2. Software Change Management - The system auditor should check whether
proper procedures have been followed and proper documentation has been
maintained for the following:
2.2.1. Processing / approval methodology of new feature request or patches.
2.2.2. Fault reporting / tracking mechanism and process for resolution.
2.2.3. Testing of new releases / patches / modified software / bug fixes.
2.2.4. Version control- History, Change Management process, approval etc.
253
2.2.5. Development / Test / Production environment segregation.
2.2.6. New release in production – promotion, release note approvals.
2.2.7. Production issues / disruptions reported during last year, reasons for such
disruptions and corrective actions taken.
2.2.8. User Awareness.
The system auditor should check whether critical changes made to the (CTCL
or IML) / IBT / DMA / STWT/ SOR are well documented and communicated to
the Stock Exchange.
whether system of online risk management including upfront real-time risk
management, is in place for all orders placed through (CTCL or IML) / IBT
/ DMA / STWT.
2.3.2. Trading Limits – Whether a system of pre-defined limits /checks such as

Order Quantity and Value Limits, Symbol wise User Order / Quantity limit,
User / Branch Order Limit, Order Price limit, etc., are in place and only
such orders which are within the parameters specified by the RMS are
allowed to be pushed into exchange trading engines. The system auditor
should check that no user or branch in the system is having unlimited
limits on the above parameters.
2.3.3. Order Alerts and Reports – Whether the system has capability to
generate alerts when orders that are placed are above the limits and has
capability to generate reports relating to margin requirements, payments
and delivery obligations.
2.3.4. Order Review – Whether the system has capability to facilitate review of
such orders that were not validated by the system.
2.3.5. Back testing for effectiveness of RMS – Whether system has capability
to identify trades which have exceeded the pre-defined limits (Order
Quantity and Value Limits, Symbol wise User Order / Quantity limit, User
/ Branch Order Limit, Order Price limit) and also exceed corresponding
margin availability of clients. Whether deviations from such pre-defined
limits are captured by the system, documented and corrective steps
taken.
2.3.6. Log Management – Whether the system maintains logs of alerts /

changes / deletion / activation / deactivation of client codes and logs of
254
changes to the risk management parameters mentioned above. Whether
the system allows only authorized users to set the risk parameter in the
RMS.
2.4. Smart order routing (SOR) - The system auditor should check whether proper
procedures have been followed and proper documentation has been
2.4.1. Best Execution Policy – System adheres to the Best Execution Policy
while routing the orders to the exchange.
2.4.2. Destination Neutral – The system routes orders to the recognized Stock
Exchanges in a neutral manner.
2.4.3. Class Neutral – The system provides for SOR for all classes of investors.
2.4.4. Confidentiality - The system does not release orders to venues other
than the recognized Stock Exchange.
2.4.5. Opt–out – The system provides functionality to the client who has availed
of the SOR facility, to specify for individual orders for which the clients do
not want to route order using SOR.
2.4.6. Time stamped market information – The system is capable of receiving

time stamped market prices from recognized Stock Exchanges from
which the member is authorized to avail SOR facility.
2.4.7. Audit Trail - Audit trail for SOR should capture order details, trades and
data points used as a basis for routing decision.
2.4.8. Server Location – The system auditor should check whether the order
routing server is located in India.
2.4.9. Alternate Mode - The system auditor should check whether an

alternative mode of trading is available in case of failure of SOR Facility.
2.5.1. Organization Access Policy – Whether organization has a well-

documented policy that provides for a password policy as well as access
control policy for exchange provided terminals and for API based
terminals.

credentials by means of a password before allowing the user to login, and
whether there is a system for authentication of orders originating from
255
2.5.3. Password Best Practices – Whether there is a system provision for

mandate and appropriate prompt to user, strong parameters for
password, deactivation of dormant user id, etc.
2.6.1. Session Authentication – Whether system has provision for


encryption for all data exchanged between client and broker systems or
other means of ensuring session security. Whether session login details
are stored on the devices used for IBT and STWT.
2.6.4. Log Management – Whether the system generates and maintains logs
of Number of users, activity logs, system logs, Number of active clients.
2.7. Database Security
2.7.1. Access – Whether the system allows CTCL or IML database access only
to authorized users / applications.
2.7.2. Controls – Whether the CTCL or IML database server is hosted on a

secure platform, with Username and password stored in an encrypted
form using strong encryption algorithms.
2.8.1. Seamless connectivity – Whether the stock broker has ensured that a
exchange.
256
2.8.3. Firewall Configuration – Whether appropriate firewall is present
between stock broker's trading setup and various communication links to
the exchange. Whether the firewall is appropriately configured to ensure
maximum security.
2.9. Access Controls
access to server rooms and proper audit trails are maintained for the
same.
2.9.2. Additional Access controls – Whether the system provides for two
factor authentication mechanism to access to various CTCL or IML
components. Whether additional password requirements are set for
critical features of the system. Whether the access control is adequate.
2.10.Backup and Recovery
2.10.1. Backup and Recovery Policy – Whether the organization has a well-
documented policy on periodic backup of data generated from the
broking operations.
2.10.2. Log generation and data consistency - Whether backup logs are
maintained and backup data is tested for consistency.
2.10.3. System Redundancy – Whether there are appropriate backups in case

of failures of any critical system components.
2.11.BCP/DR (Only applicable for Stock Brokers having BCP / DR site)
2.11.1. BCP / DR Policy – Whether the stock broker has a well-documented

BCP/ DR policy and plan. The system auditor should comment on the

provided its clients with alternate means of communication including
2.11.3. High Availability – Whether BCP / DR systems and network

connectivity provide high availability and have no single point of failure
for any critical operations as identified by the BCP/ DR policy.
2.11.4. Connectivity with other FMIs – The system auditor should check
whether there is an alternative medium to communicate with Stock
257
Exchanges and other FMIs.
2.12.Segregation of Data and Processing facilities – The system auditor should


with the data submitted / available with the Stock Exchanges through
online data view / download provided by exchanges to members.
logs of Client Code data to ascertain whether editing or deletion of
records have been properly documented and recorded and does not
result in any irregularities.
2.14.User Management
2.14.1. User Management Policy – The system auditor should check

whether the stock broker has a well-documented policy that provides for
user management and the user management policy explicitly defines
user, database and application Access Matrix.
2.14.2. Access to Authorized users – The system auditor should check

whether the system allows access only to the authorized users of the
CTCL or IML System. Whether there is a proper documentation of the
authorized users in the form of User Application approval, copies of User
Qualification and other necessary documents.
2.14.3. User Creation / Deletion – The system auditor should check

whether new user’s ids were created / deleted as per CTCL or IML
guidelines of the exchanges and whether the user ids are unique in
nature.
2.14.4. User Disablement – The system auditor should check whether

non-complaint users are disabled and appropriate logs (such as event log
and trade logs of the user) are maintained.

models such as Infrastructure as a service (IaaS), Platform as a service
(PaaS), Software as a service (SaaS), Network as a service (NaaS))

258
and are regularly reviewed and updated. Compliance with these policies
is periodically assessed.

whether the plans/policy for the appropriate management and
replacement of aging IT infrastructure components have been
documented, approved, and implemented. The activities, schedules and
resources needed to achieve objectives related to IT infrastructure have
been integrated into business plans and budgets.

outages. In cases where there is huge reliance on vendors for the
provision of IT services to the brokerage firm the system auditor should
also verify that the mean time to recovery (MTTR) mentioned in the
Service Level Agreement (SLA) by the service provider satisfies the
requirements of the broking firm.


recommended by a particular exchange need to be looked into and
commented upon by the System Auditor over and above the ToR of the System
audit.
2.17.Software Testing Procedures - The system auditor should check whether the
stock broker has complied with the guidelines and instructions of SEBI / Stock
Exchanges with regard to testing of software and new patches, including the
following:
2.17.1. Test Procedure Review – The system auditor should evaluate

whether the procedures for system and software testing were proper and
adequate.
2.17.2. Documentation – The system auditor should verify whether the

documentation related to testing procedures, test data, and resulting
output were adequate and follow the organization's standards.
2.17.3. Test Cases – The system auditor should review the internal test
cases and comment upon the adequacy of the same with respect to the
requirements of the Stock Exchange and SEBI.
259
Annexure-5
3. ToR for Type III Broker
3.1. System controls and capabilities (CTCL/IML Terminals and servers)
controls at CTCL / IML terminals and CTCL/ IML servers covering order
entry, capturing IP address of order entry, modification / deletion of
orders, status of current order/outstanding orders and trade confirmation.
3.1.2. Order Status/ Capture – Whether the system has capability to generate
/ capture order id, time stamping, order type, scrip details, action, quantity,
price and validity etc.
3.1.3. Rejection of orders – Whether the system has capability to reject orders
which do not go through order level validation at CTCL servers and at the
servers of respective exchanges.

system has capability to timely communicate to client regarding the

3.1.6. Order type distinguishing capability – Whether the system has

capability to distinguish the orders originating from (CTCL or IML) / IBT /
DMA / STWT / SOR / Algorithmic Trading.
3.2. Software Change Management - The system auditor should check whether
proper procedures have been followed and proper documentation has been
3.2.1. Processing / approval methodology of new feature request or patches.
3.2.2. Fault reporting / tracking mechanism and process for resolution.
3.2.3. Testing of new releases / patches / modified software / bug fixes.
3.2.4. Version control- History, Change Management process, approval etc.
3.2.5. Development / Test / Production environment segregation.

260
3.2.6. New release in production – promotion, release note approvals.
3.2.7. Production issues / disruptions reported during last year, reasons for such
disruptions and corrective actions taken.
3.2.8. User Awareness.
The system auditor should check whether critical changes made to the (CTCL
or IML) / IBT / DMA / STWT/ SOR are well documented and communicated to
the Stock Exchange.
whether the online risk management including upfront real-time risk
management, is in place for all orders placed through (CTCL or IML) /
IBT/ DMA / SOR / STWT / Algorithmic Trading.
3.3.2. Trading Limits – Whether a system of pre-defined limits / checks such

as Order Quantity and Value Limits, Symbol wise User Order / Quantity
limit, User / Branch Order Limit, Order Price limit, etc., are in place and
only such orders which are within the parameters specified by the RMS
are allowed to be pushed into exchange trading engines. The system
auditor should check that no user or branch in the system is having
unlimited limits on the above parameters.
3.3.3. Order Alerts and Reports – Whether the system has capability to
generate alerts when orders that are placed are above the limits and has
capability to generate reports relating to margin requirements, payments
and delivery obligations.
3.3.4. Order Review – Whether the system has capability to facilitate review of
such orders that were not validated by the system.
3.3.5. Back testing for effectiveness of RMS – Whether the system has
capability to identify trades which have exceeded the pre-defined limits
(Order Quantity and Value Limits, Symbol wise User Order / Quantity
limit, User / Branch Order Limit, Order Price limit) and also exceed
corresponding margin availability of clients. Whether deviations from such
pre-defined limits should be captured by the system, documented and
corrective steps taken.
3.3.6. Log Management – Whether the system maintains logs of alerts /

changes / deletion / activation / deactivation of client codes and logs of
changes to the risk management parameters mentioned above. Whether
261
the system allows only authorized users to set the risk parameter in the
RMS.
3.4. Smart order routing (SOR) - The system auditor should check whether proper
3.4.1. Best Execution Policy – System adheres to the Best Execution Policy
while routing the orders to the exchange.
3.4.2. Destination Neutral – The system routes orders to the recognized Stock
Exchanges in a neutral manner.
3.4.3. Class Neutral – The system provides for SOR for all classes of investors.
3.4.4. Confidentiality - The system does not release orders to venues other
than the recognized Stock Exchange.
3.4.5. Opt–out – The system provides functionality to the client who has availed
of the SOR facility, to specify for individual orders for which the clients do
not want to route order using SOR.
3.4.6. Time stamped market information – The system is capable of receiving

time stamped market prices from recognized Stock Exchanges from
which the member is authorized to avail SOR facility.
3.4.7. Audit Trail - Audit trail for SOR should capture order details, trades and
data points used as a basis for routing decision.
3.4.8. Server Location – The system auditor should check whether the order
routing server is located in India.
3.4.9. Alternate Mode - The system auditor should check whether an

alternative mode of trading is available in case of failure of SOR Facility.
3.5. Algorithmic Trading - The system auditor should check whether proper
3.5.1. Change Management – Whether any changes (modification/addition) to

the approved algos were informed to and approved by Stock Exchange.
The inclusion / removal of different versions of algos should be well
documented.
3.5.2. Online Risk Management capability - The CTCL or IML server should
have capacity to monitor orders / trades routed through algo trading and
262
have online risk management for all orders through Algorithmic trading
and ensure that Price Check, Quantity Check, Order Value Check,
Cumulative Open Order Value Check are in place.
3.5.3. Risk Parameters Controls – The system should allow only authorized
users to set the risk parameter. The System should also maintain a log of
all the risk parameter changes made.
3.5.4. Information / Data Feed – The auditor should comment on the various
sources of information / data for the algo and on the likely impact (run
away /loop situation) of the failure one or more sources to provide timely
feed to the algorithm. The system auditor should verify that the algo
automatically stops further processing in the absence of data feed.
3.5.5. Check for preventing loop or runaway situations – The system auditor
should check whether the brokers have real time monitoring systems to
identify and shutdown/stop the algorithms which have not behaved as
expected.
3.5.6. Algo / Co-location facility Sub-letting – The system auditor should

verify if the algo / co-location facility has not been sub-letted to any other
firms to access the exchange platform.
3.5.7. Audit Trail – The system auditor should check the following areas in audit
trail:
a. Whether the audit trails can be established using unique identification
for all algorithmic orders and comment on the same.
b. Whether the broker maintains logs of all trading activities.
c. Whether the records of control parameters, orders, traders and data
emanating from trades executed through algorithmic trading are
preserved/ maintained by the stock broker.
d. Whether changes to the control parameters have been made by
authorized users as per the Access Matrix. The system auditor should
specifically comment on the reasons and frequency for changing of
such control parameters. Further, the system auditor should also
comment on the possibility of such tweaking leading to run away/loop
situation.
e. Whether the system captures the IP address from where the algo
orders are originating.
3.5.8. Systems and Procedures – The system auditor should check and
comment on the procedures, systems and technical capabilities of stock
broker for carrying out trading through use of Algorithms. The system
auditor should also identify any misuse or unauthorized access to
algorithms or the system which runs these algorithms.
263
3.5.9. Reporting to Stock Exchanges – The system auditor should check
whether the stock broker is informing the Stock Exchange regarding any
incidents where the algos have not behaved as expected. The system
auditor should also comment upon the time taken by the stock broker to
inform the Stock Exchanges regarding such incidents.
3.6.1. Organization Access Policy – The system auditor should whether the
stock broker has a well documented policy that provides for a password
policy as well as access control policy for exchange provided terminals
and for API based terminals.

credentials by means of a password before allowing the user to login.
Whether there is a system for authentication of orders originating from
3.6.3. Password Best Practices – Whether there is a system should for

mandate and appropriate prompt to user, strong parameters for
password, deactivation of dormant user id, etc.
3.7.1. Session Authentication – Whether the system has provision for


encryption for all data exchanged between client and broker system or
other means of ensuring session security. Whether session login details
are stored on the devices used for IBT and STWT.
3.7.4. Log Management – Whether the system generates and maintains logs
of number of users, activity logs, system logs, number of active clients.
3.8. Database Security
264
3.8.1. Access – Whether the system allows CTCL or IML database access only
to authorized users / applications.
3.8.2. Controls – Whether the CTCL or IML database server is hosted on a

secure platform, with username and password stored in an encrypted
form using strong encryption algorithms.
3.9.1. Seamless connectivity – Whether the stock broker has ensured that a
exchange.
3.9.3. Firewall Configuration – Whether appropriate firewall are present

between the stock broker's trading setup and various communication links
to the exchange. Whether the firewalls should be appropriately configured
to ensure maximum security.
3.10.Access Controls
access to server rooms, proper audit trails should be maintained for the
same.
3.10.2. Additional Access controls - Whether the system should provide for
two factor authentication mechanism to access to various CTCL or IML
components. Whether additional password requirements are set for
critical features of the system. Whether the access control is adequate.
3.11.Backup and Recovery
3.11.1. Backup and Recovery Policy – Whether the organization has a well
documented policy on periodic backup of data generated from the
broking operations.
3.11.2. Log generation and data consistency – Whether backup logs are
maintained and backup data should be tested for consistency.
3.11.3. System Redundancy – Whether there are appropriate backups in case

of failures of any critical system components
3.12.BCP/DR (Only applicable for Stock Brokers having BCP / DR site)
265
3.12.1. BCP / DR Policy – Whether the stock broker has a well documented
BCP / DR policy and plan. The system auditor should comment on the

provided its clients with alternative means of communication including
3.12.3. High Availability – Whether BCP / DR systems and network

connectivity provide high availability and have no single point of failure
for any critical operations as identified by the BCP / DR policy.
3.12.4. Connectivity with other FMIs – The system auditor should check
whether there is an alternative medium to communicate with Stock
Exchanges and other FMIs.
3.13.Segregation of Data and Processing facilities – The system auditor should


with the data submitted / available with the Stock Exchanges through
online data view / download provided by exchanges to members.
logs of Client Code data to ascertain whether editing or deletion of
records have been properly documented and recorded and does not
result in any irregularities.
3.15.User Management
3.15.1. User Management Policy – The system auditor should verify whether
the stock broker has a well documented policy that provides for user
management and the user management policy explicitly defines user,
database and application access matrix.
3.15.2. Access to Authorized users – The system auditor should verify

whether the system allows access only to the authorized users of the
CTCL or IML system. Whether there is a proper documentation of the
authorized users in the form of user application approval, copies of user
qualification and other necessary documents.
266
3.15.3. User Creation / Deletion – The system auditor should verify
whether new users ids should be created / deleted as per CTCL or IML
guidelines of the exchanges and whether the user ids are unique in
nature.
3.15.4. User Disablement – The system auditor should verify whether

non-complaint users are disabled and appropriate logs such as event log
and trade logs of the user should be maintained.

models such as Infrastructure as a service (IaaS), Platform as a service
(PaaS), Software as a service (SaaS), Network as a service (NaaS))

and are regularly reviewed and updated. Compliance with these policies
is periodically assessed.

whether the plans/policy for the appropriate management and
replacement of aging IT infrastructure components have been
documented, approved, and implemented. The activities, schedules and
resources needed to achieve objectives related to IT infrastructure have
been integrated into business plans and budgets.

outages. In cases where there is huge reliance on vendors for the
provision of IT services to the brokerage firm the system auditor should
also verify that the mean time to recovery (MTTR) mentioned in the
Service Level Agreement (SLA) by the service provider satisfies the
requirements of the broking firm.


recommended by a particular exchange need to be looked into and
commented upon by the system auditor over and above the ToR of the system
audit.
3.18.Software Testing Procedures - The system auditor shall audit whether the
stock broker has complied with the guidelines and instructions of SEBI / Stock
267
Exchanges with regard to testing of software and new patches including the
following:
3.18.1. Test Procedure Review – The system auditor should review and
evaluate the procedures for system and program testing. The system
auditor should also review the adequacy of tests.
3.18.2. Documentation – The system auditor should review documented

testing procedures, test data, and resulting output to determine if they are
comprehensive and if they follow the organization's standards.
3.18.3. Test Cases – The system auditor should review the test cases and
comment upon the adequacy of the same with respect to the
requirements of the Stock Exchange and various SEBI Circulars.
268
Annexure-6
Executive Summary Reporting Format
For Preliminary Audit

Audit Obs Desc Depar Stat Risk Audit Audi Root Impac Sugg Deadlin Ve Clo
Date erva riptio tment us / Ratin TOR ted caus t ested e for the rifi sing
tion n of Nat gs of Claus by e Analy Corre Correcti ed dat
Findi ure Findi e Anal sis ctive ve By e
ng of ngs ysis action Action
Find
ings
Description of relevant Table heads
1. Audit Date – This indicates the date of conducting the audit

2. Description of Findings/ Observations – Description of the findings in sufficient detail, referencing
any accompanying evidence (e.g. copies of procedures, interview notes, screen shots etc.)
3. Status/ Nature of Findings - the category can be specified for example:
a. Non Compliant
b. Work In progress
c. Observation
d. Suggestion
4. Risk Rating of Findings – A rating has to been given for each of the observations based on their
impact and severity to reflect the risk exposure, as well as the suggested priority for action.
Rating Description
HIGH Weakness in control those represent exposure to the organization
or risks that could lead to instances of non-compliance with the
requirements of TORs. These risks need to be addressed with
utmost priority.
MEDIUM Potential weakness in controls, which could develop into an
exposure or issues that represent areas of concern and may impact
internal controls. These should be addressed reasonably promptly.
LOW Potential weaknesses in controls, which in combination with other
weakness can develop into an exposure. Suggested improvements
for situations not immediately/directly affecting controls.
5. Audit TOR Clause – The TOR clause corresponding to this observation.

6. Root cause Analysis –A detailed analysis on the cause of the nonconformity
7. Impact Analysis – An analysis of the likely impact on the operations/ activity of the organization.
8. Suggested Corrective Action –The action to be taken by the broker to correct the nonconformity.
269
For Follow on / Follow up System Audit
Preli S. Prelimi Prelim Prelim Curren Curren Revise Deadlin Verifi Closin
mina No. nary inary inary t t d e for the ed g date
ry Observ Status Corre Findin Status Correc Revise By
Audit ation ctive g tive d
Date Number Action Action Correcti
ve
Action
Description of relevant Table heads
1. Preliminary Status – The original finding as per the preliminary System Audit Report.
2. Preliminary Corrective Action – The original corrective action as prescribed in the preliminary
System Audit report.
3. Current Finding – The current finding w.r.t. the issue.
4. Current Status – Current status of the issue viz Compliant, Non-Compliant, Work In Progress (WIP).
5. Revised Corrective Action – The revised corrective action prescribed w.r.t. the Non-Compliant / WIP
issues.
270
Annexure-7
ACCOUNT OPENING KIT
INDEX OF DOCUMENTS
S. No. Name of the Document Brief Significance of the Document Page No

MANDATORY DOCUMENTS AS PRESCRIBED BY SEBI & EXCHANGES
1 Account Opening Form A. KYC form - Document captures the basic
information
B. about the constituent
Document captures theandadditional
an instruction/check
informationlist.
about the
constituent relevant to trading account
2 Document stating and the Rights
an instruction/check
& Obligations list. of
stock broker/trading memberand client for trading on
Rights and Obligations
exchanges (including additional rights & obligations
in case of internet/wireless technology based
3 trading). detailing risks associated with dealing
Risk Disclosure Document Document
(RDD) in the
4 Guidance note securities market.
Document detailing do’s and don’ts for trading on
exchange,
5 for the education
Policies and Procedures Document of thesignificant
describing investors.policies and
procedures of
6 Tariff sheet the stock broker
Document (to be
detailing theadded by the stock
rate/amount broker).
of brokerage
and other charges levied on the client for
trading on the stock
exchange(s) AS
VOLUNTARY DOCUMENTS (to be added byBY
PROVIDED theTHE
stockSTOCK
broker).BROKER
7 Demat Debit and Pledge Document seeking authorization by client to the stock
Instruction’ (DDPI) broker, to access the demat account of the client for
specified purposes only.
8
Name of stock broker/trading member/clearing member: -----------------------------------------------------------

----------------- SEBI Registration No. and date: -------------------------------------------------------------------------
----------------------------------- Registered office address: ---------------------------------------------------------------
---------------------------------------------------- Ph: ------------------------ Fax: ----------------------- Website: ---------
--------------------------------------------------------------------- Correspondence office address: ---------------------
--------------------------------------------------------------------------------------- Ph: ------------------------ Fax: ----------
------------- Website: ------------------------------------------------------------------------------ Compliance officer
271
name, phone no. & email id: --------------------------------------------------------------------------------------- CEO
name, phone no. & email id: ------------------------------------------------------------------------------------------------
----------
For any grievance/dispute please contact stock broker (name) at the above address or email id-
[email protected] and Phone no. 91-XXXXXXXXXX. In case not satisfied with the response, please
contact the concerned exchange(s) at [email protected] and Phone no. 91-XXXXXXXXXX.
272
Annexure-8
TRADING ACCOUNT RELATED DETAILS

For Individuals & Non-individuals
A. BANK ACCOUNT(S) DETAILS
Bank Branch Bank account no. Account Type: Saving/Current/ MICR IFSC code
Name address Others-In case of NRI/NRE/NRO Number
B. DEPOSITORY ACCOUNT(S) DETAILS

Depository Participant Depository Name Beneficiary name DP ID Beneficiary ID
Name (NSDL/CDSL) (BO ID)
C. TRADING PREFERENCES
*Please sign in the relevant boxes where you wish to trade. The segment not chosen should be struck off by the client.
Exchanges Segments
Cash Currency Derivative
Name of the
Exchange -1 Name of other
F&O Segment s, if any
Name of the
Name of the
Segments -1, 2...
Exchange -2
# If, in future, the client wants to trade on any new segment/new exchange, separate authorization/letter should be taken
from the client by the stock broker.
D. OTHER DETAILS (For Individuals)

1. Gross Annual Income Details (please specify): Income Range per annum: Below Rs 1 Lac / 1-5 Lac /5-10 Lac /
10-25 Lac / >25 Lacs or
Net-worth as on (date)…………………. (------------------------------) (Net worth should not be older than 1 year)
2. Occupation (please tick any one and give brief details): Private Sector/ Public Sector/ Government
Service/Business/ Professional/ Agriculturist/ Retired/ Housewife/ Student/ Others
3. Please tick, if applicable: Politically Exposed Person (PEP)/ Related to a Politically Exposed Person (PEP)
4 . Any other information:
E. OTHER DETAILS (For Non-Individuals)

1. Gross Annual Income Details (please specify): Income Range per annum: Below Rs 1 Lac / 1-5 Lac /5-10 Lac / 10-
25 Lac / 25 Lacs-1 crore / > 1 crore
2. Net-worth as on (date) ………….….…. (dd/mm/yyyy): (Net worth should not be older than 1 year)
3. Name, PAN, residential address and photographs of Promoters/Partners/Karta/Trustees and whole time
directors:
4. DIN/UID of Promoters/Partners/Karta and whole time directors:
5. Please tick, if applicable, for any of your authorized signatories/Promoters/Partners/Karta/Trustees/whole
time directors: Politically Exposed Person (PEP)/ Related to a Politically Exposed Person (PEP)
273
6. Any other information:
F . PAST ACTIONS
 Details of any action/proceedings initiated/pending/ taken by SEBI/ Stock exchange/any other authority against the
applicant/constituent or its Partners/promoters/whole time directors/authorized persons in charge of dealing in
securities during the last 3 years: ……………………………………………………………………………………………
G. DEALINGS THROUGH OTHER STOCK BROKERS

 Whether dealing with any other stock broker (if case dealing with multiple stock brokers, provide details of all)
Name of stock broker:……………………………………………:…………………………..…..
Client Code: …………………………….Exchange:…………………………………………….……………………………
Details of disputes/dues pending from/to such stock broker: ……………………….………………….…………………
H. ADDITIONAL DETAILS
 Whether you wish to receive physical contract note or Electronic Contract Note (ECN) (please specify): ……………
Specify your Email id, if applicable: …………………………………………………………………………………………...
 Whether you wish to avail of the facility of internet trading/ wireless technology (please specify): …………………….
 Number of years of Investment/Trading Experience: ………………………………………………………………………
 In case of non-individuals, name, designation, PAN, UID, signature, residential address and photographs of persons
authorized to deal in securities on behalf of company/firm/others: ………………………………………………
Any other information: ……………………………………………………………………………………………………..
I. INTRODUCER DETAILS (optional)
Name of the Introducer: ……………………………………………………………………………………………………………
(Surname) (Name) (Middle Name)
Status of the Introducer: Remisier/Authorized Person/Existing Client/Others, please specify……………………
Address and phone no. of the Introducer: ……………………………. Signature of the Introducer: …………………………
J. NOMINATION DETAILS (for individuals only)

I/We wish to nominate I/We do not wish to nominate
Name of the Nominee: ………………………………………. Relationship with the Nominee: ………………………………….
PAN of Nominee: ……………………………………………... Date of Birth of Nominee: ………………...………………………
Address and phone no. of the Nominee: …………………………………………………………………………………………….
If Nominee is a minor, details of guardian:

Name of guardian: ……………………… Address and phone no. of Guardian: ……………………………..…………………..
Signature of guardian ……………………………………………………………………………….………………………………….
WITNESSES (Only applicable in case the account holder has made nomination)
Name ------------------------- Name ----------------------------
Signature --------------------- Signature ----------------------
Address ----------------------- Address -------------------------
DECLARATION
1. I/We hereby declare that the details furnished above are true and correct to the best of my/our knowledge and belief
and I/we undertake to inform you of any changes therein, immediately. In case any of the above information is found
to be false or untrue or misleading or misrepresenting, I am/we are aware that I/we may be held liable for it.
274
2. I/We confirm having read/been explained and understood the contents of the document on policy and procedures of
the stock broker and the tariff sheet.
3. I/We further confirm having read and understood the contents of the ‘Rights and Obligations’ document(s) and ‘Risk
Disclosure Document’. I/We do hereby agree to be bound by such provisions as outlined in these documents. I/We
have also been informed that the standard set of documents has been displayed for Information on stock broker’s
designated website, if any.
Place ----------------------- (---------------------------------------------------)

Date ------------------------ Signature of Client/ (all) Authorized Signatory (ies)
FOR OFFICE USE ONLY
UCC Code allotted to the Client: --------------------

Documents verified with Client Interviewed By In-Person Verification done by
Originals
Name of the Employee
Employee Code
Designation of the employee
Date
Signature
I / We undertake that we have made the client aware of ‘Policy and Procedures’, tariff sheet and all the non-mandatory
documents. I/We have also made the client aware of ‘Rights and Obligations’ document (s), RDD and Guidance Note.
I/We have given/sent him a copy of all the KYC documents. I/We undertake that any change in the ‘Policy and Procedures’,
tariff sheet and all the non-mandatory documents would be duly intimated to the clients. I/We also undertake that
any change in the ‘Rights and Obligations’ and RDD would be made available on my/our website, if any, for the information
of the clients.
………………………………………..
Signature of the Authorised Signatory
Date …………………. Seal/Stamp of the stock broker
INSTRUCTIONS/ CHECK LIST
1. Additional documents in case of trading in derivatives segments - illustrative list:

Copy of ITR Acknowledgement Copy of Annual Accounts
In case of salary income - Salary Slip, Copy of Form 16 Net worth certificate
Copy of demat account holding statement. Bank account statement for last 6 months
Any other relevant documents substantiating ownership of Self declaration with relevant supporting documents.
assets.
*In respect of other clients, documents as per risk management policy of the stock broker need to be provided by the
client from time to time.
275
2. Copy of cancelled cheque leaf/ pass book/bank statement specifying name of the constituent, MICR Code or/and
IFSC Code of the bank should be submitted.
3. Demat master or recent holding statement issued by DP bearing name of the client.
4. For individuals:
a. Stock broker has an option of doing ‘in-person’ verification through web camera at the branch office of the
stock broker
b. In case of non-resident clients, employees at the stock broker’s local office, overseas can do in-person’
verification. Further, considering the infeasibility of carrying out ‘In-person’ verification of the non-resident
clients by the stock broker’s staff, attestation of KYC documents by Notary Public, Court, Magistrate,
Judge, Local Banker, Indian Embassy / Consulate General in the country where the client resides may be
permitted.
5. For non-individuals:
a. Form need to be initialized by all the authorized signatories.
b. Copy of Board Resolution or declaration (on the letterhead) naming the persons authorized to deal in
securities on behalf of company/firm/others and their specimen signatures.
276
Annexure-9
RIGHTS AND OBLIGATIONS OF STOCK BROKERS AND CLIENTS

as prescribed by SEBI and Stock Exchanges
1. The client shall invest/trade in those securities/contracts/other instruments admitted to dealings on the
Exchanges as defined in the Rules, Byelaws and Regulations of Exchanges/ Securities and Exchange
Board of India (SEBI) and circulars/notices issued there under from time to time.
2. The stock broker, and the client shall be bound by all the Rules, Byelaws and Regulations of the
Exchange and circulars/notices issued there under and Rules and Regulations of SEBI and relevant
notifications of Government authorities as may be in force from time to time.
3. The client shall satisfy itself of the capacity of the stock broker to deal in securities and/or deal in
derivatives contracts and wishes to execute its orders through the stock broker and the client shall from
time to time continue to satisfy itself of such capability of the stock broker before executing orders
through the stock broker.
4. The stock broker shall continuously satisfy itself about the genuineness and financial soundness of the
client and investment objectives relevant to the services to be provided.
5. The stock broker shall take steps to make the client aware of the precise nature of the Stock broker’s
liability for business to be conducted, including any limitations, the liability and the capacity in which the
stock broker acts.
CLIENT INFORMATION
6. The client shall furnish all such details in full as are required by the stock broker in "Account Opening
Form” with supporting details, made mandatory by stock exchanges/SEBI from time to time.
7. The client shall familiarize himself with all the mandatory provisions in the Account Opening documents.
Any additional clauses or documents specified by the stock broker shall be non-mandatory, as per terms
& conditions accepted by the client.
8. The client shall immediately notify the stock broker in writing if there is any change in the information in
the ‘account opening form’ as provided at the time of account opening and thereafter; including the
information on winding up petition/insolvency petition or any litigation which may have material bearing
on his capacity. The client shall provide/update the financial information to the stock broker on a periodic
basis.
9. The stock broker shall maintain all the details of the client as mentioned in the account opening form or
any other information pertaining to the client, confidentially and that they shall not disclose the same to
any person/authority except as required under any law/regulatory requirements. Provided however that
the stock broker may so disclose information about his client to any person or authority with the express
permission of the client.
MARGINS
10. The client shall pay applicable initial margins, withholding margins, special margins or such other
277
margins as are considered necessary by the stock broker or the Exchange or as may be directed by
SEBI from time to time as applicable to the segment(s) in which the client trades. The stock broker is
permitted in its sole and absolute discretion to collect additional margins (even though not required by
the Exchange, Clearing House/Clearing Corporation or SEBI) and the client shall be obliged to pay such
margins within the stipulated time.
11. The client understands that payment of margins by the client does not necessarily imply complete
satisfaction of all dues. In spite of consistently having paid margins, the client may, on the settlement of
its trade, be obliged to pay (or entitled to receive) such further sums as the contract may dictate/require.
TRANSACTIONS AND SETTLEMENTS
12. The client shall give any order for buy or sell of a security/derivatives contract in writing or in such form
or manner, as may be mutually agreed between the client and the stock broker. The stock broker shall
ensure to place orders and execute the trades of the client, only in the Unique Client Code assigned to
that client.
13. The stock broker shall inform the client and keep him apprised about trading/settlement cycles,
delivery/payment schedules, any changes therein from time to time, and it shall be the responsibility in
turn of the client to comply with such schedules/procedures of the relevant stock exchange where the
trade is executed.
14. The stock broker shall ensure that the money/securities deposited by the client shall be kept in a
separate account, distinct from his/its own account or account of any other client and shall not be used
by the stock broker for himself/itself or for any other client or for any purpose other than the purposes
mentioned in Rules, Regulations, circulars, notices, guidelines of SEBI and/or Rules, Regulations, Bye-
laws, circulars and notices of Exchange.
15. Where the Exchange(s) cancels trade(s) suo moto all such trades including the trade/s done on behalf
of the client shall ipso facto stand cancelled, stock broker shall be entitled to cancel the respective
contract(s) with client(s).
16. The transactions executed on the Exchange are subject to Rules, Byelaws and Regulations and
circulars/notices issued thereunder of the Exchanges where the trade is executed and all parties to such
trade shall have submitted to the jurisdiction of such court as may be specified by the Byelaws and
Regulations of the Exchanges where the trade is executed for the purpose of giving effect to the
provisions of the Rules, Byelaws and Regulations of the Exchanges and the circulars/notices issued
thereunder.
BROKERAGE
17. The Client shall pay to the stock broker brokerage and statutory levies as are prevailing from time to
time and as they apply to the Client’s account, transactions and to the services that stock broker
renders to the Client. The stock broker shall not charge brokerage more than the maximum
brokerage permissible as per the rules, regulations and bye-laws of the relevant stock exchanges
and/or rules and regulations of SEBI.
LIQUIDATION AND CLOSE OUT OF POSITION
18. 1Without prejudice to the stock broker's other rights (including the right to refer a matter to arbitration),
the client understands that the stock broker shall be entitled to liquidate/close out all or any of the client's
278
positions for non- payment of margins or other amounts, outstanding debts, etc. and adjust the proceeds
of such liquidation/close out, if any, against the client's liabilities/obligations. Any and all losses and
financial charges on account of such liquidation/closing-out shall be charged to and borne by the client.
19. In the event of death or insolvency of the client or his/its otherwise becoming incapable of receiving and
paying for or delivering or transferring securities which the client has ordered to be bought or sold, stock
broker may close out the transaction of the client and claim losses, if any, against the estate of the client.
The client or his nominees, successors, heirs and assignee shall be entitled to any surplus which may
result there from. The client shall note that transfer of funds/securities in favor of a Nominee shall be
valid discharge by the stock broker against the legal heir.
The stock broker shall bring to the notice of the relevant Exchange the information about default
in payment/delivery and related aspects by a client. In case where defaulting client is a
corporate Entity/partnership/proprietary firm or any other artificial legal entity, then the name(s) of
Director(s)/Promoter(s)/Partner(s)/Proprietor as the case may be, shall also be communicated by the
stock broker to the relevant Exchange(s).
DISPUTE RESOLUTION
20. The stock broker shall provide the client with the relevant contact details of the concerned Exchanges
and SEBI.
21. The stock broker shall co-operate in redressing grievances of the client in respect of all transactions
routed through it and in removing objections for bad delivery of shares, rectification of bad delivery, etc.
22. The client and the stock broker shall refer any claims and/or disputes with respect to deposits, margin
money, etc., to arbitration as per the Rules, Byelaws and Regulations of the Exchanges where the trade
is executed and circulars/notices issued thereunder as may be in force from time to time.
23. The stock broker shall ensure faster settlement of any arbitration proceedings arising out of the
transactions entered into between him vis-à-vis the client and he shall be liable to implement the
arbitration awards made in such proceedings.
24. The client/stock-broker understands that the instructions issued by an authorized representative for
dispute resolution, if any, of the client/stock-broker shall be binding on the client/stock-broker in
accordance with the letter authorizing the said representative to deal on behalf of the said client/stock-
broker.
TERMINATION OF RELATIONSHIP
25. This relationship between the stock broker and the client shall be terminated; if the stock broker for any
reason ceases to be a member of the stock exchange including cessation of membership by reason of
the stock broker's default, death, resignation or expulsion or if the certificate is cancelled by the Board.
26. The stock broker and the client shall be entitled to terminate the relationship between them without
giving any reasons to the other party, after giving notice in writing of not less than one month to the
other parties. Notwithstanding any such termination, all rights, liabilities and obligations of the parties
arising out of or in respect of transactions entered into prior to the termination of this relationship shall
continue to subsist and vest in/be binding on the respective parties or his/its respective heirs, executors,
administrators, legal representatives or successors, as the case may be.
279
ADDITIONAL RIGHTS AND OBLIGATIONS
27. The stock broker shall ensure due protection to the client regarding client’s rights to dividends, rights or
bonus shares, etc. in respect of transactions routed through it and it shall not do anything which is likely
to harm the interest of the client with whom and for whom they may have had transactions in securities.
28. The stock broker and client shall reconcile and settle their accounts from time to time as per
the Rules, Regulations, Bye Laws, Circulars, Notices and Guidelines issued by SEBI and the relevant
Exchanges where the trade is executed.
29. The stock broker shall issue a contract note to his constituents for trades executed in such format as
may be prescribed by the Exchange from time to time containing records of all transactions including
details of order number, trade number, trade time, trade price, trade quantity, details of the derivatives
contract, client code, brokerage, all charges levied etc. and with all other relevant details as required
therein to be filled in and issued in such manner and within such time as prescribed by the Exchange.
The stock broker shall send contract notes to the investors within one working day of the execution of
the trades in hard copy and/or in electronic form using digital signature.
30. The stock broker shall make pay out of funds or delivery of securities, as the case may be, to the Client
within one working day of receipt of the payout from the relevant Exchange where the trade is executed
unless otherwise specified by the client and subject to such terms and conditions as may be prescribed
by the relevant Exchange from time to time where the trade is executed.
31. The stock broker shall send a complete `Statement of Accounts’ for both funds and securities in respect
of each of its clients in such periodicity and format within such time, as may be prescribed by the relevant
Exchange, from time to time, where the trade is executed. The Statement shall also state that the client
shall report errors, if any, in the Statement within such time as may be prescribed by the relevant
Exchange from time to time where the trade was executed, from the receipt thereof to the Stock broker.
32. The stock broker shall send daily margin statements to the clients. Daily Margin statement should
include, inter- alia, details of collateral deposited, collateral utilized and collateral status (available
balance/due from client) with break up in terms of cash, Fixed Deposit Receipts (FDRs), Bank
Guarantee and securities.
33. The Client shall ensure that it has the required legal capacity to, and is authorized to, enter into the
relationship with stock broker and is capable of performing his obligations and undertakings hereunder.
All actions required to be taken to ensure compliance of all the transactions, which the Client may enter
into shall be completed by the Client prior to such transaction being entered into.
34. The stock broker / stock broker and depository participant shall not directly /indirectly compel the clients
to execute Power of Attorney (PoA) or Demat Debit and Pledge Instruction (DDPI) or deny services to
the client if the client refuses to execute PoA or DDPI.
ELECTRONIC CONTRACT NOTES (ECN)
35. In case, client opts to receive the contract note in electronic form, he shall provide an appropriate e-mail
id to the stock broker. The client shall communicate to the stock broker any change in the email-id
through a physical letter. If the client has opted for internet trading, the request for change of email id
may be made through the secured access by way of client specific user id and password.
36. The stock broker shall ensure that all ECNs sent through the e-mail shall be digitally signed, encrypted,
280
non-tamper able and in compliance with the provisions of the IT Act, 2000. In case, ECN is sent through
e-mail as an attachment, the attached file shall also be secured with the digital signature, encrypted and
non-tamperable.
37. The client shall note that non-receipt of bounced mail notification by the stock broker shall amount to
delivery of the contract note at the e-mail ID of the client.
1. The stock broker shall retain ECN and acknowledgement of the e-mail in a soft and non-tamperable
form in the manner prescribed by the exchange in compliance with the provisions of the IT Act, 2000
and as per the extant rules/regulations/circulars/guidelines issued by SEBI/Stock Exchanges from time
to time. The proof of delivery i.e., log report generated by the system at the time of sending the contract
notes shall be maintained by the stock broker for the specified period under the extant regulations of
SEBI/stock exchanges. The log report shall provide the details of the contract notes that are not
delivered to the client/e-mails rejected or bounced back. The stock broker shall take all possible steps
to ensure receipt of notification of bounced mails by him at all times within the stipulated time period
under the extant regulations of SEBI/stock exchanges.
2. The stock broker shall continue to send contract notes in the physical mode to such clients who do not
opt to receive the contract notes in the electronic form. Wherever the ECNs have not been delivered to
the client or has been rejected (bouncing of mails) by the e-mail ID of the client, the stock broker shall
send a physical contract note to the client within the stipulated time under the extant regulations of
SEBI/stock exchanges and maintain the proof of delivery of such physical contract notes.
3. In addition to the e-mail communication of the ECNs to the client, the stock broker shall simultaneously
publish the ECN on his designated web-site, if any, in a secured way and enable relevant access to the
clients and for this purpose, shall allot a unique user name and password to the client, with an option to
the client to save the contract note electronically and/or take a print out of the same.
LAW AND JURISDICTION
4. In addition to the specific rights set out in this document, the stock broker and the client shall be entitled
to exercise any other rights which the stock broker or the client may have under the Rules, Bye-laws
and Regulations of the Exchanges in which the client chooses to trade and circulars/notices issued
thereunder or Rules and Regulations of SEBI.
5. The provisions of this document shall always be subject to Government notifications, any rules,
regulations, guidelines and circulars/notices issued by SEBI and Rules, Regulations and Bye laws of
the relevant stock exchanges, where the trade is executed, that may be in force from time to time.
6. The stock broker and the client shall abide by any award passed by the Arbitrator(s) under the Arbitration
and Conciliation Act, 1996. However, there is also a provision of appeal within the stock exchanges, if
either party is not satisfied with the arbitration award.
7. Words and expressions which are used in this document but which are not defined herein shall, unless
the context otherwise requires, have the same meaning as assigned thereto in the Rules, Byelaws and
Regulations and circulars/notices issued thereunder of the Exchanges/SEBI.
8. All additional voluntary clauses/document added by the stock broker should not be in contravention with
rules/regulations/notices/circulars of Exchanges/SEBI. Any changes in such voluntary
clauses/document(s) need to be preceded by a notice of 15 days. Any changes in the rights and
obligations which are specified by Exchanges/SEBI shall also be brought to the notice of the clients.
281
38. If the rights and obligations of the parties hereto are altered by virtue of change in Rules and regulations
of SEBI or Bye-laws, Rules and Regulations of the relevant stock Exchanges where the trade is
executed, such changes shall be deemed to have been incorporated herein in modification of the rights
and obligations of the parties mentioned in this document.
INTERNET & WIRELESS TECHNOLOGY BASED TRADING FACILITY PROVIDED BY STOCK BROKERS TO
CLIENT
(All the clauses mentioned in the ‘Rights and Obligations’ document(s) shall be applicable.
Additionally, the clauses mentioned herein shall also be applicable.)
1. Stock broker is eligible for providing Internet based trading (IBT) and securities trading through the use
of wireless technology that shall include the use of devices such as mobile phone, laptop with data card,
etc. which use Internet Protocol (IP). The stock broker shall comply with all requirements applicable to
internet based trading/securities trading using wireless technology as may be specified by SEBI & the
Exchanges from time to time.
2. The client is desirous of investing/trading in securities and for this purpose, the client is desirous of using
either the internet based trading facility or the facility for securities trading through use of wireless
technology. The Stock broker shall provide the Stock broker’s IBT Service to the Client, and the Client
shall avail of the Stock broker’s IBT Service, on and subject to SEBI/Exchanges Provisions and the
terms and conditions specified on the Stock broker’s IBT Web Site provided that they are in line with the
norms prescribed by Exchanges/SEBI.
3. The stock broker shall bring to the notice of client the features, risks, responsibilities, obligations and
liabilities associated with securities trading through wireless technology/internet/smart order routing or
any other technology should be brought to the notice of the client by the stock broker.
4. The stock broker shall make the client aware that the Stock Broker’s IBT system itself generates the
initial password and its password policy as stipulated in line with norms prescribed by Exchanges/SEBI.
5. The Client shall be responsible for keeping the Username and Password confidential and secure and
shall be solely responsible for all orders entered and transactions done by any person whosoever
through the Stock broker’s IBT System using the Client’s Username and/or Password whether or not
such person was authorized to do so. Also the client is aware that authentication technologies and strict
security measures are required for the internet trading/securities trading through wireless technology
through order routed system and undertakes to ensure that the password of the client and/or his
authorized representative are not revealed to any third party including employees and dealers of the
stock broker
6. The Client shall immediately notify the Stock broker in writing if he forgets his password, discovers
security flaw in Stock Broker’s IBT System, discovers/suspects discrepancies/ unauthorized access
through his username/password/account with full details of such unauthorized use, the date, the manner
and the transactions effected pursuant to such unauthorized use, etc.
7. The Client is fully aware of and understands the risks associated with availing of a service for routing
orders over the internet/securities trading through wireless technology and Client shall be fully liable and
responsible for any and all acts done in the Client’s Username/password in any manner whatsoever.
8. The stock broker shall send the order/trade confirmation through email to the client at his request. The
282
client is aware that the order/ trade confirmation is also provided on the web portal. In case client is
trading using wireless technology, the stock broker shall send the order/trade confirmation on the device
of the client.
9. The client is aware that trading over the internet involves many uncertain factors and complex hardware,
software, systems, communication lines, peripherals, etc. are susceptible to interruptions and
dislocations. The Stock broker and the Exchange do not make any representation or warranty that the
Stock broker’s IBT Service will be available to the Client at all times without any interruption.
10. The Client shall not have any claim against the Exchange or the Stock broker on account of any
suspension, interruption, non-availability or malfunctioning of the Stock broker’s IBT System or Service
or the Exchange’s service or systems or non-execution of his orders due to any link/system
failure at the Client/Stock brokers/Exchange end for any reason beyond the control of the stock
broker/Exchanges.
283
Annexure-10
RISK DISCLOSURE DOCUMENT FOR CAPITAL MARKET AND DERIVATIVES SEGMENTS
This document contains important information on trading in Equities/Derivatives Segments of the stock
exchanges. All prospective constituents should read this document before trading in Equities/Derivatives
Segments of the Exchanges.
Stock exchanges/SEBI does neither singly or jointly and expressly nor impliedly guarantee nor make any
representation concerning the completeness, the adequacy or accuracy of this disclosure document nor
have Stock exchanges /SEBI endorsed or passed any merits of participating in the trading segments.
This brief statement does not disclose all the risks and other significant aspects of trading.
In the light of the risks involved, you should undertake transactions only if you understand the nature of
the relationship into which you are entering and the extent of your exposure to risk.
You must know and appreciate that trading in Equity shares, derivatives contracts or other instruments
traded on the Stock Exchange, which have varying element of risk, is generally not an appropriate
avenue for someone of limited resources/limited investment and/or trading experience and low risk
tolerance. You should therefore carefully consider whether such trading is suitable for you in the light of
your financial condition. In case you trade on Stock exchanges and suffer adverse consequences or loss,
you shall be solely responsible for the same and Stock exchanges/its Clearing Corporation and/or SEBI
shall not be responsible, in any manner whatsoever, for the same and it will not be open for you to take
a plea that no adequate disclosure regarding the risks involved was made or that you were not explained
the full risk involved by the concerned stock broker. The constituent shall be solely responsible for the
consequences and no contract can be rescinded on that account. You must acknowledge and accept
that there can be no guarantee of profits or no exception from losses while executing orders for purchase
and/or sale of a derivative contract being traded on Stock exchanges.
It must be clearly understood by you that your dealings on Stock exchanges through a stock broker shall
be subject to your fulfilling certain formalities set out by the stock broker, which may inter alia include your
filling the know your client form, reading the rights and obligations, do’s and don’ts, etc., and are subject
to the Rules, Byelaws and Regulations of relevant Stock exchanges, its Clearing Corporation, guidelines
prescribed by SEBI and in force from time to time and Circulars as may be issued by Stock exchanges
or its Clearing Corporation and in force from time to time.
Stock exchanges does not provide or purport to provide any advice and shall not be liable to any person
who enters into any business relationship with any stock broker of Stock exchanges and/or any third party
based on any information contained in this document. Any information contained in this document must
284
not be construed as business advice. No consideration to trade should be made without thoroughly
understanding and reviewing the risks involved in such trading. If you are unsure, you must seek
professional advice on the same.
In considering whether to trade or authorize someone to trade for you, you should be aware of or must
get acquainted with the following:-
1. BASIC RISKS:
1.1 Risk of Higher Volatility:

Volatility refers to the dynamic changes in price that a security/derivatives contract undergoes when
trading activity continues on the Stock Exchanges. Generally, higher the volatility of a security/derivatives
contract, greater is its price swings. There may be normally greater volatility in thinly traded securities /
derivatives contracts than in active securities /derivatives contracts. As a result of volatility, your order
may only be partially executed or not executed at all, or the price at which your
order got executed may be substantially different from the last traded price or change substantially
thereafter, resulting in notional or real losses.
1.2 Risk of Lower Liquidity:

Liquidity refers to the ability of market participants to buy and/or sell securities / derivatives contracts
expeditiously at a competitive price and with minimal price difference. Generally, it is assumed that more
the numbers of orders available in a
market, greater is the liquidity. Liquidity is important because with greater liquidity, it is easier for investors
to buy and/or sell securities / derivatives contracts swiftly and with minimal price difference, and as a
result, investors are more likely to pay or receive a competitive price for securities / derivatives contracts
purchased or sold. There may be a risk of lower liquidity in some securities / derivatives contracts as
compared to active securities / derivatives contracts. As a result, your order may only be partially
executed, or may be executed with relatively greater price difference or may not be executed at all.
1.2.1 Buying or selling securities / derivatives contracts as part of a day trading strategy may also result
into losses, because in such a situation, securities / derivatives contracts may have to be sold / purchased
at low / high prices, compared to the expected price levels, so as not to have any open position or
obligation to deliver or receive a security / derivatives contract.
1.3 Risk of Wider Spreads:

Spread refers to the difference in best buy price and best sell price. It represents the differential between
the price of buying a security / derivatives contract and immediately selling it or vice versa. Lower liquidity
and higher volatility may result in wider than normal spreads for less liquid or illiquid securities / derivatives
contracts. This in turn will hamper better price formation.
285
1.4 Risk-reducing orders:
The placing of orders (e.g., "stop loss” orders, or "limit" orders) which are intended to limit losses to certain
amounts may not
be effective many a time because rapid movement in market conditions may make it impossible to
execute such orders.
1.4.1 A "market" order will be executed promptly, subject to availability of orders on opposite side, without
regard to price and that, while the customer may receive a prompt execution of a "market" order, the
execution may be at available prices of outstanding orders, which satisfy the order quantity, on price time
priority. It may be understood that these prices may be significantly different from the last traded price or
the best price in that security / derivatives contract.
1.4.2 A "limit" order will be executed only at the "limit" price specified for the order or a better price.
However, while the customer receives price protection, there is a possibility that the order may not be
executed at all.
1.4.3 A stop loss order is generally placed "away" from the current price of a stock / derivatives contract,
and such order gets activated if and when the security / derivatives contract reaches, or trades through,
the stop price. Sell stop orders are entered ordinarily below the current price, and buy stop orders are
entered ordinarily above the current price. When the security / derivatives contract reaches the pre -
determined price, or trades through such price, the stop loss order converts to a market/limit order and is
executed at the limit or better. There is no assurance therefore that the limit order will be executable since
a security / derivatives contract might penetrate the pre-determined price, in which case, the risk of such
order not getting executed arises, just as with a regular limit order.
1.5 Risk of News Announcements:

News announcements that may impact the price of stock / derivatives contract may occur during trading,
and when combined with lower liquidity and higher volatility, may suddenly cause an unexpected positive
or negative movement in the price of the
security / contract.
1.6 Risk of Rumors:

Rumors about companies / currencies at times float in the market through word of mouth, newspapers,
websites or news agencies, etc. The investors should be wary of and should desist from acting on rumors.
1.7 System Risk:

High volume trading will frequently occur at the market opening and before market close. Such high
volumes may also occur at any point in the day. These may cause delays in order execution or
confirmation.
286
1.7.1 During periods of volatility, on account of market participants continuously modifying their order
quantity or prices or placing fresh orders, there may be delays in order execution and its confirmations.
1.7.2 Under certain market conditions, it may be difficult or impossible to liquidate a position in the market at a
reasonable price or at all, when there are no outstanding orders either on the buy side or the sell side, or if
trading is halted in a security / derivatives contract due to any action on account of unusual trading
activity or security / derivatives contract hitting circuit filters or for any other reason.
1.8 System/Network Congestion:

Trading on exchanges is in electronic mode, based on satellite/leased line based communications,
combination of technologies and computer systems to place and route orders. Thus, there exists a
possibility of communication failure or
system problems or slow or delayed response from system or trading halt, or any such other
problem/glitch whereby not being able to establish access to the trading system/network, which may be
beyond control and may result in delay in processing or not processing buy or sell orders either in part or
in full. You are cautioned to note that although these problems may be temporary in nature, but when you
have outstanding open positions or unexecuted orders, these represent a risk because of your obligations
to settle all executed transactions.
2. As far as Derivatives segments are concerned, please note and get yourself acquainted with
the following additional features:-
2.1 Effect of "Leverage" or "Gearing":

In the derivatives market, the amount of margin is small relative to the value of the derivatives contract
so the transactions are 'leveraged' or 'geared'. Derivatives trading, which is conducted with a relatively
small amount of margin, provides the
possibility of great profit or loss in comparison with the margin amount. But transactions in derivatives
carry a high degree of
risk.
You should therefore completely understand the following statements before actually trading in
derivatives and also trade with caution while taking into account one's circumstances, financial resources,
etc. If the prices move against you, you may lose a part of or whole margin amount in a relatively short
period of time. Moreover, the loss may exceed the original margin amount.
A. Futures trading involve daily settlement of all positions. Every day the open positions are marked to
market based on the closing level of the index / derivatives contract. If the contract has moved against
you, you will be required to deposit the amount of loss (notional) resulting from such movement. This
amount will have to be paid within a stipulated time frame, generally before commencement of trading on
next day.
287
B. If you fail to deposit the additional amount by the deadline or if an outstanding debt occurs in your
account, the stock broker may liquidate a part of or the whole position or substitute securities. In this
case, you will be liable for any losses incurred due to such close-outs.
C. Under certain market conditions, an investor may find it difficult or impossible to execute transactions.
For example, this situation can occur due to factors such as illiquidity i.e. when there are insufficient bids
or offers or suspension of trading due to price limit or circuit breakers etc.
D. In order to maintain market stability, the following steps may be adopted: changes in the margin rate,
increases in the cash margin rate or others. These new measures may also be applied to the existing
open interests. In such conditions, you will be required to put up additional margins or reduce your
positions.
E. You must ask your broker to provide the full details of derivatives contracts you plan to trade i.e. the
contract specifications and the associated obligations.
2.2 Currency specific risks:

1. The profit or loss in transactions in foreign currency-denominated contracts, whether they are traded
in your own or another jurisdiction, will be affected by fluctuations in currency rates where there is a need
to convert from the currency denomination of the contract to another currency.
2. Under certain market conditions, you may find it difficult or impossible to liquidate a position. This can
occur, for example when a currency is deregulated or fixed trading bands are widened.
3. Currency prices are highly volatile. Price movements for currencies are influenced by, among other
things: changing supply-demand relationships; trade, fiscal, monetary, exchange control programs and
policies of governments; foreign political and economic events and policies; changes in national and
international interest rates and inflation; currency devaluation; and sentiment of the market place. None
of these factors can be controlled by any individual advisor and no assurance can be given that an
advisor's advice will result in profitable trades for a participating customer or that a customer will not incur
losses from such events.
2.3 Risk of Option holders:

1. An option holder runs the risk of losing the entire amount paid for the option in a relatively short period
of time. This risk reflects the nature of an option as a wasting asset which becomes worthless when it
expires. An option holder who neither
sells his option in the secondary market nor exercises it prior to its expiration will necessarily lose his
entire investment in the option. If the price of the underlying does not change in the anticipated direction
before the option expires, to an extent
288
sufficient to cover the cost of the option, the investor may lose all or a significant part of his investment in
the option.
2. The Exchanges may impose exercise restrictions and have absolute authority to restrict the exercise
of options at certain times in specified circumstances.
2.4 Risks of Option Writers:

1. If the price movement of the underlying is not in the anticipated direction, the option writer runs the
risks of losing substantial amount.
2. The risk of being an option writer may be reduced by the purchase of other options on the same
underlying interest and
thereby assuming a spread position or by acquiring other types of hedging positions in the options
markets or other markets. However, even where the writer has assumed a spread or other hedging
position, the risks may still be significant. A spread position is not necessarily less risky than a simple
'long' or 'short' position.
3. Transactions that involve buying and writing multiple options in combination, or buying or writing
options in combination with
buying or selling short the underlying interests, present additional risks to investors. Combination
transactions, such as option spreads, are more complex than buying or writing a single option. And it
should be further noted that, as in any area of investing, a complexity not well understood is, in itself, a
risk factor. While this is not to suggest that combination strategies should not be considered, it is
advisable, as is the case with all investments in options, to consult with someone who is experienced and
knowledgeable with respect to the risks and potential rewards of combination transactions under various
market circumstances.
3. TRADING THROUGH WIRELESS TECHNOLOGY/ SMART ORDER ROUTING OR ANY OTHER

TECHNOLOGY:
Any additional provisions defining the features, risks, responsibilities, obligations and liabilities associated
with securities trading through wireless technology/ smart order routing or any other technology should
be brought to the notice of the client by the stock broker.
4. GENERAL
4.1 The term ‘constituent’ shall mean and include a client, a customer or an investor, who deals with a
stock broker for the purpose of acquiring and/or selling of securities / derivatives contracts through the
mechanism provided by the Exchanges.
4.2 The term ‘stock broker’ shall mean and include a stock broker, a broker or a stock broker, who has
been admitted as such by the Exchanges and who holds a registration certificate from SEBI.
289
Annexure-11
GUIDANCE NOTE - DO’s AND DON’Ts FOR TRADING ON THE EXCHANGE(S) FOR INVESTORS
BEFORE YOU BEGIN TO TRADE
1. Ensure that you deal with and through only SEBI registered intermediaries. You may check their
SEBI registration certificate number from the list available on the Stock exchanges www.exchange.com and
SEBI website www.sebi.gov.in.
2. Ensure that you fill the KYC form completely and strike off the blank fields in the KYC form.
3. Ensure that you have read all the mandatory documents viz. Rights and Obligations, Risk Disclosure
Document, Policy and Procedure document of the stock broker.
4. Ensure to read, understand and then sign the voluntary clauses, if any, agreed between you and the
stock broker. Note that the clauses as agreed between you and the stock broker cannot be changed without
your consent.
5. Get a clear idea about all brokerage, commissions, fees and other charges levied by the broker on you for
trading and the relevant provisions/ guidelines specified by SEBI/Stock exchanges.
6. Obtain a copy of all the documents executed by you from the stock broker free of charge.
7. In case you wish to execute Power of Attorney (POA) in favour of the Stock broker, authorizing it to operate
your bank and demat account, please refer to the guidelines issued by SEBI/Exchanges in this regard.
TRANSACTIONS AND SETTLEMENTS
8. The stock broker may issue electronic contract notes (ECN) if specifically authorized by you in writing.
You should provide your email id to the stock broker for the same. Don’t opt for ECN if you are not familiar
with computers.
9. Don’t share your internet trading account’s password with anyone.
10. Don’t make any payment in cash to the stock broker.
11. Make the payments by account payee cheque in favour of the stock broker. Don’t issue cheques in the
name of sub- broker. Ensure that you have a documentary proof of your payment/deposit of securities
with the stock broker, stating date, scrip, quantity, towards which bank/ demat account such money or
securities deposited and from which bank/ demat account.
12. Note that facility of Trade Verification is available on stock exchanges’ websites, where details of trade as
mentioned in the contract note may be verified. Where trade details on the website do not tally with the details
mentioned in the contract note, immediately get in touch with the Investors Grievance Cell of the relevant
Stock exchange.
13. In case you have given specific authorization for maintaining running account, payout of funds or delivery of
securities (as the case may be), may not be made to you within one working day from the receipt of payout
from the Exchange. Thus, the stock broker shall maintain running account for you subject to the following
conditions:
a) Such authorization from you shall be dated, signed by you only and contains the clause that you
may revoke the same at any time.
b) The actual settlement of funds and securities shall be done by the stock broker, at least once in a
calendar quarter or month, depending on your preference. While settling the account, the stock broker
shall send to you a ‘statement of accounts’ containing an extract from the client ledger for funds and an
extract from the register of securities displaying all the receipts/deliveries of funds and securities. The
290
statement shall also explain the retention of funds and securities and the details of the pledged
shares, if any.
c) On the date of settlement, the stock broker may retain the requisite securities/funds towards outstanding
obligations and may also retain the funds expected to be required to meet derivatives margin obligations
for next 5 trading days, calculated in the manner specified by the exchanges. In respect of cash market
transactions, the stock broker may retain entire pay-in obligation of funds and securities due from clients
as on date of settlement and for next day’s business, he may retain funds/securities/margin to the extent
of value of transactions executed on the day of such settlement in cash market.
d) You need to bring any dispute arising from the statement of account or settlement so made to the notice
of the stock broker in writing preferably within 7 (seven) working days from the date of receipt of
funds/securities or statement, as the case may be. In case of dispute, refer the matter in writing to the
Investors Grievance Cell of the relevant Stock exchanges without delay.
14. In case you have not opted for maintaining running account and pay-out of funds/securities is not received
on the next working day of the receipt of payout from the exchanges, please refer the matter to the stock
broker. In case there is dispute, ensure that you lodge a complaint in writing immediately with the Investors
Grievance Cell of the relevant Stock exchange.
15. Please register your mobile number and email id with the stock broker, to receive trade confirmation alerts/
details of the transactions through SMS or email, by the end of the trading day, from the stock exchanges.
IN CASE OF TERMINATION OF TRADING MEMBERSHIP
16. In case, a stock broker surrenders his membership, is expelled from membership or declared a
defaulter; Stock exchanges gives a public notice inviting claims relating to only the "transactions executed
on the trading system" of Stock exchange, from the investors. Ensure that you lodge a claim with the relevant
Stock exchanges within the stipulated period and with the supporting documents.
17. Familiarize yourself with the protection accorded to the money and/or securities you may deposit with your
stock broker, particularly in the event of a default or the stock broker’s insolvency or bankruptcy and the
extent to which you may recover such money and/or securities may be governed by the Bye-laws and
Regulations of the relevant Stock exchange
where the trade was executed and the scheme of the Investors’ Protection Fund in force from time to time.
DISPUTES/ COMPLAINTS
18. Please note that the details of the arbitration proceedings, penal action against the brokers and investor
complaints against the stock brokers are displayed on the website of the relevant Stock exchange.
19. In case your issue/problem/grievance is not being sorted out by concerned stock broker/sub-broker then you
may take up the matter with the concerned Stock exchange. If you are not satisfied with the resolution of your
complaint then you can escalate the matter to SEBI.
20. Note that all the stock broker/sub-brokers have been mandated by SEBI to designate an e-mail ID of
the grievance redressal division/compliance officer exclusively for the purpose of registering complaints.
291
Annexure-12
Nomination Form
TM / DP Name and FORM FOR NOMINATION
Address
(To be filled in by individual applying singly or jointly)
D D M M Y Y I N
Date YY UCC/ DP ID Client ID
I/We wish to make a nomination. [As per details given below]
Nomination Details
I/We wish to make a nomination and do hereby nominate the following person(s) who shall receive all the assets held in my / our account in the event of
my / our death.
Details of 1st Nominee Details of 2nd Nominee Details of 3rd Nominee

Nomination can be made upto three
nominees in the account.
1 Name of the nominee(s) (Mr./Ms.)
2 Share of % % %
each Equally
Nominee [If not equally,
please specify
percentage] Any odd lot after division shall be transferred to the first nominee mentioned in the form.
3
Relationship With the Applicant (
If Any)
4 Address of Nominee(s)
City / Place:
State & Country:
PIN Code
5
Mobile / Telephone No. of
nominee(s) #
6 Email ID of nominee(s) #
7 Nominee Identification details #

[Please tick any one of following
and provide details of same]
󠄀 Photograph & Signature 󠄀󠄀 PAN

󠄀 Aadhaar 󠄀󠄀 Saving Bank account
no. 󠄀 󠄀󠄀 Proof of Identity 󠄀󠄀
Demat Account ID
Sr. Nos. 8-14 should be filled only if nominee(s) is a minor:
8
Date of Birth {in case of minor
nominee(s)}
292
9
Name of Guardian (Mr./Ms.) {in
case of minor nominee(s) }
10 Address of Guardian(s)
City / Place:
State & Country:
PIN Code
11
Mobile / Telephone no. of
Guardian #
12 Email ID of Guardian #
13
Relationship of Guardian with
nominee
14 Guardian Identification details#

[Please tick any one of following
and provide details of same]
󠄀 Photograph & Signature

󠄀 PAN 󠄀 󠄀󠄀 Aadhaar Saving Bank
account no. 󠄀󠄀 Proof of Identity󠄀 󠄀
󠄀 󠄀Demat Account ID
Name(s) of hollder(s) Signature(s) of holder*
Sole / First Holder (Mr./Ms.)
Second Holder (Mr./Ms.)
Third Holder (Mr./Ms.)
* Signature of witness, along with name and address are required, if the account holder affixes thumb impression, instead of signature
# Optional Fields (Information required at Serial nos. 5, 6, 7, 11, 12 & 14 is not mandatory)
Note:
This nomination shall supersede any prior nomination made by the account holder(s), if any.
The Trading Member / Depository Participant shall provide acknowledgement of the nomination form to the account holder(s)
Name and Signature of Holder(s)*

1.___________________________________2.__________________________________________3___________________________________
* Signature of witness, along with name and address are required, if the account holder affixes thumb impression, instead of
signature
293
Annexure-13
Declaration Form for opting out of nomination
To Date D D M M Y Y Y Y
Trading Member/Participant’s Name
Trading Member/Participant’s Address
UCC/DP ID I N
Client ID (only for Demat account)
Sole/First Holder Name
Second Holder Name
Third Holder Name
I / We hereby confirm that I / We do not wish to appoint any nominee(s) in my / our trading / demat
account and understand the issues involved in non-appointment of nominee(s) and further are
aware that in case of death of all the account holder(s), my / our legal heirs would need to submit all
the requisite documents / information for claiming of assets held in my / our trading / demat
account, which may also include documents issued by Court or other such competent authority,
based on the value of assets held in the trading / demat account.
Name and Signature of Holder(s)*
1.___________________________________2.__________________________________________3___________________________________
* Signature of witness, along with name and address are required, if the account holder affixes thumb impression, instead of
signature
294
Annexure-14
Demat Debit and Pledge Instruction
S.No. Purpose Signature of Client *
1. Transfer of securities held in the beneficial

owner accounts of the client towards Stock
Exchange related deliveries / settlement
obligations arising out of trades executed by
clients on the Stock Exchange through the
same stock broker
2. Pledging / re-pledging of securities in favour

of trading member (TM) / clearing member
(CM) for the purpose of meeting margin
requirements of the clients in connection with
the trades executed by the clients on the
Stock Exchange.
3. Mutual Fund transactions being executed on

Stock Exchange order entry platforms
4. Tendering shares in open offers through

Stock Exchange platforms
* the same may be signed physically against each purpose of DDPI. The same may also
be eSigned. In case of eSign, client shall be given an option for choosing the specific
purpose(s) of DDPI.
295
Annexure-15
Format of the Daily Reporting by the members to the Exchange on the

amount financed by them under the Margin Trading Facility
Name of the member

Clearing No.
Name Category of Holding PAN Name of Stock Quantity Amount

of (Promoter/Promoter Stock or Exchange Financed Financed
Client Group or Non Equity (Number (INR in
Promoter ETF of shares lakhs)
(Collateral or Units
or Funded of Equity
Stock) ETFs)
S. Particulars (INR in Lakhs)

No.
1 Total outstanding on the beginning of the day
2 Add: Fresh exposure taken during the day
3 Less: Exposure liquidated during the day
4 Net outstanding at the end of the day
Source of Funds
1 Out of net worth

2 Out of borrowed funds
3 If borrowed, name of lenders and amount
borrowed to be specified separately
Note: Disclosure is required to be made on or before 12 noon on the following

trading day.
296
Annexure-16 : Allocation of collateral
Illustration 1: Consider a self-clearing member (SCM) who has received the

following cash collateral from its clients:
Client Cash Received (Rs)
Client-1 2 crore
Client-2 3 crore
Client-3 1 crore
Client-4 1 crore
Total 7 crore
The member places Rs 6 crore with the CC – Rs 4 crore out of client funds and Rs
2 crore out of proprietary funds. Rs 3 crore worth of client collateral is maintained
in the specified client bank account of the member. Few illustrations of allocations
and whether permitted or not are provided below:
Sl Allocation Comments
.
Prop 2 Cr
Client-1 1 Cr Permitted, since total Rs 4 cr is allocated among
1 Client-2 1 Cr clients and allocations to individual clients do not
Client-3 1 Cr exceed the respective collateral provided by them.
Client-4 1 Cr
Prop 2 Cr Permitted, since total Rs 4 cr is allocated among
2 Client-1 2 Cr clients and allocations to individual clients do not
Client-2 2 Cr exceed the respective collateral provided by them.
Prop 2 Cr
Permitted, since total Rs 4 cr is allocated among
Client-2 3 Cr
3 clients and allocations to individual clients do not
Client-3 0.5 Cr
exceed the respective collateral provided by them.
Client-4 0.5 Cr
Prop 3 Cr Not permitted, client collateral allocated as
Client-1 2 Cr proprietary. Total collateral received from clients
4
Client-3 1 Cr does not equal amount with the member plus
amount allocated.
Prop 2 Cr
Not permitted, allocation to Client-3 is in excess
5 Client-2 2 Cr
from the collateral received from the client.
Client-3 2 Cr
Client-1 2 Cr
Permitted, proprietary collateral can be allocated
6 Client-2 3 Cr
as client collateral provided the allocated amount
Client-3 0.5 Cr
297
Client-4 0.5 Cr does not exceed the actual collateral received from
the client.
Client-1 4 Cr Not permitted, although proprietary collateral can
Client-3 1 Cr be allocated as client collateral, such collateral
7
Client-4 1 Cr cannot exceed the actual collateral received from
the client
Illustration 2:
Suppose a SCM receives the following collateral from clients:
Client Collateral Type Value (Rs)

Client-1 Cash 1 crore
Client-2 Approved securities 2 crore
Client-2 Non-approved securities 2 crore
The member re-pledges the approved securities to the CC. The non-approved
securities cannot be provided to the CC. The member provides Rs 1 crore cash
collateral of Client1 and Rs 5 crore proprietary cash collateral to the CC. The
member may allocate the collateral as follows:
Client Value (Rs)

Client-1 1 crore
Proprietary 5 crore
Thus, only the collateral provided to the CC (excluding securities provided through
the margin pledge mechanism) shall be allocated. To clarify, Client-2 would still
get the benefit of eligible securities collateral re-pledged to CC, however the value
for the same shall be assigned by the CC to the account of Client-2, and therefore
no collateral allocation shall be done by the member. The non-approved securities
collateral would be retained by the member.
If the Client-2 wishes to trade in such a manner that the margin would exceed Rs
2 crore, the member may allocate the proprietary collateral to the client, as follows:
Client Value (Rs)

Client-1 1 crore
Client-2 2 crore
Proprietary 3 crore
298
Annexure-17: Treatment of unfunded portion of BG
Consider an example of a SCM with two clients. Suppose the SCM receives the
following cash collateral from each of the clients:
Client Cash
Received (Rs)
Client-1 1 crore
Client-2 1 crore
Suppose the SCM provides the cash received to a bank and obtains a Bank
Guarantee of Rs. 4 crore and provides it to CC. Then, the CM shall allocate the
BG as follows:
Entity BG Allocation
(Rs)
Client-1 1 crore
Client-2 1 crore
SCM – 2 crore
Proprietary
299
Annexure-18: Monitoring of the minimum 50% cash-equivalent collateral
requirement
Consider the following example of collateral provided by various entities under a

CM.
Cash- Non-cash Excess Excess
Entity equivalent (B) cash-eq. noncash
(A) If(A>B,A-B,0) If(B>A,B-A,0)
CM Prop 100 40 60 0
TM-1 Prop 0 0 0 0
TM-1 Cli-1 200 250 0 50
TM-1 Cli-2 70 10 60 0
TM-1 Cli-3 70 100 0 30
TM-2 Prop 300 200 100 0
TM-2 Cli-4 70 90 0 20
TM-2 Cli-5 50 100 0 50
Considering TM-1, the excess cash-equivalent collateral of TM-1 Cli-2 cannot be

used to offset the excess non-cash collateral of TM-1 Cli-1 and TM-1 Cli-3.
Therefore, there will be excess non-cash collateral to the extent of 80 (50 for Cli-1
and 30 for Cli-3) under TM1.
Considering TM-2, the excess proprietary cash-equivalent collateral of TM-2 can

be used to offset the excess non-cash collateral of TM-2 Cli-4 and TM-2 Cli-5.
Therefore, there will be no excess noncash collateral under TM-2.
Summary of excess cash-equivalent and excess non-cash collateral under CM

prop, TM1 and TM-2 would be as under:
Entity Excess Cash-eq Excess noncash

CM Prop 60 -
TM-1 - 80
TM-2 30 -
The excess cash-equivalent collateral of TM-2 cannot be used to offset the excess
noncash collateral of TM-1. However, the excess cash-equivalent collateral of CM
Prop can be used to offset excess non-cash collateral of TM-1. Therefore, the
overall excess noncash collateral will be 20, for TM-1.
Entity Excess
noncash
TM-1 20
The benefit of this excess non-cash collateral (20) will not be available under TM-
1. The entities who will get benefit would be identified through a suitable
300
mechanism by the CCs. In this example, suppose the CC applies FIFO rule and it
is assumed that Cli-1 has pledged the non-cash collateral before Cli-3. Therefore,
the Cli-1 will receive benefit for its entire collateral (so the effective value of
collateral of Cli-1 will be 200+250=450). On the other hand, Cli-3 will not receive
benefit of non-cash collateral to the extent of 20 (so the effective value of collateral
of Cli-3 will be 70+80 = 150).
301
Annexure-19: Blocking of Margins
Suppose the total collateral (allocated collateral plus securities collateral placed
through margin pledge/ re-pledge to CC) available against various entities are as
given below.
Entity Collateral (Rs)
CMTM Prop 1000
TM-1 Prop 500
TM-1 Cli-1 300
TM-1 Cli-2 300
•Trade-1: TM-1 Cli-2 trades with margin requirement of Rs 100. Blocking of margin
shall be as follows:
Collateral Blocking
Entity
(Rs) (Rs)
CMTM Prop 1000 0
TM-1 Prop 500 0
TM-1 Cli-1 300 0
TM-1 Cli-2 300 100
•Trade-2: TM-1 Cli-1 trades with margin requirement of Rs 600. Blocking of margin
shall be as follows:
Entity Collateral Blocking

(Rs) (Rs)
CMTM Prop 1000 0
TM-1 Prop 500 300
TM-1 Cli-1 300 300
TM-1 Cli-2 300 100
•Trade-3: TM-1 Cli-2 trades with revised margin requirement for Cli-2 of Rs 600.
Blocking of margin shall be as follows:
Collateral Blocking
Entity
(Rs) (Rs)
CMTM Prop 1000 100
TM-1 Prop 500 500
TM-1 Cli-1 300 300
TM-1 Cli-2 300 300
302
•Trade-4: TM-1 Cli-2 trades with revised margin requirement for Cli-2 of Rs 900.
Blocking of margin shall be as follows:
Collateral Blocking
Entity
(Rs) (Rs)
CMTM Prop 1000 400
TM-1 Prop 500 500
TM-1 Cli-1 300 300
TM-1 Cli-2 300 300
In the above examples, the collateral of Rs 500 blocked from the TM1-Prop, and
the collateral of Rs 400 blocked from CMTM Prop, shall be deemed to be allocated
to TM-1 Cli-1 and TM-1 Cli-2. The deemed allocation would be as follows:
Margin Blocked from Deemed Deemed allocation

(Rs) client allocation from
Client
collateral (Rs) from TM-1 CMTM Prop to TM-1
Prop (Rs) Prop (Rs)
TM-1 Cli-1 600 300 300
400
TM-1 Cli-2 900 300 600
To clarify, the deemed allocation from CMTM Prop to TM-1 Prop is Rs 400,
therefore the total TM-1 Prop collateral (including deemed allocated) would be Rs
900 (Rs 500 + Rs 400). Out of this, the excess client margin would be considered
to be deemed allocated to the respective client.
303
Annexure-20: Monitoring of risk reduction mode
Suppose the total collateral (allocated collateral plus securities collateral placed
through margin pledge/ re-pledge to CC) available against various entities, along
with their margin obligations, are as given below.
Collateral Margin CliMrgn>90%

CM TM Client (Rs) (Rs) (Rs)
CM-1 - Prop 1200 800 -
CM-1 TM-1 Prop 500 400 -
CM-1 TM-1 Client-1 800 780 60
CM-1 TM-1 Client-2 500 450 0
CM-1 TM-1 Client-3 400 380 20
CM-1 TM-2 Prop 500 200 -
CM-1 TM-2 Client-4 1000 920 20
CM-1 TM-2 Client-5 1000 880 0
TM level monitoring
In the above table, “CliMrgn>90%”, or client margin in excess of 90%, has been
calculated as margin for the client less 90% of the client collateral. Risk reduction
mode monitoring for TM shall be based on assessment of [TM Prop Margin +
CliMrgn>90%] against the [TM Prop collateral]. Accordingly, margin utilization
percentage of TM1 and TM2 would be as under:
• Margin utilization percentage of TM1 = [400 + (60 + 0 + 20)] /500 = 96%
• Margin utilization percentage of TM2 = [200 + (20 + 0)] /500 = 44%
In other words, for TM1, margin of Rs 30 is in excess of 90% of its prop collateral,
while there is no excess margin for TM2 against its prop collateral. The same has
been tabulated below:
Total 90% of TM
CliMrgn>90% Prop prop
(Rs) Margin collateral TMMrgn>90%
TM (Rs) (Rs) (Rs)
TM-1 80 400 450 30
TM-2 20 200 450 0
CM level monitoring
304
In the above table, “TMMrgn>90%”, or TM Margin in excess of 90%, has been
calculated as [CliMrgn>90% + TM Prop margin] in excess of 90% of TM prop
collateral. Risk reduction mode monitoring for CM shall be based on assessment
of [CM Prop Margin + TMMrgn>90%] against the [CM Prop Collateral].
Accordingly, margin utilization percentage of CM1 would be as under:
• Margin utilization percentage of CM1 = [800 + (30 + 0)]/1200 = 69.1%
305
Annexure-21: Change of Allocation
Suppose a SCM has following collateral:
Entity Cash (Rs)

SCM Prop 200
Cli-1 200
Cli-2 200
Out of the total available cash of Rs 600, suppose the SCM has provided an FDR
of Rs 400 to the CC (with Rs 200 cash remaining with the member). Suppose, the
FDR provided to the CC is allocated by the SCM as follows. Here, the SCM has
chosen not to allocate any collateral to Cli-2 in the total collateral placed with the
CC:
Entity Collateral allocated (Rs)
SCM Prop 200
Cli-1 200
Suppose the margin requirement is as follows:

Entity Collateral (Rs) Margin blocked (Rs)
CM Prop 200 160
Cli-1 200 150
Change in allocation: Example 1

The member shall be permitted to change the allocation as follows (i.e. the
member chooses to consider the cash retained with it to be as Rs 50 belonging
to Cli-1 and Rs 150 belonging to Cli-2):

CM Prop 200
Cli-1 150
Cli-2 50
Change in allocation: Example 2

The member shall not be permitted to change the allocation as follows (i.e. the
member chooses to consider the cash retained with it to be as Rs 100 belonging
to each client):
CM Prop 200
Cli-1 100
Cli-2 100
This allocation shall not be permitted since Cli-1 has a margin requirement of Rs
150.
306
Annexure-22: Procedures to be followed in Stage-2 and Stage-3
Consider an example of a SCM defaulting in the derivatives segment. An

illustration of the cash settlement obligations of prop/clients and attribution of
shortage is provided below (the available collateral shown against different entities
comprises of both allocated collateral (including deemed allocated) and value of
demat securities collateral provided through margin pledge/re-pledge to the level
of CC):
Entity (Pay-in)/ Pay- Collateral Position Remaining

out (Rs) (Rs) closeout loss Collateral
(Rs) (Rs)
Prop (3 crore) 10 crore 4 crore 6 crore
Client-1 (3 crore) 10 crore 3 crore 7 crore
Client-2 (3 crore) 15 crore 4 crore 11 crore
Client-3 2 crore 15 crore 2 crore 13 crore
Client-4 2 crore 3 crore 1 crore 2 crore
Net Pay-in 5 crore
Shortfall 5 crore
Scenario 1: All pay-out clients establish not being in default
1.Suppose Client-3 and Client-4 establish within the pre-specified time period that
they are not in default, do not have debit balance/dues towards the member and
have not received the pay-out due.
2.The remaining collateral of Client-3 and Client-4 (Rs 13 crore and Rs 2 crore
respectively), along with the pay-out for the clients (Rs 2 crore each), shall be
provided to the clients.
3.The settlement shortfall would now be Rs 9 crore (Rs 5 crore shortfall in net
payin, plus Rs 4 crore of pay-out made to Client-3 and Client-4).
4.The settlement shortfall of Rs 9 crore shall be first adjusted with the SCM
proprietary pay-in obligation of Rs 3 crore. Excess remaining proprietary collateral
of SCM (Rs 3 crore) shall also be used towards the settlement shortfall.
5.Remaining settlement shortfall of Rs 3 crore shall be attributed pro-rata to clients

having pay-in, i.e., settlement shortfall of Rs 1.5 crore each shall be attributed to
Client-1 and Client-2 and appropriated from their collateral.
Scenario 2: One pay-out client establishes not being in default
1.Suppose Client-3 establishes within the pre-specified time period of not being in
307
default, not having debit balance/dues towards the member and not having
received the pay-out due.
2.The remaining collateral of Client-3 (Rs 13 crore), along with the pay-out (Rs 2
crore), shall be provided to the Client-3.
payin, plus Rs 2 crore of pay-out made to Client-3).
5.Remaining settlement shortfall of Rs 1 crore shall be attributed pro-rata to clients

having pay-in, i.e., settlement shortfall of Rs 0.5 crore each shall be attributed to
Client-1 and Client-2 and appropriated from their collateral.
Scenario 3: One pay-out client and one pay-in client establish not being in default
1.Suppose Client-1 and Client-3 establish within the pre-specified time period of
not being in default, not having debit balance/dues towards the member and not
having received the pay-out due, where applicable.
2.The remaining collateral of Client-1 and Client-3 (Rs 7 crore and Rs 13 crore
respectively) shall be provided to them. The pay-out due to Client-3 (Rs 2 crore)
shall also be provided to Client-3.
payin, plus Rs 2 crore of pay-out made to Client-3).
5.Remaining settlement shortfall of Rs 1 crore shall be attributed to Client-2 (since

it is established that Client-1 is not in default, no shortage shall be attributed to
Client-1).
308
Annexure-23: Procedures to be followed in Stage-4
Illustration 1:
Suppose an SCM had no proprietary positions, and the net pay-in obligations were
based on five clients. There was a pay-in shortfall of Rs 300, against the net pay-
in of Rs 600. Suppose none of the clients could establish within the pre-specified
time period of not being in default, not having debit balance/dues towards the
member and not having received the pay-out due. Assume there is no position
close-out loss. The pay-in shortfall of Rs 300 would be attributed during the Stage
3 on a pro-rata basis from the clients having pay-in obligations. This would be
utilized from their available collateral (the available collateral shown against
different entities comprises of both allocated collateral (including deemed
allocated) and value of securities collateral provided through margin pledge/re-
pledge to the level of CC).
Entity (PI) / PO Collateral Utilized Remaining

(Rs) (Rs) Collateral (Rs) Collateral (Rs)
Client-1 150 200 0 200
Client-2 150 100 0 100
Client-3 -300 300 100 200
Client-4 -300 300 100 200
Client-5 -300 300 100 200
Suppose the actual client defaults and position of payables/receivables are

identified as follows:
Entity Findings Claim

Did not receive 150 Pay-out of 150
Client-1
payout Return of collateral of 200
Did not receive 150 Pay-out of 150
Client-2
payout Return of collateral of 100
Client-3 Did not make any pay-in -
Client-4 Did not make any pay-in -
Client-5 Had made a pay-in of 300 Return of collateral of 300
Accordingly, the remaining collateral of defaulting clients shall be utilized to fulfil

the claims of non-defaulting clients. The additional realization and claim settlement
is tabulated below:
Entity Additional utilization Claim Settled

of collateral
309
Client-1 - Pay-out of 150
Return of collateral of 200
Client-2 - Pay-out of 150
Return of collateral of 100
Client-3 Additional collateral of -
200 utilized
Client-4 Additional collateral of -
200 utilized
Client-5 - Return of collateral of 100 (from
realized) Return of collateral of 200
(from remaining)
In the event of the remaining collateral of Client-3 and Client-4 not being sufficient
(say, due to excess losses in liquidation of positions), the default waterfall of the
CC shall be applied for such losses.
Illustration 2:
The following illustration demonstrates the limit on maximum admissible claim

against the collateral at the CC by the TM/clients/CP of the defaulting CM. The CC
shall recognize the claim of the clients up to the collateral allocated by the CM,
plus the value of securities re-pledged till the level of the CC, plus the collateral
deemed to be allocated based on the margin requirement of the client. Some
examples are tabulated below:
Entity Collateral Margin Collateral Value of Collateral Maximum

provided allocated Securities deemed Admissible
to by Re- allocated claim
member member pledged (due to against
at CC to CC margins) collateral
at CC
Client- 1000 800 700 300 0 1000
1
Client- 1000 0 400 600 0 1000
2
Client- 1000 0 400 400 0 800
3
Client- 1000 800 0 0 800 800
4
Client- 1000 0 0 0 0 0
5
Client- 0 200 100 0 100 0
6
310
In the last example (Client-6), the CM shall not be permitted to allocate collateral
or permit client to trade beyond the available collateral. In case of such violations,
the claim shall not be admissible, and the collateral (allocated and/or deemed so)
shall be treated as proprietary collateral of the CM.
311
Annexure-24
Incident Reporting Form
1. Letter / Report Subject -

Name of the Member / Depository
Participant -
Name of the Stock Exchange /
Depository -
Member ID / DP ID -
2. Reporting Periodicity
Year-
 Quarter 1 (Apr-Jun)  Quarter 3 (Oct-Dec)
 Quarter 2 (Jul-Sep)  Quarter 4 (Jan-Mar)
3. Designated Officer (Reporting Officer details) -
Name: Organization Title:
:
Phone / Fax No: Mobile: Email:
Address:
Cyber-attack / breach observed in Quarter:

( If yes, please fill Annexure -24A)
( If no, please submit the NIL report)
Date &
Brief information on the Cyber-attack / breached observed
Time
Annexure -24A
1. Physical location of affected computer / network and name of ISP -
312
2. Date and time incident occurred -
Date: Time:
3. Information of affected system -

IP Address: Computer/ Operating Last Hardware
Host System (incl. Patched/ Vendor/
Name: Ver. / release Updated: Model:
No.):
4. Type of incident -
 Phishing  Spam  Website

 Network  Bot/Botnet Intrusion
scanning  Email Spoofing  Social
/Probing Break-  Denial of Service(DoS) Engineering
in/Root  Distributed Denial of  Technical
Compromise Service(DDoS) Vulnerability
 Virus/Malicious  User Account  IP Spoofing
Code Compromise  Ransomware
 Website  Other
Defacement
 System Misuse
5. Description of incident -
6. Unusual behavior/symptoms (Tick the symptoms) -
313
 System crashes  Anomalies
 New user accounts/ Accounting  Suspicious probes
discrepancies  Suspicious browsing New
 Failed or successful social files
engineering attempts  Changes in file lengths or
 Unexplained, poor system dates
performance  Attempts to write to
 Unaccounted for changes in the DNS system
tables, router rules, or firewall rules  Data modification or
 Unexplained elevation or use of deletion
privileges Operation of a program or  Denial of service
sniffer device to capture network  Door knob rattling
traffic;  Unusual time of usage
 An indicated last time of usage of a  Unusual usage patterns
user account that does not  Unusual log file entries
correspond to the actual last time of  Presence of new setuid or
usage for that user setgid files Changes in
 A system alarm or similar indication system directories and
from an intrusion detection tool files
 Altered home pages, which are  Presence of cracking
usually the intentional target for utilities
visibility, or other pages on the Web  Activity during non-
server working hours or holidays
 Other (Please specify)
7. Details of unusual behavior/symptoms -
8. Has this problem been experienced earlier? If yes, details -
9. Agencies notified -
Law Private Affected Product Other
Enforcement Agency Vendor
10. IP Address of apparent or suspected source -
314
Source IP address: Other information available:
11. How many host(s) are affected -
1 to 10 10 to 100 More than 100
12. Details of actions taken for mitigation and any preventive measure applied -
315
Annexure-25
Form to report on AI and ML technologies – To be submitted quarterly
Intimation to Stock Exchange / Depository for the use of the AI and ML

application and systems.
SNo. Head Value

1 Entity SEBI registration number
2 Registered entity category
3 Entity name
4 Entity PAN no.
5 Application / System name
6 Date from when the Application / System
was used
7 Type of area where AI or ML is used <order execution / Advisory
services /
KYC / AML / Surveillance /
compliance/others (please
specify in 256 characters)>
7.a Does the system involve order initiation, <Yes / NO>
routing and execution?
7.b Does the system fall under discretionary <Yes / NO>
investment or Portfolio management
activities?
7.c Does the system disseminate investment <Yes / NO>
or trading advice or strategies?
7.d Is the application/system used in area of <Yes / NO>
Cyber
Security to detect attacks
7.e What claims have been made regarding AI <free text field>
and ML Application / System – if any?
8 What is the name of the Tool / Technology <free text field>
that is categorized as AI and ML system /
Application and submissions are declared
vide this response
9 How was the AI or ML project implemented <Internally / through solution
provider / Jointly with a solution
provider or third party>
316
10 Are the key controls and control points in <free text field>
your AI or ML application or systems in
accordance to circular of SEBI that
mandate cyber security control
requirements
11 Is the AI / ML system included in the <Yes / NO / NA>
system audit, if applicable?
12 Describe the application / system and how <free text field>
it uses AI / ML as portrayed in the product
offering
13 What safeguards are in place to prevent <free text field>
abnormal behavior of the AI or ML
application / System
317
Annexure 26 – Systems deemed to be based on AI and ML technology
Applications and Systems belonging but not limited to following categories or a combination of
these:
1. Natural Language Processing (NLP), sentiment analysis or text mining systems that gather
intelligence from unstructured data. – In this case, Voice to text, text to intelligence systems
in any natural language will be considered in scope. Eg: robo chat bots, big data intelligence
gathering systems.
2. Neural Networks or a modified form of it. – In this case, any systems that uses a number of
nodes (physical or software simulated nodes) mimicking natural neural networks of any scale,
so as to carry out learning from previous firing of the nodes will be considered in scope. Eg:
Recurrent Neural networks and Deep learning Neural Networks
3. Machine learning through supervised, unsupervised learning or a combination of both. – In

this case, any application or systems that carry out knowledge representation to form a
knowledge base of domain, by learning and creating its outputs with real world input data and
deciding future outputs based upon the knowledge base. Eg: System based on Decision tree,
random forest, K mean, Markov decision process, Gradient boosting Algorithms.
4. A system that uses statistical heuristics method instead of procedural algorithms or the system
/ application applies clustering or categorization algorithms to categorize data without a
predefined set of categories
5. A system that uses a feedback mechanism to improve its parameters and bases it subsequent
execution steps on these parameters.
6. A system that does knowledge representation and maintains a knowledge base.
318
Annexure 27 – Consolidated Quarterly Reporting Form
Consolidated Quarterly report to SEBI of all registered intermediaries with Stock

Exchange using AI and ML application and systems for the Quarter Ended DD/MM/YYYY
To be filled if System Audit is applicable
If system audit report If system audit report is

is submitted by entity submitted with adverse
later than remarks and Stock
“date used from” Exchange is entitled to
inspect the entity
Entit Type of
y area Does Is there Was the entity If
Application
regist Entity Date where AI system any inspected in past inspec
Entity /
rati PAN used or ML is audit adverse 1 year ted
name Syste commen was
on no. from used report
m name t in the any
num comply to
ber System irregul
Master audit arity
Circular report noted
dated May
17, 2023
<order <Yes / <Yes / <Yes / NO> <Yes /

execution / NO/> NO/> NO>
Advisory
services /
KYC /
AML /
Surveilla
nce /
complian
ce/others
(please
specify in
256
character
s)>
319
Annexure-28
320
321
Annexure-29
Root Cause Analysis Form/ RCA
1. Letter / Report Subject :-
Name of the stock Broker:
Exchange Name and Code:
SEBI Registration number:
2. Designated Officer and/or Reporting Officer details
Name: E-mail:
Mobile:
Date:
3. Date & Time of Incident & Duration of the

Incident
Time:
Duration:
322
4. Incident Description & chronology of
events (please use additional sheets if
Brief information on the incident
required)
observed
5. Business Impact
6. Immediate action taken (please give full

details) (Please use additional sheets if
required)
Date:
7. Date & Time of Recovery
Time:
8. Root Cause Summary (Pl attach the

detailed Report separately)
9. Details of corrective measures taken
10. Details of long-term preventive

measures taken (please give full details)
(please use additional sheets if required)
323
Annexure-30
In view of the increasing cybersecurity threat to the securities market, SEBI Regulated
Entities (REs) are advised to implement the following practices as recommended by
CSIRT-Fin:
1. Roles and Responsibilities of Chief Information Security Officer (CISO)/

Designated Officer:
REs are advised to define roles and responsibilities of Chief Information Security
Officer (CISO) and other senior personnel. Reporting and compliance requirements
shall be clearly specified in the security policy.
2. Measures against Phishing attacks/ websites:

i. The REs need to proactively monitor the cyberspace to identify phishing websites
w.r.t. to REs domain and report the same to CSIRT-Fin/CERT-In for taking
appropriate action.
ii. Majority of the infections are primarily introduced via phishing emails, malicious
adverts on websites, and third-party apps and programs. Hence, thoughtfully
designed security awareness campaigns that stress the avoidance of clicking on
links and attachments in email, can establish an essential pillar of defense.
Additionally, the advisories issued by CERT-In/ CSIRT-Fin may be referred for
assistance in conducting exercises for public awareness.
3. Patch Management and Vulnerability Assessment and Penetration Testing
(VAPT):
i. All operating systems and applications should be updated with the latest patches
on a regular basis. As an interim measure for zero-day vulnerabilities and where
patches are not available, virtual patching can be considered for protecting
systems and networks. This measure hinders cybercriminals from gaining
access to any system through vulnerabilities in end-of-support and end-of-
life applications and software. Patches should be sourced only from the
authorized sites of the OEM.
ii. Security audit / Vulnerability Assessment and Penetration Testing (VAPT) of the
application should be conducted at regular basis and in accordance with
the Cyber Security and Cyber Resilience circulars of SEBI issued from time to
time. The observation/ gaps of VAPT/Security Audit should be resolved as
per the timelines prescribed by SEBI.
4. Measures for Data Protection and Data breach:
i. REs are advised to prepare detailed incident response plan.
ii. Enforce effective data protection, backup, and recovery measures.
iii. Encryption of the data at rest should be implemented to prevent the attacker from
accessing the unencrypted data.
iv. Identify and classify sensitive and Personally Identifiable Information (PII) data
and apply measures for encrypting such data in transit and at rest.
v. Deploy data leakage prevention (DLP) solutions / processes.
324
5. Log retention:
Strong log retention policy should be implemented as per extant SEBI regulations
and required by CERT-In and IT Act 2000. REs are advised to audit that all logsare
being collected. Monitoring of all logs of events and incidents to identify
unusual patterns and behaviours should be done.
6. Password Policy/ Authentication Mechanisms:
i. Strong password policy should be implemented. The policy should include
a clause of periodic review of accounts of ex-employees Passwords should not
be reused across multiple accounts or list of passwords should not be stored on
the system.
ii. Enable multi factor authentication (MFA) for all users that connect using
online/internet facility and also particularly for virtual private networks, webmail
and accounts that access critical systems.
iii. Maker and Checker framework should be implemented in strict manner and MFA
should be enabled for all user accounts, especially for user accounts accessing
critical applications.
7. Privilege Management:
i. Maker-Checker framework should be implemented for modifying the user's right
in internal applications.
ii. For mitigating the insider threat problem, 'least privilege' approach to provide
security for both on-and off-premises resources (i.e., zero-trust models) should
be implemented. Zero Trust is rooted in the principle of "trust nothing,
verify everything." This security model requires strict identity verification for each
and every resource and device attempting to get access to any information
on a private network, regardless of where they are situated, within or outside
of a network perimeter.
8. Cybersecurity Controls:
i. Deploy web and email filters on the network. Configure these devices to scan for
known bad domains, sources, and addresses, block these before receiving and
downloading messages. Scan all emails, attachments, and downloads both on
the host and at the mail gateway with a reputable antivirus solution.
ii. Block the malicious domains/IPs after diligently verifying them without impacting
the operations. CSIRT-Fin/CERT-In advisories which are published periodically
should be referred for latest malicious domains/IPs, C&C DNS and links.
iii. Restrict execution of "powershell" and "wscript" in enterprise environment, if not
required. Ensure installation and use of the latest version of PowerShell,
with enhanced logging enabled, script block logging and transcription enabled.
Send the associated logs to a centralized log repository for monitoring and
analysis.
iv. Utilize host based firewall to prevent Remote Procedure Call (RPC) and Server
Message Block (SMB) communication among endpoints whenever possible.
This limits lateral movement as well as other attack activities.
v. Practice of whitelisting of ports based on business usage at Firewall level should
be implemented rather than blacklisting of certain ports. Traffic on all other ports
which have not been whitelisted should be blocked by default.
325
9. Security of Cloud Services:
i. Check public accessibility of all cloud instances in use. Make sure that no
server/bucket is inadvertently leaking data due to inappropriate configurations.
ii. Ensure proper security of cloud access tokens. The tokens should not be
exposed publicly in website source code, any configuration files etc.
iii. Implement appropriate security measures for testing, staging and backup
environments hosted on cloud. Ensure that production environment is kept
properly segregated from these. Disable/remove older or testing environments if
their usage is no longer required.
iv. Consider employing hybrid data security tools that focus on operating in a shared
responsibility model for cloud-based environments.
10. Implementation of CERT-In/ CSIRT-Fin Advisories:
The advisories issued by CERT-In should be implemented in letter and spirit by the
regulated entities. Additionally, the advisories should be implemented promptly as
and when received.
11. Concentration Risk on Outsourced Agencies:
i. It has been observed that single third party vendors are providing services
to multiple REs, which creates concentration risk. Here, such third parties though
being small non-financial organizations, if any cyber-attack, happens at such
organizations, the same could have systemic implication due to high
concentration risk.
ii. Thus, there is a need for identification of such organizations and prescribing
specific cyber security controls, including audit of their systems and protocols
from independent auditors, to mitigate such concentration risk.
iii. Further, REs also need to take into account this concentration risk while
outsourcing multiple critical services to the same vendor.
12. Audit and ISO Certification:
i. SEBI’s instructions on external audit of REs by independent auditors empaneled
by CERT-In should be complied with in letter and spirit.
ii. The REs are also advised to go for ISO certification as the same provides
a reasonable assurance on the preparedness of the RE with respect
to cybersecurity.
iii. Due diligence with respect to audit process and tools used for such audit needs
to be undertaken to ensure competence and effectiveness of audits
326
Annexure-31
Framework for Adoption of Cloud Services by SEBI Regulated Entities (REs)
47. Executive Summary
Cloud computing is a model for enabling ubiquitous, convenient, on-demand network

access to a shared pool of configurable computing resources (e.g., networks, servers,
storage, applications, and services) that can be rapidly provisioned and released with
minimal management effort or service provider interaction – NIST Definition.
Cloud computing has common characteristics like on-demand self-service, broad

network access, resource pooling, rapid elasticity and measured service. Due to these
characteristics, cloud computing has advantages like reduced IT costs, scalability,
business continuity, accessibility anywhere and with any device, higher performance
and availability, quick application deployment, etc. When contemplating cloud adoption,
factors including risk identification, control mechanisms, security and operational
standards, vendor lock-in and compliance with the legal, technical and regulatory
requirements must be taken into account.
The framework is based on the study, survey, and consultations done with market
participants, regulators, cloud associations, cloud service providers (CSPs),
government agencies, and SEBI Advisory Committees. The summary of the framework
is as follows:
i. The RE may opt for any model of deployment on the basis of its business needs
and technology risk assessment. However, compliance should be ensured with this
cloud framework as well as other rules/ laws/ regulations/ circulars made by SEBI/
Government of India/ respective state government.
ii. It is to be noted that although the IT services/ functionality may be outsourced (to
a CSP), RE is solely accountable for all aspects related to the cloud services
adopted by it including but not limited to availability of cloud applications,
confidentiality, integrity and security of its data and logs, and ensuring RE’s
compliance with the laws, rules, regulations, circulars, etc. issued by SEBI/
327
Government of India/ respective state government. Accordingly, the RE shall be
responsible and accountable for any violation of the same.
iii. The cloud services shall be taken only from the Ministry of Electronics and
Information Technology (MeitY) empaneled CSPs. The CSP’s data center should
hold a valid STQC (or any other equivalent agency appointed by Government of
India) audit status. For selection of CSPs offering PaaS and SaaS services in India,
RE shall choose only such CSPs which:
1. Utilize the underlying infrastructure of MeitY empaneled CSPs for providing
services to the RE.
2. Host the application/ platform/ services provided to RE as well as store/ process
data of the RE, only within the data centers as empaneled by MeitY and holding
a valid STQC (or any other equivalent agency appointed by Government of
India) audit status.
iv. In a multi-tenant cloud architecture, adequate controls shall be provisioned to
ensure that data (in motion, at rest and in use) shall be isolated and inaccessible
to any other tenant. RE shall assess and ensure that the multi tenancy segregation
controls are placed by CSP, and shall place additional security controls if required.
v. Data shall be encrypted at all lifecycle stages (at rest, in motion and in use), source
or location to ensure the confidentiality, privacy and integrity.
vi. RE shall retain complete ownership of all its data, encryption keys, logs etc. residing
in cloud.
vii. Compliance with legal and regulatory requirements, including the requirements
provided in this framework, has to be ensured by the RE at all times.
viii. The cloud deployments of RE shall be monitored through Security Operations
Centre (SOC) [in-house, third-party SOC or a managed SOC].
ix. The agreement between the RE and CSP shall cover security controls, legal and
regulatory compliances, clear demarcation of roles, and liabilities, appropriate
services and performance standards etc.
328
x. The reporting of compliance (with this framework) shall be done by the REs in their
systems audit, cybersecurity audit and VAPT reports, and it shall be done in the
standardized format notified by SEBI from time to time
The cloud framework provides mandatory requirements to be fulfilled by the RE for

adopting cloud computing to augment the business prospects through scalability,
reduced operational cost, digital transformation and reduced IT infrastructure
complexity.
The cloud framework is a principle-based framework which has nine high-level

principles. The framework highlights the risks associated with cloud adoption and
recommends the necessary mandatory controls. The document also recommends
baseline security measures required to be implemented (by RE and CSP), and RE may
decide to add additional measures as per its business needs, technology risk
assessment, risk appetite, compliance requirements in all the applicable circulars/
guidelines/ advisories issued by SEBI from time to time, etc.
329
Table of Contents
Abbreviations: 331
Definitions 332
1. Governance, Risk and Compliance (GRC): 335
2. Selection of CSPs: 340
3. Data Ownership and Localization: 341
4. Responsibility of the RE (with respect to CSPs): 342
5. Due Diligence by the RE (with respect to CSPs): 343
6. Security Controls: 346
6.1. Security of the Cloud: 346
6.2. Security in the Cloud: 349
6.2.1. Vulnerability Management and Patch Management: ........................... 349
6.2.2. Vulnerability Assessment and Penetration Testing (VAPT): ............... 350
6.2.3. Incident Management and SOC Integration: ....................................... 350
6.2.4. Continuous Monitoring: ....................................................................... 351
6.2.5. Secure User Management: ................................................................. 351
6.2.6. Security of Interfaces: ......................................................................... 351
6.2.6.1. Management interface: ................................................................. 352
6.2.6.2. Internet facing interfaces: ............................................................. 352
6.2.6.3. Interfaces connected between RE’s/relevant organizations (Through

P2P or LAN/MPLS etc.) and CSP: ................................................................ 352
6.2.7. Secure Software Development: .......................................................... 353
6.2.8. Managed Service Provider (MSP) & System Integrator (SI): .............. 353
6.2.9. Encryption and Cryptographic Key Management: ............................... 354
6.2.10. End Point Security: .......................................................................... 355
330
6.2.11. Network Security: ............................................................................ 355
6.2.12. Backup and recovery solution: ......................................................... 355
6.2.13. Skillset: ............................................................................................ 356
6.2.14. Breach Notification:.......................................................................... 356
7. Contractual and Regulatory Obligations: 357
8. Business Continuity Planning (BCP), Disaster Recovery & Cyber Resilience

364
9. Concentration Risk Management 364
10. Recommendations: 365
Appendix-A 370
Appendix-B 371
48. Abbreviations:
Sr. Abbreviation Explanation/Expansion

No.
1 2FA 2 Factor Authentication
2 API Application Programming Interface
3 BCP Business Continuity Planning
4 CISO Chief Information Security Officer
5 CSP Cloud Service Provider
6 DDOS Distributed Denial-of-Service
7 Dev Development Environment
8 DR Disaster Recovery
9 IPS Intrusion Prevention System
10 LAN Local Area Network
11 MeitY Ministry of Electronics and Information Technology
12 MII Market Infrastructure Institution
13 MPLS Multiprotocol Label Switching
331
14 MSP Managed Service Provider
15 NIST National Institute of Standards and Technology
16 P2P Point-to-Point connection
17 PII Personal Identifiable Information
18 RE Regulated Entity
19 SI System Integrator
20 SLA Service Level Agreement
21 SOAR Security Orchestration, Automation and Response
22 SOC Security Operations Center
23 SSL Secure Sockets Layer
24 STQC Standardization Testing and Quality Certification
25 UAT User Acceptance Testing
26 VAPT Vulnerability Assessment & Penetration Testing
27 VM Virtual Machine
28 VPN Virtual Private Network
29 WAF Web Application Firewall
49. Definitions
1. Cloud Model Description-

The description of common cloud deployment models (as per NIST)105 is given
below:
Sr. Model Description
No
1 Private Cloud The cloud infrastructure is provisioned for exclusive
use by a single organization comprising multiple
consumers (e.g., business units). It may be owned,
managed, and operated by the organization, a third
105
Ref: https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-145.pdf
332
party, or some combination of them, and it may exist
on or off premises.
2 Community The cloud infrastructure is provisioned for exclusive
Cloud use by a specific community of consumers from
organizations that have shared concerns (e.g.,
mission, security requirements, policy, and compliance
considerations). It may be owned, managed, and
operated by one or more of the organizations in the
community, a third party, or some combination of them,
and it may exist on or off premises
3 Public Cloud The cloud infrastructure is provisioned for open use by
the general public. It may be owned, managed, and
operated by a business, academic, or government
organization, or some combination of them. It exists on
the premises of the cloud provider
4 Hybrid Cloud The cloud infrastructure is a composition of two or
more distinct cloud infrastructures (private, community,
or public) that remain unique entities, but are bound
together by standardized or proprietary technology that
enables data and application portability.
2. Cloud Service Models-

A. The definitions of various cloud service models (as per NIST)106 are given
below:
i. Infrastructure as a Service (IaaS): The capability provided to the
consumer is to provision processing, storage, networks, and other
fundamental computing resources where the consumer is able to deploy
and run software, which can include operating systems and applications.
The consumer does not directly manage or control the underlying cloud
106
Ref: https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-145.pdf
333
infrastructure but has control over operating systems, storage, and
deployed applications; and possibly limited control of select networking
components (e.g., host firewalls). A few examples of IaaS are Amazon
Web Services (AWS) Elastic Compute Cloud, Microsoft Azure, etc.
ii. Platform as a Service (PaaS): The capability provided to the consumer

is to deploy onto the cloud infrastructure consumer-created or acquired
applications created using programming languages, libraries, services,
and tools supported by the provider. The consumer does not directly
manage or control the underlying cloud infrastructure including network,
servers, operating systems, or storage, but has control over the deployed
applications and possibly configuration settings for the application-hosting
environment. A few examples of PaaS are Google App Engine, Amazon
Web Services (AWS) Elastic Beanstalk, etc.
iii. Software as a Service (SaaS): The capability provided to the consumer

is to use the provider’s applications running on a cloud infrastructure. The
applications are accessible from various client devices through either a
thin client interface, such as a web browser (e.g., web-based email), or a
program interface. The consumer does not manage or control the
underlying cloud infrastructure including network, servers, operating
systems, storage, or even individual application capabilities, with the
possible exception of limited user specific application configuration
settings. A few examples of SaaS are Gmail, Microsoft Office 365, etc.
B. Other deployment models such as Application as a Service, Security as a

Service, etc. may be considered as a sub-part or variant of the above-
mentioned models as they contain components of IaaS, PaaS and SaaS. For
example, Security as a Service is a form of SaaS which provides specialized
information security services. Similarly, Application as a Service is a type of
334
SaaS in which applications (for example Google sheets, Google docs, etc.)
are delivered on-demand to customers through the internet.
3. Regulated Entity (RE) –

The term “Regulated Entity” refers to SEBI registered/ recognized intermediaries
(for example brokers, mutual funds, KYC Registration Agencies, and QRTAs)
and Market Infrastructure Institutions (Stock Exchanges, Clearing Corporations,
and Depositories) regulated by SEBI.
4. Key Management-
In the context of encryption/ decryption, a key is typically a random string of bits
generated to hide (encrypt) or reveal (decrypt) data. A key is most commonly
used along with an algorithm (method) for encryption/ decryption of data.
Therefore, Key management refers to management of cryptographic keys in a
system, including their (keys’) generation, exchange, storage, etc.
5. Hardware Security Module (HSM)-

A Hardware Security Module is a device that is used for management of Keys,
as well as for implementing various functions like encryption, decryption,
authentication, etc.
Principle 1: Governance, Risk and Compliance Sub-Framework
1. Governance, Risk and Compliance (GRC):

The REs shall put in place an effective GRC sub-framework for cloud computing to
enable them to formulate a cloud strategy suitable for their circumstances/ needs.
The RE shall also adhere with the governance framework mentioned in various
circulars issued by SEBI. The various aspects that shall be considered by RE
(including but not limited to) while formulating the GRC sub-framework are as
follows:
335
i. Cloud Governance: The RE shall have a Board/ partners/ proprietors (as the
case may be) {hereinafter referred to as “the Board”} approved governance
model/ strategy for cloud computing in place. The model/ strategy shall include:
1. Details of cloud adoption such as cloud service models, deployment models
etc.
2. Type of services to be on boarded on cloud considering various factors such
as data classification, criticality of operations, etc. The classification/
categorization shall be done in-line with the circulars/ guidelines issued by
SEBI.
3. Measures to ensure the protection of stakeholder’s interests
4. Measures to comply with the applicable legal and regulatory requirements.
ii. Cloud Risk Management:

1. There is a paradigm shift in the manner of how cloud technology is built and
managed in comparison with traditional on–premise infrastructure. Therefore,
a comprehensive risk management should be undertaken by the RE to
continually identify, monitor, and mitigate the risks posed by cloud computing.
2. The cloud risk management approach should be approved by the Board of
the RE. The cloud risk management approach shall provide details regarding
the various risks of cloud adoption such as technical, legal, business,
regulatory etc., and the commensurate risk mitigation controls which should
be proportionate to the criticality and sensitivity of the data/operations to be
on-boarded on the cloud.
3. As part of risk management process, a thorough risk assessment shall also
be done keeping in mind that the RE cannot outsource the risks and decision
making associated with deployment of cloud services, to the CSP. The risk
assessment shall include (but not limited to) standards like identifying threat
sources and events, identifying vulnerabilities and pre-disposing conditions,
control analysis, magnitude of impact, etc.
336
4. A clearly identified and named resource (typically CISO) shall be appointed
and shall be responsible for security of the deployments in cloud.
iii. Compliance and Legal Aspects: The RE shall have policies, processes, etc. in
place to ensure compliance with the applicable legal and regulatory requirements
(including but not limited to guidelines, circulars, advisories, etc.) for deployments
in cloud, issued by SEBI/ Government of India/ respective state government.
iv. In order to ensure the smooth functioning and adherence with the GRC sub-
framework, it is mandated to divide the roles and assign the responsibilities as
given below:
1. Role of the Board/Key Management Personnel (KMP)- The Board/KMP shall
be responsible for:
a. Approval of cloud governance model and cloud risk management
approach, and setting up processes for smooth on boarding on cloud while
adhering with all legal, regulatory, technical and business objectives.
b. Review of cloud governance model and cloud risk management approach
as per requirement of the RE. However, the review shall be mandatorily
conducted at least once every year.
c. Setting up the administrative responsibility of senior management.
2. Role of Senior Management - The senior management shall be responsible

for:
a. Preparation of and adherence with various policies related to cloud
adoption.
b. Periodic assessment of cloud deployments and mitigation of risks arising
out of the same.
c. Continually monitoring and responding to the risks and intimating the
same to board in a timely manner.
337
d. Assessment, at least on an annual basis, to review the financial and
operational condition of the CSP in order to assess its ability to continue
to meet the various requirements such as legal, business, compliance,
etc. and highlighting any deterioration or breach in performance
standards, confidentiality and security, and in business continuity
preparedness to the board in a timely manner.
e. Periodic evaluation of the adherence of the cloud engagement with
regulatory, legal and business objectives.
f. Management of Human Resources:
i. Identification of potential skill gaps which emerge as a result of
transition to cloud computing.
ii. Capacity building within organization to build adequate skillsets to
manage cloud deployments effectively.
3. Role of IT team- The IT team shall be responsible for managing day to day
operations and assisting senior management in achieving the objectives of
cloud deployments.
4. Additional roles/ responsibilities may be added (to the Board/KMP, Senior

Management, etc.) as per requirements of the RE.
v. Grievance Redressal Mechanism: The RE shall have a robust grievance

redressal mechanism, which in no way shall be compromised on account of
cloud adoption i.e., responsibility and accountability for redressal of investors’/
members’ grievances related to cloud on boarded services shall rest with the
RE. Adoption of cloud services shall not affect the rights of the investor/ member
against the RE, including the ability of the investor/ member to obtain redressal
of grievances as applicable under relevant laws.
338
vi. Monitoring and Control of Cloud Deployments:
1. RE shall have in place a management structure to monitor and control the
activities and services deployed on cloud. This shall include, but not limited
to, monitoring the performance, uptime (of the systems/ resources) and
service availability, adherence to SLA requirements, incident response
mechanism, etc.
2. RE shall conduct regular audits/VAPT of its cloud deployments. The
frequency and scope of such audits/VAPT shall be in line with SEBI cyber
guidelines /circulars /framework issued from time to time.
3. Additionally, the RE shall also assess the performance of the CSP, adequacy
of the risk management practices adopted by the CSP, compliance with
laws/regulations etc.
vii. Country Risk: The engagement with a CSP having country of

incorporation/registration outside of India, exposes the RE to country risk. To
manage such risk, wherever applicable, the RE shall closely monitor the CSP’s
country’s government policies and its political, social, economic and legal
conditions on a continuous basis, and establish sound procedures for mitigating
the country risk. This includes, inter alia, having appropriate contingency and exit
strategies. In principle, arrangements shall only be entered into with parties
operating in jurisdictions generally upholding confidentiality clauses and
agreements. The governing law of the arrangement shall also be clearly
specified.
viii. Contingency: The RE shall have appropriate contingency and exit strategies.
The RE shall ensure that availability of records to the RE and the supervising
authority are not affected under any circumstances, even in case of liquidation
of the CSP.
ix. Miscellaneous: Any other risk factors deemed relevant/ material by the RE.
339
Principle 2: Selection of Cloud Service Providers
2. Selection of CSPs:
The RE shall ensure that the following conditions are met while choosing any Cloud
Service Provider (CSP):
i. The storage/ processing of data (DC, DR, near DR etc.) including logs and any
other data pertaining to RE in any form in cloud, should be done within the MeitY
empaneled CSPs’ data centers holding valid STQC (or any other equivalent
agency appointed by Government of India) audit status.
ii. For selection of CSPs offering PaaS and SaaS services in India, the RE shall
choose only those CSPs which:
1. Utilize the underlying infrastructure/ platform of only MeitY empaneled CSPs
for providing services to RE.
2. Host the application/ platform/ services (DC, DR, near DR, etc.) provided to
the RE as well as store/ process data of the RE, only within the data centers
as empaneled by MeitY and holding a valid STQC (or any other equivalent
agency appointed by Government of India) audit status.
3. Have a back-to-back, clear and enforceable agreement with their partners/

vendors/ sub-contractors (including those that provide the underlying
infrastructure/ platform) for ensuring their compliance with respect to the
requirements provided in this framework including those in Principles 6
(Security Controls), 7 (Contractual and Regulatory Obligations) and 8 (BCP,
Disaster Recovery & Cyber resilience).
iii. Any other additional criteria that the RE considers appropriate/ as per RE's
requirement.
340
iv. The RE shall ensure that storage/ processing/ transfer of its data should be done
according to requirements provided in this framework as well as any other
regulations/ circulars/ guidelines issued by SEBI and any other Government
authorities.
Principle 3: Data Ownership and Data Localization
3. Data Ownership and Localization:

i. Data Ownership: The RE shall retain the complete ownership of all its data and
logs, encryption keys, etc. residing in cloud. The CSP shall be working only in a
fiduciary capacity. Therefore, the RE, SEBI and any other Government authority
authorized under law, shall always have the right to access any or all of the data
at any or all point of time.
ii. Visibility: Whenever required (by RE/ SEBI), the CSP shall provide visibility to
RE as well as SEBI into CSP’s infrastructure and processes, and its compliance
to applicable policies and regulations issued by SEBI/ Government of India/
respective state government.
iii. Data Localization:

In order to ensure that RE and SEBI’s right to access RE’s data as well as SEBI’s
rights of search and seizure are not affected by adoption of cloud services, the
storage/ processing of data (DC, DR, near DR etc.) including logs and any other
data/ information pertaining to RE in any form in cloud shall be done as per the
following conditions:
1. The data should reside/be processed within the legal boundaries of India.
2. However, for the investors whose country of incorporation is outside India,
the REs shall keep the original data/ transactions/ logs, available and easily
accessible in legible and usable form, within the legal boundaries of India.
The RE shall ensure that the above-mentioned requirements are fulfilled at all
times during adoption/ usage of cloud services.
341
iv. It is to be noted that the REs are ultimately responsible and accountable for
security of their data (including logs)/ applications/ services hosted in cloud as
well as ensuring compliance with laws, rules, regulations, etc. issued by SEBI/
Government of India/ respective state government. Accordingly, RE shall put in
place effective mechanism to continuously monitor the CSP and comply with
various regulatory, legal and technical requirements notified by SEBI or any
other Government authority from time to time.
Principle 4: Responsibility of the Regulated Entity

4. Responsibility of the RE (with respect to CSPs):
i. While it is acknowledged that there can be a segregation between the RE and
the CSP with respect to (including but not limited to) the infrastructure
management, and other technical aspects (for example with respect to data,
cybersecurity, management of users, etc.), however, the RE is solely
accountable for all aspects related to the cloud services adopted by it including,
but not limited to, availability of cloud applications, confidentiality, integrity and
security of its data and logs, and ensuring RE’s compliance with respect to the
applicable laws, rules, regulations, circulars, etc. issued by SEBI/ Government
of India/ respective state government. Accordingly, the RE shall be held
accountable for any violation of the same.
ii. There shall be an explicit and unambiguous delineation/ demarcation of

responsibilities with respect to all activities (including but not limited to technical,
managerial, governance related, etc.) of the cloud services between the RE and
CSP. There shall be no "joint/ shared ownership" for any function/ task/ activity
between the RE and CSP. If any function/ task/ activity has to be performed
jointly by the RE and CSP, there shall be a clear delineation and fixing of
responsibility for each sub-task/ line-item within the task. The aforementioned
delineation of responsibilities shall be added explicitly in the agreement (as an
annexure) signed between the RE and the CSP.
342
iii. In the event of a Managed Service Provider (MSP) or System Integrator (SI)
being involved in procurement of cloud services, an explicit and unambiguous
delineation/ demarcation of responsibilities shall also be done with respect to
MSP/ SI, and the same shall be included in the agreement (in-line with the
requirements given above).
iv. Similarly, there shall be an explicit and unambiguous delineation/ demarcation

of responsibilities between the RE and CSP (and MSP/SI wherever applicable)
for ensuring compliance with respect to applicable circulars (for example
cybersecurity and cyber resilience circular, outsourcing circular, BCP-DR etc.)
issued by SEBI from time to time. There shall be no “joint/ shared ownership” for
ensuring compliance with respect to any clause. If compliance for any clause
has to be jointly ensured by RE and CSP (and MSP/SI wherever applicable),
there should be a clear delineation and fixing of responsibility between the RE
and the CSP (and MSP/SI wherever applicable) for each sub-task/ line-item
within the clause. This delineation shall also be added explicitly in the agreement
(as an annexure) signed between the RE and the CSP (and MSP/SI wherever
applicable).
v. In view of the fact that a CSP is not a RE, the RE shall continue to have ultimate
responsibility and liability for any violation of the laws, rules, regulations,
circulars, etc. issued by SEBI or any other authority under any law, regardless
of any delineation/ demarcation of responsibilities envisaged in the aforesaid
paragraphs.
Principle 5: Due Diligence by the Regulated Entity

5. Due Diligence by the RE (with respect to CSPs):
i. The REs should evaluate the need, implications (financial, regulatory, etc.), risks,
benefits, etc. of adopting cloud computing. The RE shall also conduct its due
343
diligence with respect to CSPs beforehand and on a periodic basis to ensure
that legal, regulatory, business objectives, etc. of the RE are not hampered. The
due diligence shall be risk-based depending on the criticality of the data/ services
/operations planned to be on boarded on cloud.
ii. A proper due diligence process should be established to assess the capabilities
and suitability of a cloud service provider before the engagement.
iii. An analysis (including but not limited to comparative analysis, SWOT analysis,
etc.) shall also be conducted on the type of cloud model to be adopted. The
analysis should include relevant factors like (including but not limited to) the risks
associated with various models, need, suitability, capability of the organization,
etc. The above mentioned evaluations / analyses should be conducted keeping
in mind that although the IT services/ functionality can be outsourced (to a CSP),
REs are ultimately accountable for all aspects related to the cloud services
adopted by it including but not limited to availability of cloud applications,
confidentiality, integrity and security of RE’s data and logs, and ensuring RE’s
compliance with respect to the applicable laws, rules, regulations, circulars, etc.
issued by SEBI/ Government of India/ respective state government. Accordingly,
the RE shall be held accountable for any violation of the same.
iv. The criteria that an RE shall look out for are (including but not limited to):
1. Financial soundness of CSP and its ability to service commitments even
under adverse conditions.
2. CSP’s capability to identify and segregate RE’s data, whenever required.
3. Security risk assessment of the CSP.
344
4. Ensuring that appropriate controls, assurance requirements and possible
contractual arrangements are in place to establish data ownership.
5. CSP’s ability to effectively service all the RE’s customers while maintaining
confidentiality, especially where a CSP has exposure to multiple entities.
6. Ability to enforce agreements and the rights available thereunder including

those relating to aspects such as data storage, data protection and
confidentiality, SLA, etc.
7. RE shall ensure that CSP performs proper screening and background

checks of its personnel and vendors before onboarding, and provides
adequate trainings and awareness programs to ensure that the customer
(RE) services are not hampered due to misconfiguration/inadvertent
actions/operational issues/etc.
8. Capability of the CSP to deal with RE’s compliance needs, operational

aspects, and ensure information security, data privacy, etc.
9. CSP’s ability to ensure compliance with this framework as well as all

applicable rules/ regulations/ circulars issued by SEBI from time to time.
10. Any other additional criteria that the RE considers appropriate/ as per RE's
requirement.
Principle 6: Security Controls
345
6. Security Controls107:
The RE shall ensure its compliance with the applicable circulars (for example
cybersecurity circular, systems audit circular, DR-BCP circular, etc.)/ guidelines/
advisories, etc. issued by SEBI. Further, in reference to the security controls for
adoption of cloud computing108, the following (including but not limited to) shall be
implemented:
6.1. Security of the Cloud:

RE shall perform the assessment of CSPs to ensure that adequate security
controls are in place. Some of the common controls (including but not limited
to) that the RE needs to check are given below:
i. Vulnerability Management and Patch Management:

1. RE shall ensure that CSP has a vulnerability management process in
place to mitigate vulnerabilities in all components of the services that the
CSP is responsible for (i.e. managed by the CSP). The RE shall assess
and ensure that the patch management of CSP adequately covers the
components for which the CSP is responsible (i.e. components managed
by the CSP). The patch management framework shall include the timely
patching of all components coming under the purview of CSP.
2. The RE shall also ensure that CSP conducts Vulnerability Assessment
and Penetration Testing (VAPT) for the components managed by the CSP
and fixes the issues/ vulnerabilities within the prescribed timelines (as
agreed upon by CSP and RE).
3. The RE shall also ensure that the vulnerability management, patch
management and VAPT processes are conducted by CSP in-line with the
requirements (for example scope, classification of vulnerabilities, duration
for closure, etc.) provided in applicable circulars/ guidelines issued by
SEBI.
346
ii. Monitoring: RE shall ensure that CSP has adequate security monitoring
solutions in place. The monitoring solutions of CSP shall be responsible for
the following:
1. Monitoring shall cover all components of the cloud. Additionally, the CSP
shall continuously monitor the alerts generated and take appropriate
actions as per the defined timelines.
2. The RE shall ensure that any event(s) which may have an impact
(financial, reputational, operational, etc.) on the RE shall be intimated to
RE by CSP in a timely manner. The reporting should be done in-line with
the guidelines/ regulations/ circulars issued by SEBI/ Government of India
and (wherever applicable) as per the contractual agreement signed
between the CSP and RE.
iii. Incident Management: The RE shall ensure that the CSP has incident
management processes in place, to detect, respond and recover from any
incident at the earliest. The processes should aim to minimize the impact to
the RE.
iv. Wherever Key management is being done by CSP for platform level
encryption (for example, full disk encryption or VM level encryption), RE shall
assess and ensure that the entire Key lifecycle management is being done
by CSP in a secure manner.
v. Secure User Management109: Wherever the user management is done by

CSP, the RE shall ensure that role based access and rule based access are
107
For CSPs offering PaaS/ SaaS services, in the event any particular security control does not apply to their specific
deployment model, such CSPs have to ensure that their vendor/ partner/ sub-contractor providing the underlying
infrastructure/ platform fulfils the requirement of the security controls. The RE shall deploy the services of only those
PaaS/ SaaS providers which have a back-to-back, clear and enforceable agreement with their vendor/ partner/ sub-
contractor for the same.
108
An indicative mind-map of security controls for cloud deployments is given in Appendix-B
109
Any type of access/ user provided to SEBI/ any law enforcement agency of Government of India or state
government shall be exempt from this clause
347
strictly followed by CSP for its resources and it shall be based on the
principle of least privilege. The following shall also be ensured:
1. Administrators and privileged users shall be given only minimal
administrative capabilities for a pre-defined time period, and in response
to specific issues/ needs.
2. With respect to administrative privileges/ users, the following shall also be

followed:
a. All administrative privileges/ users shall be tracked via a ticket/
request by the CSP, and the same shall be provided to the RE on
request. Further, the RE shall also track any additional privilege
granted to any user by the CSP.
b. Access to systems or interfaces that could provide access to the

RE’s data is granted only if the RE has given explicit time-limited
permission for that access.
3. Multi Factor Authentication shall be used for administrator/ privileged

accounts.
4. The necessary auditing and monitoring of the above shall be done by CSP
and any anomalies shall be reported to the RE.
vi. Multi-Tenancy: In a multi-tenant cloud architecture, the RE shall ensure that

CSP has taken adequate controls to ensure that the RE’s data (in transit, at
rest and in use) shall be isolated and inaccessible to any other tenants. RE
shall appropriately assess and ensure the multi tenancy segregation controls
placed by CSP and place additional security controls if required. Any access
by other tenants/unauthorized access by CSP’s resources to RE’s data shall
be considered as an incident/breach and the CSP shall ensure that the
348
incident/breach is notified to the RE (as per the norms/ guidelines/ circulars
issued by SEBI/ Government of India and (wherever applicable) as per the
contractual agreement signed between the CSP and RE, and adequate
steps are taken to control the same. During such incident/breach, the RE
shall ensure that CSP should provide all related forensic data, reports and
event logs as required to the RE /SEBI /CERT-In/ any government agency
for further investigation. All conditions and obligations of the RE and CSP
under this framework shall also be applicable in multi-tenancy structure.
vii. The RE shall ensure that the agreement with the CSP contains clause(s) for
safe deletion/ erasure of RE’s information. The clause should cover various
scenarios like business requirement of RE, exit strategy, etc.
viii. For further assurance, the RE may assess the availability of global
compliance standards like SOC-2110 reporting for CSP.
ix. RE shall ensure that CSP has adequate controls (for example anti-virus,
encryption of data, micro-segmentation, etc.) in place to safeguard cloud
infrastructure as well as to ensure the privacy, confidentiality, availability,
processing integrity and security of the RE’s data right from data
creation/transfer/etc. in the cloud till final expunging of data.
6.2. Security in the Cloud:

RE shall perform risk-based assessment and place adequate controls
depending on the criticality of the data/ services/ operations (placed in cloud
environment) under the purview of RE. Some of the common controls (including
but not limited to) that RE shall put in place are:
6.2.1. Vulnerability Management and Patch Management:
110
SOC-2 is a voluntary compliance standard for information security developed by American Institute of Certified
Public Accountants (AICPA).
349
The RE shall have a well-defined Vulnerability Management policy in
place and should strictly adhere with the same. The policy should also
address the vulnerability management aspects of the infrastructure
/services /etc. managed by RE in the cloud. The components managed
by RE shall be up to date in terms of patches/OS/version etc. The patch
management policy shall also mandate timely patch application.
6.2.2. Vulnerability Assessment and Penetration Testing (VAPT):

The VAPT activity undertaken by RE should cover the infrastructure and
applications/services hosted by the RE on cloud. The VAPT tactics, tools
and procedures should be fine-tuned to test and assess the cloud native
risks and vulnerabilities. VAPT should also be conducted before
commissioning of any new system. Additionally, the VAPT activity shall
be conducted as per the requirements (including scope, classification,
duration for closure of vulnerabilities, etc.) provided in applicable
circulars/ regulations issued by SEBI.
6.2.3. Incident Management and SOC Integration:

i. The RE shall have incident management policy, procedures and
processes in place. The RE shall adhere with the same for
deployments being done in cloud.
ii. SOC solution (in-house, third-party SOC or a managed SOC) of RE

shall be integrated with the services/ application/ infrastructure
deployed by RE in cloud. The continuous monitoring shall be done in
an integrated manner and the services/ application/ infrastructure
deployed in cloud should be treated as an extension of the RE’s on
premise network. The SOC shall have complete visibility of
information systems of the RE deployed on cloud and should be
capable to take SOAR actions across the information systems owned
350
by the RE. Additionally, only logs, meta-data should be shipped to
shared SOC. REs shall ensure that PII/sensitive data should not be
shipped to the SOC.
6.2.4. Continuous Monitoring:

Continuous monitoring shall be done by the RE to review the technical,
legal and regulatory compliance of CSP and take corrective measures/
ensure CSP takes corrective measures wherever necessary.
6.2.5. Secure User Management:

The RE shall ensure that the following Identity, Authentication and
Authorization practices are followed (by CSP as well as by RE):
i. Principle of least privilege shall be adopted for granting access to any
resources for normal and admin/privileged accounts.
ii. The identity and access management solution should give the
complete view of the access permissions applicable to all resources.
The access permissions shall be reviewed regularly in order to
remove any unwanted access.
iii. The access logs should be retained and reviewed frequently for any
anomalous events.
iv. Time bound access permissions shall be adopted wherever feasible.
v. Multi factor authentication shall be adopted for admin accounts.
6.2.6. Security of Interfaces:

Controls related to typical interfaces in a cloud deployment are given
below:
351
6.2.6.1. Management interface:
i. This is the interface provided to the RE by CSP to manage
the infrastructure on cloud. This interface is also used to
manage the account of the RE assigned by CSP.
ii. To mitigate the risks, the interface shall have Two Factor
Authentication (2FA)/ Multi Factor Authentication (MFA). For
additional security, measures such as dedicated lease lines
may be explored. The access logs and access list to the
interface should be strictly monitored (by RE and CSP). The
traffic to and from the interface shall be regulated through
firewall, Intrusion prevention system, etc.
6.2.6.2. Internet facing interfaces:

Any interface which is exposed to public at large on the internet
in the form of a service/API/etc. is considered as internet facing
interface. Adequate security controls such as IPS, Firewall,
WAF, Anti DDOS, API gateways etc. should be in place and
additional controls such as 2FA authentication, SSL VPN
solutions shall also be considered.
6.2.6.3. Interfaces connected between RE’s/relevant organizations

(Through P2P or LAN/MPLS etc.) and CSP:
Security controls such as IPS, Firewall, WAF, Anti DDOS, etc.
shall be in place and additional controls such as IPSEC VPN
shall be adopted, wherever necessary, to secure such
interfaces.
352
6.2.7. Secure Software Development:
The RE shall undertake Secure Software Development practices for
development of cloud-ready applications which shall include (but not
limited to):
i. RE shall adopt appropriate Secure Software Development
processes, and security shall be an integral part right from the
design phase itself.
ii. A new approach for secure software development shall be
implemented by RE for dealing with cloud native development
concepts such as micro services, APIs, containers, server less
architecture, etc. as the traditional security mechanisms of
protecting typical web applications might not be relevant for cloud
native development concepts.
iii. Best practices such as zero trust principles, fine grained access
control mechanism, API Gateways, etc. shall be adopted for
development and usage of APIs. End to end security of the APIs
shall also be taken care by the RE as per standard practices and
guidelines.
iv. Secure identification, authentication and authorization mechanisms

shall be adopted by the RE.
6.2.8. Managed Service Provider (MSP) & System Integrator (SI):

i. Wherever MSP and SI are involved in cloud services procurement,
a clear demarcation of roles, and liabilities shall be clearly defined in
the Agreement/Contract.
ii. As there are new risks introduced in engaging MSP/SI or both, the
same shall be assessed, and mitigated by the RE.
353
6.2.9. Encryption and Cryptographic Key Management:
i. To ensure the confidentiality, privacy and integrity of the data,
encryption as defined below shall be adopted by the RE:
1. Data-at-rest encryption to be done with strong encryption
algorithms. Data object encryption, file level encryption or
tokenization in addition to the encryption provided at the platform
level shall be used.
2. Data-in-motion including the data within the cloud shall be
encrypted. Session encryption or data object encryption in
addition to the encryption provided at the platform level (Ex. TLS
encryption) shall be used wherever any sensitive data is in
transit.
3. Data-in-use i.e., wherever data that is being used or processed
in the cloud, confidential computing solutions shall be
implemented.
ii. To ensure RE’s controls on encryption and Key management, the

following shall be followed:
1. Wherever applicable:
a. “Bring Your Own Key” (BYOK) approach shall be adopted,
which ensures that the RE retains the control and
management of cryptographic keys that would be uploaded
to the cloud to perform data encryption.
b. “Bring Your Own Encryption” (BYOE) approach shall be

followed by the RE.
2. In case BYOK and BYOE approaches (as given above) are not
implemented by RE, the RE shall conduct a detailed risk
assessment and implement appropriate risk mitigation
354
measures to achieve equivalent functionality/ security to BYOK
and BYOE approaches.
3. Generating, storing and managing the keys in a Hardware

Security Module (HSM) shall be implemented in a dedicated
HSM to have complete control of Key management. However,
it is to be noted that HSM should be designed in fault tolerance
mode to ensure that the failure of HSM should not have an
impact on data retrieval and processing.
6.2.10. End Point Security:

The RE shall ensure that the data security controls in the nature of anti-
virus, Data Leak Prevention (DLP) solution etc. are installed and
configured on the cloud deployments for effective data security. The RE
shall also evaluate the baseline security controls provided by the CSP
and may demand additional controls (from CSP) if required.
6.2.11. Network Security:

i. RE shall adopt the micro segmentation principle on cloud
infrastructure. Only the essential communication channels between
computing resources shall be allowed and the rest of the
communication channels shall be blocked.
ii. RE shall also consider the option of utilizing Cloud Access Security
Broker (CASB)/ Secure Access Service Edge (SASE)/ similar
frameworks or tools for effective monitoring of network, enforcement
of policies etc.
6.2.12. Backup and recovery solution:

i. The RE shall ensure that a backup and recovery policy is in place to
address the backup requirement of cloud deployments. The backup
355
and recovery processes shall be checked at least twice in a year to
ensure the adequacy of the backups.
ii. The backup shall be logically segregated from production/dev/UAT
environment to ensure that the malware infection in such systems
does not percolate to backup environment.
iii. Wherever CSP’s backup services are utilized, adequate care should
be taken with encryption solution and Key management.
6.2.13. Skillset:
RE shall equip staff overseeing cloud operations with the knowledge and
skills required to securely use and manage the risks associated with
cloud computing. The skills should also be imparted to oversee the
management interfaces, security configurations etc. of CSP
infrastructure. This is a critical factor as it will reduce the
misconfigurations, vulnerabilities etc. and will increase the reliability of
services.
6.2.14. Breach Notification:

CSP shall notify the RE of any cybersecurity incident (for example data
breach, ransomware, etc.) as mandated by the RE. The reporting shall
be done as per the norms/ guidelines/ circulars issued by SEBI/
Government of India and (wherever applicable) as per the contractual
agreement signed between the CSP and RE. The CSP shall provide all
related forensic data, reports and event logs as required by RE/ SEBI/
CERT-In/ any other government agency. The incident shall be dealt as
per the Security Incident Management Policy of the RE along with the
relevant guidelines/ directions issued by SEBI/ Government of India/
respective state government.
Principle 7: Contractual and Regulatory Obligations
356
7. Contractual and Regulatory Obligations111:
i. A clear and enforceable cloud service provider engagement agreement should
be in place to protect RE’s interests, risk management needs, and ability to
comply with supervisory expectations.
ii. The contractual/agreement terms between RE and CSP shall include the
provisions for audit, and information access rights to the RE as well as SEBI for
the purpose of performing due diligence and carrying out supervisory reviews.
RE shall also ensure that its ability to manage risks, provide supervision and
comply with regulatory requirements is not hampered by the contractual terms
and agreement with CSP.
iii. The contract/agreement shall be vetted with respect to legal and technical
standpoint by the RE. The agreement shall be flexible enough to allow the RE to
retain adequate control over the resources which are on boarded on cloud. The
agreement should also provide RE the right to intervene with appropriate
measures to meet legal and regulatory obligations.
iv. SEBI/ CERT-In/ any other government agency shall at any time:
1. Conduct direct audits and inspection of resources of CSP (and its sub-
contractors/ vendors) pertaining to the RE or engage third party auditor to
conduct the same and check the adherence with SEBI and government
guidelines/ policies/ circulars and standard industry policies.
2. Perform search and seizure of CSP’s resources storing/ processing data and
other relevant resources (including but not limited to logs, user details, etc.)
pertaining to the RE. In this process, SEBI or SEBI authorized personnel/
agency may access RE's IT infrastructure, applications, data, documents,
and other necessary information given to, stored or processed by the CSP
and/ or its sub-contractors.
357
3. Engage a forensic auditor to identify the root cause of any incident (cyber
security or other incidents) related to RE.
4. Seek the audit reports of the audits conducted by CSP.
The RE shall ensure that adequate provisions are included in the agreement/
contract with CSP to enable the above functionalities. Additionally, RE shall also
include provisions (in the contract/ agreement with CSP) mandating that CSP
extends full cooperation to SEBI while conducting the above-mentioned
activities.
v. The RE shall also ensure that adequate provisions are included in the
agreement/ contract for the following audit/ VAPT functions-
1. CSP shall be responsible for conducting audit/ VAPT of the services/
components managed by the CSP.
2. The RE shall be responsible for conducting audit/ VAPT of the services/
components managed by the RE. The audit/ VAPT shall be conducted as
per the requirements (including scope, duration for closure of vulnerabilities,
etc.) provided in various applicable circulars/ regulations issued by SEBI
from time to time.
3. Implementation and configuration audit of the resources to be deployed by
the RE in cloud environment shall be conducted by the RE and the same
shall be certified by the RE after closing all non-compliances/ observations
before go-live.
4. The RE may take into consideration the report/certificate of the audit of the
CSP conducted by STQC. However, wherever required, CSP has to conduct
additional audits (from CERT-In empaneled auditors) to fulfil all the
requirements provided in various applicable circulars/ regulations issued by
SEBI, and the same shall be ensured by the RE.
111
With respect to CSPs offering PaaS/SaaS services, REs shall deploy the services of only those CSPs which have a
back-to-back, clear and enforceable agreement with their vendor/ partner/ sub-contractor providing their underlying
infrastructure/ platform for fulfilling the requirements provided in this Principle.
358
5. The RE shall ensure that appropriate clauses/ terms (including SLA clauses)
are added in the agreement (signed between RE and CSP) to enforce the
above-mentioned audit/ VAPT requirements.
vi. Contract/Agreement should have adequate provisions regarding the termination

of contract with CSP, and appropriate exit strategies to ensure smooth exit
without hindering any legal, regulatory or technical obligations of the RE.
vii. As part of exit strategy, a clear expunging clause shall be defined in agreement
with CSP, which shall state that whenever the RE intends to expunge the data,
CSP shall securely and permanently erase the RE’s data in disks, backup
devices, logs, etc. and no data shall remain in recoverable form. However, it is
the responsibility of the RE to ensure that the minimum retention requirements
for data (including logs) as prescribed by SEBI/ Government of India/ respective
state government are met and that the required data, logs, etc. are archived,
even if the RE moves out of the cloud/ changes CSPs.
viii. The RE shall ensure that their data (including but not limited to logs, business
data, etc.) is stored in an easily accessible, legible and usable manner (during
utilization of cloud services and after exit from the cloud) and it shall be provided
to SEBI/ any other government agency whenever required.
ix. The RE is required to adhere with SEBI circulars/ guidelines issued from time to
time and the cloud framework shall be seen as an addition/ complementary to
existing circulars/ guidelines and not as a replacement.
x. The agreement/contract made by RE shall also include (but not limited to) below
mentioned terms/ provisions/ clauses:
1. Definition of the IT activities and resources being on boarded on cloud,
including appropriate service and performance standards including for the
material sub-contractors, if any.
359
2. Effective access to all the objects/ information relevant to the RE/ RE’s
operation including data, books, records, logs, alerts, and data centre.
3. Continuous monitoring and assessment of the CSP by the RE so that any
necessary corrective measure can be taken immediately, including
termination of contract and any minimum period required to execute such
provisions, if deemed necessary.
4. Type of material adverse events (e.g., data breaches, denial of service,
service unavailability etc.) and incident reporting requirements to the RE to
take prompt mitigation and recovery measures and ensure compliance with
statutory and regulatory guidelines.
5. Compliance with the provisions of IT Act, other applicable legal requirements
and standards to protect the customer (RE) data.
6. The deliverables, including SLAs, for formalizing the performance criteria to
measure the quality and quantity of service levels.
7. Storage of data (as applicable to the RE) within the legal boundaries of India
as per extant regulatory requirements.
8. Clauses requiring the CSP to provide details of data (captured, processed
and stored) related to RE and RE’s customers to SEBI/ any other
government agency.
9. Controls for maintaining confidentiality of data of RE and its customers, and
incorporating CSP’s liability to the RE in the event of security breach and
leakage of such information.
10. Types of data/ information that the CSP is permitted to share with the RE’s
customers and/or any other party.
11. Specifying the resolution process for events of default, insolvency, etc. and
indemnities, remedies, and recourse available to the respective parties.
12. Contingency plan(s) to ensure business continuity planning, RPO/RTO, and
recovery requirements.
360
13. Provisions to fulfill the search and seizure requirements (as provided above
in this principle) and audit/ VAPT requirements (as provided above in this
principle).
14. Right to seek information (by RE/ SEBI) from the CSP about the third parties
(in the supply chain) engaged by the CSP.
15. Clauses making the CSP contractually liable for the performance and risk
management practices of its sub-contractors.
16. Obligation of the CSP to comply with directions issued by SEBI in relation to
the activities of the RE on boarded on cloud.
17. Termination rights of the RE, including the ability to orderly transfer the
proposed cloud onboarding assignment to another CSP, if necessary or
desirable.
18. Obligation of the CSP to co-operate with the relevant authorities in cases
involving the RE as and when required.
19. Clauses for performing risk assessment by CSP with respect to hiring of third
party vendors, the checks/ process followed by CSP before onboarding
personnel/ vendors, etc.
20. Any other provision(s) required to ensure compliance with respect to
circulars/ guidelines/ regulations (including this cloud framework) issued by
SEBI.
xi. Wherever the System integrator or managed service provider or both, along with
CSP are involved, the contractual terms and agreement shall unambiguously
demarcate/ delineate the roles, and liabilities of each participating party (in-line
with the “Principle 4: Responsibility of the RE” of the framework) for each task/
activity/ function. There shall be no “joint/ shared ownership” for any task/
activity/ function/ component.
xii. If any function/ task/ activity has to be performed jointly by the RE and
CSP/MSP/SI, there shall be a clear delineation and fixing of responsibility
361
between the RE and the CSP (and MSP/SI wherever applicable) for each sub-
task/ line-item within the task. The aforementioned delineation of responsibilities
shall be added explicitly in the agreement (as an annexure) signed between the
RE and the CSP (and MSP/SI wherever applicable). However, any such clause
in the agreement shall not absolve the RE from having the ultimate responsibility
and liability for any violation of the laws, rules, regulations, circulars, etc. issued
by SEBI or any other authority under any law, regardless of any delineation/
demarcation of responsibilities.
xiii. Similarly, there shall be an explicit and unambiguous delineation/ demarcation

for ensuring compliance with respect to applicable circulars (for example
cybersecurity and cyber resilience circular, outsourcing circular, BCP-DR etc.)
issued by SEBI from time to time. There shall be no “joint/ shared ownership” for
ensuring compliance with respect to any clause. If compliance for any clause
has to be jointly ensured by RE and CSP (and MSP/SI wherever applicable),
there should be a clear delineation and fixing of responsibility between the RE
and the CSP (and MSP/SI wherever applicable) for each sub-task/ line-item
within the clause. This delineation shall also be added explicitly in the agreement
(as an annexure) signed between the RE and the CSP.
xiv. Reporting Requirements:

1. It is being reiterated that the RE is solely accountable for all aspects related
to the cloud services adopted by it including but not limited to availability of
cloud applications, confidentiality, integrity and security of its data and logs,
and ensuring RE’s compliance with the applicable laws, rules, regulations,
circulars, etc. issued by SEBI/ Government of India/ respective state
government.
2. The RE shall explicitly and unambiguously specify the party (RE or
CSP/MSP/SI) which is responsible for ensuring compliance with each clause
362
of the applicable SEBI circulars (for example cybersecurity circular, systems
audit, etc.) in its audit reports. There shall be no “joint/ shared ownership” for
any of the clauses. In case the responsibility of ensuring compliance (for any
clause) rests with both parties, the task shall be split into sub-tasks/line-
items, and for each sub-task/line-items, the responsible party shall be
indicated in the report.
3. The RE shall ensure that the demarcation/ delineation of responsibilities is
provided for each clause of the applicable SEBI circular(s).
4. In view of the above requirements, as well as to ensure effective monitoring
of cloud deployments by REs, reporting of compliance (with this framework)
shall be done by the REs in their systems audit, cybersecurity audit and
VAPT reports, and it shall be done in the standardized format notified by
SEBI from time to time.
5. Reporting by Auditor: As part of system audit of the RE, the auditor shall
verify, and certify, whether there is a clear delineation/ demarcation of roles
and responsibilities between the RE and CSP/MSP/SI (in-line with the
“Principle 4: Responsibility of the RE” of the framework):
a. For each task/ function/ activity/ component (including the tasks/
functions stated in clause (x) above, wherever applicable).
b. For each clause of applicable/ relevant SEBI circular/ guidelines/
regulations.
The auditor shall also verify, and certify, whether the above-mentioned
demarcations of roles and responsibilities have been incorporated in the
agreement/ contract signed between the RE and CSP (and MSP/SI
wherever applicable).
xv. In the event of any CSP deployed by an RE losing its empanelment status with
MeitY/ commits a passive breach of contract/ agreement in any way, the RE
shall ensure that it becomes compliant with this framework within 6 (six) months
of being notified of/ discovering the breach.
363
Principle 8: BCP, Disaster Recovery & Cyber Resilience
8. Business Continuity Planning (BCP), Disaster Recovery & Cyber Resilience:

i. The RE shall assess its BCP framework and ensure that it is in compliance with
this cloud framework as well as other guidelines/ circulars issued by SEBI from
time to time.
ii. RE shall also assess the capabilities, preparedness and readiness with respect
to cyber resilience of CSP. The same can be periodically assessed by
conducting DR drills (in accordance with circulars/ guidelines issued by SEBI) by
involving necessary stakeholders.
iii. Additionally, RE shall develop a viable and effective contingency plan to cope
with situations involving a disruption/ shutdown of cloud services.
Principle 9: Vendor Lock-In and Concentration Risk Management
9. Concentration Risk Management:

i. RE shall assess its exposure to CSP lock-in and concentration risks. The risk
evaluation shall be done before entering into contract/ agreement with CSP and
the same should also be assessed on a periodic basis.
ii. In order to mitigate the CSP concentration risks, RE shall explore the option of
cloud-ready and CSP agnostic solutions (such as implementing multi-cloud
ready solutions) which can facilitate the RE in migrating the solutions as and
when necessary, with minimal changes. Exit strategies shall be developed,
which should consider the pertinent risk indicators, exit triggers, exit scenarios,
possible migration options, etc.
iii. The RE shall also take measures to implement data portability and inter-
operability as part of exit/ transfer strategy.
364
iv. In order to mitigate the risk arising due to failure/ shutdown of a particular CSP,
and to limit the impact of any such failure/ shutdown on the securities market,
SEBI may specify concentration limits on CSPs (thereby setting a limit on the
number of REs that a CSP may provide its services to).
10. Recommendations:
i. RE may opt for any model of deployment on the basis of its business needs and
technology risk assessment. However, compliance should be ensured with this
cloud framework as well as other rules/ laws/ regulations/ circulars made by
SEBI/ Government of India/ respective state government.
ii. REs are solely accountable for all aspects related to the cloud services adopted
by them including but not limited to availability of cloud applications,
confidentiality, integrity and security of their data and logs, and ensuring RE’s
compliance with respect to the applicable laws, rules, regulations, circulars, etc.
issued by SEBI/ Government of India/ respective state government. Accordingly,
the RE shall be held accountable for any violation of the same.
iii. While deploying cloud services, the REs shall adopt the nine (9) principles as
provided in this framework:
1. Principle 1: Governance, Risk and Compliance Sub-Framework
2. Principle 2: Selection of Cloud Service Providers
3. Principle 3: Data Ownership and Data Localization
4. Principle 4: Responsibility of the Regulated Entity
5. Principle 5: Due Diligence by the Regulated Entity
6. Principle 6: Security Controls
7. Principle 7: Contractual and Regulatory Obligations
8. Principle 8: BCP, Disaster Recovery & Cyber Resilience
9. Principle 9: Vendor Lock-in and Concentration Risk Management
365
The REs shall ensure that their cloud deployments are compliant, in letter and
spirit, with the above-mentioned principles.
iv. The cloud services shall be taken only from the MeitY empaneled CSPs. The
CSP’s data center should hold a valid STQC (or any other equivalent agency
appointed by Government of India) audit status. For selection of CSPs offering
PaaS and SaaS services in India, RE shall choose only such CSPs which:
1. Utilize the underlying infrastructure/ platform of only MeitY empaneled CSPs
for providing services to the RE.
2. Host the application/ platform/ services provided to RE, and store/ process
data of the RE, only within the data centers as empaneled by MeitY and
holding a valid STQC (or any other equivalent agency appointed by
Government of India) audit status.
3. Have a back-to-back, clear and enforceable agreement with their partners/
vendors/ sub-contractors (including those that provide the underlying
infrastructure/ platform) for ensuring their compliance with respect to the
requirements provided in this framework including those in Principles 6
(Security Controls), 7 (Contractual and Regulatory Obligations) and 8 (BCP,
Disaster Recovery & Cyber resilience).
v. There should be an explicit and unambiguous delineation/ demarcation of

responsibilities for all activities (technical, managerial, governance related, etc.)
of the cloud services between the RE and CSP (and MSP/SI wherever
applicable). There shall be no "joint/ shared ownership" for any function/ task/
activity between the RE and CSP. If any function/ task/ activity has to be
performed jointly by the RE and CSP, there should be a clear delineation and
fixing of responsibility between the RE and the CSP (and MSP/SI wherever
applicable) for each sub-task/ line-item within the task. The same should be a
part of the agreement (as an annexure) between the RE and the CSP (and
MSP/SI wherever applicable).
366
vi. Similarly, there should be an explicit and unambiguous delineation/ demarcation
for ensuring compliance with respect to circulars (for example cybersecurity and
cyber resilience circular, outsourcing circular, BCP-DR etc.) issued by SEBI from
time to time. There shall be no “joint/ shared ownership” for ensuring compliance
with respect to any clause. If compliance for any clause has to be jointly ensured
by RE and CSP (and MSP/SI wherever applicable), there should be a clear
delineation and fixing of responsibility between the RE and the CSP (and
MSP/SI wherever applicable) for each sub-task/ line-item within the clause. This
delineation shall also be added explicitly in the agreement (as an annexure)
signed between the RE and the CSP (and MSP/SI wherever applicable).
vii. As part of system audit of the RE, the auditor shall verify, and certify, whether
there is a clear delineation/ demarcation of roles and responsibilities between
the RE and CSP/MSP/SI (in-line with the “Principle 4: Responsibility of the RE”
of the framework):
a. For each task/ function/ activity/ component.
b. For each clause of applicable/ relevant SEBI circular/ guidelines/ regulations
The auditor shall also verify, and certify, whether the above-mentioned
demarcations of roles and responsibilities have been incorporated in the
agreement/ contract signed between the RE and CSP (and MSP/SI wherever
applicable.
viii. The contractual/agreement terms between RE and CSP shall include the
provisions for audit, and information access rights to the RE as well as SEBI, for
the purpose of performing due diligence and carrying out supervisory reviews.
RE shall also ensure that its ability to manage risks, provide supervision and
comply with regulatory requirements is not hampered by the contractual terms
and agreement with CSP.
367
ix. SEBI/ CERT-In/ any other government agency shall at any time:
1. Conduct direct audits and inspection of resources of CSP (and its sub-
contractors/ vendors) pertaining to the RE or engage third party auditor to
conduct the same and check the adherence with SEBI and government
guidelines/ policies/ circulars and standard industry policies.
2. Perform search and seizure of CSP’s resources storing/ processing data and
other relevant resources (including but not limited to logs, user details, etc.)
pertaining to the RE. In this process, SEBI or SEBI authorized personnel/
agency may access RE's IT infrastructure, applications, data, documents,
and other necessary information given to, stored or processed by the CSP
and/ or its sub-contractors.
3. Engage a forensic auditor to identify the root cause of any incident (cyber
security or other incidents) related to RE.
4. Seek the audit reports of the audits conducted by CSP.
The RE shall ensure that adequate provisions are included in the agreement/
contract with CSP to enable the above functionalities. Additionally, RE shall also
include provisions (in the contract/ agreement with CSP) mandating that CSP
extends full cooperation to SEBI while conducting the above-mentioned
activities.
x. The cloud framework should be read along with the circulars (including circulars
on outsourcing, cybersecurity, BCP-DR, etc.), directions, advisories, etc. issued
by SEBI from time to time.
xi. Transition Period:
1. For the REs which are not utilizing any cloud services currently, the
framework shall be applicable/ come into force from the date of issuance.
2. For the REs which are currently utilizing cloud services, upto 12 months shall
be given to ensure their compliance with the framework. Additionally, such
REs shall provide regular milestone-based updates as follows:
368
SN. Timeline Milestone
1 Within one (1) month of issuance REs shall provide details of the
of framework cloud services, if any, currently
deployed by them.
2 Within three (3) months of The REs shall submit a roadmap
issuance of framework (including details of major
activities, timelines, etc.) for the
implementation of the framework
3 From three (3) to twelve (12) Quarterly progress report as per
months of issuance of the roadmap submitted by the
framework RE.
4 After twelve (12) months of Compliance with respect to the
issuance of framework framework to be reported
regularly
3. The above-mentioned reporting shall be done to the authority as per the

existing mechanism of reporting for systems audit/ cybersecurity audit.
xii. The compliance with respect to the framework shall be submitted by the REs as
part of their systems audit, cybersecurity audit, and VAPT reports, and no
separate reporting is envisaged. The reporting shall be done as per the
standardized format notified by SEBI from time to time. All other conditions for
reporting (for example reporting authority, duration of reporting, etc.) shall be as
per the existing mechanism of reporting for systems audit/ cybersecurity
audit/VAPT.
369
Appendix-A
Format for Submission of Details of Cloud Deployments
The REs shall provide details of their cloud deployment in the following format-
A. Entity Name:
B. Entity Type: (For example stock exchange, depository, mutual fund, etc.)
C. Whether Utilizing Cloud Services? Yes/ No
For Each Cloud application/ service/ system, please provide a response to

the following:
SN Details Required Entity
Response
1 Name of the Application/ Service/ System
2 The type of deployment model utilized (public cloud,
community cloud, etc.)
3 The type of service model utilized (For example
IaaS, PaaS, etc.)
4 Name of the Cloud Service Provider (CSP)
5 Country of incorporation/ registration of CSP
Name of the Managed Service Provider (MSP) /
System Integrator (SI) [wherever applicable]
6 Country of incorporation/ registration of MSP/ SI
7 Whether the application/ service/ system is a critical
or core application/ service/ system?
8 Details of Data hosted/ stored in cloud
9 Whether data is stored within the legal boundaries
of India?
370
Appendix-B
Indicative Mindmap for Cloud Security
371
Annexure-32
Format for reporting changes in "status or constitution" of Members
Name of the Stock Exchange:

Report for the quarter ending: June/September/December/March Year:-
Date of report:
S. Date Name of Registratio Type Details of PAN Date of Date of

No. of the n number of changes (incoming Chang approval
receip member INB/F/E chang Pre Pos entities) e by Stock
t INS e t Exchang
e
Type Description of Change

I Amalgamation, demerger, consolidation or any other kind of corporate restructuring
falling within the scope of section 230 of the Companies Act, 2013 or the
corresponding provision of any other law for the time being in force.
II Change in managing director, whole-time director or director appointed in
compliance with clause (v) of sub-rule (4A) of rule 8 of the Securities Contracts
(Regulation) Rules, 1957.
III Change in control.
IV Any change between the following legal forms - individual, partnership firm, Hindu
undivided family, private company, public company, unlimited company or statutory
corporation and other similar changes.
V In case of a partnership firm any change in partners not amounting to dissolution of
the firm.
VI Any other purpose as may be considered appropriate by the Stock Exchanges.
Guidelines to fill up the format and sending the same to SEBI
1. A separate annexure shall be submitted for each "Type of change" as specified

in the format.
2. The report shall be signed by an authorized representative of the Stock Exchange
and the same shall be stamped.
3. The Stock Exchanges shall furnish the report to SEBI by 7th day of month
following the end of each quarter.
4. The report shall be submitted by e-mail at [email protected]. A hard copy of the
report shall also be submitted to SEBI.
372
Annexure-33
Declaration-Cum-Undertaking
We M/s. (Name of the intermediary/the acquirer/person who shall have the

control), hereby declare and undertake the following with respect to the
application for prior approval for change in control of (name of the intermediary
along with the SEBI registration no.):
1. The applicant/intermediary (Name) and its principal officer, the directors or

managing partners, the compliance officer and the key management
persons and the promoters or persons holding controlling interest or persons
exercising control over the applicant, directly or indirectly (in case of an
unlisted applicant or intermediary, any person holding twenty percent or
more voting rights, irrespective of whether they hold controlling interest or
exercise control, shall be required to fulfill the ‘fit and proper person’ criteria)
are fit and proper person in terms of Schedule II of SEBI (Intermediaries)
Regulations, 2008.
2. We bear integrity, honesty, ethical behaviour, reputation, fairness and
character.
3. We do not incur following disqualifications mentioned in Clause 3(b) of
Schedule II of SEBI (Intermediaries) Regulations, 2008 i.e.
i. No criminal complaint or information under section 154 of the Code of
Criminal Procedure, 1973 (2 of 1974) has been filed against us by the
Board and which is pending.
ii. No charge sheet has been filed against us by any enforcement agency
in matters concerning economic offences and is pending.
iii. No order of restraint, prohibition or debarment has been passed against
us by the Board or any other regulatory authority or enforcement agency
in any matter concerning securities laws or financial markets and such
order is in force.
iv. No recovery proceedings have been initiated by the Board against us
and are pending.
v. No order of conviction has been passed against us by a court for any
offence involving moral turpitude.
vi. No winding up proceedings have been initiated or an order for winding
up has been passed against us.
vii. We have not been declared insolvent.
viii. We have not been found to be of unsound mind by a court of competent
jurisdiction and no such finding is in force.
ix. We have not been categorized as a wilful defaulter.
x. We have not been declared a fugitive economic offender.
4. We have not been declared as not ‘fit and proper person’ by an order of the
Board.
5. No notice to show cause has been issued for proceedings under
SEBI(Intermediaries) Regulations, 2008 or under section 11(4) or section
373
11B of the SEBI Act during last one year against us.
6. It is hereby declared that we and each of our promoters, directors, principal
officer, compliance officer and key managerial persons are not associated
with vanishing companies.
7. We hereby undertake that there will not be any change in the Board of
Directors of incumbent, till the time prior approval is granted.
8. We hereby undertake that pursuant to grant of prior approval by SEBI, the
incumbent shall inform all the existing investors/ clients about the proposed
change prior to effecting the same, in order to enable them to take informed
decision regarding their continuance or otherwise with the new
management.
The said information is true to our knowledge.
(stamped and signed by the Authorised Signatories)
374
Annexure-34
APPLICATION TO SEBI FOR OPENING OF WHOLLY OWNED

SUBSIDIARIES, STEP DOWN SUBSIDIARIES OR ENTERING INTO
JOINT VENTURES IN GIFT IFSC
Please read the instructions carefully before filling up the Application form:
1. Fill in all the particulars clearly.

2. The information should be complete in all respects.
3. Please attach the relevant enclosures.
4. The application shall be submitted through Stock Exchange / Clearing
Corporation along with NOC obtained from all the Stock Exchanges/
Clearing Corporations/Depositories, where the applicant is a
member/participant and other documents as listed in the present form.
II. GENERAL INFORMATION:
1 Details of all registrations of the applicant 1. Name of the entity (Earlier

company in India and abroad name, if any)
2. Type of Intermediary (If
Broker, names of
Exchanges and if DP,
name of the Depositories)
3. Registration Number
4. Date of Registration
2 Networth of the applicant company
(in Rs.)
3 Details of the following persons:
a) Promoters (Name and PAN
number)
b) Directors ( Name, DIN and PAN
number)
c) Key Person of the applicant (Name
and PAN number)
4 Details of regulatory action taken/
initiated/ pending, if any, against the
applicant/ promoters/ directors/key
personnel/ principal officer of the applicant
company (in
India/abroad)
375
5 Any fee remaining unpaid to SEBI by
applicant/ associates
6 Amount of proposed investment
(converted in Indian Rupees)
7 Whether the applicant is setting up a

Wholly Owned subsidiary (WOS) or a Step
Down
Subsidiary (SDS) or entering into Joint
Venture (JV) or acquiring stake in an
existing company.
8 Details of the proposed WOS/SDS/JV in a) Name of the proposed entity
GIFT IFSC (provide relevant details in in GIFT IFSC
case of equity participation in existing b) Purpose for setting up the
company or joint venture with a company) WOS/SDS/JV/Equity
Participation etc.
c) Nature of proposed
activities
2. UNDERTAKING
a) Pursuant to setting up Wholly Owned Subsidiary / investment in step down

subsidiary/joint venture, etc., we shall maintain networth for each category of
registration as per SEBI Act, 1992 & Regulations/ circulars issued there under
and bye laws/ rules/ regulations/ circulars, etc. issued by respective stock
exchanges/Depositories.
Signature
Name
Designation
Place:
Date:
III. ENCLOSURES:
a. Certificate of Networth:
i) Networth Certificate of the applicant based on the latest audited
results (in Rs.), duly certified by a Chartered Accountant.
376
ii) In case the above Networth Certificate is more than 6 months old,
then provide i) above as well as the latest provisional networth
certificate, duly certified by a Chartered Accountant.
b. NOC obtained from all the Stock Exchanges/Depositories where the
applicant is a member/ participant, in case the applicant is a Stock
Broker/Depository Participant.
c. Details of any non-compliance w.r.t ‘fit and proper person’ criteria as specified
in Schedule II of SEBI (Intermediaries) Regulations, 2008.
d. Declaration cum undertaking (format enclosed) with regard to compliance
with the ‘fit and proper person’ criteria as specified in Schedule II of SEBI
(Intermediaries) Regulations, 2008 duly stamped and signed by the
Authorized Signatories of the applicant.
e. Latest shareholding pattern of the applicant and list of the shareholders who
have controlling interest.
Declaration Cum Undertaking
We M/s. Name of the intermediary, having SEBI registration certificate in the

capacity of _______________ bearing registration number
________________ hereby declare and undertake the following w.r.t our
application for setting up WOS/SDS/JV in GIFT IFSC:
1. Name of the intermediary and its principal officer, directors or managing

partners, compliance officer, key management persons, promoters or
persons holding controlling interest or persons exercising control over the
intermediary directly or indirectly and person holding twenty percent or
more voting rights of the intermediary (hereinafter referred to as “We” or
“Us”) are fit and proper person as per requirement laid down in Schedule
II of SEBI (Intermediaries) Regulations, 2008.
2. We bear integrity, honesty, ethical behaviour, reputation, fairness and
character.
3. We do not incur following disqualifications mentioned in Clause 3(b) of
Schedule II of SEBI (Intermediaries) Regulations, 2008 i.e.
(i) No criminal complaint or information under section 154 of the Code
of Criminal Procedure, 1973 (2 of 1974) has been filed against us by
the Board and which is pending.
377
(ii) No charge sheet has been filed against us by any enforcement
agency in matters concerning economic offences and is pending.
(iii) No order of restraint, prohibition or debarment has been passed
against us by the Board or any other regulatory authority or
enforcement agency in any matter concerning securities laws or
financial markets and such order is in force.
(iv) No recovery proceedings have been initiated by the Board against
us and are pending.
(v) No order of conviction has been passed against us by a court for any
offence involving moral turpitude.
(vi) No winding up proceedings have been initiated or an order for
winding up has been passed against us.
(vii) We have not been declared insolvent.
(viii) We have not been found to be of unsound mind by a court of
competent jurisdiction and no such finding is in force.
(ix) We have not been categorized as a wilful defaulter.
(x) We have not been declared a fugitive economic offender.
4. We have not been declared as not ‘fit and proper person’ by an order of
the Board.
5. No notice to show cause has been issued for proceedings under SEBI
(Intermediaries) Regulations, 2008 or under section 11(4) or section 11B
of the SEBI Act during last one year against us.
6. It is hereby declared that we and each of our Promoters, Directors,
Principal Officer, Compliance Officer and Key Managerial Persons are not
associated with vanishing companies.
7. There is no outstanding SEBI fee payable by the intermediary.
The said information is true to our knowledge.
(stamped and signed by the Authorised Signatories)
378
Annexure-35 - Information regarding Grievance Redressal Mechanism
Dear Investor,
In case of any grievance / complaint against the Stock Broker / Depository Participant:
Please contact Compliance Officer of the Stock Broker/ Depository Participant (Name)
/ email-id ([email protected]) and Phone No. - 91-XXXXXXXXXX.
You may also approach CEO/ Partner/Proprietor (Name) / email-id ([email protected])

and Phone No. - 91-XXXXXXXXXX.
If not satisfied with the response of the Stock Broker/ Depository Participant, you may
contact the concerned Stock Exchange / Depository at the following:
Web Address Contact No. Email-id

NSE www.bseindia.com xxxxxxxxxx [email protected]
BSE www.nesindia.com Xxxxxxxxxx [email protected]
MSEI www.msei.in xxxxxxxxxx [email protected]
Web Address Contact No. Email-id

CDSL www.cdslindia.com xxxxxxxxxx [email protected]
NSDL www.nsdl.co.in xxxxxxxxxx [email protected]
You can also lodge your grievances with SEBI at http://scores.gov.in. For any queries,
feedback or assistance, please contact SEBI Office on Toll Free Helpline at 1800 22
7575 / 1800 266 7575.
379
Annexure-36
Investor Charter – Stock Brokers
VISION
To follow highest standards of ethics and compliances while facilitating the trading by
clients in securities in a fair and transparent manner, so as to contribute in creation of
wealth for investors.
MISSION
i) To provide high quality and dependable service through innovation, capacity

enhancement and use of technology.
ii) To establish and maintain a relationship of trust and ethics with the investors.
iii) To observe highest standard of compliances and transparency.
iv) To always keep ‘protection of investors’ interest’ as goal while providing service.
Services provided to Investors
• Execution of trades on behalf of investors.
• Issuance of Contract Notes.
• Issuance of intimations regarding margin due payments.
• Facilitate execution of early pay-in obligation instructions.
• Settlement of client’s funds.
• Intimation of securities held in Client Unpaid Securities Account (CUSA)

Account.
• Issuance of retention statement of funds.
• Risk management systems to mitigate operational and market risk.
• Facilitate client profile changes in the system as instructed by the client.
• Information sharing with the client w.r.t. exchange circulars.
• Redressal of Investor’s grievances.
Rights of Investors
380
• Ask for and receive information from a firm about the work history and
background of the person handling your account, as well as information about the
firm itself.
• Receive complete information about the risks, obligations, and costs of any
investment before investing.
• Receive recommendations consistent with your financial needs and

investment objectives.
• Receive a copy of all completed account forms and agreements.
• Receive account statements that are accurate and understandable.
• Understand the terms and conditions of transactions you undertake.
• Access your funds in a timely manner and receive information about any
restrictions or limitations on access.
• Receive complete information about maintenance or service charges,

transaction or redemption fees, and penalties.
• Discuss your grievances with compliance officer of the firm and receive prompt
attention to and fair consideration of your concerns.
Various activities of Stock Brokers with timelines
S.No. Activities Expected Timelines

1. KYC entered into KRA System 10 days of account opening
and CKYCR
2. Client Onboarding Immediate, but not later than one week
3. Order execution Immediate on receipt of order, but not
later than the same day
4. Allocation of Unique Client Code Before trading
5. Copy of duly completed Client 7 days from the date of upload of
Registration Documents to Unique Client Code to the Exchange by
clients the trading member
6. Issuance of contract notes 24 hours of execution of trades
7. Collection of upfront margin from Before initiation of trade
client
8. Issuance of intimations regarding At the end of the T day
other margin due payments
381
9. Settlement of client funds Monthly/ Quarterly for running account
settlement (RAS) as per the preference
of client.
If consent not given for RAS – within 24
hours of pay-out
10. ‘Statement of Accounts’ for Weekly basis (Within four trading days
Funds, Securities and of following week)
Commodities
11. Issuance of retention statement 5 days from the date of settlement
of funds/commodities
12. Issuance of Annual Global 30 days from the end of the financial
Statement year
13. Investor grievances redressal 30 days from the receipt of the
complaint
DOs and DON’Ts for Investors
DOs DON’Ts
1. Read all documents and conditions being 1. Do not deal with unregistered
agreed before signing the account opening stock broker.
form. 2. Do not forget to strike off
2. Receive a copy of KYC, copy of account blanks in your account
opening documents and Unique Client opening and KYC.
Code. 3. Do not submit an incomplete
3. Read the product / operational framework / account opening and KYC
timelines related to various Trading and form.
Clearing & Settlement processes.
4. Receive all information about brokerage, 4. Do not forget to inform any
fees and other charges levied. change in information linked
5. Register your mobile number and email ID to trading account and obtain
in your trading, demat and bank accounts confirmation of updation in
to get regular alerts on your transactions. the system.
6. If executed, receive a copy of Power of 5. Do not transfer funds, for the
Attorney. However, Power of Attorney is purposes of trading to anyone
not a mandatory requirement as per SEBI other than a stock broker. No
/ Stock Exchanges. Before granting Power payment should be made in
of Attorney, carefully examine the scope name of employee of stock
and implications of powers being granted. broker.
6. Do not ignore any emails /
7. Receive contract notes for trades
SMSs received with regards
executed, showing transaction price,
to trades done, from the
brokerage, GST and STT etc. as
Stock Exchange and raise a
382
applicable, separately, within 24 hours of concern, if discrepancy is
execution of trades. observed.
8. Receive funds and securities / 7. Do not opt for digital
commodities on time within 24 hours from contracts, if not familiar with
pay-out. computers.
9. Verify details of trades, contract notes and 8. Do not share
statement of account and approach trading password.
relevant authority for any discrepancies. 9. Do not fall prey to fixed /
Verify trade details on the Exchange guaranteed returns schemes.
websites from the trade verification facility 10. Do not fall prey to fraudsters
provided by the Exchanges. sending emails and SMSs
10. Receive statement of accounts luring to trade in stocks /
periodically. If opted for running account securities promising huge
settlement, account has to be settled by profits.
the stock broker as per the option given by 11. Do not follow herd mentality
the client (30 or 90 days). for investments. Seek expert
and professional advice for
11. In case of any grievances, approach stock
your investments.
broker or Stock Exchange or SEBI for
getting the same resolved within
prescribed timelines.
Grievance Redressal Mechanism
Level 1 – Approach the Stock Broker at the designated Investor Grievance e-mail ID
of the stock broker. The Stock Broker will strive to redress the grievance immediately,
but not later than 30 days of the receipt of the grievance.
Level 2 – Approach the Stock Exchange using the grievance mechanism mentioned
at the website of the respective exchange.
Level 3 – The complaint not redressed at Stock Broker / Stock Exchange level, may
be lodged with SEBI on SCORES (a web based centralized grievance redressal
system of SEBI) @ https://scores.gov.in/scores/Welcome.html
Complaints Resolution Process at Stock Exchange explained graphically:
383
satisfied with
• GRC order acceptable
with satisfied with satisfied with

explanation from Broker
Timelines for complaint resolution process at Stock Exchanges against stock

brokers
S. No. Type of Activity Timelines for activity

1. Receipt of Complaint Day of complaint (C Day).
2. Additional information sought from the C + 7 Working days.
investor, if any, and provisionally
forwarded to stock broker.
3. Registration of the complaint and C+8 Working Days i.e. T day.
forwarding to the stock broker.
4. Amicable Resolution. T+15 Working Days.
5. Refer to Grievance Redressal Committee T+16 Working Days.
(GRC), in case of no amicable resolution.
6. Complete resolution process post GRC. T + 30 Working Days.
7. In case where the GRC Member requires T + 45 Working Days.

additional information, GRC order shall
be completed within.
8. Implementation of GRC Order. On receipt of GRC Order, if
the order is in favour of the
investor, debit the funds of
the stock broker. Order for
debit is issued immediately or
384
as per the directions given in
GRC order.
9. In case the stock broker is aggrieved by

the GRC order, will provide Within 7 days from receipt of
intention to avail arbitration order
10. If intention from stock broker is received Investor is eligible for interim
and the GRC order amount is upto Rs.20 relief from Investor Protection
lakhs Fund (IPF). The interim relief
will be 50% of the GRC order
amount or Rs.2 lakhs
whichever is less. The same
shall be provided after
obtaining an Undertaking
from the investor.
11. Within 3 months112 from the
Stock Broker shall file for arbitration date of GRC recommendation
12. In case the stock broker does not file for The GRC order amount shall
arbitration within 3 months5 be released to the investor
after adjusting the amount
released as interim relief, if
any.
Handling of Investor’s claims / complaints in case of default of a Trading

Member / Clearing Member (TM/CM)
Default of TM/CM
Following steps are carried out by Stock Exchange for benefit of investor, in case
stock broker defaults:
•Circular is issued to inform about declaration of Stock Broker as Defaulter.
•Information of defaulter stock broker is disseminated on Stock Exchange website.
•Public Notice is issued informing declaration of a stock broker as defaulter and

inviting claims within specified period.
112
Words “6 months” replaced with “3 months” in view of Circular -
SEBI/HO/MIRSD/DOS3/P/CIR/dated June 3, 2022.
385
•Intimation to clients of defaulter stock brokers via emails and SMS for facilitating
lodging of claims within the specified period.
Following information is available on Stock Exchange website for information of

investors:
•Norms for eligibility of claims for compensation from IPF.
•Claim form for lodging claim against defaulter stock broker.
•FAQ on processing of investors’ claims against Defaulter stock broker.
•Provision to check online status of client’s claim.
386
Annexure-37
Format for Investor Complaints Data to be displayed by Stock Brokers on their

respective websites
Data for every month ending
S Receive Carried Receive Total Resolve Pending at the end Average

N d from forwar d Pendin d* of the Resoluti
d from during g month** on time^
previou the (in days)
s month
month
Pending Pending
for less for more
than 3 than 3
month month
s s
1 2 3 4 5 6 7 8
1 Directly
from
Investors
2 SEBI
(SCORE
S)
3 Stock
Exchang
es
4 Other
Sources
(if any)
5 Grand
Total
387
Trend of monthly disposal of complaints
SN Month Carried forward Received Resolved* Pending**

from previous
month
1 2 3 4 5 6
1 April -YYYY
2 May-YYYY
3 June-YYYY
4 July-YYYY
….
…..
March-YYYY
Grand Total
*Should include complaints of previous months resolved in the current month, if any.
**Should include total complaints pending as on the last day of the month, if any.
^Average resolution time is the sum total of time taken to resolve each complaint in the
current month divided by total number of complaints resolved in the current month.
Trend of annual disposal of complaints
SN Year Carried forward Received Resolved Pending at

from previous during the during the the end of the
year year year year
1 2017-18
2 2018-19
3 2019-20
4 2020-21
5 2021-22
Grand Total
388
Annexure-38
To be on Stamp / Franked Paper of appropriate value and notarized
AFFIDAVIT OF UNDERTAKING CUM INDEMNITY BOND TO BE SUBMITTED BY

MEMBER TO ………… [NAME OF THE STOCK EXCHANGE / CLEARING
CORPORATION]
This Undertaking cum Indemnity Bond is signed at Mumbai on this ________day

of _______, 20.
By
I/We, Member of ……….. [Name of The Stock Exchange / Clearing Corporation]

(bearing Trading / Clearing No. ________), having office at
…………………………………………………, (hereinafter referred to as “Member”,
which expression, unless repugnant to the context or meaning thereof, shall be deemed
to include its successors and assigns).
In favour of:
………………..Ltd., [Name of the Stock Exchange / Clearing Corporation] a

company incorporated under the Companies Act, 1956 having its registered office at
………………………………………………… (hereinafter referred to as “…..”,
which expression shall, unless repugnant to the context or meaning thereof, be deemed
to include its successors and assigns).
I/We hereby solemnly declare and undertake that:
Whereas the Securities and Exchange Board of India (hereinafter referred to as

“SEBI”) has issued circular dated July 01, 2020 on Standard Operating Procedure to
be followed in the case of trading member/clearing member leading to default
(hereinafter referred to as the “said circular”).
Whereas in terms of the said circular the …….. [Name of the Stock Exchange / Clearing
Corporation] has amended its bye-laws and is empowered …….. [Name of the Stock
Exchange / Clearing Corporation] to issue instructions to the concerned bank/s to
freeze the bank account/s maintained by the Member, for all debits / withdrawal by the
Member in the event of a potential default by the Member in meeting its obligations to
Stock Exchange / Clearing Member / Clearing Corporation and / or repayment of funds
/ securities to his / its clients.
Now, in consideration of the above, I / We do hereby agree and confirm

unconditionally to undertake that:
389
1) ………… [Name of the Stock Exchange / Clearing Corporation] is empowered
to instruct the concerned banks to freeze my / our bank accounts for all debits /
withdrawals from such accounts. The details of bank accounts held by me/ us are as
follows:
2) Any debits to such bank account, post freezing by the banks, shall be done only
on the express instructions to the said banks by ………… [Name of the Stock
Exchange/ Clearing Corporation].
3) ………… [Name of the Stock Exchange / Clearing Corporation] shall not be liable
in any way to me/us for any losses, claims, penalties, proceedings / actions, damages,
consequential or otherwise, arising there from or occasioned thereby.
4) No proceeding/suit/action/claims would be adopted by me/us against …………

[Name of the Stock Exchange/ Clearing Corporation] for any act done with respect to
issuance of instruction to the bank/s mentioned above for freezing of my/our account/s
held with the bank/s.
5) I / We agree to indemnify and keep ………… [Name of the Stock Exchange/

Clearing Corporation] and/or its successors/assigns indemnified from time to time, and
at all times hereafter, against all claims, demands, damages, liabilities, proceedings,
losses, actions, charges and expenses made or suffered or incurred or caused or likely
to suffer / incur directly or indirectly, to ………… [Name of the Stock Exchange/ Clearing
Corporation] and/or its successors/assigns on account of freezing of my/our account/s
held with bank/s.
6) I/ We shall keep the Bank appropriately notified of the obligations undertaken by

me / us herein and authorizing them to honour the instructions from ………… [Name of
the Stock Exchange / Clearing Corporation].
7) I / We undertake that a revised Undertaking cum Indemnity Bond shall be

submitted by me / us to ………… [Name of the Stock Exchange / Clearing Corporation]
within seven working days of opening of any new bank account or change in details of
any existing bank account,
8) This Undertaking cum Indemnity Bond shall be binding on my / our successors,

legal representatives and assigns.
9) I / We warrant that representations made by the undersigned / on behalf of the

Member are true and correct.
IN WITNESS WHEREOF, I/We hereby execute this Undertaking cum Indemnity Bond
on the day, month and year above written.
390
Solemnly declared at )
this ___ day of ______, 20 ) BEFORE ME
(Name of Designated Director)

(Name of Trading Member)
(with rubber stamp & SEBI Registration No.) In the presence of:
1.
2.
Note: Board Resolution for execution of the said undertaking cum indemnity and
authorization for signing the same should be enclosed along with the document.
391
Annexure-39 – Digital Mode of Payment
Dat Depart Name of Type of SEBI PA Amoun Purpose of Bank UTR

e ment of Intermed Interm Registrati N t (Rs) Payment name No.
SEBI iary / ediary on No. (If (including and
Other any) the period Accoun
entities for which t
payment number
was made from
e.g. which
quarterly, paymen
annually) t is
remitted
392
Annexure-40
Following FMC circulars shall stand repealed and relevant SEBI circulars shall be
applicable to all commodity derivatives exchanges including regional commodity
derivative exchanges for compliance by their members.
S. Subject FMC Circular being SEBI circulars being made

No. repealed applicable
I Segregation of No circular issued by FMC a) SMD/SED/CIR/93/23321
Client and Own dated Nov 18, 1993.
Funds and b) MRD/DoP/SE/Cir-
Securities 11/2008 dated Apr 17,
2008.
Ii Running Account a) FMC/4/2012/C/14 No. a) Clause 12 of Annexure A
Settlement 1/2/2012/IR-I/Client- to MIRSD/ SE /Cir-
Protect/ dated Feb 02, 19/2009 dated Dec 3,
2012. 2009.
b) FMC/4/2013/C/59 No. b) MIRSD /Cir/ 01/ 2011
1/2/2012/IR-I/Client- dated May 13, 2011.
Protect dated May 20,
2013.
c) No. 1/2/2012/IR-I/Client-
Protect dated Jun 25,
2013.
d) FMC/4/2014/C/121
FMC/2014/04/23-
Quarterly Settlement
dated Oct 17, 2014.
Iii Requirements with a) No.IRD/Div/(1)FMCR/1/2 a) Clauses 6,8,14,15,16,18
respect to Financial 005 dated Feb 14, 2006. and 19 of Annexure A to
Documents, PAN, b) Div. III/I/(53)/06/PAN No. MIRSD/ SE /Cir-19/2009
Inactive Clients etc. dated Nov 28, 2006. dated Dec 03, 2009.113
c) 9/3/2008-MKT-II dated b) CIR/MIRSD/01 /2013
Jan 12, 2009. dated Jan 04, 2013.
d) No. 18/1/2007/MKT-III c) CIR/MIRSD/64/2016
dated Feb 11, 2008. dated Jul 12, 2016.
e) No. 9/1/2009-MKT-I dated For new client accounts.
Dec 07, 2009.
f) No. 9/12009-MKT-I dated
113Words “Clauses 1 to 11 and Clauses 14 to 19 of Annexure A to MIRSD /SE/Cir-19/2009 dated Dec 3, 2009”
replaced with “Clause 6,8,14,15,16,18 and 19 of Annexure A to MIRSD/SE/CIR-19/2009 dated December 03,
2009” in view of Clauses 1,2,3,4,5,7,9,10,11 and 17 of SEBI Circular dated December 03, 2009, being
incorporated in various provisions of SEBI Circular CIR/MIRSD/16/2011 dated August 22, 2011 and FMC
Circular FMC/4/2011/G/30 dated December 16, 2011 and Annexures specified in these circulars.
393
Aug 10, 2010.
Iv In-Person Part C of a) Para 3 of MIRSD/Cir- 26
Verification FMC/4/2015/C/0015No. /2011 Dec 23, 2011.
FMC/COMPL/IV/KRA- b) Point 4 of Part
05/11/14 dated Mar 13, 2015. 'Instructions/Check List'
of Annexure 3 of Circular
CIR/MIRSD/16/2011
dated Aug 22, 2011.
V KRA FMC/4/2015/C/0015 No. a) MIRSD/Cir-23/2011
FMC/COMPL/IV/KRA- dated Dec 2, 2011.
05/11/14 dated Mar 13, 2015 b) Para 1 of MIRSD/Cir- 26
/2011 dated Dec 23,
2011.
Vi Anti-Money a) No.7/1/2008- MKT-II a) CIR/ISD/AML/3/2010
Laundering and dated Oct 30, 2009. dated Dec 31, 2010.
Maintenance of b) No.7/1/2008-MKT-II b) CIR/MIRSD/2/2013
Records dated Jan 25, 2010. dated Jan 24, 2013.
c) No. 7/1/2008-MKT-II c) CIR/MIRSD/1/2014
dated Aug 25, 2010. dated Mar 12, 2014.
d) FMC/4/2013/C/163; Div.
III / I/ 89 / 07 dated Dec
18, 2013.
e) No. 7/1/2013-MKT-1(A)
dated Feb 04, 2015.
Vii Dealing in Cash FMC/2/2014/C/23 No. MRD/SE/Cir- 33/2003/27/08
9/1/2014 -MKT-I dated Mar dated Aug 27, 2003.
12, 2014.
viii Guidelines on Pre- FMC/4/2011/G/0010FMC/Co CIR/MIRSD/03/2011 dated
funded Instruments mplt/Circular dated Sep 27, Jun 9, 2011.
2011.
Ix SMS and Email a) FMC/4/2012/C/13 No. CIR/MIRSD/15/2011 dated
alerts facility to FMC/IR-I/Client Aug 02, 2011.
clients protection/2012 dated
Feb 02, 2012.
b) FMC/Complt/Circular
dated Jun 04, 2012.
c) No:IR (2)/5/2012/SMS-
Email dated Dec 07,2012.
d) No.IR(2)/5/2012/SMS-
Email dated Jan 21, 2013.
e) No.IR(2)/5/2012/SMS/Em
ail dated Mar 01, 2013.
f) No.IR(2)/5/2012/SMS/Em
ail dated Mar 06, 2013.
g) No.IR(2)/5/2012/SMS/Em
ail dated May 15, 2013.
394
h) No.IR(2)/5/2012/SMS/E-
mail dated Jun 21, 2013.
X Contract Note a) No. 07/2008/COMP/LAD- a) SMDRP/Policy/Cir-
ENF/AD(SN)/6609 dated 56/2000 dated Dec 15,
Oct 27, 2009. 2000.
b) FMC/COMPL/IV/2010/03/ b) SMD/SE/15/2003/29/04
05/00011 dated Apr 19, dated Apr 29, 2003.
2011. c) MRD/DoP/SE/Cir-
c) Div.III/I/89/07 dated Mar 20/2005 dated Sep 8,
13, 2014. 2005.
d) Div.III/I/89/07 dated Dec d) Clause 13 of Annexure A
24, 2014. to MIRSD/ SE /Cir-
19/2009 dated Dec 3,
2009.
Xi Exclusive e-mail ID No circular issued by FMC MRD/DoP/Dep/SE/Cir-22/06
for redressel of dated Dec 18, 2006.
Investor Complaints
Xii Display of No circular issued by FMC a) Cir/MIRSD/ 9 /2010
information such as dated Nov 4, 2010.
logo, registration b) CIR/MIRSD/3/2014
number on notice dated Aug 28, 2014.
board and contract
note and investor
grievance redressal
mechanism on
notice board
Xiii Internal Audit No circular issued by FMC Para 7 to 11 of circular
MIRSD/Master Cir-04/2010
dated Mar 17, 2010.
Xiv Inspection of a) No. Div./III/I/301/2011- a) Para 2 to 6 of circular
brokers 12/Audit dated Dec 23, MIRSD/Master Cir-
2011. 04/2010 dated Mar 17,
b) No. Div./III/I/104/2008- 2010.
09/Audit dated Feb 02, b) CIR/MIRSD/13/2012
2012. dated Dec 07, 2012.
c) FMC/1/2014/C/50No.Div.I
II/I/300/2011-12/Audit
dated Apr 23, 2014.
d) FMC/1/2014/C/47 No.
FMC/1/2014/Audit/C
Dated Apr 23, 2014.
xv Change in control/ a) No.IRD-Div-III/1/143/10- a) MIRSD/MSS/Cir- 30/
constitution MR dated Aug 14, 2010. 13289/03 dated Jul 09,
b) Div:III/I/120/MR-2011/2 2003.
dated Apr 07, 2011. b) CIR/MIRSD/2/2011
c) FMC/6/2011/C/0018 No. dated Jun 3, 2011.
395
Div.III/I/68/MR/General c) CIR/MIRSD/14/2011
dated Sep 22, 2011. dated Aug 02, 2011.
d) FMC/6/2011/C/0019 No.
Div. III/I/157/10-MRDated
Sep 27, 2011.
e) FMC/4/2012/C/41 No.
Div. III/I/157/10-MR dated
Apr 04, 2012.
f) Div. III/I/10/MR dated Apr
30, 2015.
Xvi Procedure for a) FMC/6/2011/C/0018 No. MIRSD/MSS/Cir- 30/
surrender of Div.III/I/68/MR/General 13289/03 dated Jul 09, 2003.
membership dated Sep 22, 2011.
b) FMC/1/2014/C/146 dated
Dec 31, 2014.
c) No.Div.II/I/112/2015/Refu
nd of Deposit dated Jan
19, 2015.
d) No. III/I/10/MR dated Jul
08, 2015.
Xvii Guidelines on No circular issued by FMC CIR/MIRSD/24/2011 dated
Outsourcing of Dec 15, 2011.
Activities by
Intermediaries
xviii BPO/KPO services - No. S/1/2009/MD-I dated Mar a) Rule 8(1)(f) and 8(3)(f) of
Segregation thereof 28, 2011. SCRR, 1957.
from Commodity b) SMD/POLICY/CIR-6//97
Derivatives Market dated May 07, 1997.
xix Authorized Persons No.6/3/2008-MKT – II; a) MIRSD/ DR-1/ Cir- 16 /09
FMC/2/2012/G/3 dated Jan dated Nov 06, 2009.
11, 2012. b) Cir/MIRSD/AP/8/2010
dated Jul 23, 2010.
396
Annexure-41
Following FMC circulars are specific to commodity derivatives market.
Contents/norms specified in following circulars shall continue to be in force beyond
September 28, 2016. Provisions of these circulars shall be applicable to all commodity
derivatives exchanges including regional commodity derivatives exchanges for
compliance by their members.
S. No. Subject FMC Circular No. and Date

I Account Opening Process a) No.-FMC/4/2011/G/30 Ref. No.: Div.
III/I/89/07 dated Dec 16, 2011*.
b) Div.III/I/89/07 dated Aug 23, 2013.
c) F.No.FMC/COMPL/2013/10/30-
FSLRC/FSDC dated Mar 28, 2014.
d) Div.III/2/89/VOL IV dated Apr 23, 2014.
e) No. FMC/COMPL/IV/KRA-05/11/14
dated Feb 26, 2015.
Ii Customer Protection such as No.FMC/Comp/VI/2009/04/06/114/5787
keeping evidence of client dated Sep 16, 2009.
placing order
Iii Nomenclature of Stock a) 4/5/2005- M&S/MCX/Unit-II dated Apr 25,
brokers 2006.
b) No.IRD-DIV-III/I/FCR-I/2009 dated Dec
21, 2009.
c) No. DIV-III/I/122/10/MR dated Jun 25,
2010.
d) 6/3/2008-MKT – II dated Feb 18, 2011.
Iv Surrender of membership F.No.1/4/2009/MD-I dated Jul 20, 2009.
*All clauses to remain except to the extent as modified as described below. Annexure
- 3 (Rights and Obligations of Members, Authorized Persons and Clients) of Circular
No.-FMC/4/2011/G/30 Ref. No.: Div. III/I/89/07 dated Dec 16, 2011 is modified as
follows:
In Clause 30, for the words "in the Statement immediately but not later than 30
calendar days of receipt thereof, to the Member. A detailed statement of accounts
must be sent every month to all the clients in physical form. The proof of delivery of
the same should be preserved by the Member" the words "in the Statement within
such time as may be prescribed by the relevant Exchange from time to time where the
trade was executed, from the receipt thereof to the Stock broker" shall be substituted.
In Clause 31, for the words "monthly" the words "daily" shall be substituted.
Para 3 C.A.iv which restricted seeking authorization through non-mandatory

documents for any adjustment of funds among securities (stock) exchange and
commodities exchange, will not be applicable, if such adjustment is within the same
broking entity.
397
Annexure-42
Following FMC circulars shall stand repealed.
S. Subject FMC Circular No. and Date

No.
i Segregation of Client Accounts in FMC/2/2011/C/0008; No.9/1/2011-MKT/I
Commodity Futures Exchange and dated Sep 26, 2011.
Spot Exchanges
ii Member to obtain FMC Unique No. IRD/Div./III/(1)/FMCR/1/2005 dated Oct
Code 28, 2005.
iii Submission of networth certificate No. Div-III/I/122/10/MR dated Nov 22, 2010.
from the members
iv Nomenclature of Stock Brokers No. IRD-DIV-III/I/FCR-I/2009 dated Dec 21,
2009.
No. DIV-III/I/122/10/MR dated Jun 25, 2010.
6/3/2008-MKT –II dated Feb 18, 2011.
398
APPENDIX - LIST OF CIRCULARS / COMMUNICATION
Sr. Circular/ Notification No. and Date Subject

no
1. SEBI communication SE/10118 Listing fees from 1992-93 to 1996-97.
dated October 12, 1992.
2. SMD/SED/CIR/93/23321 dated Regulation Of Transactions Between
November 18, 1993. Clients and Brokers.
3. SMD/VRN/1476/95 dated April 27, Severance of connections with other
1995. businesses.
4. SMD/POLICY/CIR-6/97 dated May Applicability of Rule 8(1)(f) and 8(3)(f) of
07, 1997. the Securities Contract (Regulation)
Rules, 1957.
5. SMD/POLICY/CIRCULAR/30/97 Registration of Brokers.
dated November 25, 1997
6. SMD/POLICY/CIR-34/97 dated Conversion of individual membership
December 11, 1997. into Corporate membership.
7. SMD/POLICY/CIR-11/98 dated Additional information to be submitted at
March 16, 1998. the time of registration of Stock Broker
with SEBI.
8. FITTC/DC/CR-1/98 dated June 16, Derivatives Trading in India.
1998.
9. SMD/POLICY(BRK.REG.)/CIR- Merger/ Amalgamation of Trading
18/98 dated July 09, 1998. Members.
10. SMDRP/POLICY/CIR- 06/2000 Conditions to be met by Broker for
dated January 31, 2000. providing Internet Based Trading
Service.
11. SMDRP/Policy/Cir-48/2000 dated Securities Trading through Wireless
October 11, 2000. medium on Wireless Application Protocol
(WAP) platform.
12. SMDRP/POLICY/CIR-56/00 dated Use of Digital Signature on Contract
December 15, 2000 Notes
13. SMDRP/POLICY/CIR-39/2001 dated Unique Client Code.
July 18, 2001.
14. SMD/POLICY/CIR-49/2001 dated Advertisement by Brokers/ Sub-Brokers
October 22, 2001. and grant of trading terminals.
15. SMD/DBA-II/CIR-22/2002 dated Additional requirements for processing
September 12, 2002. applications of Stock Brokers for
Registration/ Prior approval for sale of
membership/ Change of name/ trade
399
name.
16. SEBI/SMD/SE/15/2003/29/04 dated Issuance of Contract Notes in electronic
April 29, 2003 form
17. SMD/DBA-II/Cir-16/9618/03 dated SEBI Registration Number of Brokers /
May 05, 2003. Sub-Brokers to be quoted on all
correspondences with SEBI.
18. SEBI/MIRSD/CIR-06/2004 January Review of norms relating to trading by
13, 2004. Members/Sub-Brokers.
19. MIRSD/DR-1/CIR-16/09 dated Market Access through Authorised
November 06, 2009. Persons.
20. MIRSD/SE/CIR-19/2009 dated Dealings between a client and a stock
December 03, 2009. broker (trading members included).
21. SEBI/MIRSD/MASTER CIR-04/2010 Master Circular on Oversight of Members
dated March 17, 2010. (Stock Brokers/Trading
Members/Clearing Members of any
Segment of Stock Exchanges and
Clearing Corporations).
22. SEBI/CIR/MIRSD/AP/8/2010 dated Market Access through Authorised
July 23, 2010. Persons.
23. CIR/MIRSD/9/2010 dated November Display of Details by Stock Brokers
04, 2010. (including Trading Members).
24. SEBI/MIRSD/CIR/01/2011 dated Clarification on circular dated December
May 13, 2011. 3, 2009 on ‘Dealings between a Client
and a Stock broker.
25. CIR/MIRSD/2/2011 dated June 03, Periodical Report – Grant of prior
2011. approval to members of Stock
Exchanges/Sub-Brokers.
26. CIR/MIRSD/03/2011 dated June 09, Pre- funded instruments / electronic fund
2011. transfers.
27. CIR/MIRSD/12/2011 dated July 11, Clarification regarding admission of
2011. Limited Liability Partnerships as
Members of Stock Exchanges.
28. CIR/MIRSD/15/2011 dated August SMS and E-mail alerts to investors by
02, 2011. Stock Exchanges.
29. CIR/MIRSD/16/2011 dated August Simplification and Rationalization of
22, 2011 Trading Account Opening Process
30. CIR/MIRSD/18/2011 dated August Redressal of investor grievances against
25, 2011. Stock Brokers and Sub-Brokers in SEBI
Complaints Redress System (SCORES).
400
31. MIRSD/SE/CIR-21/2011 dated Uniform Know Your Client (KYC)
October 05,2011. requirements for the securities market
32. CIR/MIRSD/24/2011 dated Guidelines on Outsourcing of Activities
December 15, 2011 by Intermediaries
33. CIR/MIRSD/13/2012 dated Oversight of Members (Stock
December 07, 2012. Brokers/Trading Members/Clearing
Members of any segment of Stock
Exchanges/Clearing Corporations).
34. CIR/MIRSD/5/2013 dated August 27, General Guidelines for dealing with
2013. Conflicts of Interest of Intermediaries,
Recognised Stock Exchanges,
Recognised Clearing Corporations,
Depositories and their Associated
Persons in Securities Market.
35. CIR/MIRSD/13/2013 dated Know Your Client Requirements
December 26, 2013
36. CIR/MIRSD/2/2014 dated June 30, Inter-Governmental Agreement with
2014. United States of America under Foreign
Accounts Tax Compliance Act –
Registration.
37. CIR/MIRSD/3/2014 dated August 28, Information regarding Grievance
2014. Redressal Mechanism.
38. CIR/MIRSD/4/2014 dated October Single registration for Stock Brokers &
13, 2014. Clearing Members.
39. CIR/MIRSD/2/2015 dated August 26, Implementation of the Multilateral
2015. Competent Authority Agreement and
Foreign Account Tax Compliance Act.
40. CIR/MIRSD/3/2015 dated Reporting Requirement under Foreign
September 10, 2015. Account Tax Compliance Act (FATCA)
and Common Reporting Standards
(CRS) – Guidance Note.
41. CIR/MIRSD/4/2015 dated Registration of Members of Commodity
September 29, 2015. Derivatives Exchanges.
42. CIR/MIRSD/64/2016 dated July 12, Simplification of Account Opening Kit
2016
43. CIR/MIRSD/66/2016 dated July 21, Operationalisation of Central KYC
2016 Records Registry (CKYCR)
44. SEBI/HO/MIRSD/MIRSD2/CIR/P/20 Regulatory Framework for Commodity
16/92 dated September 23, 2016. Derivatives Brokers.
401
45. SEBI/HO/MIRSD/MIRSD2/CIR/P/20 Enhanced Supervision of Stock
16/95 dated September 26, 2016. Brokers/Depository Participants.
46. SEBI/HO/MIRSD/MIRSD6/CIR/P/20 Redressal of complaints against Stock
17/20 dated March 10, 2017. Brokers and Depository Participants in
SEBI Complaints Redress System
(SCORES).
47. SEBI/HO/MIRSD/MIRSD1/CIR/P/20 Online Registration Mechanism for
17/38 dated May 02, 2017. Securities Market Intermediaries.
48. CIR/HO/MIRSD/MIRSD2/CIR/P/201 Clarification to Enhanced Supervision
7/64 dated June 22, 2017. Circular.
49. CIR/HO/MIRSD/MIRSD2/CIR/P/201 Policy of Annual Inspection of Members
7/73 dated June 30, 2017. by Stock Exchanges/Clearing
Corporations.
50. SEBI/HO/MIRSD/MIRSD1/CIR/P/20 Integration of broking activities in Equity
17/104 dated September 21, 2017. Markets and Commodity Derivatives
Markets under single entity.
51. CIR/HO/MIRSD/MIRSD2/CIR/PB/20 Clarification to Enhanced Supervision
17/107 dated September 25, 2017. Circular.
52. SEBI/HO/MIRSD/MIRSD2/CIR/P/20 Modification to Enhanced Supervision
17/123 dated November 29, 2017. Circular.
53. SEBI/HO/MIRSD/DOP1/CIR/P/2018 Circular on Prevention of Unauthorised
/54 dated March 22, 2018. Trading by Stock Brokers.
54. SEBI/HO/MIRSD/DOP/CIR/P/2018/ Discontinuation of acceptance of cash by
113 dated July 12, 2018 Stock Brokers
55. SEBI/HO/MIRSD/CIR/PB/2018/147 Cyber Security & Cyber Resilience
dated December 03, 2018 framework for Stock Brokers / Depository
Participants
56. SEBI/HO/MIRSD/DOP/CIR/P/2018/ Early Warning Mechanism to prevent
153 dated December 17, 2018 diversion of client securities
57. SEBI/HO/MIRSD/DOS2/CIR/P/2019 Reporting for Artificial Intelligence (AI)
/10 dated January 04, 2019 and Machine Learning (ML) applications
and systems offered and used by market
intermediaries
58. SEBI/HO/MIRSD/DOP/CIR/P/2019/ Uniform membership structure across
14 dated January 11, 2019 segments
59. CIR/HO/MIRSD/DOS2/CIR/PB/2019 Clarification to Cyber Security & Cyber
/038 dated March 15, 2019 Resilience framework for Stock Brokers
/ Depository Participants
402
60. CIR/HO/MIRSD/DOP/CIR/P/2019/7 Handling of Clients’ Securities by Trading
5 dated June 20, 2019 Members/Clearing Members
61. SEBI/HO/MIRSD/DOP/CIR/P/2019/ Cyber Security & Cyber Resilience
109 dated October 15, 2019 framework for Stock Brokers /
Depository Participants-Clarifications
62. SEBI/HO/MIRSD/DOP/CIR/P/2019/ Mapping of Unique Client Code (UCC)
136 dated November 15, 2019 with demat account of the clients
63. CIR/HO/MIRSD/DOP/CIR/P/2019/1 Collection and reporting of margins by
39 dated November 19, 2019 Trading Member(TM) /Clearing
Member(CM) in Cash Segment
64. SEBI/HO/MIRSD/DOP/CIR/P/2020/ Margin obligations to be given by way of
28 dated February 25, 2020 Pledge/ Re-pledge in the Depository
System
65. SEBI/HO/MIRSD/DOP/CIR/P/2020/ Implementation of Circular on ‘Margin
88 dated May 25, 2020 obligations to be given by way of Pledge
/ Re-pledge in the Depository System’ -
Extension
66. SEBI/HO/MIRSD/DPIEA/CIR/P/202 Standard Operating Procedure in the
0/115 dated July 01, 2020 cases of Trading Member / Clearing
Member leading to default
67. SEBI/HO/MIRSD/DOP/CIR/P/2020/ Collection and Reporting of Margins by
146 dated July 31, 2020 Trading Member (TM) / Clearing Member
(CM) in Cash Segment
68. SEBI/HO/MIRSD/DOP/CIR/P/2020/ Execution of Power of Attorney (PoA) by
158 dated August 27, 2020 the Client in favour of the Stock Broker /
Stock Broker and Depository Participant
69. SEBI/HO/MIRSD/DOP/CIR/P/2020/ Collection and Reporting of Margins by
173 dated September 15, 2020 Trading Member (TM) / Clearing Member
(CM) in Cash Segment - Clarification
70. SEBI/HO/MIRSD/DPIEA/CIR/P/202 Recovery of assets of defaulter member
0/186 dated September 28, 2020 and recovery of funds from debit balance
clients of defaulter member for meeting
the obligations of clients / Stock
Exchange / Clearing Corporation
71. SEBI/HO/MIRSD2/DOR/CIR/P/2020 Advisory for Financial Sector
/221 dated November 03, 2020 Organizations regarding Software as a
Service (SaaS) based solutions
72. SEBI/HO/MIRSD/DOC/CIR/P/2020/ Investor Grievance Redressal
226 dated November 06, 2020 Mechanism
403
73. SEBI/HO/MIRSD/DOP/CIR/P/2021/ Rollout of Legal Entity Template
31 dated March 10, 2021
74. SEBI/HO/MIRSD/DOR/CIR/P/2021/ Prior Approval for Change in control:
42 dated March 25, 2021 Transfer of shareholdings among
immediate relatives and transmission of
shareholdings and their effect on change
in control
75. SEBI/HO/MIRSD/DOR/CIR/P/2021/ Transfer of business by SEBI registered
46 dated March 26, 2021 intermediaries to other legal entity
76. SEBI/HO/MIRSD/DOP/P/CIR/2021/ Settlement of Running Account of
577 dated June 16, 2021 Client’s Funds lying with Trading Member
(TM)
77. SEBI/HO/MIRSD/DOP/P/CIR/2021/ Block Mechanism in demat account of
595 dated July 16, 2021 clients undertaking sale transactions
78. SEBI/HO/MIRSD/DOP/CIR/P/2021/ Maintenance of current accounts in
653 dated October 28, 2021 multiple banks by Stock Brokers
79. SEBI/HO/MIRSD/MIRSD_IT/P/CIR/ Framework for Regulatory Sandbox
2021/0000000658 dated November
16, 2021
80. SEBI/HO/MIRSD/DOP/CIR/P/2021/ Publishing Investor Charter and
676 dated December 02, 2021 disclosure of Investor Complaints by
Stock Brokers on their websites
81. SEBI/HO/MIRSD/DoP/P/CIR/2022/4 Execution of ‘Demat Debit and Pledge
4 dated April 04, 2022 Instruction’ (DDPI) for transfer of
securities towards deliveries / settlement
obligations and pledging / re-pledging of
securities
82. SEBI/HO/MIRSD/DoR/P/CIR/2022/6 Guidelines for seeking NOC by Stock
1 dated May 13, 2022 Brokers / Clearing Members for setting
up Wholly Owned Subsidiaries, Step
Down Subsidiaries, Joint Ventures in
GIFT IFSC
83. SEBI/HO/MIRSD/DPIEA/CIR/P/202 Modification to Standard Operating
2/72 dated May 27, 2022 Procedure in the cases of Trading
Member / Clearing Member leading to
default
84. SEBI/HO/MIRSD/DOS3/P/CIR/2022 Investor Redressal Grievance
/78 dated June 03, 2022 Mechanism
85. SEBI/HO/MIRSD/TPD/P/CIR/2022/8 Modification in Cyber Security and Cyber
0 dated June 07, 2022 resilience framework for Stock Brokers /
404
Depository Participants
86. SEBI/HO/MIRSD/ Naming / Tagging of demat accounts

MIRSD_DPIEA/P/CIR/2022/83 maintained by Stock Brokers
dated June 20, 2022
87. SEBI/HO/MIRSD/TPD/P/CIR/2022/9 Modification in Cyber Security and Cyber
3 dated June 30, 2022 resilience framework for Stock Brokers /
Depository Participants
88. SEBI/HO/MIRSD/DoP/P/CIR/2022/1 Settlement of Running Account of
01 dated July 27, 2022 Client’s Funds lying with Trading Member
(TM)
89. SEBI/HO/MIRSD/DoP/P/CIR/2022/1 Block Mechanism in demat account of
09 dated August 18, 2022 clients undertaking sale transactions
90. SEBI/HO/MIRSD/DOP/P/CIR/2022/ Performance/return claimed by
117 dated September 02, 2022 unregulated platforms offering
algorithmic strategies for trading
91. SEBI/HO/MIRSD/DoP/P/CIR/2022/1 Validation of Instructions for Pay-In of
19 dated September 19, 2022 Securities from Client demat account to
Trading Member (TM) Pool Account
against obligations received from the
Clearing Corporations
92. SEBI/HO/MIRSD/MIRSD-PoD- Execution of ‘Demat Debit and Pledge
1/P/CIR/2022/137 dated October 06, Instruction’ (DDPI) for transfer of
2022 securities towards deliveries / settlement
obligations and pledging / re-pledging of
securities-Clarification
93. SEBI/HO/MIRSD/DOP/P/CIR/2022/ Block Mechanism in demat account
143 dated October 27, 2022 of clients undertaking sale
transactions-Clarification
94. SEBI/HO/MIRSD/MIRSD-PoD- Handling of Clients’ Securities by Trading
1/P/CIR/2022/153 dated November Members (TM)/ Clearing Members (CM)
11, 2022
95. SEBI/HO/MIRSD/DoP/P/CIR/2022/1 Extension of timelines for implementation
62 dated November 25, 2022 of SEBI circulars
SEBI/HO/MIRSD/MIRSD-PoD-
1/P/CIR/2022/137 and
SEBI/HO/MIRSD/DoP/P/CIR/2022/119
96. SEBI/HO/MIRSD/TPD- Framework to address the ‘technical
1/P/CIR/2022/160 dated November glitches’ in Stock Brokers’ Electronic
25, 2022 Trading Systems
405
97. SEBI/HO/MIRSD/MIRSD-PoD- Procedure for seeking prior approval for
2/P/CIR/2022/163 dated November change in control
28, 2022
98. SEBI/HO/MIRSD/MIRSD-PoD- Introduction of Investor Risk Reduction
1/P/CIR/2022/177 dated December Access (IRRA) platform in case of
30, 2022 disruption of trading services provided by
the Trading Member (TM)
99. SEBI/HO/MIRSD/MIRSD-PoD- Enhanced obligations and
1/P/CIR/2023/24 dated February responsibilities on Qualified Stock
06,2023 Brokers (QSBs)
100. SEBI/HO/MIRSD/MIRSD-PoD- Maintenance of a website by stock
1/P/CIR/2023/30 dated February 15, brokers and depository participants
2023
101. SEBI/HO/MIRSD/MIRSD-PoD- Nomination for Eligible Trading and
1/P/CIR/2023/42 dated March 27, Demat Accounts –Extension of timelines
2023 for existing account holders
102. SEBI letter dated June 24, 2008 SEBI letter number
MRD/DoP/NSE/129791/2008
103. SEBI letter dated March 31, 2015 SEBI letter number
MRD/DMS/OW/9500/2015
104. Email dated April 13, 2022 Issuance of Electronic Contract Notes
(ECN) through SMS/electronic instant
messaging services
406

SEBI Master Circular for Stock Broker 2023

Uploaded by

Copyright:

Available Formats

SEBI Master Circular for Stock Broker 2023

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SEBI Master Circular for Stock Broker 2023

Uploaded by

Copyright:

Available Formats

MASTER CIRCULAR

SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2023/71 May 17, 2023

All Recognized Stock Exchanges

Stock Brokers through Recognized Stock Exchanges

Subject: Master Circular for Stock Brokers

IV. Notwithstanding such rescission,

VI. This circular is available on SEBI website at www.sebi.gov.in.

API Application Programming Interface

1. Registration of Brokers - Verification of antecedents of the applicant1

2. Conversion of individual membership into corporate membership2

2.1. In case of corporatisation of individual membership, the individual member may

3. Additional information to be submitted at the time of registration of Stock

1 Reference: Circular SMD/POLICY/CIRCULAR/30/97 dated November 25, 1997.

4. Additional requirements for processing applications of Stock Brokers for

4.2.1 Application for registration of stock brokers:

4.2.2 Change of name applications for Brokers

a. Stock Exchanges shall ensure that change of name applications should

4 Reference: Circular SMD/DBA-II/CIR-22/2002 dated September 12, 2002.

4.3.2 In case of Exchanges which do not grant membership to the partnership

5. Merger/ Amalgamation of Trading Members5

5 Reference: Circular SMD/POLICY(BRK.REG.)/CIR-18/98 dated July 09, 1998.

6. Admission of Limited Liability Partnerships as Members of Stock Exchanges6

6.1 Securities Contract (Regulation) Rules, 1957 (hereinafter referred to as “SCRR

7. Single registration for Stock Brokers & Clearing Members7

7.2 Registration requirements will be as per the following guidelines:

7.2.1 If a new entity desires to register as a stock broker or clearing member

6 Reference: Circular CIR/MIRSD/12/2011 dated July 11, 2011.

8.1 Any person desirous of becoming a member of any commodity derivatives

9. Integration of broking activities in Equity Markets and Commodity Derivatives

8 Reference: Circular CIR/MIRSD/4/2015 dated September 29, 2015

10. Uniform Membership structure across segments10

10.1 SEBI has implemented the mechanism of single registration, whereby a

10.2.1 The membership structure as TM, Self-clearing Member (SCM), CM and

11. Online Registration Mechanism for Securities Market Intermediaries11

11.1 SEBI Intermediary Portal (https://siportal.sebi.gov.in) has been operationalized

12. Transfer of business by SEBI registered intermediaries to other legal entity12

“Business is transferred through regulatory process (pursuant to merger/

11 Reference: Circular SEBI/HO/MIRSD/MIRSD1/CIR/P/2017/38 dated May 02, 2017.

12.3 If the transferor ceases to exist, its certificate of registration shall be

12.4 In case of complete transfer of business by transferor, it shall surrender its

12.5 In case of partial transfer of business by transferor, it can continue to hold

13. Oversight of Members (Stock Brokers/Trading Members/Clearing Members of

13.1 Inspection of Members by Stock Exchanges / Clearing Corporations

13.1.3 The inspection shall cover:

a. Compliance with the relevant provisions of the Act, Rules and

b. Efficacy of the investor grievance redressal mechanism and

13.1.4 An illustrative list of common violations/deficiencies observed by SEBI in

13.2 Internal Audit

13.2.2 The audit shall cover, inter alia,

a. the existence, scope and efficiency of the internal control system,

b. compliance with the provisions of the SEBI Act, 1992, Securities

c. data security and insurance in respect of operations, and

d. efficacy of the investor grievance redressal mechanism and

13.2.5 The Stock Exchange/Clearing Corporation shall initiate appropriate

13.3 Default in case of Multiple Membership

13.3.1 Whenever a member of any segment is declared defaulter, the

13.3.2 Immediately on receipt of the information about default of a member, the

13.3.3 The Stock Exchanges / Clearing Corporations shall take appropriate

a. who, directly or indirectly, by itself, or in combination with other

b. in respect of whom the member, individual or body corporate or firm,