📘 7.1 Guidelines under SEBI (LODR) Regulations 2015
📌 Definition
The SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 (LODR Regulations) provide comprehensive guidelines for listed entities concerning their obligations and disclosure requirements. These regulations apply to entities that have listed specific securities on recognized stock exchanges.
💡 Securities Covered under SEBI (LODR)
📑 Listed Securities
The listed entities covered by the LODR Regulations include those that have listed various securities such as specified securities on the main board, SME Exchange, or Innovators Growth Platform.
💼 Types of Securities
- Non-convertible securities
- Indian Depository Receipts (IDRs)
- Securitized debt instruments
- Security receipts
- Units issued by mutual funds
- Any other securities specified by SEBI
📋 Share Transfer Facility
🔄 In-house or RTA
Listed entities have the option to either manage the share transfer facility in-house or appoint a SEBI-registered Registrar to an Issue and Share Transfer Agent (RTA). If the listed entity manages the facility in-house, it must register as a Category II share transfer agent once the number of security holders exceeds 1 lakh.
📑 Category II Share Transfer Agent
Once the number of securities holders exceeds 1 lakh, the listed entity is required to either register with SEBI as a Category II share transfer agent or appoint a SEBI-registered RTA. This ensures compliance with SEBI regulations.
⚖️ Key Responsibilities
- Ensure compliance with share transfer facility requirements, either in-house or through an RTA.
- Maintain accurate records of securities holders and transactions.
- Adhere to the SEBI regulations regarding reporting, disclosure, and corporate governance.
💡 Example:
If a listed company, such as a mutual fund, has more than 1 lakh unit holders, it must either set up an in-house share transfer system or appoint an RTA registered with SEBI. The company would need to ensure compliance with SEBI’s LODR Regulations by submitting regular reports and maintaining accurate investor records.
📘 7.2 SEBI (Registrars to an Issue and Share Transfer Agents) Regulations 1993
📌 Definition
The SEBI (Registrars to an Issue and Share Transfer Agents) Regulations, 1993, regulate the registration, activities, and responsibilities of RTAs. These regulations define the roles and set the operational guidelines for RTAs in the securities market, ensuring proper record-keeping, transparency, and investor protection.
💡 Key Regulations and Definitions
📑 Registrar to an Issue
SEBI defines a registrar to an issue as the person or entity appointed by a body corporate or group to handle various tasks, such as collecting applications from investors, keeping records, assisting in allotment processes, and dispatching allotment letters and other documents.
📈 Share Transfer Agent
A Share Transfer Agent maintains records of holders of securities and handles matters related to their transfer and redemption. If the total number of holders exceeds 1 lakh, the company must either appoint an RTA or register as a Category II share transfer agent with SEBI.
📑 Application for Registration
📄 Registration Process
Entities must apply for registration with SEBI in the prescribed format and pay the non-refundable fees. The application must be evaluated based on factors such as infrastructure, experience, capital adequacy, and the integrity of partners and promoters.
🔑 Categories of Intermediaries
Applicants can register as Category I intermediaries (acting as both a registrar to an issue and share transfer agent) or Category II intermediaries (acting as either a registrar or transfer agent). SEBI evaluates the eligibility of the applicant based on various criteria.
💰 Capital Adequacy Requirements
🏦 Category I
For Category I intermediaries, the net worth requirement is ₹50 lakhs. This ensures that the entity has the financial stability to manage a large volume of transactions efficiently.
🏦 Category II
Category II intermediaries, who act as either a registrar to an issue or share transfer agent, require a net worth of ₹25 lakhs. This lower requirement reflects the more limited scope of their operations.
📋 Obligations and Responsibilities
- Adhere to the code of conduct as specified by SEBI (see Box 7.1)
- Maintain proper records and accounts for at least 8 years
- Appoint a compliance officer responsible for reporting non-compliance to SEBI
- Ensure that share transfer activities are conducted in an efficient and transparent manner
📜 Code of Conduct for RTAs
SEBI’s Code of Conduct for RTAs includes the following key points:
- Maintain high integrity in business conduct
- Fulfill obligations promptly, ethically, and professionally
- Exercise due diligence in the dematerialization of securities
- Ensure timely resolution of investor complaints
- Avoid conflicts of interest and ensure transparency
- Maintain confidentiality of investor data and provide unbiased services
💡 Example:
A company appoints an RTA to manage the transfer of shares. The RTA ensures compliance with SEBI regulations by maintaining investor records, processing share transfers, and addressing complaints promptly, while adhering to the required code of conduct.
📘 7.3 Enhanced Monitoring Guidelines for QRTAs
📌 Definition
Qualified Registrars and Transfer Agents (QRTAs) are market intermediaries managing over 2 crore folios. Given the volume of transactions handled by QRTAs, SEBI has prescribed enhanced monitoring requirements to ensure proper risk management, business continuity, and investor protection.
💡 Enhanced Monitoring Requirements
📉 Risk Management Policy
QRTAs are required to establish a comprehensive risk management policy. This includes identifying, assessing, monitoring, and managing risks, as well as establishing accountability for risk decisions in crisis situations.
🔄 Business Continuity Plan (BCP)
QRTAs must have a Business Continuity Plan (BCP) in place, including a Disaster Recovery Site (DRS) to ensure uninterrupted operations in case of failure at the primary processing location. The DRS must be capable of taking over operations independently at short notice.
📋 Record-Keeping and Data Protection
🗂 Record Integrity
QRTAs must maintain the integrity of electronic records and ensure that records are not lost or tampered with. Backup systems should be in place to protect against data loss, and records must be stored in a secure, accessible manner.
🔐 Data Protection Policy
QRTAs are required to implement a data protection policy, ensuring secure access to data and compliance with data privacy standards. This includes protocols for entities wishing to connect to the QRTAs’ database.
💼 Governance and Infrastructure
🏢 Scalable Infrastructure
QRTAs must ensure their infrastructure is scalable to handle growth. The Board of Directors must approve policies for technology upgrades and infrastructure improvements to meet service demands.
👥 Board of Directors
The QRTAs’ Board of Directors must oversee and address incidents affecting investor protection. They must also have committees such as the Audit Committee and IT Strategy Committee to ensure compliance and risk management.
📞 Investor Services and Redressal
💬 Investor Service Centers
QRTAs must maintain Investor Service Centers (ISCs) in at least 100 cities for mutual fund investors and provide adequate centers for other investors. They should also provide online services for complaints and queries, ensuring easy access for investors.
🔧 Grievance Redressal
QRTAs must have a complaint redressal mechanism in place that is investor-friendly and accessible. They must ensure timely resolution of complaints and track their status using a reference number.
💡 Example:
A QRTA that services a large number of mutual fund investors is required to maintain multiple Investor Service Centers across India. In addition, it must offer an online platform where investors can file complaints and track their resolution status in real-time, ensuring a smooth grievance redressal process.
📘 7.4 Cyber Security and Cyber Resilience Framework for QRTAs
📌 Definition
The rapid technological advancements in the securities market have made it essential for Qualified Registrars and Transfer Agents (QRTAs) to maintain a robust cyber security and cyber resilience framework. This ensures the protection of data integrity and guards against privacy breaches.
💡 Cyber Security and Cyber Resilience Framework
🔐 Cyber Security
Cyber security involves measures and tools designed to protect the systems, networks, and databases from cyber-attacks. It focuses on ensuring confidentiality, integrity, and availability of information.
⚙️ Cyber Resilience
Cyber resilience refers to an organization’s ability to prepare for, respond to, and recover from cyber-attacks, ensuring continuous operations despite disruptions.
📋 Key Components of the Cyber Security Policy
📈 Risk Identification and Protection
QRTAs are required to identify critical IT assets and assess the associated risks. Appropriate measures should be taken to protect these assets by deploying suitable controls and tools.
🔍 Detection and Response
QRTAs must have systems in place to detect incidents, anomalies, and attacks. Once detected, immediate actions should be taken to mitigate any impact.
🔒 Incident Management and Disaster Recovery
💻 Business Continuity Plan (BCP)
QRTAs must maintain a robust Business Continuity Plan (BCP) and Disaster Recovery Site (DRS) to recover operations in case of system failure, ensuring no data loss.
🌐 Recovery from Incidents
QRTAs must be capable of recovering from incidents quickly, ensuring minimal downtime. If critical systems are disrupted for more than 30 minutes, the QRTA should declare a disaster and restore operations within 45 minutes.
📋 Other Measures for QRTAs
🔧 CISO Appointment
QRTAs must appoint a Chief Information Security Officer (CISO) responsible for identifying and managing cyber security risks and ensuring adherence to the cyber resilience framework.
⚡ Incident Response Team (IRT)
QRTAs should form an Incident Response Team (IRT), comprising senior management, to declare a disaster and initiate recovery actions. The IRT ensures a timely response to cyber threats and disruptions.
📑 Data Access and Protection Policies
- QRTAs must define access control policies for data protection.
- Ensure confidentiality and integrity of investor data at all times.
- Implement secure communication channels for interaction with the database.
💡 Example:
If a QRTA faces a cyber-attack that impacts their system’s data, the response team would immediately implement the disaster recovery process from the DRS to resume operations and secure data integrity, ensuring minimal disruption to investor services.
📜 Compliance and Reporting
QRTAs must submit quarterly reports detailing any cyber-attacks, threats, or incidents they have faced, along with measures taken to mitigate these risks. This helps SEBI and other regulators stay informed and provide guidance on best practices.
📘 7.5 Systems Audit Framework
📌 Definition
The Systems Audit Framework prescribed by SEBI ensures that Mutual Funds (MFs) and Asset Management Companies (AMCs) maintain effective control over their IT systems. This framework is essential for the audit of systems and processes related to fund management, customer service, regulatory compliance, and other critical operations.
💡 Importance of Systems Audit
🔐 Front and Back Office Integration
The audit framework examines the integration of front-office systems with back-office operations, ensuring proper data flow and seamless communication between departments for efficient fund management.
📊 Financial Accounting and Reporting
The audit ensures that financial accounting systems for calculating Net Asset Values (NAVs), reporting, and unit-holder administration are functioning effectively to meet regulatory requirements.
📋 Systems Audit Requirements for RTAs
🔑 Master Controls
- Automated maker-checker mechanism for creating new schemes/funds
- Access restrictions for creating or updating master data (Customer, Scheme, Securities, etc.)
- Audit trails/logs of all changes and activities
- Controlled update of security prices from authorized sources
📈 Investor Servicing
- Automated controls for processing subscription and redemption requests
- Field-level validations and mandatory checks during subscription and redemption
- System records of all types of investor transactions
- Controls on brokerage computation and payouts
💡 Example:
For example, when a new mutual fund scheme is created, the system must use an automated maker-checker process to ensure it aligns with the Scheme Information Document (SID). This ensures accuracy and prevents fraudulent actions, maintaining the integrity of the scheme creation process.
📘 7.6 Ultimate Beneficial Owner
📌 Definition
The Ultimate Beneficial Owner (UBO) is the natural person who ultimately owns or controls an investment. The identification of UBO is crucial for preventing money laundering and ensuring the compliance with Know Your Customer (KYC) norms.
💡 Importance of Identifying UBO
📉 Preventing Money Laundering
Identifying the UBO helps prevent money laundering by ensuring that the true owner or controller of an investment is known and accounted for. This process is part of due diligence in the KYC procedures.
🔒 KYC Compliance
UBO identification is an essential part of ensuring compliance with KYC norms, ensuring that the individuals behind investments are transparent and can be held accountable for their actions.
📋 Criteria for UBO Identification
📊 Controlling Ownership Interest
UBO identification applies to entities other than individual investors. A person is considered a UBO if they have a controlling ownership interest, defined as:
- More than 10% of shares, capital, or profits in a company
- More than 10% of the capital or profits in a partnership or unincorporated body
- 10% or more interest in a trust
📑 Exemptions
The UBO requirements do not apply to listed companies or their subsidiaries. This is because the ownership and control of such entities are publicly available and easily identifiable.
💡 Example:
If a company has a shareholder who holds 12% of the company’s shares, this person would be considered the Ultimate Beneficial Owner (UBO). The RTA will collect information from this shareholder to comply with SEBI’s UBO guidelines.
📘 7.7 RTA Inter-operable Platform
📌 Definition
The RTA Inter-operable Platform, developed by RTAs, provides a unified interface for mutual fund transactions, service requests, and investor queries. It ensures seamless access to investor data and simplifies the transaction process for mutual fund investors.
💡 Key Features of the Inter-operable Platform
📈 Mutual Fund Transactions
The platform allows investors to easily perform transactions such as purchase, redemption, and switch between mutual fund schemes. It acts as a one-stop solution for mutual fund operations.
📉 Service Requests
Investors can initiate and track service requests such as updates to their contact details, bank account information, or other non-financial changes through the platform.
📊 Investment Reports
📑 Reports and Statements
The platform provides investors with access to investment-related reports such as mutual fund holdings, transaction reports, and capital gains/loss reports. Investors can easily track their portfolios and financial progress.
💬 Query and Complaint Management
Investors can use the platform to initiate and track queries and complaints. The system facilitates quick responses and ensures proper redressal of issues.
📜 Cyber Security and Compliance
The platform adopts SEBI’s Cyber Security and Cyber Resilience Framework, ensuring that investor data is protected and that the system is resilient to potential cyber threats. SEBI guidelines for Business Continuity Plans (BCP) and Disaster Recovery (DR) are also adhered to.
💡 Example:
An investor who wants to redeem their mutual fund units can log into the RTA inter-operable platform, submit the request, and track its status. The platform ensures secure and efficient processing of the transaction, with full transparency throughout the process.
