Compliance Blueprint
Who reads this section? Compliance officers signing the half-yearly compliance certificate. Internal and statutory auditors building their checklists. Ops leads slotting recurring items into the master calendar. Regulators verifying the broker’s compliance posture. New to the site? Try Choose Your Role first.
Operators come here to find “what must I do, by when, and what evidence proves I did it”. Rows are grouped by domain so each ops or compliance function can scan their own bucket. Each row links to the specific circular driving it on the per-issuer sub-pages.
- 400 compliance touchpoints inventoried across 16 domains.
- Each row is verifiable — has a named evidence artefact (file / report / log / certificate / attestation).
- Covers operational (daily / weekly / monthly / quarterly), one-time / strategic (admission, registration, FY closure), and edge cases (NRI, minor, joint, non-individual, transmission, dormancy, closure).
- 132 circular references didn’t match the per-issuer sub-pages — flagged inline for re-verification.
- AI-generated; read the linked circular before acting.
Conceptual overview
Section titled “Conceptual overview”Every broker must do a long list of things on a recurring schedule and a longer list of things triggered by events (a client onboards, a suspicious transaction surfaces, a margin shortfall happens, a system glitch occurs, a quarter closes). This page is the inventory: what to do, who owns it, what proves it was done, what happens if it wasn’t. The blueprint does NOT explain how to do each — that’s the role of per-domain deep-dive pages (separate sub-projects). It also doesn’t cover vendor selection — see the Vendor Atlas.
KYC lifecycle (41 entries)
Section titled “KYC lifecycle (41 entries)”| ID | Name | Regulator | Frequency | Owner | Trigger | Evidence | Penalty | Circulars | Notes |
|---|---|---|---|---|---|---|---|---|---|
| KYC-001 | Capture six-attribute KYC at onboarding | SEBI, NSE, BSE, MCX, CDSL, NSDL | event-triggered | Ops Lead | New client account-opening request submitted | Account-opening form (AOF) on file with Name, Address, PAN, valid mobile, valid email, income-range fields populated; UCC upload acknowledgement from exchange | Account creation blocked at UCC level; subsequent freeze of demat under NSDL/CDSL reason code 08; SEBI inspection finding | SEBI/HO/MIRSD/SECFATF/P/CIR/2023/169, NSDL/POLICY/2022/041, CDSL/OPS/DP/POLCY/2021/127 | Six attributes are the floor. PAN 4th-letter test (P for individual, H for HUF, T for Trust, etc.) drives segregation of HUF and non-individual onboarding pipelines. |
| KYC-002 | Upload KYC record to KRA | SEBI | event-triggered | Ops Lead | KYC pack assembled post-IPV / VIPV / Aadhaar e-KYC; before activation | KRA acknowledgement number (CVL/NDML/DOTEX/CAMS/KFintech) with status Registered or Validated; KRA download log | Client cannot trade until KRA validation; SEBI inspection observation; KRA mismatch attracts repeat data-correction load | SEBI/HO/MIRSD/SECFATF/P/CIR/2023/169, SEBI/HO/MIRSD/SECFATF/P/CIR/2024/41, SEBI/HO/MIRSD/FATF/P/CIR/2023/0144 | Intermediary may permit transactions once KYC is completed at the intermediary, even before KRA validates; unverified clients cannot transact further until validated. |
| KYC-003 | Upload KYC record to CKYCR (CERSAI) | SEBI, CERSAI | event-triggered | Ops Lead | New KYC or KYC modification; on or after 1 Aug 2024 dual upload mandate | CKYC reference / KIN issued by CERSAI; CKYC upload XML in archive; SFTP / API response payload | SEBI/CERSAI inspection observation; PMLA Rule 9 non-compliance; potential fine on reporting entity | SEBI/HO/MIRSD/SECFATF/P/CIR/2024/79, CKYC/2020/04, CKYC/2020/11 | KRAs upload to CKYCRR; intermediaries continue dual KYC fetch path. File specs per CKYC/2025/16 Data Hygiene. |
| KYC-004 | Search CKYCRR before fresh KYC upload | CERSAI | event-triggered | Ops Lead | Pre-onboarding KYC check | CKYC search log returning KIN or no-match response; multi-parameter search audit trail (Mobile, PAN, last-4 Aadhaar+Name+DOB+Gender) | Duplicate CKYC records create reconciliation cost; CERSAI legacy-data notes call this a substantive concern | CKYC/2026/08, CKYC Search Communique (December 2025) | Sequential search → download → fresh-upload mandated. SFTP bulk-search permitted for non-API REs with migration timeline. |
| KYC-005 | Apply OTP-based consent on CKYC download | CERSAI | event-triggered | Ops Lead | RE attempts download of an individual CKYC record from CKYCRR | OTP-validation API response (Download API v1.3); customer-consent record tied to mobile in CKYC profile | Download fails without OTP validation; data access blocked | CKYC/2025/02, CKYC/2025/04 | API v1.2 decommissioned 31 May 2025 (8 pm). SHA upgraded to SHA2. Aligns with DPDP Act consent requirements. |
| KYC-006 | Conduct In-Person Verification or VIPV | SEBI | event-triggered | Ops Lead | Onboarding without DigiLocker/Aadhaar OTP eKYC path | Geo-tagged time-stamped video file with random-utterance prompt; authorised-official attestation; image capture with metadata | KYC rejected at KRA; potential client-grievance escalation; SEBI MIRSD inspection finding | SEBI/HO/MIRSD/DOP/CIR/P/2020/73, SEBI/HO/MIRSD/SECFATF/P/CIR/2023/169 | Exempt for DigiLocker-fetched OVDs and Aadhaar OTP eKYC paths since April 2020. |
| KYC-007 | Validate Aadhaar via UIDAI for eKYC | SEBI, MeitY | event-triggered | Ops Lead | Customer chooses Aadhaar OTP eKYC route | UIDAI eKYC XML response with Aadhaar last-4 stored; authentication audit log per UIDAI sub-AUA agreement | Authentication failure halts onboarding; data localisation breach attracts MeitY action | SEBI/HO/MIRSD/DOP/CIR/P/2020/73, SEBI/HO/MIRSD/SECFATF/P/CIR/2023/169 | Aadhaar must be masked at storage (first 8 digits “X”, last 4 visible) — CDSL holding instruction CDSL/OPS/DP/POLCY/2024/580. |
| KYC-008 | Verify PAN with Income Tax database | SEBI | event-triggered | Ops Lead | PAN captured on AOF | NSDL e-Gov PAN-verification API response with status / name match; KRA PAN-validation flag | Account creation blocked on invalid PAN; deactivation under SEBI/HO/EFD1/EFD1_DRA4/P/CIR/2022/104 | SEBI/HO/EFD1/EFD1_DRA4/P/CIR/2022/104, SEBI/HO/MIRSD/SECFATF/P/CIR/2024/41 | PAN-Aadhaar linkage status decoupled from trade-permission per SEBI/HO/MIRSD/SECFATF/P/CIR/2024/41 (May 2024); freeze removed for previously suspended accounts (NSDL/POLICY/2024/0074). |
| KYC-009 | Trigger risk-based re-KYC | SEBI, RBI | event-triggered | Compliance Officer | 2 years (high-risk) / 8 years (medium-risk) / 10 years (low-risk) since last KYC | Re-KYC pack with refreshed OVDs; KRA update acknowledgement; customer intimation log (3 advance + 3 reminder) | SEBI inspection finding; PMLA non-compliance; potential account restriction | SEBI/HO/MIRSD/SECFATF/P/CIR/2023/169, SEBI/HO/MIRSD/FATF/P/CIR/2023/0144, RBI/2025-26/36 | RBI Amendment Directions 2025 extended low-risk re-KYC deadline to 30 Jun 2026; broker-side overlap for joint clients. |
| KYC-010 | Process address change request | SEBI, NSE, BSE, CDSL, NSDL | event-triggered | Customer Service Lead | Customer-initiated address update (online/physical) | New OVD scan; updated KRA record with KRA modification reference; CKYC update acknowledgement; depository ISR-1 (physical) or e-Sign trail | SEBI/RTA service-request circular violation; investor grievance | SEBI/HO/MIRSD/POD-1/P/CIR/2023/193, SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2023/37 | Updates propagate to all KRA-linked REs; CKYC bulk update file v1.3 referenced for batches. |
| KYC-011 | Update bank account on client record | SEBI, CDSL, NSDL | event-triggered | Customer Service Lead | Client requests change in primary bank for pay-in/pay-out | Cancelled cheque or bank statement on file; penny-drop verification log; UCC bank-update record; ledger reflecting new bank | Pay-out failure; SEBI Master Circular running-account violation; client grievance | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94, SEBI/HO/MIRSD/POD-1/P/CIR/2024/118 | Industry practice — penny-drop on every new bank; cooling-off period (24-48h) before first payout. |
| KYC-012 | Update nominee in trading/demat account | SEBI, CDSL, NSDL | event-triggered | Customer Service Lead | Customer adds/changes/removes nominee | Annexure-A (nomination) or Annexure-B (opt-out) on file; e-Sign Aadhaar / DSC / 2FA audit; depository BO-master nominee fields populated | Account freeze for trading/debit if no nomination or opt-out; investor grievance under SEBI Investor Charter | SEBI/HO/MIRSD/MIRSD-PoD/P/CIR/2025/04, SEBI/HO/MIRSD/MIRSD-PoD/P/CIR/2025/15, CDSL/OPS/DP/POLCY/2025/32, NSDL/POLICY/2025/0042 | Up to 10 nominees with percentage-allocation. Phase I effective 1 Mar 2025; phased extensions to Aug/Dec 2025. |
| KYC-013 | Add new trading segment to existing client | SEBI, NSE, BSE | event-triggered | Ops Lead | Existing client requests F&O / Currency / Commodity activation | Segment-activation form; financial-proof artefact (ITR / 6-month bank stmt / salary slip for derivatives); UCC segment-flag update | Unsuitable client activation triggers RM-policy breach; SEBI MIRSD inspection finding on suitability | SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2023/95, SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | Default registration on all active exchanges post 1 Aug 2023; segment-level financial-proof retained for derivatives. |
| KYC-014 | Update mobile number on account | SEBI, CDSL, NSDL | event-triggered | Customer Service Lead | Customer-initiated mobile-number change | OTP-verified new mobile; KRA mobile-update reference; depository BO-master mobile field updated; SMS/email confirmation to old and new mobile | Failure to deliver settlement/contract-note SMS attracts investor-charter breach; SEBI surveillance gap | SEBI/HO/MIRSD/POD-1/P/CIR/2023/193, NSDL/POLICY/2022/041, CDSL/OPS/DP/POLCY/2021/127 | Old mobile retained 7 days for revocation per industry practice. |
| KYC-015 | Update email on account | SEBI, CDSL, NSDL | event-triggered | Customer Service Lead | Customer-initiated email-id change | OTP-verified new email; KRA email-update reference; depository BO master updated; confirmation to old and new email | Contract-note delivery failure; SEBI inspection observation | SEBI/HO/MIRSD/POD-1/P/CIR/2023/193, NSDL/POLICY/2022/041 | Required as part of six-attribute mandatory set since 1 Apr 2022. |
| KYC-016 | Process name change post unfreeze | SEBI, CDSL, NSDL | event-triggered | Customer Service Lead | Marriage / legal name change / spelling correction | Gazette notification or marriage certificate; updated PAN reflecting new name; KRA name-update reference; depository ISR-2 form | Mismatch causes KRA rejection and chronic re-KYC loop; investor grievance | SEBI/HO/MIRSD/POD-1/P/CIR/2023/193, SEBI/HO/MIRSD/MIRSD_RTAMB/P/CIR/2021/655 | PAN name update at NSDL e-Gov is prerequisite — without it, KRA flag remains mismatched. |
| KYC-017 | Correct date of birth on KYC record | SEBI | event-triggered | Customer Service Lead | DOB mismatch flagged at KRA or by client | PAN/passport scan supporting correct DOB; KRA DOB-correction request and acknowledgement; CKYC update via Bulk Update file | Persistent DOB mismatch blocks KRA validation; segment activation impeded | SEBI/HO/MIRSD/SECFATF/P/CIR/2024/41, CKYC/NOTIF/2024/01 | CKYC bulk-update v1.3 supports DOB correction; care needed not to flip minor-to-major status accidentally. |
| KYC-018 | Flag dormant trading account | SEBI, NSE, BSE, MCX | monthly | Ops Lead | No trades across all exchanges for 12 months | UCC inactive flag in NSE/BSE/MCX systems; client intimation log; segregated funds/securities reporting | Holdings/fund-upload exemption lost without flag; SEBI inspection observation | NSE/INSP/43488, NSE/INSP/46506, NSE/INSP/49743 | 12-month rule across exchanges per NSE/INSP/43488 base. MCX uses 24-month definition for member-level inactivity (not in current circulars index — see OPEN_QUESTIONS). BSE INSP equivalent referenced in BSE master inactive-client framework. |
| KYC-019 | Reactivate dormant client after inactivity | SEBI, NSE | event-triggered | Ops Lead | Dormant client returns to trade after >12 months | Fresh KYC documentation, IPV log, suitability re-check; UCC inactive-flag removal record | Trading from non-reactivated account is unauthorised; SEBI inspection finding | NSE/INSP/49743, NSE/INSP/43488, NSE/INSP/46506 | Fresh KYC/IPV required only after 1 year of inactive status (i.e. 2 years post last trade); IPO/MF/DP-only activity exempt from re-KYC. |
| KYC-020 | Process voluntary account closure | SEBI, CDSL, NSDL | event-triggered | Customer Service Lead | Customer submits closure request (online/physical) | Closure form with signature/e-Sign; clearance of ledger debit; transfer/return of holdings; closure confirmation letter; UCC and BO-master closed status | Open account with credit balance attracts running-account-settlement non-compliance; investor charter grievance | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94, NSDL/POLICY/2025/0157, CDSL/OPS/DP/POLCY/2024/580 | Settle ledger and demat in same workflow; deactivate UCC across all exchanges. |
| KYC-021 | Suspend account for KYC non-compliance | SEBI, CDSL, NSDL | event-triggered | Compliance Officer | Six-attribute KYC incomplete past deadline OR KRA validation failure past 30 Apr 2026 | NSDL/CDSL freeze reason code 08 applied; client intimation log; reactivation pathway documented | Account frozen for debit and credit; client recourse only through completion of KYC | NSDL/POLICY/2026/0016, SEBI/HO/EFD1/EFD1_DRA4/P/CIR/2022/104 | Reason code 08 = KYC Non-compliant. Reason code 39 was earlier used for PAN-inoperative (now removed). |
| KYC-022 | Process forced closure under regulatory direction | SEBI | event-triggered | Compliance Officer | SEBI/exchange debarment order; sanctions match; fraud detection | Order copy; closure file with regulator reference; client communication; funds/securities return audit | Continued operation past order attracts contempt + SEBI Sec 11B action; reputational risk | SEBI/HO/EFD1/EFD1_DRA4/P/CIR/2022/104, SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2024/96 | Brokers’ institutional mechanism (Chapter IVA) ties detection to closure trigger. |
| KYC-023 | Process transmission for deceased single holder | SEBI, CDSL, NSDL | event-triggered | Customer Service Lead | Notice of demise received with documentary evidence | Death certificate; nominee KYC + Aadhaar/PAN; Annexure-C / Annexure-D transmission form; client-master flagged “Deceased”; CKYC “Deceased” flag via Update screen | Delayed transmission attracts investor-grievance; SEBI ODR/SCORES escalation | SEBI/HO/MIRSD/MIRSD-PoD/P/CIR/2025/04, SEBI/HO/MIRSD/MIRSD_RTAMB/P/CIR/2022/65, CKYC/2025/18, CDSL/OPS/DP/POLCY/2025/637 | Affidavit/indemnity/notarisation barred when nominee present (Jan 2025 SEBI nomination overhaul). New CKYC deceased-flag effective 19 Dec 2025. |
| KYC-024 | Process transmission to legal heirs without nominee | SEBI, CDSL, NSDL | event-triggered | Customer Service Lead | Demise of sole holder with no nomination on file | Succession certificate / probate / letters of administration / legal heirship certificate; standardised transmission request form; threshold check (Rs 5 lakh demat per BO across DPs) | Mishandling attracts grievance under SEBI ODR + civil litigation exposure | SEBI/HO/MIRSD/MIRSD_RTAMB/P/CIR/2022/65, SEBI/HO/MIRSD/MIRSD-PoD/P/CIR/2025/04 | Simplified-transmission threshold Rs 5 lakh demat / Rs 15 lakh physical per BO across DPs. |
| KYC-025 | Process transmission for deceased joint holder | SEBI, CDSL, NSDL | event-triggered | Customer Service Lead | Demise of one joint holder; surviving holder(s) initiate | Death certificate; deletion-of-name form; updated demat reflecting surviving holders; UCC update | Operational lapse attracts CDSL/NSDL inspection finding; investor grievance | SEBI/HO/MIRSD/MIRSD-PoD/P/CIR/2025/15, SEBI/HO/MIRSD/MIRSD_RTAMB/P/CIR/2022/65, NSDL/POLICY/2022/053 | Survivor mode operates regardless of holding mode for transmission; survivorship clarified in Feb 2025 amendments. |
| KYC-026 | Process transmission from nominee to legal heir | SEBI, CDSL, NSDL | event-triggered | Customer Service Lead | Nominee approaches DP/broker to onward-transfer to legal heir | Heirship document; CBDT-tagged “TLH” reason in SFT reporting (per Sep 2025 SEBI circular); demat debit instruction | Mis-tagged transfer triggers nominee tax assessment (capital gains) — investor grievance + civil liability | NSDL/POLICY/2025/0126, CDSL/OPS/DP/POLCY/2025/637 | Nominee acts as trustee for legal heir per Sep 2025 SEBI circular (SEBI/HO/MIRSD/MIRSD-PoD/P/CIR/2025/130). TLH reason-code prevents misallocation of capital-gains tax. |
| KYC-027 | Capture nominee opt-out via video declaration | SEBI | event-triggered | Customer Service Lead | Customer chooses to opt out of nomination | 30-day video declaration on file with random utterance; Annexure-B opt-out form with e-Sign / wet signature | Account freeze for debit if no opt-out and no nomination | SEBI/HO/MIRSD/MIRSD-PoD/P/CIR/2025/04, SEBI/HO/MIRSD/MIRSD-PoD/P/CIR/2025/15 | Video declaration introduced Jan 2025. Industry practice — randomised on-screen prompt to defeat replay attacks. |
| KYC-028 | Convert account to BSDA on eligibility | SEBI, CDSL, NSDL | event-triggered | DP Manager | Demat portfolio value falls within Rs 10 lakh threshold | BSDA conversion log; AMC slab calculation (nil up to Rs 4L, Rs 100 between Rs 4-10L); intimation to client | Failure to offer BSDA = SEBI MIRSD inspection observation; investor charter breach | SEBI/HO/MIRSD/POD-1/P/CIR/2024/91 | BSDA threshold raised from Rs 2 lakh to Rs 10 lakh w.e.f. 1 Sep 2024; auto-conversion to regular demat above Rs 10 lakh. |
| KYC-029 | Validate KYC attributes under risk-management framework | SEBI | as-required | Compliance Officer | KRA validation cycle on new and modified records | KRA validation status (PAN / name / address verified); FAQ-aligned attribute-validation log | Unvalidated client transactions blocked; SEBI inspection observation | SEBI/HO/MIRSD/SECFATF/P/CIR/2024/41, SEBI/HO/MIRSD/FATF/P/CIR/2023/0144 | Validation cadence simplified May 2024; legacy records carry over with reduced friction. |
| KYC-030 | Centralise FATCA/CRS self-certification at KRA | SEBI | event-triggered | Compliance Officer | New client onboarding / change in tax residency status / 90-day upload window for existing records | FATCA-CRS self-certification scanned; KRA upload reference; reasonableness-check note on file | Reporting Financial Institution (RFI) breach under Income-tax Rule 114F-H; PMLA reporting gap | SEBI/HO/MIRSD/SECFATF/P/CIR/2024/12 | Effective 1 Jul 2024; 90-day window from then for legacy uploads; intermediary retains reasonableness-check responsibility. |
| KYC-031 | Flag deceased customer in CKYCRR | CERSAI | event-triggered | Ops Lead | Confirmation of demise (death certificate received) | CKYCRR “Deceased” flag set with date-of-demise, documentary evidence, remarks; bulk update file v1.3 reference | Other REs cannot react to demise → fraud/identity theft risk; CERSAI inspection observation | CKYC/2025/18 | Effective 19 Dec 2025, 8 pm. Flagged records become non-downloadable; search returns ‘X’-prefixed KYC identifier. |
| KYC-032 | Use masked CKYC identifier in workflows | CERSAI | continuous | Ops Lead | All CKYC search/upload/download responses | System logs showing masked KYC identifier in search responses and confirmed-match responses; only download yields unmasked identifier with authentication | Storing/transmitting unmasked CKYC identifier violates DPDP-aligned data-minimisation; CERSAI inspection finding | CKYC/2024/04, CKYC/2024/06, CKYC/2024/08 | Production go-live deferred to 20 Jan 2025 (8 pm). No further extensions. |
| KYC-033 | Capture residential-status field at onboarding | CERSAI | event-triggered | Ops Lead | Individual / related-person of LE record creation | CKYCRR Personal Details capturing Resident Individual / NRI / Foreign National / PIO; OVD aligned to residential status | Mismatched residency causes FATCA/CRS reporting errors; CKYC rejection | CKYC/2025/03_Revised | Effective 30 May 2025, 8 pm. Foreign National can use foreign-govt-issued documents and embassy letters as address proof. |
| KYC-034 | Capture differently-abled-status fields at onboarding | CERSAI | event-triggered | Ops Lead | Customer disclosure of disability / UDID | Four CKYCRR fields populated (Differently Abled Status, Type of Impairment, Percentage of Impairment, UDID Number); bulk file v1.3 used | Failure to capture violates Hon’ble SC order dated 30 Apr 2025 on digital-KYC accessibility | CKYC/2025/11 | Effective 30 Sep 2025, 8 pm. |
| KYC-035 | Conduct enhanced due diligence on third-party CKYC vendor | CERSAI | as-required | Compliance Officer | Outsourcing of CKYC search/upload/download to third-party vendor | Vendor due-diligence file; access-control review log; outsourcing-agreement aligned to SEBI/CERSAI guidelines | RE liable for unauthorised downloads / unauthorised updates regardless of vendor failure; CERSAI advisory states no absolution | CKYC/2025/10 | Aligns with SEBI outsourcing guidelines; review internal access controls. |
| KYC-036 | Apply CKYC scan and image quality standards | CERSAI | continuous | Ops Lead | Scanning of OVDs and photograph at onboarding | 150-200 DPI resolution; photo 200x230 px max 100kb; file size cap 350kb individual / 5MB LE; permitted formats .tif/.tiff/.pdf/.jpeg/.jpg | CKYC upload rejection; reupload load | CKYC/2025/16, CERSAI/2023-24 | Data-hygiene reiteration; aligns with master list (Pin Code, District, State, Country) standardisation. |
| KYC-037 | Onboard NRI client with PIS letter | SEBI, RBI | event-triggered | Ops Lead | NRI seeks to trade equity on secondary market | PIS approval letter from AD-Bank; NRE/NRO bank linkage proof; passport + visa + overseas address proof | Non-PIS trading by NRI is FEMA non-compliance; broker exposure under FEMA Section 13 | SEBI/HO/MIRSD/SECFATF/P/CIR/2023/169, RBI Master Direction DBR.AML.BC.No.81/14.01.001/2015-16 | PIS distinct from FPI route; required for delivery-based equity. Bank issues one PIS letter per investor. |
| KYC-038 | Maintain NRI position-limit monitoring data flow | SEBI, NSE, BSE | continuous | Compliance Officer | NRI derivatives positions taken / position-limit aggregation cycle | PAN-based position aggregation report at exchange; broker submission to exchange aligned with cadence | Breach attracts SEBI Sec 15A penalty + exchange position-limit fine | SEBI/HO/MIRSD/MIRSD-PoD/P/CIR/2025/109 | Effective 1 Sep 2025. PAN-based linkage; exchange-level aggregation. |
| KYC-039 | Reject CP code mechanism for NRI (July 2025) | SEBI, NSE, BSE | continuous | Compliance Officer | Post 1 Sep 2025 — NRI client orders cannot route via CP code | UCC mapping showing direct broker linkage; absence of CP-code tagging on NRI trades | Trades rejected at exchange; client grievance + SEBI inspection finding | SEBI/HO/MIRSD/MIRSD-PoD/P/CIR/2025/109 | Industry interpretation of “operational efficiency” SEBI circular — direct member-side handling replaces CP-code intermediation for NRI position limits. |
| KYC-040 | Apply FATCA-mandatory flow for NRI onboarding | SEBI | event-triggered | Ops Lead | NRI onboarding regardless of US/India tax residency | FATCA-CRS self-certification with US-Person Yes/No; TIN if applicable; KRA upload of self-cert | RFI under-reporting attracts Income-tax penalty; FATF/OECD inter-government breach | SEBI/HO/MIRSD/SECFATF/P/CIR/2024/12, SEBI/HO/MIRSD/SECFATF/P/CIR/2023/169 | FATCA mandatory regardless of US-person status — declaration required to disprove. |
| KYC-041 | Maintain FPI exemption from CKYCRR upload | CERSAI, SEBI | continuous | Compliance Officer | Onboarding of Foreign Portfolio Investor | FPI registration certificate; account file noting CKYC-exempt status per Jan 2022 PML rule sub-rule (1A) exemption | Wrongful CKYC upload of FPI exposes data; CERSAI/SEBI inspection observation | CKYC/2022/01 | Gazette CG-DL-E-04012022-232403 dated 4 Jan 2022. Sub-rule 9(1A) of PML Rules does not apply to FPI. |
AML / PMLA / Sanctions (25 entries)
Section titled “AML / PMLA / Sanctions (25 entries)”| ID | Name | Regulator | Frequency | Owner | Trigger | Evidence | Penalty | Circulars | Notes |
|---|---|---|---|---|---|---|---|---|---|
| AML-001 | Register reporting entity on FINnet 2.0 | FIU-IND, SEBI | one-time | Principal Officer | New broker registration / migration from legacy FINnet 1.0 | FINnet 2.0 registration acknowledgement with RE-ID; PO and DD credentials; DSC enrolment | Cannot file STR/CTR/CCR/NTR/CBWTR; PMLA Section 13 action; reporting-entity inspection adverse finding | FIU-IND-FINNET2-REG-2023, FIU-IND-FINGATE-USERMANUAL-REPORTS | SEBI mirrored as SEBI/HO/DDHS/DDHS-POD1/CIR/P/2023/67 (9 May 2023). All capital-market REs migrated. |
| AML-002 | Appoint Designated Director under PMLA | FIU-IND, SEBI | event-triggered | Designated Director | Board resolution at incorporation / Director resignation / change | Board resolution; intimation to FIU-IND with name/DIN/contact; FINnet 2.0 DD profile updated | PMLA Section 13(2) — Rs 10,000 to Rs 1,00,000 per failure per day; reputational damage | SEBI/HO/MIRSD/SECFATF/P/CIR/2024/78, SEBI/HO/MIRSD/MIRSD-SEC-5/P/CIR/2023/022 | DD must be at Whole-Time / Managing Director level. Cannot delegate liability. |
| AML-003 | Appoint Principal Officer under PMLA | FIU-IND, SEBI | event-triggered | Principal Officer | Initial PMLA registration / PO transition | Board approval; PO appointment letter; FINnet 2.0 PO profile updated; minimum 3 years AML/legal/compliance experience evidenced | PMLA Section 13(2) per failure per day; FIU-IND can withhold RE registration | FIU-IND-PO-GUIDANCE-25022025, SEBI/HO/MIRSD/SECFATF/P/CIR/2024/78 | Management-level seniority; minimum 3 years AML experience; exclusive employment with single RE. |
| AML-004 | Submit STR to FIU-IND on FINnet 2.0 | FIU-IND | event-triggered | Principal Officer | Suspicious-transaction pattern identified by surveillance / employee report | STR filed on FINnet 2.0 (TS7 Brokerage Transaction Format) with reference number; DSC-signed XML; SMS receipt from FINnet | PMLA Section 13(2) Rs 10,000 to Rs 1,00,000 per day per failure; reputational risk; SEBI Sec 11B action | FIU-IND-REPORTING-FORMAT-V114, FIU-IND-FINGATE-USERMANUAL-REPORTS, SEBI/HO/MIRSD/SECFATF/P/CIR/2024/78 | No threshold for STR; must file within 7 working days of forming suspicion. |
| AML-005 | File CTR on FINnet 2.0 | FIU-IND | monthly | Principal Officer | Aggregate cash transactions > Rs 10 lakh in a calendar month OR connected cash series > Rs 10 lakh | CTR filed by 15th of succeeding month; FINnet 2.0 reference; DSC-signed XML | PMLA Section 13(2); SEBI MIRSD AML-inspection adverse finding | FIU-IND-CTR-BANKING-FORMAT, FIU-IND-REPORTING-FORMAT-V114 | Stock brokers seldom deal in cash; CTR usually nil-filed but registration and capability must exist. |
| AML-006 | File CCR on FINnet 2.0 | FIU-IND | event-triggered | Principal Officer | Counterfeit currency note discovered in client cash deposit | CCR filed via FINnet 2.0 with serial-number details; police FIR copy; FINnet acknowledgement | PMLA Section 13(2); RBI Detection of Forged Notes reporting overlap | FIU-IND-REPORTING-FORMAT-V114, SEBI/HO/MIRSD/SECFATF/P/CIR/2024/78 | Rare for capital-market REs but capability required under FIU-IND format suite. |
| AML-007 | File NTR on FINnet 2.0 | FIU-IND | monthly | Principal Officer | Non-profit organisation receipts >= Rs 10 lakh in a month | NTR filed by 15th of succeeding month; FINnet 2.0 reference; client KYC linkage | PMLA Section 13(2) | FIU-IND-REPORTING-FORMAT-V114 | Applies when broker has NPO clients; nil-filing common. |
| AML-008 | File CBWTR on FINnet 2.0 | FIU-IND | monthly | Principal Officer | Cross-border wire transfer >= Rs 5 lakh with origin/destination in India | CBWTR filed by 15th of succeeding month — sender (“P”) and receiver (“R”) legs reported separately; FINnet acknowledgement | PMLA Section 13(2) | FIU-IND-CBWT-FAQ, FIU-IND-REPORTING-FORMAT-V114, FIU-IND-EFT-REPORTING-FORMAT | Applies to NRI/FPI fund flows facilitated by broker; merchant remittances on behalf of clients in scope. |
| AML-009 | Classify client AML risk (Low/Medium/High) | SEBI, FIU-IND | continuous | Compliance Officer | Onboarding; subsequent material change; periodic review | Risk-score sheet on client master with rationale; risk-bucket persisted in CRM; review log | Misclassification undermines EDD / re-KYC cadence; SEBI inspection finding | SEBI/HO/MIRSD/SECFATF/P/CIR/2024/78, FIU-IND-CAPITAL-MARKET-ALERTS-2022-23 | Drives re-KYC frequency (KYC-009). Industry practice scores on country, occupation, source-of-funds, PEP status. |
| AML-010 | Screen client against UN/MHA sanctions lists | FIU-IND, SEBI | continuous | Compliance Officer | Onboarding; daily list refresh; periodic re-screening; UN list update | Sanctions-screening log with hit/no-hit, screening engine version, list version; freezing instruction copy if matched | UAPA Section 51A violation — funds-freezing failure; MHA action; PMLA breach | FIU-IND-UAPA-UNSC-UPDATE-21022025, FIU-IND-UAPA-UNSC-UPDATE-10012024, FIU-IND-UAPA-UNSC-UPDATE-14112023 | UNSC 1267/1989, MEA UAPA, MHA proscribed-entity list. Frozen funds reported to MHA via FIU-IND. |
| AML-011 | Identify beneficial owner (10% threshold) | SEBI, FIU-IND | event-triggered | Compliance Officer | Non-individual client onboarding; ownership-change disclosure | BO declaration with PAN/Aadhaar; shareholding pattern with traceback to natural persons; chain-of-control map | PMLA Section 13(2); SEBI inspection finding under AML Master Circular | SEBI/HO/MIRSD/SECFATF/P/CIR/2024/78, SEBI/HO/MIRSD/SECFATF/P/CIR/2023/091, FIU-IND-PMLR-AMEND-2023-03-07 | BO threshold lowered to 10% (from 25% companies / 15% partnerships) effective 7 Mar 2023. |
| AML-012 | Screen for and apply PEP enhanced due diligence | SEBI, FIU-IND | continuous | Compliance Officer | Onboarding; periodic re-screening; status-change disclosure | PEP screening hit/no-hit log; EDD pack (source-of-funds, source-of-wealth); senior-management approval on file | PMLA Section 13(2); SEBI AML Master Circular non-compliance | SEBI/HO/MIRSD/SECFATF/P/CIR/2024/78, FIU-IND-PMLR-AMEND-2023-03-07 | FATF-aligned PEP definition adopted via Mar 2023 PML rules; includes domestic + foreign + international-org PEPs and family/close associates. |
| AML-013 | Maintain group-wide AML/CFT policy | SEBI, FIU-IND | annual | Designated Director | Group with multiple SEBI/RBI-regulated entities; annual policy review | Board-approved group AML/CFT policy document; harmonised CDD across subsidiaries; host-country impediment-reporting log | PMLA Section 13(2); RBI Master Direction KYC group-policy non-compliance | SEBI/HO/MIRSD/SEC-FATF/P/CIR/2023/0170, FIU-IND-PMLR-AMEND-2023-03-07, RBI/2023-24/24 | Introduced via Sep 2023 PML rule amendments. Specific to brokers within larger NBFC/bank group structures. |
| AML-014 | Retain PMLA records for 5 years | FIU-IND, SEBI | continuous | Compliance Officer | Every client relationship; every reported transaction | Archival of transaction records, identification records, account files, business correspondence — 5 years post relationship; 10 years post relationship for SEBI AML Master Circular | PMLA Section 13(2); SEBI AML Master Circular Rs 10,000-1L/day; evidence-spoliation risk | SEBI/HO/MIRSD/SECFATF/P/CIR/2024/78, FIU-IND-PMLR-AMEND-2023-03-07 | Stricter SEBI 10-year retention from relationship termination prevails over PMLA 5-year minimum. |
| AML-015 | Conduct annual AML training for staff | SEBI, FIU-IND | annual | Compliance Officer | Calendar / financial-year cycle; new-hire onboarding | Training calendar; attendance log; assessment scores; certificates issued | SEBI MIRSD inspection observation; PMLA institutional-failure ground | SEBI/HO/MIRSD/SECFATF/P/CIR/2024/78, SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2024/96 | Tied to broker institutional mechanism Chapter IVA (Jul 2024) — annual surveillance/AML training requirement. |
| AML-016 | Conduct ongoing transaction monitoring | SEBI, FIU-IND | continuous | Surveillance Analyst | Every transaction; threshold/typology rule firing | Surveillance system rule library; alert disposition log; investigation case files; alert-to-STR conversion ratio | SEBI AML Master Circular non-compliance; PMLA Section 13(2); Chapter IVA breach | SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2024/96, SEBI/HO/MIRSD/SECFATF/P/CIR/2024/78, FIU-IND-CAPITAL-MARKET-ALERTS-2022-23 | FIU-IND 2022-23 alert indicators specifically call out off-market transfers, synchronised trades, mis-utilisation of client funds. |
| AML-017 | Apply EDD to high-risk client | SEBI, FIU-IND | event-triggered | Compliance Officer | Client risk score = High; PEP match; sanctions geography linkage; adverse-media hit | EDD pack (source-of-funds, source-of-wealth, employer verification, bank-statement review); senior-management approval; periodic 2-year re-KYC | PMLA Section 13(2); SEBI inspection finding | SEBI/HO/MIRSD/SECFATF/P/CIR/2024/78, FIU-IND-PMLR-AMEND-2023-03-07 | EDD reviewed at least every 2 years for high-risk clients per SEBI AML MC. |
| AML-018 | Monitor adverse media on clients | SEBI, FIU-IND | continuous | Compliance Officer | New onboarding; periodic review; alert-driven look-back | Adverse-media screening log; case file with article snapshots; disposition note (no action / EDD / STR / exit) | SEBI AML Master Circular non-compliance ground; FIU-IND inspection observation | SEBI/HO/MIRSD/SECFATF/P/CIR/2024/78 | Industry practice — third-party vendor for adverse-media; threshold tuned to avoid false positives. |
| AML-019 | Maintain board-approved customer acceptance policy | SEBI, FIU-IND | annual | Designated Director | Annual policy review; material regulation change | Board-approved CAP document; minutes referencing review; CAP-aligned onboarding workflow controls | PMLA institutional-failure ground; SEBI MIRSD inspection finding | SEBI/HO/MIRSD/SECFATF/P/CIR/2024/78 | CAP defines no-go categories (e.g., shell entities, sanctioned-jurisdiction residents) and EDD triggers. |
| AML-020 | Rely on third-party CDD with safeguards | SEBI, FIU-IND | event-triggered | Compliance Officer | KYC obtained from KRA / CKYCRR / group RE / regulated third party | Reliance agreement (where applicable); KRA/CKYC fetch logs with consent; ultimate-responsibility note that broker remains accountable | Sole reliance without verification — SEBI AML Master Circular Chapter VI breach | SEBI/HO/MIRSD/SECFATF/P/CIR/2024/78 | KRA + CKYCR dual-fetch under SEBI/HO/MIRSD/SECFATF/P/CIR/2024/79 leverages this provision. |
| AML-021 | Submit alert indicators report (capital markets) | FIU-IND | as-required | Surveillance Analyst | Detection of red-flag pattern listed by FIU-IND for capital markets | Internal disposition note tied to FIU-IND alert-indicator typology; STR if confirmed | PMLA Section 13(2); SEBI/FIU-IND inspection finding | FIU-IND-CAPITAL-MARKET-ALERTS-2022-23, FIU-IND-SEBI-MOU-2026 | FIU-IND Annual Report 2022-23 lists synchronised trades, spoofing, off-market transfers, client-fund mis-utilisation. FIU-IND-SEBI MoU 2026 commits to quarterly review of these. |
| AML-022 | Notify FIU-IND of host-country AML impediment | FIU-IND | event-triggered | Principal Officer | Foreign branch / subsidiary cannot implement AML/CFT due to host-country law | Notification letter to FIU-IND; mitigation-plan documentation | PMLA Section 13(2); cross-border AML enforcement risk | SEBI/HO/MIRSD/SEC-FATF/P/CIR/2023/0170, FIU-IND-PMLR-AMEND-2023-03-07 | Mostly applies to brokers with overseas branches; nil-filing common for purely domestic brokers. |
| AML-023 | Maintain UCIC-level CDD | RBI, SEBI | continuous | Compliance Officer | Same customer holds multiple products at same RE / group | UCIC mapping showing single CDD ID across products; CKYC update within 7 days of new info per RBI Nov 2024 amendment | PMLA non-compliance; RBI/SEBI inspection finding on duplicated CDD | RBI/2024-25/87, SEBI/HO/MIRSD/SECFATF/P/CIR/2024/78 | RBI Nov 2024 KYC MD amendment harmonises CDD across products; bank-broker groups benefit. |
| AML-024 | File annual AML compliance certificate | SEBI | annual | Compliance Officer | Financial-year close; SEBI Master Circular reporting cadence | Annual compliance report (ACR) filed with SEBI/exchanges containing AML compliance attestation | SEBI Sec 15HB penalty up to Rs 1 crore; member-disciplinary action | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94, SEBI/HO/MIRSD/SECFATF/P/CIR/2024/78 | Embedded in broker Master Circular reporting matrix. |
| AML-025 | Establish institutional mechanism for fraud / market abuse detection | SEBI | continuous | Designated Director | Chapter IVA applicability (QSB / >50,000 UCC / 2,001-50,000 UCC / <=2,000 UCC schedule) | Board-approved fraud-detection policy; surveillance dashboard; whistleblower mechanism; escalation log; Surveillance Obligation Report (SOR) submitted to exchange | SEBI Sec 11B action; QSB designation review; exchange disciplinary action | SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2024/96, SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2023/24, SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2024/14 | Staggered implementation — QSBs from 1 Aug 2024; <=2,000 UCC brokers from 1 Apr 2026. |
Margin compliance (30 entries)
Section titled “Margin compliance (30 entries)”| ID | Name | Regulator | Frequency | Owner | Trigger | Evidence | Penalty | Circulars | Notes |
|---|---|---|---|---|---|---|---|---|---|
| MARGIN-001 | Collect upfront VaR+ELM margin from clients in Cash segment | SEBI, NSE, BSE, NSCCL, ICCL | continuous | RMS Lead | Order entry / position taken by client in CM segment | Pre-trade margin-check log, client ledger margin block, MG-12/MG-13 client margin file | Short-collection penalty 0.5% of shortfall (less than Rs 1 lakh and less than 10% of applicable margin); 1.0% otherwise; passed-on-to-broker per NSE/INSP/64315 | SEBI/HO/MRD2/DCAP/CIR/P/2020/127, NSE/INSP/45565, NSE/INSP/46485, NSE/INSP/64315 | 20% upfront margin (in lieu of VaR+ELM) acceptable from client to avoid penalty (NSE/INSP/45534); CC continues to collect VaR+ELM basis. Penalty cannot be passed to clients save for client-attributable exceptions carved in NSE/INSP/64315. |
| MARGIN-002 | Capture four intraday peak-margin snapshots | SEBI, NSCCL, ICCL, MCXCCL | daily | RMS Lead | Clearing-corporation snapshot windows at 11:00-11:30, 12:30-13:00, 13:30-14:00, 14:30-15:00 (random pick per CC) | Peak-margin file (SA01/SA02/SA03 intraday), MGTM/MGCM file, AMGTM/AMGCM exports | Short-collection penalty on highest of four snapshots; combined with EOD shortfall, max-of-four computation | SEBI/HO/MRD2/DCAP/CIR/P/2020/127, NSE/INSP/46485, NCL/CMPT/45516, MCXCCL/C&S/08/2022 | Peak-margin requirement = maximum of intraday snapshots. SA01/02/03 = intraday at snapshot; SA04/05/06 = EOD/max. NCL: AMGCM/AMGTM at TM/CM level introduced via NCL/CMPT/56502. |
| MARGIN-003 | Submit Daily Margin File (MG-12/MG-13) to clearing corporation | NSCCL, ICCL, MCXCCL | daily | RMS Lead | EOD margin computation across CM/F&O/CD/Commodity segments | MG-12 (client margin), MG-13 (segment margin), MG-18 client-collateral file in CC SFTP folder | False-reporting attracts same penalty as false margin reporting; max-of-four penalty methods | NCL/CMPL/44977, NCL/CMPT/56502, MCXCCL/C&S/08/2022, NCL/CMPT/55381 | File names per CC nomenclature (NSE_FO_MG12_ |
| MARGIN-004 | Submit weekly Client Funding Report (CFR) to exchange | NSE, BSE, MCX | weekly | Compliance Officer | Every Friday (or first working day if Friday holiday) | Client-funding submission via ENIT-NEW-COMPLIANCE, T+1 holding-statement and bank-balance API submission | Per NSE/INSP/53530 enforcement grid; late/non-submission attracts disciplinary action | NSE/INSP/55039, NSE/INSP/52509, NSE/INSP/53530 | Migrated from weekly member-portal submission to daily API submission of Holding Statement and Bank Balances effective Jan 30, 2023 (NSE/INSP/55039). |
| MARGIN-005 | Run MTM end-of-day on F&O and commodity positions | NSCCL, ICCL, MCXCCL | daily | RMS Lead | EOD settlement price publication | MTM obligation in daily obligation report, client ledger MTM debit | Default if MTM not paid by next trading day pay-in cut-off; CC may invoke collateral | NCL/CMPT/61800, NCL/CMPT/61801, MCX/MCXCCL/805/2020 | MTM forms part of daily obligation report exported to members. For F&O: M2M settled in cash next morning pay-in. For commodity: per MCXCCL master. |
| MARGIN-006 | Compute SPAN initial margin via risk parameter file | NSCCL, ICCL, MCXCCL | continuous | RMS Lead | Each derivative position; CC publishes BOD/EOD risk parameter files | SPAN file (nsccl. | Shortfall triggers margin-shortfall penalty schedule | NCL/CMPT/44391, NCL/CMPT/61801, NCL/CMPT/56502 | VaR over MPOR (Margin Period of Risk). Parallel SPAN files issued from May 18, 2020 before SEBI revised margin framework go-live Jun 1, 2020 (NCL/CMPT/44391). |
| MARGIN-007 | Apply Extreme Loss Margin (ELM) on derivative positions | NSCCL, ICCL, MCXCCL | continuous | RMS Lead | All open derivative positions | ELM file (ael_ | Part of upfront margin obligation; shortfall triggers penalty | NCL/CMPT/44391, NCL/CMPT/61801, MCXCCL/RISK/184/2025 | ELM 1.25% on Crude Oil F&O short positions per MCXCCL/RISK schedule; review of ELM/IM framework periodic. |
| MARGIN-008 | Apply additional/surveillance margin on flagged trading members | NSE, BSE, NSCCL, ICCL | as-required | RMS Lead | Surveillance flag (order-spoofing pattern, position-limit breach) | Surveillance dashboard alert; additional-margin debit in CC ledger | 5% Additional Surveillance Margin on all open positions for order-spoofing members | NSE/SURV/41107, NSE/SURV/57315 | Original ASM-for-spoofing under NSE/SURV/41107 (May 2019). Risk-containment measure jointly with CC and SEBI; foundational for member surveillance dashboard. |
| MARGIN-009 | Avail cross-margin benefit on same-expiry offsetting positions | SEBI, NSCCL, ICCL | continuous | RMS Lead | Client holds correlated long/short F&O index/constituent positions same expiry | Spread-margin allocation in MG-12, cross-margin output file | No penalty; benefit lost on incorrect tagging | NCL/CMPT/61801, ICCL 20240426-38 | Item 10.13 of NCL/CMPT/61801 (CM-FNO). Spread margins same-expiry: 25% on index-constituent pairs; 30% on correlated-index pairs. |
| MARGIN-010 | Avail cross-margin benefit on different-expiry offsetting positions | SEBI, NSCCL, ICCL | continuous | RMS Lead | Client/prop holds offsetting positions across different expiries | Spread-margin allocation, cross-margin computation log | No penalty; benefit lost on ineligible pair | SEBI/HO/MRD/TPD-1/P/CIR/2024/124, NCL/CMPT/62978, ICCL 20240426-38 | Effective Jul 29, 2024. Spread margins different-expiry: 35% on index-constituent pairs; 40% on correlated-index pairs. Eligibility: correlation >0.90 over 6 months, 80% constituent overlap. Institutional positions post T+1 custodian confirmation. |
| MARGIN-011 | Apply delivery / tender-period margin on physical-settled contracts | NSCCL, ICCL, MCXCCL | event-triggered | RMS Lead | F&O contract enters delivery period; commodity contract tender window | Delivery margin column in MG-12 (DlvryMrgn), tender-period margin file | Shortfall in delivery margin = pay-in failure penalty | NCL/CMPT/61801, MCXCCL/C&S/058/2025 | Commodity tender-period margin 5% additional on outstanding positions over IM/special/additional in compulsory-delivery contracts; delivery-period margin higher of (a) 3% + 5-day 99% VaR of spot or (b) 25%. |
| MARGIN-012 | Honour margin shortfall penalty cascade by trading member | NSE, BSE, NSCCL, ICCL, MCX | daily | RMS Lead | Member-level / client-level margin shortfall on EOD or peak-margin snapshot | Margin-shortfall penalty debit in CM ledger; client-wise penalty file | 0.5% for shortfall <Rs 1 lakh and <10% applicable margin; 1.0% otherwise; max-of-four (CM/Client/Intra/EOD) method | NCL/CMPT/45516, NCL/CMPL/44977, NSE/INSP/64315, MCX/INSP/662/2024 | Penalty NOT to be passed on to clients save for specific client-attributable exceptions per NSE/INSP/64315. Members refund any penalties previously passed on. |
| MARGIN-013 | Collect upfront margin in cash segment (T+1 / T+0 cycle) | SEBI, NSE, BSE, NSCCL, ICCL | continuous | RMS Lead | Client buy or short-sell order in CM segment | Pre-trade margin block in OMS, client ledger debit | Short-collection penalty per NSE/INSP/64315; T+0 has differential brokerage allowed | SEBI/HO/MRD/POD-3/P/CIR/2024/172, SEBI/HO/MRD/MRD-PoD-3/P/CIR/2024/20 | T+0 expansion to top 500 scrips per SEBI/HO/MRD/POD-3/P/CIR/2024/172 (Dec 10, 2024) effective Jan 31, 2025; T+0 beta launched Mar 2024. |
| MARGIN-014 | Conduct pre-trade margin check at OMS level | SEBI, NSE, BSE, MCX | continuous | RMS Lead | Order receipt at OMS before exchange transmission | OMS audit trail (order-decision log), reject reason “insufficient margin” | Order rejection (positive control); systemic failure attracts inspection finding | NSE/FAOP/69296, SEBI/HO/MRD2/DCAP/CIR/P/2020/127 | Algo Market Order pre-emptive cancellation introduced per NSE/FAOP/69296 to prevent runaway market orders. NNF Terminal ID to Algo ID validation enforced. |
| MARGIN-015 | Apply intraday square-off rules on MIS/intraday product | NSE, BSE, MCX | continuous | RMS Lead | MIS/intraday product orders; auto square-off cutoff (e.g., 3:15 PM equity, 3:30 PM CDS) | Auto square-off log, order tag MIS=>delivery conversion log | Member-internal; CC penalty only on resulting open position margin shortfall | [no direct circular — industry practice] | Industry practice per individual member RMS policy; cited under client-rights disclosure. No SEBI circular prescribes specific time but margin framework requires intraday position closure if margin not delivered. |
| MARGIN-016 | Trigger auto square-off on margin shortfall (M2M cascade) | NSE, BSE, MCX, NSCCL, ICCL, MCXCCL | continuous | RMS Lead | Client margin utilization breaches threshold (typically 80% / 100%) | Square-off order tagged “RMS”; intimation to client (SMS/email) | Member-internal; resulting losses to client account | [no direct circular — industry practice] | RMS policy must be documented in client account-opening kit per Rights & Obligations document. Industry practice triggered at margin call levels. |
| MARGIN-017 | Segregate client-level margin at clearing corporation | SEBI, NSCCL, ICCL, MCXCCL | daily | RMS Lead | EOD margin allocation per UCC | SEG file (SEGCM/SEGTM), client-collateral allocation file, MG-18 | Short-allocation penalty per NCL/CMPT/55381 (SA01-SA06); five permitted reason codes | SEBI/HO/MRD2_DCAP/CIR/2021/0598, NCL/CMPT/51657, NCL/CMPT/55381, NCL/CMPT/55119 | Operational framework for client-level segregation effective Feb 28, 2022. Phased penalty: no penalties to Jul 31, 2022; partial (EOD-only) Aug 2022; full Feb 13, 2023. |
| MARGIN-018 | Report margin reporting at clearing-corp level (CM/TM hierarchy) | NSCCL, ICCL, MCXCCL | daily | RMS Lead | EOD margin file generation by CC | MGCM (CM-level), MGTM (TM-level) files | False-reporting penalty same as short-collection; reporting cadence violations attract NSE/INSP/53530 grid | NCL/CMPT/56502, NCL/CMPT/45516 | AMGCM (CM-level) and AMGTM (TM-level) files added Apr 2023 with EOD parameters (SPANMrgn, LossMrgn, DlvryMrgn, CnsltdCrstllsdOblgtnMrg, EndOfDayRqrmnt fields). |
| MARGIN-019 | Levy order-spoofing additional margin (SEBI Aug 2025 framework) | SEBI, NSE, NSCCL, ICCL | as-required | Surveillance Analyst | Surveillance identifies order-spoofing pattern over rolling lookback window | TM surveillance dashboard entry, additional-margin debit, quarterly TM report | 5% Additional Surveillance Margin on all open positions in flagged segment | NSE/SURV/41107, NSE/SURV/57315 | Spoofing-margin operationalized via NSE/SURV/41107 (May 2019); position-limit and ASM-for-spoofing consolidated in NSE/SURV/74008 (master Apr 2026). |
| MARGIN-020 | Honor margin collection in commodity derivatives (MCXCCL VSR) | SEBI, MCXCCL | continuous | RMS Lead | Open positions in commodity F&O | SPAN file MCX, Initial Margin / Special Margin file, MSBA file | MSBA (Margin Shortfall Block Amount) blocks margin limits; member-level shortfall penalty | MCX/MCXCCL/094/2026, MCXCCL/RISK/184/2025, MCX/MCXCCL/445/2020 | MSBA from member CM limits if MTM Loss prior day unpaid; SPAN methodology with VaR over MPOR per MCXCCL master. |
| MARGIN-021 | Maintain Crystallised Margin Obligation file (Consolidated Crystallised Obligation Margin) | NSCCL, ICCL, MCXCCL | daily | RMS Lead | Each trading day’s crystallised gains/losses | MG-12 CnsltdCrstllsdOblgtnMrg column; CCM file | Shortfall = margin shortfall penalty | NCL/CMPT/56502, NCL/CMPT/61801 | Margin on consolidated crystallised obligations covered in NCL/CMPT/61801 F&O master. |
| MARGIN-022 | Avail early-pay-in (EPI) for margin exemption | NSCCL, ICCL | daily | Settlement Ops | Client/member delivers securities before pay-in cutoff | EPI file in CC system; margin reduction reflected in MG-12 | No penalty; benefit lost if EPI files rejected | NCL/CMPT/61800, ICCL 20240710-11 | Item 10.18 of NCL/CMPT/61800 on EPI for Margin Exemption; sale via block mechanism considered as margin only on credit-entry of sale value (NSE/INSP/57112). |
| MARGIN-023 | Apply MTF (Margin Trading Facility) margin and collateral rules | SEBI, NSE, BSE, NSCCL, ICCL | continuous | RMS Lead | Client opts into MTF on eligible securities | MTF funded position log, CSMFA pledge file | Penalty for incorrect CSMFA maintenance; MTF disclosure mandatory in audit | NCL/CMPT/63669, SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | TMs offering MTF maintain CSMFA where client’s demat resides. Release-payout-with-pledge-in-favour-of-CSMFA(MTF) facility. Half-yearly networth certificate due Oct 31 for MTF members vs Nov 30 others. |
| MARGIN-024 | Maintain BMC/ABC at clearing corporation | NSCCL, ICCL, MCXCCL | continuous | Compliance Officer | Clearing membership active | BMC/ABC deposit confirmation, half-yearly networth certificate | Suspension of clearing rights; NSE/INSP/53530 enforcement grid | NSE/COMP/64293, NSE/COMP/58570 | BMC threshold per SEBI Gazette No. SEBI/LAD-NRO/GN/2022/73 dated Feb 23, 2022 (higher of Base or Variable Networth). |
| MARGIN-025 | Reduce un-approved-collateral haircut to 100% (phased) | SEBI, NSCCL, ICCL | continuous | RMS Lead | Member collateral pool contains securities outside approved list | Collateral file with haircut applied; margin available report | Higher haircut effectively reduces margin available — operational drag | ICCL 20240710-11, NCL/CMPT/65498 | Phased haircut Aug 2024: 40% (or VaR higher); 60% Sep; 80% Oct; 100% Nov 2024. Equity-shares non-cash collateral capped 25% per security. Overnight MFOS 5% haircut; other schemes VaR with min 9% from Aug 1, 2024. |
| MARGIN-026 | Withdraw margin benefit on G-Sec/T-Bill/SGB pre-maturity | NSCCL, ICCL, MCXCCL | continuous | RMS Lead | Two business days prior to G-Sec/T-Bill/SGB maturity | Collateral file showing zero margin-benefit two days before maturity | Margin shortfall if not replenished | NCL/CMPT/72224, MCXCCL/C&S/130/2024 | Quarterly approved-collaterals review; physical FDR min tenure 7 days; LIFO bank-exposure adjustment if 3-month average exposure drops. |
| MARGIN-027 | Apply 50% cash equivalent rule on collateral | SEBI, NSCCL, ICCL | continuous | RMS Lead | Member maintains margin via mix of cash & non-cash collateral | Cash-non-cash collateral split file, margin available report | Lower of (a) 50% non-cash limit, (b) non-cash actually deposited applies — reduces available margin | NCL/CMPT/61800, ICCL 20240710-11 | FY22-23 framework codified that member margin must be at least 50% from cash/cash-equivalents to avoid drag. |
| MARGIN-028 | Submit intraday short-allocation reports with reason codes | NSCCL, ICCL, MCXCCL | daily | RMS Lead | Client-level short allocation detected at peak-margin snapshot or EOD | INTRASAR file upload (R | False reporting attracts same penalty as false margin reporting; incremental daily penalty issued on T+6 | NCL/CMPT/55381, MCXCCL/C&S/102/2023, ICCL 20230126-1 | Five permitted reason codes (excess collateral at another CC, EPI of securities, wrong-client trades, NRI trades, late allocation acceptance). Effective Feb 13, 2023. |
| MARGIN-029 | Compute margin on SLBM (Securities Lending and Borrowing) positions | NSCCL, ICCL | continuous | RMS Lead | Client takes SLB borrow/lend position | SLBS settlement calendar, margin file for SLB | SLB-shortfall penalty per SLB settlement procedure | NCL/CMPT/61810, NCL/CMPT/67763, NCL/CMPL/55103 | Annual SLBS consolidated circular by NCL covers eligibility, margins, settlement. Annexure A (Type L first-leg) and Annexure B (Type P reverse-leg) per monthly settlement calendars. |
| MARGIN-030 | Apply Volatility Scan Range (VSR) revisions in commodity SPAN | MCXCCL | as-required | RMS Lead | MCXCCL backtesting triggers VSR change | Updated SPAN risk parameter file, member back-office reflects new VSR | Operational drag from increased margin; no direct penalty | MCXCCL/RISK/066/2025, MCXCCL/RISK/184/2025 | VSR Copper 5, Crude Oil 33, Gold 4, Natural Gas 6, Silver 6, Zinc 6 per Apr 2025 revision. Volatility Options VSR 20% on Crude Oil. |
Client funds (21 entries)
Section titled “Client funds (21 entries)”| ID | Name | Regulator | Frequency | Owner | Trigger | Evidence | Penalty | Circulars | Notes |
|---|---|---|---|---|---|---|---|---|---|
| CLIENT-FUNDS-001 | Maintain separate client-funds bank accounts (BA1/BA2/BA3) | SEBI, NSE, BSE, MCX | continuous | Funds Ops | Active broking membership | Bank-account-mapping file submitted to exchange; bank-account statements; daily bank book reconciliation | Co-mingling = principal-officer breach; per NSE/INSP/53530 enforcement grid | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94, NSE/INSP/57394, NSE/INSP/57041 | BA1 (own/proprietary), BA2 (clients-pure), BA3 (settlement). Daily reconciliation evidence required. |
| CLIENT-FUNDS-002 | Upstream daily client funds to clearing corporation | SEBI, NSCCL, ICCL, MCXCCL | daily | Funds Ops | EOD; client funds not utilised against EOD obligation | Upstream confirmation (cash, lien-on-FDR, pledge of MFOS); CC upstreaming-confirmation file | Failure attracts NSE/INSP/53530 grid; SEBI master-circular violation | SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2023/71, NCL/CMPT/57223, NSE/INSP/57041, NSE/INSP/57250 | SEBI Jun 8, 2023 (effective Jul 1, 2023). Forms: cash, lien on FDR, pledge of Mutual Fund Overnight Schemes (MFOS). Bank-CM exemption. Upstreaming/downstreaming cut-offs 07:00 PM (08:00 PM on Q-end per NCL/CMPT/72025). |
| CLIENT-FUNDS-003 | Settle running account on quarterly/monthly cadence | SEBI, NSE, BSE | quarterly | Funds Ops | First Friday/Saturday of settlement week (Jan-Mar, Apr-Jun, Jul-Sep, Oct-Dec quarters or chosen monthly cycle) | Running-account settlement statement to client; bank transfer confirmation; UCC-level credit-balance audit | SCORES complaint; inspection finding; NSE/INSP/53530 grid | SEBI/HO/MIRSD/POD-1/P/CIR/2023/193, SEBI/HO/MIRSD/MIRSD-PoD/P/CIR/2025/04, NSE/INSP/57394 | Friday/Saturday settlement week (SEBI Dec 28, 2023). 30-day non-traded-credit-balance refund per SEBI Jan 10, 2025 (effective Apr 1, 2025) regardless of chosen cycle. |
| CLIENT-FUNDS-004 | Capture and honour client’s quarterly-settlement-frequency choice | SEBI, NSE, BSE, MCX | as-required | Funds Ops | Account opening; client-driven change | Client preference flag in UCC backoffice; written/digital consent | Operational deviation = SCORES exposure; finding in inspection | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94, SEBI/HO/MIRSD/POD-1/P/CIR/2023/193 | Client may choose monthly or quarterly cycle; change permitted per Master Circular. Newly added 30-day non-traded refund overrides chosen cycle if applicable. |
| CLIENT-FUNDS-005 | Offer UPI-Block (ASBA-like) facility to clients (QSB-mandatory) | SEBI, NPCI, NSE, BSE, NSCCL, ICCL | continuous | Funds Ops | Active QSB membership; client opts in / non-QSB optional | UPI-Block UCC opt-in record; ASBA-like-trade settlement file; UCC flagged “Opted for UPI Block facility” | QSB enhanced-obligation non-compliance; SEBI enforcement | SEBI/HO/MIRSD/POD-1/P/CIR/2024/118, NCL/CMPT/58895, NSE/CMPT/66281 | Effective Feb 1, 2025 for QSBs. Alternative: 3-in-1 trading account. UCC deregistration request T-day made effective T-day. |
| CLIENT-FUNDS-006 | Park unidentified/suspense credits to SUSPE1234N UCC | SEBI, NSE | continuous | Funds Ops | Unidentified credit received in client bank account | SUSPE1234N UCC ledger; back-office allocation file | Inspection finding for unidentified funds not upstreamed | NSE/INSP/64053 | NSE clarification Sep 20, 2024 — compliance deadline Dec 19, 2024. SUSPE1234N created on member PAN in back office only (not in exchange UCC database; no orders permitted). |
| CLIENT-FUNDS-007 | Maintain stock-broker minimum net worth | SEBI, NSE, BSE, MCX | half-yearly | Compliance Officer | Half-year end (Mar 31, Sep 30) | Auditor-signed Networth Certificate via ENIT-NEW-COMPLIANCE; due Oct 31 (MTF members) / Nov 30 (others) | Per NSE/INSP/53530 disciplinary grid; trading-rights suspension | NSE/COMP/64293, NSE/COMP/58570, NSE/INSP/53530 | Higher of Base or Variable Networth per SEBI/LAD-NRO/GN/2022/73 (Feb 23, 2022). Variable Networth = capital-adequacy linked to client funds handled. MTF members earlier deadline. |
| CLIENT-FUNDS-008 | Maintain BMC (Base Minimum Capital) at exchange | NSE, BSE, MCX, NSCCL, ICCL, MCXCCL | continuous | Compliance Officer | Active trading-rights membership | BMC deposit confirmation; capital-adequacy report | Suspension of trading; CC blockage | NSE/COMP/64293, NSE/INSP/53530 | BMC per exchange category (commodity/equity/CD). Coupled with Variable Networth requirement. |
| CLIENT-FUNDS-009 | Maintain ABC (Additional Base Capital) for higher exposure | NSCCL, ICCL, MCXCCL | continuous | Compliance Officer | Member exposure exceeds BMC threshold | ABC deposit; collateral file at CC | Exposure-blocking if ABC short; trade rejection | NCL/CMPT/61800, NCL/CMPT/61801 | ABC adjusts member’s permissible gross exposure; consolidated in CM/F&O master circulars. |
| CLIENT-FUNDS-010 | Reconcile bank book daily across BA1/BA2/BA3 | SEBI, NSE, BSE, MCX | daily | Funds Ops | EOD bank account closure | Daily reconciliation report; T+1 holding/bank-balance API submission to exchange | NSE/INSP/53530 grid for non-submission; principal-officer breach | NSE/INSP/55039, NSE/INSP/52509 | Daily API submission of Holding Statement and Bank Balances effective Jan 30, 2023. Replaces weekly submission. |
| CLIENT-FUNDS-011 | Update client funds bank book (Form C / Form C1) | SEBI, NSE, BSE | daily | Funds Ops | Each client transaction (credit/debit) | Form C bank book; ledger trail; auditor confirmation | Stockbroker-regulation violation; books-and-records inspection finding | NSE/INSP/57394, SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | Form C maintained per SEBI Stock Brokers Regulations 1992. Periodic books-and-records inspection. |
| CLIENT-FUNDS-012 | Effect T+1 pay-out of funds to client bank account | SEBI, NSE, BSE, NSCCL, ICCL | daily | Settlement Ops | Client sell trade settled (T+1 default cycle) | Pay-out advice / NEFT confirmation; client ledger credit | Investor complaint via SCORES; running-account framework breach | SEBI/HO/MRD/MRD-PoD-3/P/CIR/2024/20, SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | Funds pay-out within 1 working day per running-account framework; sweep-out at quarterly cycle or trigger-based. |
| CLIENT-FUNDS-013 | Sweep-out client credit balance within one working day | SEBI, NSE, BSE, MCX | as-required | Funds Ops | Client credit balance not utilised against margin/obligation within 1 working day | Sweep-out NEFT/RTGS confirmation; client ledger zero-balance entry | SCORES complaint; principal-officer breach | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94, SEBI/HO/MIRSD/MIRSD-PoD/P/CIR/2025/04 | Tied to upstreaming framework — if funds remain with broker, must upstream or sweep. |
| CLIENT-FUNDS-014 | Refund credit balance to non-traded clients on 30-day rule | SEBI, NSE, BSE | monthly | Funds Ops | Client has not transacted in last 30 calendar days AND funds with broker >30 days | Auto-generated 30-day non-traded list; monthly running-account settlement | SCORES complaint; inspection finding | SEBI/HO/MIRSD/MIRSD-PoD/P/CIR/2025/04, SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | Effective Apr 1, 2025. Settlement on upcoming monthly running-account date irrespective of client-chosen cycle. |
| CLIENT-FUNDS-015 | Handle unclaimed funds via DEAF / Investor Protection Fund route | SEBI, NSE, BSE, RBI | as-required | Funds Ops | Unclaimed credit balance untraceable beyond defined period (typically 1+ years) | Unclaimed funds register; transfer letter; IPF transfer confirmation | Per SEBI Master Circular; IPF audit finding | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94, NSE/ISC/64967 | Mechanism for IPF transfer of unclaimed broker funds; periodic disclosure on IPF utilization. |
| CLIENT-FUNDS-016 | Deposit STT/GST/TDS within statutory window | SEBI, NSE, BSE, MCX | daily | Funds Ops | Each trade attracts STT/GST/TDS withholding | STT deposit challan T+1, GST GSTR-3B monthly return, TDS Form 26Q quarterly | Statutory interest + penalty under IT Act / GST Act | [no direct circular — industry practice] | STT collected at trade; GST collected on brokerage and other charges; remitted per IT/GST Act timelines. Audit per books-and-records. |
| CLIENT-FUNDS-017 | Disclose brokerage and statutory charges transparently | SEBI, NSE, BSE, MCX | continuous | Compliance Officer | Account opening; contract-note delivery for each trade | Contract Note Cum Tax Invoice (Annexure A) or separate CN + tax invoice (Annexure B) | Mis-selling complaint; SCORES; SEBI inspection | NSE/INSP/53115, SEBI/HO/MRD2/DCAP/P/CIR/2021/628 | Contract Note format revised post T+1 settlement intro (NSE/INSP/53115). Members choose CN-cum-tax-invoice (Annexure A) or separate (Annexure B). |
| CLIENT-FUNDS-018 | Settle client funds on account-closure | SEBI, NSE, BSE, MCX | event-triggered | Funds Ops | Online or offline closure request received from client | Closure form (online OTP/eSign auth); settlement-of-dues record; UCC code freeze | Investor complaint; SCORES | NSE/MSD/48662, NSE/MSD/57151 | Online closure mandatory since Aug 1, 2021 per NSE/MSD/48662. Members must inform clients via email/SMS/newsletter. |
| CLIENT-FUNDS-019 | Pay quarterly settlement guarantee fund contribution | NSCCL, ICCL, MCXCCL | quarterly | Compliance Officer | Quarter-end; CC contribution calculation | SGF contribution debit advice; quarterly statement | Default attracts CC-level enforcement; clearing-rights suspension | NCL/CMPT/61800, NCL/CMPT/61801 | Core SGF and IPF contributions specified in CM/F&O master circulars. Cited in MCXCCL master too. |
| CLIENT-FUNDS-020 | Reconcile DEMAT holding statements daily | NSE, BSE, MCX, CDSL, NSDL | daily | Funds Ops | EOD client holding snapshot | Daily T+1 API holding-statement submission; bank-balance API | Non-submission per NSE/INSP/53530 grid | NSE/INSP/55039, NSE/INSP/52509 | API spec and user manual via NSE/INSP/55039. Weekly submission decommissioned post Jan 30, 2023. |
| CLIENT-FUNDS-021 | Avoid pass-through of margin penalty to clients | SEBI, NSE, BSE, MCX | continuous | Compliance Officer | CC levies margin shortfall penalty on member | Member books debit (not client ledger); refund register for any prior pass-through | NSE/INSP/53530 disciplinary action; inspection finding | NSE/INSP/53525, NSE/INSP/49929, NSE/INSP/64315 | Members must refund any penalties previously passed on. NSE/INSP/64315 carves out specific client-attributable exceptions. |
Settlement (22 entries)
Section titled “Settlement (22 entries)”| ID | Name | Regulator | Frequency | Owner | Trigger | Evidence | Penalty | Circulars | Notes |
|---|---|---|---|---|---|---|---|---|---|
| SETTLEMENT-001 | Honour T+1 cash-market settlement obligation | SEBI, NSE, BSE, NSCCL, ICCL | daily | Settlement Ops | Trade-day completion; T+1 settlement cycle default since Jan 27, 2023 | Pay-in / pay-out files (NCL_FO/CM_ | Pay-in failure penalty per CC; close-out cost on member | SEBI/HO/MRD/MRD-PoD-3/P/CIR/2024/20, SEBI/HO/MRD2/DCAP/CIR/2021/0598, NCL/CMPT/61800 | T+1 default for all listed scrips since Jan 27, 2023. Implementation phased from Feb 25, 2022 onwards per SEBI/HO/MRD2/DCAP/CIR/2021/0598. |
| SETTLEMENT-002 | Offer T+0 optional settlement (top 500 phased) | SEBI, NSE, BSE, NSCCL, ICCL | daily | Settlement Ops | Eligible scrip and client opts in | T+0 settlement file (separate identifier); differential-brokerage disclosure | SCORES if differential brokerage not disclosed | SEBI/HO/MRD/POD-3/P/CIR/2024/172, SEBI/HO/MRD/MRD-PoD-3/P/CIR/2024/20, NCL/CMPT/61301 | Beta launched Mar 28, 2024 (top 25 scrips). Expanded to top 500 effective Jan 31, 2025. Trading window 09:15-13:30; settlement by 16:30. Custodian-settled clients allowed. |
| SETTLEMENT-003 | Conduct auction for short delivery in cash market | NSCCL, ICCL | daily | Settlement Ops | Short delivery at pay-in (CC shortage or internal shortage) | Auction settlement file; close-out rate file (Auction Delivery P_0000 / F_0000) | Auction difference + 20% mark above latest closing on auction-call day (close-out) | NCL/CMPT/71045, NCL/CMPT/71441, SEBI/HO/MRDPoD2/CIR/P/2024/00181 | Auction for both CC and internal shortages (per CMPT66688 dated Feb 14, 2025). Close-out rate = higher of highest scrip price in settlement-to-auction-date OR 20% above latest closing. |
| SETTLEMENT-004 | Effect direct-payout-to-demat to client (NSCCL/ICCL phased) | SEBI, NSE, BSE, NSCCL, ICCL, CDSL, NSDL | daily | Settlement Ops | Settlement pay-out day | Direct-payout file in depository; client demat credit; CSMFA pledge file for MTF | Mis-mapping = inspection finding; auction settlement default | SEBI/HO/MIRSD/MIRSD-PoD1/P/CIR/2024/75, NCL/CMPT/63669, ICCL 20250214-69, NCL/CMPT/66779 | Effective Nov 14, 2024 (NCL Phase 1); full direct payout from Jan 14, 2025. ICCL pilot Feb 25, 2025. Excludes custodian-cleared clients. Internal-shortage valuation = settlement price + 20% mark by noon settlement day. |
| SETTLEMENT-005 | Maintain TM CUSPA / CM CUSPA / TM CSMFA accounts | SEBI, NSCCL, ICCL, CDSL, NSDL | continuous | Settlement Ops | Direct-payout / MTF facility offered | CUSPA / CSMFA demat account confirmation; TM pool account split (NSDL primary demat) | Mis-mapping; inspection finding | NCL/CMPT/63669, NCL/CMPT/69455 | TMs maintain TM CUSPA only (or TM+CM CUSPA if TM-cum-CM). Self-clearing TMs = TM CUSPA only. Professional CMs = CM CUSPA only. MTF members = CSMFA where client’s demat resides. |
| SETTLEMENT-006 | Process EOD obligation file from clearing corp | NSCCL, ICCL, MCXCCL | daily | Settlement Ops | CC publishes EOD obligation file | NCL/ICCL/MCXCCL obligation file imported into back-office; reconciliation report | Default risks pay-in failure penalty | NCL/CMPT/61800, NCL/CMPT/61801, MCX/MCXCCL/805/2020 | Daily obligation report contains MTM, premium, delivery, special margin. File-format standardisation per CM master. |
| SETTLEMENT-007 | Upstream non-cash collateral via MFOS / FDR pledge | SEBI, NSCCL, ICCL | daily | Funds Ops | Client funds not utilised against EOD obligation | MFOS pledge file, lien-on-FDR confirmation, upstream-cash transfer | Failure to upstream = SEBI master-circular violation | NCL/CMPT/57223, SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2023/71, NSE/INSP/57250 | Three upstreaming forms: (a) cash, (b) lien on FDR, (c) pledge of Mutual Fund Overnight Schemes (MFOS). Bank-CM exemption applies. |
| SETTLEMENT-008 | Contribute to clearing-corp Core Settlement Guarantee Fund (Core SGF) | SEBI, NSCCL, ICCL, MCXCCL | quarterly | Compliance Officer | Clearing membership active | Core SGF contribution confirmation; quarterly statement | Default = suspension of clearing rights | NCL/CMPT/61800, NCL/CMPT/61801, MCX/MCXCCL/805/2020 | Core SGF specified in CM/F&O/MCXCCL master circulars covering risk-management framework. |
| SETTLEMENT-009 | Levy pay-in failure penalty / close-out cost | NSCCL, ICCL, MCXCCL | daily | Settlement Ops | Pay-in failure on settlement day | Close-out file (F_0000 for CC shortage); pay-in-failure penalty advice | Close-out rate = higher of highest scrip price in settlement-to-auction-date OR 20% above latest closing on auction-call day; SEBI Dec 30, 2024 master | SEBI/HO/MRDPoD2/CIR/P/2024/00181, NCL/CMPT/71441 | Internal-shortage close-out also covered; G-Secs/corporate-action scenarios handled by member. |
| SETTLEMENT-010 | Effect securities pay-in (broker pool to CC) | NSCCL, ICCL, MCXCCL, CDSL, NSDL | daily | Settlement Ops | Trade-day pay-in cut-off (varies T+1 vs auction T+2) | Depository pay-in confirmation; gross pay-in to CC required for direct-payout regime | Short-delivery triggers auction | NCL/CMPT/61800, NCL/CMPT/66779 | Cut-offs per CM master. Direct-payout regime requires gross pay-in to CC. |
| SETTLEMENT-011 | Effect funds pay-in (broker bank to clearing bank) | NSCCL, ICCL, MCXCCL | daily | Funds Ops | T+1 funds pay-in cut-off; UPI-block clients separate cut-off | Clearing-bank pay-in confirmation; member CM ledger debit | Default attracts pay-in-failure penalty; clearing-rights suspension | NCL/CMPT/61800, NCL/CMPT/72025 | Funds EPI 07:00 PM; UPI-block clients 06:00 PM (quarterly running-account settlement dates). Margin-report download 09:00 PM. |
| SETTLEMENT-012 | Handle block deal in dedicated window (Rs 10 Cr minimum) | SEBI, NSE, BSE | continuous | Settlement Ops | Client places block deal in dedicated window (morning/afternoon) | Block deal trade file; ±1% reference price; trade-confirmation | Trade rejection if outside band; SEBI/exchange inspection | SEBI/HO/IMD/DOF2/P/CIR/2022/69, NSE/CMTR/60813 | Block deal minimum Rs 10 Cr trade, ±1% reference price. ETFs added per NSE/CMTR/60813 (Feb 2024). |
| SETTLEMENT-013 | Handle pre-open call-auction session | NSE, BSE | daily | Settlement Ops | Pre-open session 09:00-09:15 (CM); IPO/SME-IPO/relisted scrip extended duration | Pre-open trade file; transparency disclosure of number and quantity in pre-open call | NSE/INSP/53530 grid for non-compliance | NSE/CMTR/63915, NSE/CMTR/61813, SEBI/HO/MRD/MRD-PoD-3/P/CIR/2024/85 | IPO/SME-IPO/relisted pre-open call-auction duration modified per SEBI/HO/MRD/MRD-PoD-3/P/CIR/2024/85 (Jun 20, 2024). Effective LIVE Sep 17, 2024. |
| SETTLEMENT-014 | Handle corporate-action adjustments at settlement | NSCCL, ICCL, MCXCCL, CDSL, NSDL | event-triggered | Settlement Ops | Corporate action ex-date (dividend, bonus, split, rights, buyback) | Corporate-action adjustment file; settlement calendar override; CA close-out | CA-related close-out cost on member | NCL/CMPT/71441, NCL/CMPT/63561, NCL/CMPT/61800 | Buyback offer settlement calendars issued separately (e.g., NCL/CMPT/63561). CA close-out under F_0000 file. |
| SETTLEMENT-015 | Pledge/unpledge securities for delivery margin exemption | SEBI, NSCCL, ICCL, CDSL, NSDL | continuous | Settlement Ops | Client pledges for margin; collateral release on delivery | Margin pledge (MP) / re-pledge (MRP) file; TM-CMPA / CM-CMPA account confirmation; OTP-based client confirmation | Off-market collateral transfers prohibited; inspection finding for old PoA route | SEBI/HO/MIRSD/DOP/CIR/P/2020/28, CDSL/OPS/DP/POLCY/2020/234, CDSL/OPS/DP/POLCY/2020/207 | TM-CMPA / CM-CMPA framework effective Aug 1, 2020. OTP-based client confirmation; prohibition on off-market transfers as collateral. |
| SETTLEMENT-016 | Process UNPAIDMTF file workflow (Unpaid securities under MTF) | NSCCL, ICCL | daily | Settlement Ops | MTF security funded but client has not paid by T+1 | UNPAIDMTF upload windows 15:30-22:00 (T-1 to T) and 06:30-13:00 (T pay-in day) | Pay-in failure on T = auction; close-out cost | NCL/CMPT/72224, NCL/CMPT/61800 | UNPAIDMTF cut-offs aligned with settlement calendar adjustments; tied to CSMFA pledge release. |
| SETTLEMENT-017 | Effect give-up / take-up between TMs and CMs | NSCCL, ICCL, MCXCCL | daily | Settlement Ops | Trade routed via give-up; CM accepts/rejects take-up | Give-up file; CM acceptance file (T+1 confirmation) | Take-up rejection = TM bears pay-in; CC enforcement | NCL/CMPT/61800, NCL/CMPT/61801 | Institutional positions in CM segment considered post-custodian T+1 confirmation per cross-margin framework. |
| SETTLEMENT-018 | Compute differential brokerage for T+0 trades transparently | SEBI, NSE, BSE | continuous | Compliance Officer | T+0 trade for retail/non-custodian client | Differential-brokerage disclosure in client kit; contract note showing T+0 brokerage | Mis-disclosure = SCORES; mis-selling | SEBI/HO/MRD/POD-3/P/CIR/2024/172, SEBI/HO/MRD/MRD-PoD-3/P/CIR/2024/20 | Differential brokerage allowed for T+0 trades by SEBI/HO/MRD/POD-3/P/CIR/2024/172 (Dec 2024). |
| SETTLEMENT-019 | Run settlement holiday alternate-schedule workflow | NSCCL, ICCL, MCXCCL | as-required | Settlement Ops | Settlement holiday declared (bank holiday, state elections, etc.) | CC holiday calendar; revised T+1 schedule (e.g., NCL/CMPT/72224) | Operational disruption if not honoured | NCL/CMPT/72224, MCX/MCXCCL/094/2026 | Example: Jan 15, 2026 Maharashtra municipal-corporation elections — revised T+1 schedule with auction pay-in 08:00 / pay-out 10:00, etc. |
| SETTLEMENT-020 | Effect securities pay-out (CC to broker / direct demat) | SEBI, NSCCL, ICCL, CDSL, NSDL | daily | Settlement Ops | T+1 settlement day (pay-out window) | Pay-out file from CC; depository credit to client demat (post Oct 2024) | Investor complaint via SCORES; inspection finding | SEBI/HO/MIRSD/MIRSD-PoD1/P/CIR/2024/75, NCL/CMPT/63669, NSE/CMPT/66281 | Final pay-out time 3:30 PM. Eliminates broker-pool routing risk; aligns with upstream-only client-funds framework. |
| SETTLEMENT-021 | Submit Half Yearly Networth Certificate (settlement-fitness) | NSE, BSE, MCX, NSCCL, ICCL | half-yearly | Compliance Officer | Half-year end (Mar 31, Sep 30) | Networth certificate via ENIT-NEW-COMPLIANCE; auditor signed; due Oct 31 (MTF) / Nov 30 (others) | NSE/INSP/53530 enforcement grid; trading-rights suspension | NSE/COMP/64293, NSE/COMP/58570, NSE/INSP/53530 | Cross-reference NSE/COMP/55447 for Networth ascertainment guidance. |
| SETTLEMENT-022 | Maintain proprietary-UCC separate demat (NSDL CM-pool primary-demat mapping) | NSCCL, ICCL, CDSL, NSDL | continuous | Settlement Ops | NSDL CM pool account / direct-payout demat-verification | Separate primary demat for proprietary UCC distinct from DP-ID-Client-ID associated to NSDL CM pool | Mis-mapping = direct-payout failure; inspection finding | NCL/CMPT/69455, NCL/CMPT/67947 | Direct payout at NSDL is keyed on CM BP ID, not DP ID-Client ID; members open separate demat as primary for proprietary UCC to avoid mis-mapping. |
Surveillance (30 entries)
Section titled “Surveillance (30 entries)”| ID | Name | Regulator | Frequency | Owner | Trigger | Evidence | Penalty | Circulars | Notes |
|---|---|---|---|---|---|---|---|---|---|
| SURVEILLANCE-001 | Monitor and report Order-to-Trade Ratio (OTR) | SEBI, NSE, BSE, MCX | daily | Surveillance Analyst | Algo/non-algo order placement | Member portal OTR report (CM/F&O/CD); cooling-off log | OTR ≥ 2000 on three occasions in rolling 30 days = 15-minute order-placement cooling-off next trading day | NSE/SURV/45016, NSE/SURV/74008 | OTR = ratio of total order events (submission/modification/cancellation) per trade. Operationalises SEBI/HO/MRD1/DSAP/CIR/P/2020/107 (Jun 24, 2020). |
| SURVEILLANCE-002 | Comply with Graded Surveillance Measure (GSM) list restrictions | SEBI, NSE, BSE | continuous | Surveillance Analyst | Scrip placed in GSM stage (I-IV) by exchange | GSM circular file; trade rejection log; client-intimation log | Trade restrictions (price band, 100% margin, periodic call auction); SEBI/INVG enforcement on breach | NSE/SURV/74008, NSE/SURV/67801, NSE/SURV/61848 | GSM stages: stage I (caution), stage II (additional surveillance), III (100% margin), IV (periodic call auction). GSM for SME segment added in NSE/SURV/67801. Master Cir NSE/SURV/74008 (Apr 30, 2026). |
| SURVEILLANCE-003 | Comply with Additional Surveillance Measure (ASM) framework | SEBI, NSE, BSE | continuous | Surveillance Analyst | Scrip placed in ASM (Short-term / Long-term) | ASM list update; margin uplift in client positions; price-band restriction | 100% upfront margin in some stages; periodic call auction | NSE/SURV/74008, NSE/SURV/67801, NSE/SURV/61848 | STASM (Short-term ASM) and LT-ASM (Long-term ASM) consolidated in NSE/SURV master. ASM for SME segment per NSE/SURV/67801. |
| SURVEILLANCE-004 | Comply with Long-Term ASM (LT-ASM) framework | SEBI, NSE, BSE | continuous | Surveillance Analyst | Scrip placed in LT-ASM after sustained surveillance flag | LT-ASM list update; T+1/T+2 settlement override; margin enhancement | 100% upfront margin; periodic call auction | NSE/SURV/74008, NSE/SURV/67801 | LT-ASM consolidated in master NSE/SURV; periodically reviewed. |
| SURVEILLANCE-005 | Comply with Enhanced Surveillance Measure (ESM) | SEBI, NSE, BSE | continuous | Surveillance Analyst | SME / micro-cap scrip placed in ESM | ESM list update; market-maker compliance entries | Restrictions per ESM framework | NSE/SURV/61848, NSE/SURV/74008 | ESM specific to SME segment; combined with Inventory Management advisory for SME Market Makers (NSE/SURV/67801). |
| SURVEILLANCE-006 | Report through NORMS (NSE Online Reporting and Monitoring System) | NSE | as-required | Surveillance Analyst | Member identifies suspicious activity / market abuse | NORMS report ID; NSE acknowledgement | Non-reporting = inspection finding; NSE/INSP/53530 grid | NSE/INVG/65921, SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2024/96 | Operationalises SEBI broker-institutional-mechanism Chapter IVA. Staggered: QSB from Aug 2024; >50K UCC Jan 2025; 2K-50K Apr 2025; ≤2K Apr 2026. |
| SURVEILLANCE-007 | Detect and flag manipulative trade patterns | SEBI, NSE, BSE, MCX | continuous | Surveillance Analyst | Pattern-detection rule fires (volume spike, price manipulation, circular trading) | Surveillance dashboard alert; escalation log; member-internal investigation report | SEBI enforcement under PFUTP Regulations; abnormal trading penalty | SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2024/96, NSE/SURV/74008 | Cited in Chapter IVA framework. Whistle-blower policy and escalation framework required. |
| SURVEILLANCE-008 | Detect and flag spoofing / layering / quote stuffing | SEBI, NSE, NSCCL, ICCL | continuous | Surveillance Analyst | Order-placement / cancellation pattern matches spoofing logic | Surveillance dashboard entry; ASM-for-spoofing margin debit; quarterly TM report | 5% Additional Surveillance Margin on all open positions; PFUTP enforcement | NSE/SURV/41107, NSE/SURV/74008 | Joint with CC and SEBI; foundational for member surveillance dashboard introduced via NSE/SURV/44477. |
| SURVEILLANCE-009 | Detect and flag wash / reversal trades | SEBI, NSE, BSE, NSCCL, ICCL | continuous | Surveillance Analyst | Self-trade / reversal-trade pattern detected | Reversal Trade Cancellation Mechanism (RTCM) alert; member-internal review log | Trade cancellation / penalty per RTCM | NSE/SURV/67801, NSE/SURV/74008 | RTCM for Equity and Equity Derivative segments introduced via NSE/SURV/67801 (Apr 30, 2025). |
| SURVEILLANCE-010 | Detect and flag front-running | SEBI, NSE, BSE | continuous | Surveillance Analyst | Employee/authorised-person trade preceding large client/institutional order | Pre-clearance log; designated-person trade window; broker-institutional-mechanism escalation | SEBI enforcement under PIT Regulations; criminal action possible | SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2024/96, NSE/INVG/65921 | Front-running detection part of Chapter IVA fraud-detection framework. Designated person list and pre-clearance mandatory. |
| SURVEILLANCE-011 | Conduct social-media / unsolicited-tip surveillance | SEBI, NSE | continuous | Surveillance Analyst | Suspicious activity tied to social-media tips; finfluencer activity | Client-education record; suspicious-activity tracker; SCORES referrals; Exchange Investigation report | NSE/INSP/53530 disciplinary grid; SEBI enforcement | NSE/INVG/54165, NSE/INVG/54196, SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2025/11 | SEBI Jan 29, 2025 bars regulated entities from associating with persons engaged in prohibited activities; limited investor-education association allowed only with stock data >3 months old. |
| SURVEILLANCE-012 | Report off-market transfers to depository | SEBI, CDSL, NSDL | as-required | DP Manager | Off-market transfer initiated by BO | Off-market transfer reason code; depository reporting; insufficient-stamp-duty status | EOD cancellation of transactions with insufficient stamp duty; SCORES exposure for missed disclosure | CDSL/OPS/DP/POLCY/2025/720, CDSL/OPS/DP/POLCY/2025/779 | New status “Overdue – Insufficient Stamp Duty” for off-market and pledge-invocation transactions. Off-market reason code 35 renamed Dec 2025 for transmission to legal heirs. |
| SURVEILLANCE-013 | Levy abnormal trading penalty (NSE/INVG) | NSE | as-required | Surveillance Analyst | Abnormal/non-genuine transaction flagged in surveillance | NSE/INVG penalty notice; member acknowledgement | Penalty per consolidated penalty structure (NSE/SURV/57315) | NSE/SURV/57315, NSE/SURV/74008 | Reference document for inspection and disciplinary action — late/non-submission of surveillance obligation, breach of position limits, abnormal/non-genuine transactions, surveillance-margin shortfall, OTR breaches. |
| SURVEILLANCE-014 | Maintain insider-trading code (designated person list, pre-clearance) | SEBI | continuous | Compliance Officer | Active broking operations; access to UPSI | Designated-person register; pre-clearance log; trading-window-closure intimation | SEBI PIT Regulations enforcement; criminal proceedings | SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2024/96, NSE/INVG/65921 | PIT Regulations 2015 require code of conduct, designated person list, trading window mechanism. Chapter IVA reinforces broker-side controls. |
| SURVEILLANCE-015 | Monitor concentrated position / position-limit breach | SEBI, NSE, BSE, MCX, NSCCL, ICCL, MCXCCL | continuous | Surveillance Analyst | Client/member F&O position approaches market-wide or member-wide position limit | Position-limit-monitoring file; breach alert; trade-rejection log | Breach penalty per CC schedule; position-limit-monitoring per NSE/SURV/67801 (Equity Derivatives) | NSE/SURV/74008, NSE/SURV/67801, SEBI/HO/MIRSD/MIRSD-PoD/P/CIR/2025/109 | Position-limit monitoring for Equity Derivatives added in NSE/SURV/67801. NRI position limits operational efficiency per SEBI Jul 29, 2025. |
| SURVEILLANCE-016 | Apply Order-Spoofing Additional Margin (SEBI Aug 2025 framework) | SEBI, NSE, NSCCL, ICCL | as-required | Surveillance Analyst | Surveillance identifies order-spoofing pattern | TM surveillance dashboard entry; additional-margin debit on flagged member | 5% Additional Surveillance Margin on all open positions | NSE/SURV/41107, NSE/SURV/74008 | Original NSE/SURV/41107 from May 2019; ongoing in master Apr 2026. Joint with CC and SEBI. |
| SURVEILLANCE-017 | Honour Cautionary Messages framework (CCM) | NSE, BSE | continuous | Surveillance Analyst | Surveillance system identifies cautionary message for specific scrip / pattern | Cautionary Message log; CCM (Cautionary Closing Message) compliance log | Non-compliance = inspection finding under NSE/SURV/57315 | NSE/SURV/74008, NSE/SURV/61848 | Covered in S&I master Apr 2026. Cautionary Messages and CCM = part of surveillance penalty structure. |
| SURVEILLANCE-018 | Submit suspicious-order patterns reporting | SEBI, NSE, BSE, MCX | as-required | Surveillance Analyst | Suspicious order/pattern identified per Chapter IVA framework | Internal whistle-blower or surveillance escalation log; NORMS submission; broker-institutional-mechanism report | SEBI enforcement under PFUTP Regulations | SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2024/96, NSE/INVG/65921 | Chapter IVA broker-institutional-mechanism framework. Whistle-blower policy required; staggered implementation by client-size. |
| SURVEILLANCE-019 | Monitor block-deal-window compliance (price band / minimum size) | NSE, BSE | continuous | Surveillance Analyst | Block deal trades in dedicated window | Block-deal trade file; ±1% reference price log | Trade rejection or surveillance flag for off-band trades | NSE/CMTR/60813, SEBI/HO/IMD/DOF2/P/CIR/2022/69 | Minimum Rs 10 Cr trade, ±1% reference price. ETF eligible since Feb 2024. |
| SURVEILLANCE-020 | Monitor penny-stock / illiquid-scrip trading patterns | SEBI, NSE, BSE | continuous | Surveillance Analyst | Trades in illiquid scrip (low impact-cost threshold, low traded days) | Illiquid-scrip monitor; surveillance dashboard flag | SEBI enforcement under PFUTP for circular trading; periodic call auction | NSE/SURV/61848, NSE/SURV/67801, NSE/SURV/74008 | Periodic Call Auction listed in S&I master. Persistent Noise Creators (OBSM-PNC) tracker added in master Apr 2026. |
| SURVEILLANCE-021 | Comply with Persistent Noise Creators (OBSM-PNC) monitoring | NSE | continuous | Surveillance Analyst | Member/client flagged on Order-Book Surveillance Measure - Persistent Noise Creators | OBSM-PNC tracker entry; escalation log | Per consolidated surveillance penalty structure | NSE/SURV/74008, NSE/SURV/67801 | OBSM-PNC consolidated in S&I master Apr 2026. Builds on Persistent Noise Creators framework. |
| SURVEILLANCE-022 | Comply with Circuit-breaker / market-wide circuit halt | SEBI, NSE, BSE | continuous | RMS Lead | Index moves 10/15/20% triggering market-wide circuit breaker; scrip-level price band breach | Halt log; auto-resumption per circuit-breaker rule | Surveillance penalty for non-compliance; trade rejection beyond price band | NSE/CMTR/61805, NSE/SURV/74008 | Market-wide circuit breaker rules cited in S&I master. Scrip-level price-band based on segment configuration. |
| SURVEILLANCE-023 | Conduct Reversal Trade Cancellation (RTCM) review | NSE, BSE | continuous | Surveillance Analyst | Reversal-trade pattern flagged | RTCM alert; trade-cancellation file; member-internal review log | Reversal cancelled / penalty per RTCM framework | NSE/SURV/67801, NSE/SURV/74008 | RTCM introduced via NSE/SURV/67801 (Apr 30, 2025) for Equity and Equity Derivative segments. |
| SURVEILLANCE-024 | Apply Algorithmic-Trading static-IP / Algo-ID controls | SEBI, NSE | continuous | Surveillance Analyst | API access / algo-trading client onboarded | Static-IP whitelist log; Algo-ID tag in order trail; broker-API-vendor traceability for 5 years | Inspection finding; trade rejection if Algo-ID missing | SEBI/HO/MIRSD/MIRSD-PoD/P/CIR/2025/0000013, NSE/INVG/67858, NSE/INVG/69255, NSE/FAOP/69296 | Effective Aug 1, 2025 (extended further per 2025/108). Static IP for API access, ≤10 orders-per-second threshold, mandatory algo-ID registration, broker-API-vendor traceability 5 years, exchange-approved server hosting. NNF Terminal ID to Algo ID validation per NSE/FAOP/69296. |
| SURVEILLANCE-025 | Maintain whistle-blower policy and escalation framework | SEBI, NSE, BSE, MCX | continuous | Compliance Officer | Active broking operations | Whistle-blower policy document; escalation register; compliance committee minutes | Chapter IVA non-compliance = SEBI enforcement | SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2024/96, NSE/INVG/65921 | Staggered implementation: QSB Aug 2024; >50K UCC Jan 2025; 2K-50K UCC Apr 2025; ≤2K UCC Apr 2026. |
| SURVEILLANCE-026 | Conduct Client Due Diligence (CDD) per surveillance framework | SEBI, NSE, BSE, MCX | continuous | Surveillance Analyst | Client onboarding; periodic review per risk category | CDD register; risk-categorisation log; periodic-review log | Inspection finding; AML breach | NSE/INVG/55347, NSE/SURV/61848 | NSE/INVG/55347 (Jan 25, 2023) on Client Due Diligence; cited in S&I master under Client Due Diligence framework. |
| SURVEILLANCE-027 | Validate Modification of Client Codes (CCM) | SEBI, NSE, BSE, MCX | daily | Surveillance Analyst | Client-code-modification (CCM) request post-trade | CCM log with reason code; auditor review for genuine error vs surveillance pattern | Penalty per CCM framework if found used as substitute for trade reallocation | NSE/INVG/56395, NSE/SURV/74008 | NSE/INVG/56395 (Apr 17, 2023) on Modification of Client Codes (All Segments). Listed in S&I master. |
| SURVEILLANCE-028 | Conduct broker-institutional-mechanism quarterly review (Chapter IVA) | SEBI, NSE, BSE, MCX | quarterly | Compliance Officer | Chapter IVA framework active per UCC threshold | Quarterly review minutes; surveillance-system uptime log; internal-controls audit | Chapter IVA non-compliance = SEBI enforcement | SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2024/96, NSE/INVG/65921 | Mandates surveillance systems, internal controls, escalation framework, whistle-blower policy and reporting. Staggered implementation. |
| SURVEILLANCE-029 | Maintain Inventory Management advisory for SME Market Makers | NSE, BSE | continuous | Surveillance Analyst | SME Market Maker registration | Inventory management log; quote-spread monitoring | SCORES exposure; member-internal review | NSE/SURV/67801, NSE/SURV/74008 | Inventory Management advisory for SME Market Makers added in NSE/SURV/67801. Consolidated in master Apr 2026. |
| SURVEILLANCE-030 | Pass freezing / blocking voluntary-account framework | SEBI, NSE, BSE, MCX | as-required | Customer Service Lead | Client requests voluntary freezing / blocking of trading account | Freeze-request log; OTP / eSign auth; account-status flag | Penalty per MCX/INSP/820/2024 for failure to implement framework | MCX/INSP/820/2024, SEBI/HO/MIRSD/POD-1/P/CIR/2024/82 | MCX/INSP/820/2024 (Dec 16, 2024) penalty structure for failure to implement voluntary freezing/blocking framework. |
Cyber security (27 entries)
Section titled “Cyber security (27 entries)”| ID | Name | Regulator | Frequency | Owner | Trigger | Evidence | Penalty | Circulars | Notes |
|---|---|---|---|---|---|---|---|---|---|
| CYBER-001 | Self-categorise as Qualified / Mid-size / Small / Self-Certification RE under CSCRF | SEBI, NSE, BSE, MCX | annual | CISO | CSCRF Aug 2024 effective from 1 Apr 2025 (extended for Mid/Small REs); annual re-categorisation on 30 June using prior FY parameters | Board-approved CSCRF Categorisation Memo with computed registered-client count and turnover; categorisation declaration uploaded to NSE/BSE/MCX member portal under “CSCRF Compliance” tab | Misreporting attracts disciplinary action under SEBI (Stock Brokers) Regulations and per NSE/INSP/53530 penalty grid (Rs 5,000-25,000 per default and terminal disablement) | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113, NSE/INSP/63502, NSE/INSP/69939 | Categorisation drives every downstream CSCRF obligation (SOC type, audit cadence, ISO 27001). NSE/INSP/69939 (Sep 1, 2025) clarifies how to compute total registered clients for Clause 2.1.1. |
| CYBER-002 | Implement CSCRF baseline controls across five goals (Anticipate, Withstand, Contain, Recover, Evolve) | SEBI | continuous | CISO | CSCRF Aug 2024 effective 1 Apr 2025; phased compliance per category (extensions via NSE/INSP/68856) | CSCRF Annex C self-assessment workbook (control-by-control), Board minute approving cyber strategy, control-mapping spreadsheet on CISO drive | Non-implementation triggers SEBI enforcement and disciplinary action via NSE/INSP/53530; QSB-status loss possible for Qualified REs | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113, NSE/INSP/63502 | Replaces sectoral cyber circulars (SEBI Dec 2018, May/Jun 2022). |
| CYBER-003 | Comply with CSCRF clarifications (Dec 2024 / Mar / Apr / Aug 2025) | SEBI, NSE, BSE | as-required | CISO | SEBI clarification circulars amending CSCRF scope, timelines, SOC categories | Updated CSCRF gap-assessment register reflecting each clarification; CISO sign-off on revised control matrix | Continued non-conformance after clarification deadline attracts per-default penalty under NSE/INSP/53530 (Rs 5,000-25,000) and disciplinary escalation | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/184, NSE/INSP/69906, NSE/INSP/69939, BSE 20250101-35 | NSE/INSP/69906 (Aug 29, 2025) forwards SEBI clarification dated Aug 28, 2025; June 11, 2025 FAQ cited in NSE/INSP/69939. |
| CYBER-004 | Conduct annual Cyber Audit per CSCRF clause 4.4 (100% critical + 25% non-critical systems) | SEBI, NSE, BSE, MCX | annual | CISO | FY-end (31 Mar); audit period ends 30 Sep / 31 Mar depending on category | Cyber Audit Report (Annexure B uniform format under NSE/INSP/56216) uploaded to NSE/BEFS portal with geo-tagged auditor visits; preliminary report + ATR + Follow-on audit submitted | Per NSE/INSP/54386 — daily late-fee Rs 100/day per audit deliverable; non-submission attracts terminal disablement and disciplinary action under NSE/INSP/53530 | NSE/INSP/73849, NSE/INSP/71214, NSE/INSP/67637, BSE 20250915-53, SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113 | For FY2026-27 operationalised via NSE/INSP/73849 (Apr 22, 2026). 100% critical systems must be audited; no audit cycle skipped due to mid-year category change. |
| CYBER-005 | Categorise audit scope by Type I / II / III (trading-software usage) | NSE, BSE, MCX | annual | CISO | Audit-cycle empanelment circular issued by exchange (typically Apr/Oct) | Type-categorisation declaration in audit Annexure A; member portal flag (Type-I = NEAT-only, Type-II = CTCL/IBT, Type-III = algo software) | Wrong categorisation attracts re-audit at member cost plus penalty per NSE/INSP/54386; persistent default triggers terminal restriction | NSE/INSP/64439, NSE/INSP/56734, NSE/INSP/52249, NSE/INSP/56216 | Type-III (algo) members face half-yearly cadence (NSE/INSP/64438, NSE/INSP/70900). Categorisation interacts with CSCRF audit overlay. |
| CYBER-006 | Run quarterly Vulnerability Assessment and Penetration Testing (VAPT) | SEBI, NSE, BSE, MCX | quarterly | CISO | CSCRF clause; VAPT report submission cycle per NSE/INSP/70471 (annual minimum; quarterly for Qualified REs) | VAPT Report PDF (severity-rated findings + closure status), CERT-In empanelled auditor certificate, submission acknowledgement on NSE member portal | Non-submission attracts Rs 5,000-10,000 per default per exchange (NSE/INSP/53530); critical/high-severity findings unclosed beyond timeline escalate to SEBI | NSE/INSP/70471, SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113, MCX/TECH/179/2026 | VAPT must be by CERT-In empanelled auditor; closure of all critical findings before next quarter is industry practice. |
| CYBER-007 | Report cyber incidents to CERT-In within 6 hours of detection | MeitY, SEBI, NSE | event-triggered | CISO | Any of 20 listed cyber-incident categories under CERT-In directions (28 Apr 2022) — ransomware, data breach, DDoS, identity theft, server compromise, etc. | CERT-In Incident Reporting Form filed on incident@cert-in.org.in within 6h; copy to SEBI; quarterly cyber-incident report on NSE member portal (NSE/INSP/72118) | Section 70B(7) IT Act — imprisonment up to 1 year and/or fine up to Rs 1 lakh for non-reporting; SEBI disciplinary action additionally | CERT-In-20-3-2022, SEBI/HO/MIRSD/TPD/P/CIR/2022/93, NSE/INSP/72118 | Quarterly cyber-incident report due 15 days after quarter-end (e.g., 15 Jan 2026 for Q4 2025). |
| CYBER-008 | Maintain ISO 27001 certification (mandatory for Qualified REs) | SEBI | annual | CISO | CSCRF clause for Qualified REs and MIIs; surveillance audit yearly, re-certification triennial | Valid ISO 27001 certificate from accredited certification body; surveillance audit report; Statement of Applicability (SoA) v-latest | Lapse of certification triggers Qualified-RE status review by SEBI; per-default penalty under NSE/INSP/53530 | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113, SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2024/14 | Mid-size REs are encouraged; Qualified Stock Brokers (QSBs) and MIIs mandated. Auditor empanelment now joint-exchange (NSE/INSP/69631). |
| CYBER-009 | Operate Security Operations Centre (SOC) — own / Group / managed per RE category | SEBI | continuous | CISO | CSCRF clause 5.x; Qualified REs to operate own SOC, Mid-size may use Group/MSSP-SOC, Small REs may use SEBI-empanelled M-SOC | SOC operations log (24x7 staffing roster), SIEM deployment evidence, monthly SOC-summary memo to CISO/MD | Non-operation of mandated SOC tier attracts SEBI enforcement and per-default penalty (NSE/INSP/53530); QSB review trigger | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113, SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/184 | Dec 2024 clarification adjusted SOC requirements per RE category; Market SOC option introduced for Small/Self-Certification REs. |
| CYBER-010 | Retain ICT system logs in India for 180 days (CERT-In) and CSCRF-prescribed periods | MeitY, SEBI | continuous | CISO | CERT-In Apr 2022 direction; CSCRF data-retention clause | Log-retention policy document; storage attestation (India-domiciled); log-rotation/purge audit trail in SIEM | Section 70B(7) IT Act — imprisonment up to 1 year and/or fine up to Rs 1 lakh; SEBI per-default penalty per NSE/INSP/53530 | CERT-In-20-3-2022, SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113 | Technical-glitch log retention is 30 days normal / 2 years post-glitch (SEBI/HO/MIRSD/TPD-1/P/CIR/2022/160). |
| CYBER-011 | Synchronise ICT clocks to NPL/NIC NTP servers | MeitY | continuous | CISO | CERT-In direction (Apr 2022) | NTP-sync configuration screenshot from all servers; CISO declaration in CERT-In compliance log | Section 70B(7) IT Act fines apply for systemic non-sync where forensic timelines become unreliable | CERT-In-20-3-2022 | Industry practice — use time.nplindia.org and time.nic.in as primary NTP sources; stratum-1 chain documented in operations runbook. |
| CYBER-012 | Implement role-based access control with segregation of duties (SoD) | SEBI | continuous | CISO | CSCRF Protect function controls; data-classification policy implementation | Access-control policy document; user-role matrix; quarterly access-recertification log signed by line manager | SoD breach finding in cyber audit attracts ATR + Follow-on audit; repeated breach escalates to SEBI enforcement | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113, NSE/INSP/53387 | Critical pairs (e.g., trade-entry vs settlement approval; user-creation vs access-grant) must be split across personnel. |
| CYBER-013 | Maintain Board-approved data classification policy (Public / Internal / Confidential / Restricted) | SEBI | annual | CISO | CSCRF Identify function; annual policy review by Board IT-Strategy/Cybersecurity Committee | Data Classification Policy v-current with Board approval date; data-inventory register tagging each asset by classification | Audit finding for absent/outdated policy attracts ATR/Follow-on cycle; QSB scoring impact | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113 | Maps to GDPR-like Personal/Sensitive categories under DPDP Act 2023 (alignment, not mandatory under CSCRF). |
| CYBER-014 | Run patch-management programme with documented SLAs (critical 7 days, high 14 days) | SEBI | continuous | CISO | CSCRF Protect function; vendor security advisories (CVE / CERT-In Vulnerability Notes) | Patch-management runbook; monthly patch-deployment report by asset class; emergency-patch (CVSS >= 9.0) ticket trail | VAPT finding for unpatched critical CVE attracts immediate-closure direction by exchange; persistent default escalates to SEBI | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113, MCX/TECH/587/2025 | MCX/TECH/587/2025 mandates licensed/patched OS, firewall and EDR for trading-member infrastructure. |
| CYBER-015 | Deploy anti-malware / endpoint detection and response (EDR) on all endpoints | SEBI, MCX | continuous | CISO | CSCRF Protect function; MCX/TECH/587/2025 mandate | EDR-deployment inventory matching asset register; monthly EDR-incident summary; license-validity tracker | Coverage gaps flagged in audit attract ATR; trading-terminal action under NSE/INSP/53530 grid for persistent default | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113, MCX/TECH/587/2025 | EDR replaces traditional AV; SEBI expects behaviour-based detection, not signature-only. |
| CYBER-016 | Enforce DMARC, SPF, DKIM for outbound email domains | SEBI | continuous | CISO | CSCRF Protect function; phishing-risk mitigation industry practice | DNS records (TXT for SPF/DMARC, _domainkey TXT for DKIM) for each broker domain; DMARC reports (RUA/RUF) reviewed monthly | No direct circular-prescribed penalty; CSCRF audit finding triggers ATR; reputational impact for spoofing incidents | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113 | [no direct circular — industry practice operationalising CSCRF Protect controls] Implement DMARC at p=reject for transactional domains. |
| CYBER-017 | Apply network segmentation between trading, settlement, and corporate zones | SEBI | continuous | CISO | CSCRF Protect function; cyber-audit finding remediation | Network architecture diagram with VLAN/firewall zone tagging; firewall rule-base review evidence; cyber-audit Annexure B network-segmentation section signed off | Audit finding for flat/insufficiently segmented network attracts ATR + Follow-on audit cycle and escalation to exchange Inspection | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113, NSE/INSP/53387 | Trading-engine zone must be isolated from internet-facing customer zone; DMZ for client-facing API. |
| CYBER-018 | Operate Privileged Access Management (PAM) with session recording | SEBI | continuous | CISO | CSCRF Protect function for admin/root/DBA accounts | PAM-tool deployment (e.g., session-recording vault); privileged-access review log (quarterly); break-glass-account usage register | Audit finding attracts ATR; identity-misuse incidents trigger SEBI investigation | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113 | Required for Qualified REs and QSBs; Mid-size REs may use simpler approaches if board-approved. |
| CYBER-019 | Operate Identity & Access Management (IAM) with MFA for admin and trading-app users | SEBI | continuous | CISO | CSCRF Protect function; client-app login security | IAM-tool deployment evidence; MFA-enrolment metrics by user class; password-policy and federation-config documents | Audit finding attracts ATR; mass-account-compromise event triggers CERT-In incident and SEBI enforcement | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113 | MFA mandatory for privileged users under CSCRF; trading-app 2FA already required since 2018 SEBI cyber framework. |
| CYBER-020 | Maintain Board-approved Cyber Crisis Management Plan (CCMP) | SEBI | annual | CISO | CSCRF Respond function; annual Board review | CCMP document v-current with Board minute date; CCMP-playbook for each incident class (DDoS, ransomware, data exfiltration, insider abuse); contact tree updated quarterly | Audit finding attracts ATR; absence during a live incident triggers SEBI inspection finding | SEBI/HO/MIRSD/TPD/P/CIR/2022/80, SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113 | Foundational requirement since June 2022 cyber framework, retained under CSCRF. |
| CYBER-021 | Conduct annual / half-yearly cyber drill (tabletop + simulated) | SEBI | half-yearly | CISO | CSCRF Respond function; CCMP exercise schedule | Cyber-drill report with scenario, participants, RTO/RPO observed, gap-closure ATR; CISO sign-off | Audit finding for missed drill attracts ATR; QSB scoring impact | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113 | Half-yearly for Qualified REs; annual for Mid-size and Small. Scenarios should include ransomware and trading-engine outage. |
| CYBER-022 | Conduct vendor due diligence per CSCRF Annex (third-party / cloud / managed services) | SEBI | annual | CISO | New vendor onboarding; annual reassessment for critical vendors | Vendor risk-assessment file (security questionnaire, SOC 2 / ISO 27001 cert, contract clauses on data localisation, breach notification); CISO-approved vendor register | Audit finding for inadequate due diligence triggers ATR; vendor-incident impacting broker attracts SEBI enforcement on broker | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113, SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/184 | Dec 2024 clarification refined cloud-services treatment. Concentration risk on single critical vendor flagged separately (see BCP-DR-008). |
| CYBER-023 | Test mobile-app security per OWASP MASVS | SEBI | annual | CISO | New mobile-app release or major version; annual reassessment | MASVS L1/L2 assessment report by CERT-In auditor; SAST/DAST scan reports; app-store screenshots showing version | VAPT finding for L1 gaps escalates to exchange; trading app de-listed from app stores upon serious security breach | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113, NSE/INVG/67858 | CSCRF mandates app security testing for retail-facing trading apps. |
| CYBER-024 | Secure broker APIs with OAuth/JWT, rate limiting and WAF | SEBI, NSE | continuous | CISO | Retail algo API access (NSE/INVG/67858 — static IP, OPS <= 10 / sec) | API gateway configuration; WAF logs; rate-limit and IP-whitelist evidence; API-access traceability log (5-year retention) | Per NSE/INVG/67858 — broker accountable for algo misuse via its APIs; terminal disable + Rs 10,000-1,00,000 penalty grids per NSE/INSP/53530 | NSE/INVG/67858, NSE/INVG/69255, SEBI/HO/MIRSD/MIRSD-PoD/P/CIR/2025/0000013 | 5-year audit-trail retention for algo API access (NSE/INVG/67858). |
| CYBER-025 | Mitigate DDoS via upstream provider and on-prem rate limiting | SEBI | continuous | CISO | CSCRF Withstand function; DDoS being a CERT-In listed incident class | DDoS-mitigation contract (e.g., scrubbing-centre provider); attack-summary logs; capacity-planning document referencing trading-day peak | Trading outage attributable to inadequate DDoS protection triggers technical-glitch reporting and financial disincentive per SEBI/HO/MIRSD/TPD-1/P/CIR/2022/160 | SEBI/HO/MIRSD/TPD-1/P/CIR/2022/160, SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113 | Industry practice — use cloud-scale scrubbing (Akamai/Cloudflare/AWS Shield) for internet-facing trading endpoints. |
| CYBER-026 | Run phishing-simulation training for staff (quarterly) | SEBI | quarterly | CISO | CSCRF Protect/People function | Phishing-simulation run report (click-through rate, repeat-offender register); training-completion log on LMS | Audit finding for absent training programme attracts ATR; insider-induced incident escalates to SEBI | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113 | Industry practice — target <5% click-through rate; mandatory remediation training for repeat offenders. |
| CYBER-027 | Submit quarterly cyber-incident summary report to NSE | SEBI, NSE | quarterly | CISO | CSCRF clause 3.4; quarterly cycle ending Mar/Jun/Sep/Dec | Quarterly cyber-incident report on NSE member portal (online submission); zero-incident attestation if applicable; CISO sign-off | Late/non-submission per NSE/INSP/53530 — Rs 5,000 first default, Rs 10,000 subsequent; terminal disablement after 45 days | NSE/INSP/72118, SEBI/HO/MIRSD/TPD/P/CIR/2022/93 | Due date is 15 days after quarter-end (e.g., 15 Jan 2026 for Q4 2025). |
BCP / DR (15 entries)
Section titled “BCP / DR (15 entries)”| ID | Name | Regulator | Frequency | Owner | Trigger | Evidence | Penalty | Circulars | Notes |
|---|---|---|---|---|---|---|---|---|---|
| BCP-DR-001 | Maintain Board-approved BCP plan documentation | SEBI, NSE, BSE, MCX | annual | Ops Lead | Annual Board review; CSCRF Recover function; SEBI BCP/DR for MIIs framework | BCP-plan document v-current with Board minute; impact-analysis matrix (RTO/RPO per process); plan-owner sign-off list | Audit finding for absent/stale BCP attracts ATR; non-existent BCP during inspection triggers SEBI enforcement | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113, SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | Master Circular for Stock Brokers consolidates BCP/DR obligations in chapter on technology and system audit. |
| BCP-DR-002 | Conduct quarterly DR drill at member level | SEBI, NSE, BSE, MCX | quarterly | Ops Lead | CSCRF Recover function; member-level DR-test schedule | DR-drill report (date, scope, participants, RTO/RPO observed, gap log); CISO and Ops Lead sign-off; submission to exchange where required | Audit finding attracts ATR; missed drill flagged in cyber audit Annexure B | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113, NSE/MSD/48662 | Member-level cadence is quarterly; clearing-corp-driven exchange DR drill is half-yearly (BCP-DR-003). |
| BCP-DR-003 | Participate in half-yearly DR drill / live-from-DR session at exchange/clearing corp | SEBI, NSE, BSE, MCX, NSCCL, ICCL, MCXCCL | half-yearly | Ops Lead | NSE/CMTR Mock-trading-from-DR schedule; SaaS-mode CC mock per NCL/CMPT/64937 | Member participation log with order entry, trade match, MIR/Final-Obligation file regeneration screenshots; non-zero trade obligation netted to zero | Non-participation flagged in member compliance review; persistent default attracts disciplinary action per NSE/INSP/53530 | NSE/MSD/61893, NSE/MSD/48662, NSE/MSD/44692, NCL/CMPT/64937, BSE 20240507-18 | SaaS-mode mock per SEBI/HO/MRD/TPD/P/CIR/2023/192 (forwarded by NCL/CMPT/64937). |
| BCP-DR-004 | Maintain near-site / far-site separation >= 500 km | SEBI | continuous | Ops Lead | CSCRF Recover function; SEBI BCP/DR for MIIs (Mar 2019, Mar 2021) | Site-location attestation (city + geo-coords); seismic-zone separation evidence; lease/co-lo agreements for both sites | Audit finding attracts ATR; non-compliant siting can trigger SEBI direction to relocate | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113 | 500+ km separation is industry practice anchored in SEBI BCP/DR for MIIs framework (CIR/MRD/DMS1/CIR/P/2019/43 — not separately catalogued in our circular store but forwarded via NSE/MSD/44692). Mid-size REs may rely on cloud-region separation. |
| BCP-DR-005 | Declare Recovery Time Objective (RTO) per application | SEBI | annual | Ops Lead | CSCRF Recover function; annual BCP review | RTO matrix in BCP document (per application — trading engine, RMS, back-office, customer-app); validated against DR-drill results | RTO breach during live incident attracts technical-glitch reporting (SEBI/HO/MIRSD/TPD-1/P/CIR/2022/160) | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113, SEBI/HO/MIRSD/TPD-1/P/CIR/2022/160 | Industry practice — Trading engine RTO 45 min, RMS 30 min, customer-app 60 min (anchored to technical-glitch 45-min outage threshold). |
| BCP-DR-006 | Declare Recovery Point Objective (RPO) per application | SEBI | annual | Ops Lead | CSCRF Recover function; annual BCP review | RPO matrix in BCP document; data-replication SLA from infra provider; lag-monitoring log | RPO miss leading to data-loss incident attracts CERT-In and SEBI reporting | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113 | Industry practice — RPO near zero (synchronous replication) for trade/ledger data; <= 15 min for analytics/MIS data. |
| BCP-DR-007 | Conduct tabletop exercises (scenario walk-throughs) annually | SEBI | annual | Ops Lead | CSCRF Respond/Recover function; CCMP playbook activation in non-disruptive mode | Tabletop report (scenario, participants, decisions, gaps, action items); BCP-committee minute referencing the exercise | Audit finding attracts ATR; absence escalates to QSB scoring impact | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113 | Distinct from full DR-cutover drill; focuses on decision-making and escalation paths. |
| BCP-DR-008 | Apply critical-vendor concentration limits | SEBI | annual | Ops Lead | CSCRF Annex on vendor risk; concentration analysis on cloud / market-data / order-gateway vendors | Vendor-concentration register; mitigation plan for any single-vendor >= 30% concentration; alternative-vendor PoC results | Audit finding flagged in vendor section of cyber audit Annexure B; SEBI inspection comment in QSB review | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113, SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/184 | Dec 2024 clarification refined cloud-vendor scope; multi-cloud or hybrid recommended for critical workloads. |
| BCP-DR-009 | Document pandemic / WFH continuity playbook | SEBI, NSE | annual | Ops Lead | CSCRF Withstand function; pandemic-class scenarios in BCP | WFH continuity-playbook section in BCP; remote-trading-terminal policy approved by CEO/Designated Director/Compliance Officer; remote-user register | Audit finding attracts ATR; remote-terminal misuse incidents trigger SEBI enforcement | NSE/INSP/43920, NSE/INSP/44009 | NSE COVID-19 BCP circulars established the framework; retained as evergreen pandemic playbook. |
| BCP-DR-010 | Verify backup integrity (restore-test) quarterly | SEBI | quarterly | Ops Lead | CSCRF Recover function | Restore-test report by application (date, dataset, time-to-restore, completeness check); offsite-backup attestation | Audit finding attracts ATR; failed restore during incident triggers SEBI technical-glitch reporting | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113 | Tape/object-storage backups offsite; encryption-at-rest verified during restore test. |
| BCP-DR-011 | Submit DR-drill report to exchange/clearing corp | NSE, BSE, MCX | half-yearly | Ops Lead | Post DR-mock / live-from-DR session | DR-participation certificate from exchange; member-side report on ENIT/BEFS portal; reconciliation of obligations vs PR | Non-submission per NSE/INSP/53530 — Rs 5,000-10,000; terminal restriction for persistent default | NSE/MSD/61893, NSE/MSD/48662, BSE 20240507-18, MCX/TECH/118/2026 | Member-side reconciliation of MIR file regeneration timing is mandatory. |
| BCP-DR-012 | Audit data replication between primary and DR sites | SEBI | half-yearly | Internal Audit | CSCRF Recover function; system-audit overlay | Data-replication audit report (lag-trend, completeness, last-resync timestamp); CISO + Internal Audit joint sign-off | Audit finding attracts ATR; QSB scoring impact | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113 | Includes Database/ledger replication, document-store replication, order-blotter replication. |
| BCP-DR-013 | Cover application-level DR for client-facing systems | SEBI | continuous | Ops Lead | CSCRF Recover function; application-tier DR design | Application DR-runbook per system (trading-app, RMS, back-office, customer portal); RTO/RPO achievement evidence from drills | Audit finding attracts ATR | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113 | Distinct from infrastructure-DR; covers app-tier failover, stateful-session migration, etc. |
| BCP-DR-014 | Cover network-level DR (link redundancy, BGP/MPLS failover) | SEBI, NSE | continuous | Ops Lead | CSCRF Recover function; exchange-connectivity continuity | Network-DR diagram showing primary/secondary links, BGP/MPLS failover config; quarterly link-failover test log | Network outage attributable to single-link reliance triggers technical-glitch reporting | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113, SEBI/HO/MIRSD/TPD-1/P/CIR/2022/160 | Members must configure secondary DNS for DR site (e.g., 10.1.22.162 per BSE 20240507-18). |
| BCP-DR-015 | Maintain vendor BCP coverage for critical outsourced services | SEBI | annual | Ops Lead | CSCRF Annex; annual vendor review | Vendor BCP attestation per critical vendor; contractual clause on RTO/RPO and breach-notification; vendor DR-drill participation evidence | Audit finding attracts ATR; vendor-induced incident treated as broker incident under SEBI/CERT-In framework | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113 | Cloud / market-data / order-gateway vendors get priority review. |
Audit cycles (21 entries)
Section titled “Audit cycles (21 entries)”| ID | Name | Regulator | Frequency | Owner | Trigger | Evidence | Penalty | Circulars | Notes |
|---|---|---|---|---|---|---|---|---|---|
| AUDIT-001 | Run concurrent audit of broker funds and securities (continuous) | SEBI, NSE, BSE | continuous | Internal Audit | Continuous obligation under SEBI master circular for stock brokers | Daily concurrent-audit log of fund-flows, securities transfers, client-fund segregation; monthly concurrent-audit summary to Compliance Officer | Non-conduct flagged in inspection per NSE/INSP/53530 — terminal restriction and per-default penalty | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94, SEBI/HO/MIRSD/POD-1/P/CIR/2024/118 | Continuous-audit framework consolidated under SEBI Master Circular for Stock Brokers. |
| AUDIT-002 | Conduct half-yearly internal audit (mandatory, member) | SEBI, NSE, BSE, MCX | half-yearly | Internal Audit | Half-year ending 30 Sep / 31 Mar; SEBI master circular and NSE/INSP/54080 | Half-yearly Internal Audit Report (IAR) by empanelled CA/CS/CMA in practice (independent); ENIT-NEW-COMPLIANCE submission for NSE; BEFS submission for BSE | Late submission per NSE/INSP/53530 (Annexure 1) — Rs 5,000-25,000 per default; terminal disablement after 45 days; BSE 20250520-26 cites notice 20220601-52 penalty regime | NSE/INSP/54080, NSE/INSP/51939, NSE/INSP/56678, NSE/INSP/60986, BSE 20250520-26 | BSE deadline 31 May for Mar half-year; NSE 30 Nov for Sep half-year. Cross-exchange auditor recognition via NSE/INSP/60986. |
| AUDIT-003 | Conduct biennial System Audit per SEBI CIR/MRD/DMS/34/2013 | SEBI, NSE, BSE | annual | Internal Audit | FY-end; uniform format per NSE/INSP/56216 | System Audit Report (Annexure A uniform format) on BEFS/ENIT portal; preliminary report + ATR + Follow-on audit | Per NSE/INSP/54386 — Rs 100/day per audit deliverable; non-submission attracts terminal disablement per NSE/INSP/53530 | NSE/INSP/56731, NSE/INSP/56216, NSE/INSP/66456, NSE/INSP/69631, BSE 20250915-52 | SEBI Jan 31, 2025 circular (SEBI/HO/MIRSD/TPD/CIR/2025/10) introduced technology-monitored audits with web-portal and geolocation; live April 27, 2026. |
| AUDIT-004 | Conduct half-yearly Type-III system audit (algorithmic software) | NSE, BSE, MCX | half-yearly | Internal Audit | Half-year periods Apr-Sep and Oct-Mar; mandatory for members with algo software (Type-III) | Type-III system audit report covering all NNF trading software across CM, F&O, CD and CO segments | Per NSE/INSP/54386 — Rs 100/day per audit deliverable; non-submission attracts terminal disablement | NSE/INSP/70900, NSE/INSP/64438, NSE/INSP/46127 | Submission timelines — Preliminary Audit Report month+1; ATR month+4; Follow-on Audit month+7. |
| AUDIT-005 | Get audited annual financial statements (statutory audit) | SEBI, NSE, BSE | annual | Statutory Auditor | FY-end (31 Mar) | Audited annual report + auditor’s report + director’s report + financial-strength details submitted via BEFS by 31 Oct (deadline per BSE 20240924-51); XBRL via prescribed Excel utility | Late submission attracts per-day late fee; persistent default triggers terminal restriction per NSE/INSP/53530 | BSE 20240924-51, SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | Non-corporate members may follow non-standard accounting years (6 months from year-end). Companies Act 2013 formats apply. |
| AUDIT-006 | Conduct annual KRA audit by empanelled auditor | SEBI | annual | Internal Audit | FY-end; KRA Regulations 2011 and SEBI Risk Management Framework | KRA-audit report covering KYC data integrity, validation cadence, reporting to CKYCRR; submission to SEBI | KRA-status review; per-default penalty as per intermediary-supervision framework | SEBI/HO/MIRSD/SECFATF/P/CIR/2024/41, SEBI/HO/MIRSD/SECFATF/P/CIR/2024/79 | KRAs revalidate KYC under risk management framework per May 2024 SEBI circular. |
| AUDIT-007 | Conduct annual DP audit at CDSL | CDSL | annual | DP Manager | CDSL Bye-Law 16.3.1; half-yearly cycle (CAR + IAR) | Internal Audit Report (Annexure-A) and Concurrent Audit Report (Annexure-B for risk-prone areas) submitted to CDSL | Per CDSL communique — fine, suspension, deactivation of demat services for non-conduct | CDSL/OPS/DP/POLCY/2020/455 | CDSL bye-law 16.3.1 covers both internal and concurrent audit; revised checklist in CDSL/OPS/DP/POLCY/2020/455. |
| AUDIT-008 | Conduct annual DP audit at NSDL | NSDL | half-yearly | DP Manager | NSDL Bye-Law 10.3; half-yearly cycle | Internal/Concurrent Audit Report by CA/CS/CMA with NISM-Series-VI (DOCE) credentials; submission half-yearly to NSDL | Per NSDL Bye-Law non-compliance — fine, restriction on DP operations | NSDL/POLICY/2025/0047, NSDL/POLICY/2024/0042 | Apr 11, 2025 NSDL circular updated audit format and guidelines. |
| AUDIT-009 | Conduct annual cyber audit per CSCRF (with type-specific cadence) | SEBI, NSE, BSE, MCX | annual | CISO | FY-end; CSCRF clause 4.4 | Cyber audit report (uniform Annexure B per NSE/INSP/56216) with 100% critical + 25% non-critical coverage; CAR for non-compliances | Per NSE/INSP/54386 — Rs 100/day per audit deliverable; terminal disablement per NSE/INSP/53530 | NSE/INSP/73849, NSE/INSP/71214, NSE/INSP/67637, BSE 20250915-53, SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113 | Half-yearly cadence for Type-III (algo) members under NSE/INSP/64439. |
| AUDIT-010 | Conduct settlement audit (consolidated cash + securities) | NSE, BSE, NSCCL, ICCL | half-yearly | Internal Audit | Half-year-end; covered within half-yearly internal audit scope | Settlement-audit section in IAR covering pay-in/pay-out, EPI, auction, securities pool, MTF | Discrepancies flagged trigger ATR; persistent default attracts terminal-restriction action | NSE/INSP/54080, NCL/CMPT/63669, SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | Direct-payout-to-client demat regime (NCL/CMPT/63669) added to audit scope from Nov 11, 2024. |
| AUDIT-011 | Conduct pre-launch audit for new exchange segments | SEBI, NSE, BSE, MCX | event-triggered | Internal Audit | Application to add new segment (e.g., F&O, CD, COM); member-admission process | Pre-launch audit report; mock-trading participation log; CTCL/NEAT compatibility test result | Segment admission denied / postponed until audit clean | NSE/MSD/67753, NSE/INSP/53387 | Simulated-environment circular (NSE/MSD/57151) lists pre-go-live testing scope. |
| AUDIT-012 | Conduct post-launch audit (initial-90-day window) for new segment | NSE, BSE | event-triggered | Internal Audit | First 90 days of new-segment operation | Post-launch audit report with order-flow, surveillance, margin and reporting findings | Discrepancies in audit trigger remediation orders; persistent default attracts segment-disablement | NSE/MSD/67753 | Industry practice anchored to consolidated NNF circular (NSE/MSD/67753). |
| AUDIT-013 | Conduct event-triggered penny-stock audit | SEBI, NSE, BSE | event-triggered | Internal Audit | Surveillance alerts (GSM/ESM/ASM-Stage); SEBI directives on specific scrips | Penny-stock-audit report covering client base, broker-client funding patterns, KYC quality; submission to exchange surveillance | Penalty grid under NSE/SURV/67801 (consolidated surveillance circular); per-default Rs 5,000 to terminal restriction | NSE/SURV/74008, NSE/SURV/67801, NSE/SURV/56948 | ESM and ASM frameworks define triggering criteria. |
| AUDIT-014 | Conduct half-yearly compliance audit | SEBI, NSE | half-yearly | Compliance Officer | Half-year ending 30 Sep / 31 Mar | Compliance Officer’s half-yearly report to Board; compliance audit checklist covering KYC, AML, surveillance, client funds, margin, settlement | Non-conduct attracts SEBI enforcement and per-default penalty per NSE/INSP/53530 | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94, NSE/INSP/53530 | Foundation for CAR (Compliance Audit Report) submitted to exchanges. |
| AUDIT-015 | Conduct IT general controls (ITGC) audit | SEBI | annual | Internal Audit | Part of system-audit scope under CIR/MRD/DMS/34/2013 | ITGC audit section in System Audit Report; change-management, access-control and operations sections covered | Per NSE/INSP/54386 — Rs 100/day per audit deliverable | NSE/INSP/56731, NSE/INSP/56216 | ITGC is a sub-section of System Audit Annexure A. |
| BCP-DR-016 | Conduct information security audit (CSCRF Annex) | SEBI | annual | CISO | CSCRF clause 4.4; cyber audit overlay | InfoSec audit report covering ISO 27001-style controls; sub-section in cyber audit Annexure B | Per NSE/INSP/54386 audit-deliverable penalty; QSB scoring impact | SEBI/HO/ITD-1/ITD_CSC_EXT/P/CIR/2024/113 | Information security audit overlaps cyber audit; uses ISO 27001 control mapping for Qualified REs. |
| AUDIT-017 | Run operational risk audit (event-class assessment) | SEBI | annual | Internal Audit | Annual op-risk review under Brokers’ Institutional Mechanism (SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2024/96) | Op-risk register with event-class taxonomy (internal/external fraud, employee/client practice, BCP, technology, vendor) | Op-risk events impacting client funds attract SEBI enforcement and reputational impact | SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2024/96, NSE/INVG/65921 | Chapter IVA of SEBI Stock Brokers Regulations operationalised via Aug 2024 circular. |
| AUDIT-018 | Cooperate with exchange inspection (NSE/BSE/MCX) | NSE, BSE, MCX | as-required | Compliance Officer | Exchange-initiated routine or special inspection; AP/Branch inspection | Inspection-response file; documents/records produced; on-site inspector log; Action Taken Report submitted within stipulated timeline | Per BSE 20250127-22 — common violation register published; per-default penalty grid under NSE/INSP/53530; terminal restriction for non-cooperation | NSE/COMP/63628, BSE 20250127-22, BSE 20250915-52, NSE/INSP/53530 | AP-supervision framework consolidated under NSE/COMP/63628. |
| AUDIT-019 | Cooperate with depository inspection (CDSL/NSDL) | CDSL, NSDL | as-required | DP Manager | Depository-initiated routine or special inspection | Inspection-response file; DP operations log; ATR; remediation evidence | Per CDSL/NSDL bye-laws — fine, restriction on DP services, suspension | NSDL/POLICY/2025/0047, CDSL/OPS/DP/POLCY/2020/455 | DP-inspection scope covered by annual internal/concurrent audit framework. |
| AUDIT-020 | Cooperate with SEBI inspection (themed/special) | SEBI | as-required | Compliance Officer | SEBI-initiated thematic inspection (e.g., on UPI-block, T+0, client funds) | SEBI-inspection response file; document production register; remediation evidence; show-cause/adjudication response if applicable | Per SEBI Act / SEBI Adjudication framework — fine up to Rs 1 crore or higher per Section 15A-15HB | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94, SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2024/14 | Annual inspection of QSBs mandated under SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2024/14. |
| AUDIT-021 | Remediate concurrent-audit observations within prescribed timeline | SEBI, NSE, BSE | continuous | Compliance Officer | Concurrent-audit finding | ATR with closure evidence per finding; closure-tracker in Compliance dashboard; quarterly summary to Audit Committee | Unclosed observations carried to half-yearly internal audit and inspection findings | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94, NSE/INSP/54080 | Concurrent-audit observations feed into internal-audit and system-audit ATRs. |
Reporting cadences (40 entries)
Section titled “Reporting cadences (40 entries)”| ID | Name | Regulator | Frequency | Owner | Trigger | Evidence | Penalty | Circulars | Notes |
|---|---|---|---|---|---|---|---|---|---|
| REPORTING-001 | Submit half-yearly compliance certificate to SEBI | SEBI | half-yearly | Compliance Officer | Half-year ending 30 Sep / 31 Mar | Half-yearly compliance certificate signed by Compliance Officer and CEO/Designated Director; submitted via SEBI Intermediary Portal | Per SEBI Adjudication — fine under Section 15A; flagged in QSB scoring | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94, SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2024/14 | Compliance certificate format prescribed in Master Circular for Stock Brokers. |
| REPORTING-002 | Submit half-yearly internal audit report via ENIT-NEW / BEFS | NSE, BSE, MCX | half-yearly | Internal Audit | Half-year ending 30 Sep / 31 Mar; per NSE/INSP/54080 | IAR PDF + Annexure A + ATR uploaded to ENIT-NEW-COMPLIANCE (NSE) / BEFS (BSE) by 30 Nov / 31 May | BSE 20250520-26 cites notice 20220601-52; NSE/INSP/53530 — Rs 5,000-25,000 per default + terminal disablement | NSE/INSP/54080, BSE 20250520-26, BSE 20250915-52 | Cross-exchange auditor recognition via NSE/INSP/60986. |
| REPORTING-003 | Submit monthly client-funding report to exchange | NSE, BSE | monthly | Funds Ops | Month-end; SEBI Enhanced Supervision framework | Monthly client-funding file via API; reconciliation with daily upstreaming data; submission timestamp on ENIT/BEFS | Late/non-submission per NSE/INSP/53530 grid — Rs 5,000-10,000 per default | NSE/INSP/60369, NSE/INSP/57041, SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2023/187 | Monthly reporting overlaid by daily upstreaming compliance per SEBI Dec 2023 circular. |
| REPORTING-004 | Submit daily margin file to clearing corp | NSCCL, ICCL, MCXCCL | daily | RMS Lead | T+1 cycle; segment-wise margin file submission | Daily margin file (per segment) submitted to CC by cut-off (typically EOD T-day); receipt confirmation file | Late submission attracts CC penalty per RMS framework; persistent default triggers segment-level position restriction | NSE/INSP/64315, SEBI/HO/MRD2_DCAP/CIR/2021/0598 | Segregation and Monitoring of Collateral at Client Level submission also daily (NCL/CMPL/64088). |
| REPORTING-005 | Submit weekly client-funding report via API | NSE, BSE | weekly | Funds Ops | Week-ending submission per NSE/INSP/55039 (daily API since Dec 2022) / BSE 20220526-6 (weekly) | API submission of holding statement + cash & cash equivalent + bank balances per UCC; submission log | Late submission per NSE/INSP/53530 — Rs 5,000-10,000 per default | NSE/INSP/55380, NSE/INSP/52509, BSE 20220526-6 | NSE discontinued client-level cash reporting from Mar 18, 2024 (NSE/INSP/61121); shifted to CC-level segregation reporting. |
| REPORTING-006 | Submit FATCA/CRS annual return | SEBI, FIU-IND | annual | Compliance Officer | Calendar year-end (31 Dec); IT Rule 114F-114H reporting | FATCA/CRS XML return on Income Tax e-filing portal; self-certifications collected at onboarding and uploaded to KRA | Income Tax Act Section 271FAA — Rs 50,000-Rs 1 lakh per default; SEBI per-default penalty | SEBI/HO/MIRSD/SECFATF/P/CIR/2024/12, SEBI/HO/MIRSD/SECFATF/P/CIR/2024/78 | Centralisation of FATCA/CRS certifications at KRAs effective 1 Jul 2024. |
| REPORTING-007 | File GST monthly returns (GSTR-1 / GSTR-3B) | SEBI | monthly | Funds Ops | Month-end; CGST/SGST/IGST output-tax liability | GSTR-1 and GSTR-3B filed on GST portal; tax-payment challan; reconciliation with broker revenue | GST Act — late fee Rs 50/day for nil return, Rs 100/day otherwise; interest @ 18% on tax liability | [no direct circular — industry practice] | Statutory under GST Act 2017; not separately catalogued in SEBI/exchange circular store. Brokers register GSTIN per state of supply. |
| REPORTING-008 | File TDS quarterly returns (Form 26Q / 27Q) | SEBI | quarterly | Funds Ops | Quarter-end; TDS on commissions, professional fees, AP payments | TDS return filed via TRACES; TDS certificates (Form 16A) issued to deductees | Income Tax Act Section 234E — late fee Rs 200/day; Section 271H — penalty Rs 10,000-Rs 1 lakh | [no direct circular — industry practice] | Statutory under Income Tax Act 1961; not in SEBI/exchange circular store. |
| REPORTING-009 | Deposit STT monthly with government | SEBI | monthly | Funds Ops | Month-end (collected daily, deposited monthly) | STT deposit challan; reconciliation file from clearing corp; monthly STT return | Income Tax Act Section 104 — interest @ 12%; penalty up to Rs 1,000 / day per default | NSE/INSP/61999, SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | STT amounts reflected in revised Contract Note format (NSE/INSP/61999). |
| REPORTING-010 | Pay SEBI turnover fees half-yearly | SEBI | half-yearly | Funds Ops | Half-year ending 30 Sep / 31 Mar; per SEBI (Stock Brokers) Regulations Schedule III | Half-yearly turnover-fee challan; reconciliation with exchange turnover statement | Late payment attracts interest per SEBI fee regulations; persistent default attracts certificate-of-registration review | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | Schedule III of SEBI (Stock Brokers) Regulations specifies fee structure; consolidated in Master Circular. |
| REPORTING-011 | Pay state stamp duty (collected on trades and remitted per state cycle) | SEBI | monthly | Funds Ops | Indian Stamp Act 1899 (as amended Jul 2020); CC collects on behalf of states | Stamp-duty payment statement from CC; state-wise reconciliation | Indian Stamp Act state-specific penalties (typically 2-10 times the stamp duty); CC withholds settlement on default | NSE/INSP/61999 | Centralised collection by CCs since Jul 1, 2020 under Indian Stamp (Collection of Stamp-Duty Through Stock Exchanges, Clearing Corporations and Depositories) Rules 2019. |
| REPORTING-012 | Submit Compliance Audit Report (CAR) for system audit / cyber audit | NSE, BSE | annual | Compliance Officer | Post-audit closure of non-compliances | CAR submission on BEFS / ENIT portal; auditor tags each item Compliant/Non-Compliant | Late/non-submission per BSE 20231005-54 revised penalty framework; NSE/INSP/53530 grid | BSE 20250915-52, BSE 20250915-53, BSE 20231005-54 | CAR replaces prior item-wise audit-observation penalties. |
| REPORTING-013 | Submit DPC (Designated Principal Compliance) reporting to Board | SEBI | half-yearly | Designated Director | Half-year-end; SEBI (Stock Brokers) Regulations on Designated Director responsibilities | DPC report to Board with compliance status, exceptions and remediation timelines | Designated Director liable under SEBI Act for material non-compliance; up to Rs 1 crore adjudication | SEBI/HO/MIRSD/SECFATF/P/CIR/2024/78, SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | Linked to PMLA Designated Director self-declaration (REPORTING-027). |
| REPORTING-014 | Report technical glitches to SEBI (Aug 2023 / Nov 2022 framework) | SEBI, NSE, BSE, MCX | event-triggered | CISO | Any technical glitch in broker electronic trading system (outage, latency, file-failure) | Within 1 hour — Initial intimation to exchange via ENIT/email; T+1 — Preliminary Incident Report; 14 days — Root Cause Analysis (RCA); log preservation 2 years post-glitch | Per NSE/COMP/67379 revised financial-disincentive and penalty structure (Part ‘B’) effective Apr 01, 2025; for MIIs see SEBI/HO/MRD/TPD-1/P/CIR/2024/124 (90-day compliance report) | SEBI/HO/MIRSD/TPD-1/P/CIR/2022/160, NSE/COMP/67379, NSE/COMP/70434, NSE/COMP/54876 | SEBI Sep 22, 2025 consultation paper (NSE/COMP/70434) proposes revised framework — Capacity Planning, Software Testing & Change Management, BCP/DRS, Monitoring Mechanism. |
| REPORTING-015 | Report operational-loss events to Board / SEBI | SEBI | event-triggered | Compliance Officer | Op-loss event above materiality threshold (typically Rs 10 lakh for brokers) | Op-loss incident memo to Board/Audit Committee; SEBI notification if event impacts clients/market integrity | SEBI enforcement action under SEBI Act and Adjudication framework | SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2024/96, NSE/INVG/65921 | Operationalised under Brokers’ Institutional Mechanism for fraud detection (Chapter IVA). |
| REPORTING-016 | Report cyber incident to SEBI within 6 hours (with CERT-In follow-on) | SEBI, MeitY | event-triggered | CISO | Cyber incident detection per CERT-In Apr 28, 2022 + SEBI/HO/MIRSD/TPD/P/CIR/2022/93 | CERT-In Incident Reporting Form within 6h; SEBI/exchange incident memo; quarterly cyber-incident report on NSE portal | IT Act Section 70B(7) — imprisonment up to 1 year and/or fine up to Rs 1 lakh; SEBI per-default penalty grid | SEBI/HO/MIRSD/TPD/P/CIR/2022/93, CERT-In-20-3-2022, NSE/INSP/72118 | 6h to CERT-In + concurrent to SEBI/exchange/depository per cyber-resilience framework. |
| REPORTING-017 | Disclose whistleblower mechanism annually | SEBI | annual | Compliance Officer | Annual disclosure of whistleblower policy and complaints received | Whistleblower-policy disclosure on broker website; annual count of complaints received and resolved in Board minutes | SEBI enforcement under (Stock Brokers) Regulations for absent mechanism | SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2024/96, NSE/INVG/65921 | Whistleblower policy mandated under Brokers’ Institutional Mechanism (Chapter IVA). |
| REPORTING-018 | Submit board-level compliance reporting (CEO/MD/CCO) | SEBI | quarterly | Compliance Officer | Quarterly Board meeting cycle | Compliance dashboard to Board with KPI grid (KYC, AML, surveillance, margin, settlement, cyber, BCP); minutes acknowledging review | Audit finding for absent reporting attracts ATR; QSB scoring impact | SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2024/14, SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | QSB framework mandates Audit/NRC/Risk/IT/Cybersecurity Board committees with reporting cadence. |
| REPORTING-019 | Submit Annual Reconciliation Return (ARR) to clearing corp | NSCCL, ICCL, MCXCCL | annual | Funds Ops | FY-end; CC-driven reconciliation of clearing/settlement obligations and collateral | ARR file submitted to CC; reconciliation with broker books; CFO sign-off | Late submission attracts CC penalty grid; persistent default triggers segment-level restriction | NCL/CMPT/64937, NCL/CMPL/64088 | Annual reconciliation overlays daily/monthly client-collateral reporting. |
| REPORTING-020 | Submit Risk-Based Supervision (RBS) data annually | SEBI, NSE, BSE | annual | Compliance Officer | FY-end; BSE 20230412-15 / NSE equivalent RBS schedule | RBS data submission on BEFS by 31 May; tiered review by exchange | Per BSE 20230412-15 — Rs 10,000 late, client-registration restriction after 15 days, terminal disablement after 45 days; missing data parameters rated at highest risk | BSE 20230412-15 | Data shared with SEBI for thematic supervision. |
| REPORTING-021 | Disclose monthly client base statistics to exchange | NSE, BSE | monthly | Compliance Officer | Month-end UCC database snapshot | Monthly client-count file via UCC API / ENIT submission; categorisation by segment, region, status | Per NSE/INSP/53530 — late submission Rs 5,000-10,000 per default | NSE/ISC/61817, NSE/ISC/60418 | UCC Master Circular (NSE/ISC/61817) consolidates UCC reporting cadence. |
| REPORTING-022 | Disclose active-client count on NSE COMP portal | NSE | monthly | Compliance Officer | Active-client count for CSCRF categorisation (Clause 2.1.1) | Monthly active-client count file on COMP module; reconciliation with UCC active/inactive flag | Misreporting impacts CSCRF categorisation; disciplinary action for material misrepresentation | NSE/INSP/69939, NSE/ISC/61817 | NSE/INSP/69939 (Sep 1, 2025) clarifies computation method for registered clients. |
| REPORTING-023 | Maintain networth above prescribed minimum (segment-wise) | SEBI, NSE, BSE | half-yearly | Funds Ops | Half-year ending 30 Sep / 31 Mar; SEBI (Stock Brokers) Regulations | Half-yearly Networth Certificate from CA in practice (Annexure-S); submission via ENIT-NEW-COMPLIANCE (NSE) / BEFS (BSE) | Per NSE/COMP/64293 — late submission attracts per-day penalty; falling below minimum triggers segment-level restriction | NSE/COMP/64293, NSE/COMP/64159, SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | Submission deadline 31 Oct (MTF members) / 30 Nov (others) for Sep half-year. |
| REPORTING-024 | Submit quarterly Net Capital Adequacy disclosure | SEBI, NSE, BSE | quarterly | Funds Ops | Quarter-end; SEBI (Stock Brokers) Regulations capital-adequacy requirement | Net Capital Adequacy file submitted via BEFS / ENIT; quarterly snapshot of base/additional capital | Falling below prescribed minimum triggers segment-level restriction; per NSE/INSP/53530 per-default penalty | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94, NSE/COMP/64293 | Linked to half-yearly networth certificate (REPORTING-023). |
| REPORTING-025 | Send daily KYC data to KRA | SEBI | daily | Compliance Officer | New onboarding / KYC modification of client | KRA upload acknowledgement; daily upload log; KRA validation status (validated / on-hold / closed) | Per SEBI/HO/MIRSD/SECFATF/P/CIR/2024/41 — invalid KYC client accounts marked “ON HOLD”; trading restriction | SEBI/HO/MIRSD/SECFATF/P/CIR/2024/41, BSE 20230819-6, BSE 20241202-5 | KRAs revalidate under risk-management framework; demat accounts frozen for debits/credits if KYC flagged invalid (BSE 20241202-5). |
| REPORTING-026 | Upload CKYC records within 7 days of onboarding | CERSAI, SEBI | as-required | Compliance Officer | New client onboarding or KYC modification | CKYC Search/Save/Update API call log; KYC Identifier returned by CKYCRR; bulk-update file via CKYCRR portal | PMLA Section 13 + Rule 9 — fine up to Rs 1 lakh; SEBI per-default penalty | SEBI/HO/MIRSD/SECFATF/P/CIR/2024/79, CKYC/2025/03_Revised, CKYC/NOTIF/2024/01, CKYC/2025/04 | Upload via KRAs since Jun 6, 2024; CKYC Search API v1.3 and Save/Update API v1.3 effective Apr 4, 2025. |
| REPORTING-027 | Disclose beneficial ownership annually | SEBI, FIU-IND | annual | Principal Officer | SEBI AML/CFT Master Circular requirement; PMLR Rule 9 | Beneficial-ownership declaration on file for each non-individual client (UBO with >= 10% stake or controlling interest); annual review log | PMLA Section 13 + Rule 9 — fine up to Rs 1 lakh per default; SEBI per-default penalty | SEBI/HO/MIRSD/SECFATF/P/CIR/2024/78, SEBI/HO/MIRSD/SECFATF/P/CIR/2023/091 | AML Master Circular (Jun 2024) consolidates UBO obligations. |
| REPORTING-028 | File PMLA Designated Director half-yearly self-declaration | SEBI, FIU-IND | half-yearly | Designated Director | Half-year ending 30 Sep / 31 Mar; PMLR + SEBI AML Master Circular | Designated Director self-declaration submitted to SEBI; PMLA appointment letter on file; updated FINnet 2.0 registration | PMLA Section 13 — fine up to Rs 1 lakh; SEBI per-default penalty | SEBI/HO/MIRSD/SECFATF/P/CIR/2024/78, FIU-IND-FINNET2-REG-2023 | FINnet 2.0 registration framework refreshed Jul 2023 (FIU-IND-FINNET2-REG-2023). |
| REPORTING-029 | Submit inspection-report ATR within prescribed timeline | SEBI, NSE, BSE, MCX, CDSL, NSDL | event-triggered | Compliance Officer | Receipt of inspection report from regulator | ATR with closure evidence per finding; remediation tracker; follow-on inspection report by inspector | Late ATR per NSE/INSP/53530 — Rs 5,000 first default, escalating; persistent default triggers terminal restriction or registration review | NSE/COMP/63628, NSE/INSP/53530, BSE 20250915-52, BSE 20250915-53 | ATR timelines typically 30-45 days from receipt of inspection report. |
| REPORTING-030 | Submit half-yearly Networth Certificate via ENIT/BEFS | NSE, BSE | half-yearly | Funds Ops | Half-year ending 30 Sep / 31 Mar | Networth Certificate by CA in practice with CARO-style attestation; ENIT-NEW-COMPLIANCE (NSE) / BEFS (BSE) submission | Per NSE/COMP/64293 — late submission per-day penalty; non-submission triggers terminal restriction | NSE/COMP/64293, NSE/COMP/64159 | 31 Oct deadline for MTF members; 30 Nov for others (Sep 30 half-year). |
| REPORTING-031 | Submit Surveillance Obligation Report (SOR) to exchange | SEBI, NSE | quarterly | Surveillance Analyst | Quarterly cycle; SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2024/96 (Brokers’ institutional mechanism) | SOR file submitted on ENIT; alert-disposition register; escalation evidence | Per NSE/INSP/53530 — Rs 5,000-25,000 per default; SEBI enforcement for material breach | SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2024/96, NSE/INVG/65921 | Staggered implementation by UCC band (>50k UCCs from 1 Jan 2025; 2,001-50,000 from 1 Apr 2025; <=2,000 from 1 Apr 2026). |
| REPORTING-032 | Report fraud/market-abuse alerts to exchange | SEBI, NSE, BSE | event-triggered | Surveillance Analyst | Alert from Member Surveillance Dashboard or internal monitoring per Chapter IVA | Alert-disposition memo with action taken; escalation log; exchange-portal submission | Per NSE/INVG/46662 — penalty structure for abnormal/non-genuine transactions levied on members; quantum varies by alert severity | SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2024/96, NSE/INVG/46662, NSE/SURV/74008 | Member Surveillance Dashboard alert categorisation maintained in NSE/SURV/74008 consolidated circular. |
| REPORTING-033 | Submit KMP (Key Management Personnel) details on ENIT | NSE, BSE | event-triggered | Compliance Officer | Change in KMP (CEO/MD/Manager, CS, WTD, CFO, prescribed officers); within 7 days of change | KMP update on ENIT portal with PAN, mobile, phone, email; Board resolution for appointment | Per NSE/INSP/53530 — late update attracts per-default penalty | NSE/COMP/56766, NSE/COMP/63628 | KMP as per Section 2(51) Companies Act 2013. |
| REPORTING-034 | Submit Annual Maintenance Charge (AMC) for Authorised Persons | NSE, BSE | annual | Compliance Officer | April of each FY; AP register snapshot as on 31 Mar | AMC payment of Rs 5,000 per registered AP per year across segments; payment challan; AP register snapshot | Per NSE/COMP/60859 — AMC once charged is non-refundable; non-payment triggers AP-registration cancellation | NSE/COMP/60859, NSE/COMP/58438 | AMC across segments; payable based on Mar-31 AP register count. |
| REPORTING-035 | Submit Investor Charter and quarterly complaint statistics | SEBI, NSE, BSE | monthly | Customer Service Lead | Monthly complaint data per Investor Charter (7th of each month for prior month) | Complaint statistics page on broker website; SCORES 2.0 portal submission; reconciliation with ODR | Per SEBI ODR Master Circular — non-compliance attracts enforcement and reputational impact | SEBI/HO/MIRSD/MIRSD-PoD1/P/CIR/2025/22, BSE 20250610-4, BSE 20250610-5, SEBI/HO/OIAE/OIAE_IAD-1/P/CIR/2023/0182 | Updated Investor Charter Feb 2025 reflects SCORES 2.0, ODR portal, BSDA Rs 10 lakh threshold. |
| REPORTING-036 | Report quarterly cyber-incident summary to NSE | NSE, SEBI | quarterly | CISO | CSCRF clause 3.4; quarterly cycle | Cyber-incident report on NSE member portal due 15 days after quarter-end; zero-incident attestation if applicable | Per NSE/INSP/53530 — Rs 5,000-10,000 per default; persistent default triggers terminal disablement | NSE/INSP/72118, MCX/TECH/179/2026 | MCX equivalent — MCX/TECH/179/2026 (Q4 2025 due Jan 15, 2026). |
| REPORTING-037 | Submit half-yearly Compliance Officer report | SEBI, NSE | half-yearly | Compliance Officer | Half-year ending 30 Sep / 31 Mar; SEBI Master Circular for Stock Brokers | Compliance Officer’s half-yearly report to Board and exchange; KPI grid covering KYC, AML, surveillance, client funds, margin | Per NSE/INSP/53530 — late/non-submission attracts per-default penalty; persistent default triggers terminal restriction | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94, NSE/INSP/53530 | Maps to AUDIT-014 half-yearly compliance audit. |
| REPORTING-038 | Disseminate Grievance Redressal / Escalation Matrix on website | SEBI, BSE | continuous | Customer Service Lead | Investor Adviser/RA framework; broker grievance framework | Website display of escalation matrix with Customer Care, Head of Customer Care, Compliance Officer, CEO, Principal Officer details (name/address/phone/email/working hours); email to clients within 7 days of onboarding | Per BSE 20241209-41 — non-compliance triggers ODR/SCORES enforcement and reputational impact | BSE 20241209-41, SEBI/HO/MIRSD/MIRSD-PoD1/P/CIR/2025/22 | BSE 20241209-41 (Dec 9, 2024) operationalised display requirements for IAs/RAs; brokers follow analogous principles. |
| REPORTING-039 | Report KMP / Compliance Officer NISM credentials via e-PASS | NSDL, NSE | annual | Compliance Officer | NISM Series-VI (DOCE) / equivalent certification expiry | e-PASS submission of NISM alert details; CPE/refresher certificate | Lapse of certification flagged in NSDL/CDSL audit; DP-services restriction possible | NSDL/POLICY/2025/0017 | Compliance Officer alert details portal launched Feb 10, 2025 (NSDL/POLICY/2025/0017). |
| REPORTING-040 | Submit Mock-trading participation log | NSE, BSE, MCX | event-triggered | Ops Lead | Mock-trading-from-PR / DR session schedule per exchange | Member participation log with order entry, trade match, MIR/Final-Obligation reconciliation; submission to exchange where required | Non-participation flagged in BCP-DR compliance review; persistent default attracts disciplinary action | NSE/CMTR/71767, NSE/CMTR/66081, NSE/CMTR/65950, NSE/CMTR/64612 | Counts toward member regulatory mock-participation requirements per SEBI/HO/MRD1/DSAP/CIR/P/2020/234 (Nov 24, 2020) — cited in NSE/CMTR/63915. |
Investor grievance (12 entries)
Section titled “Investor grievance (12 entries)”| ID | Name | Regulator | Frequency | Owner | Trigger | Evidence | Penalty | Circulars | Notes |
|---|---|---|---|---|---|---|---|---|---|
| GRIEVANCE-001 | Register and maintain SCORES 2.0 portal access | SEBI | one-time | Compliance Officer | Broker / depository participant registration with SEBI; SCORES 2.0 platform launched 1 April 2024 at scores.sebi.gov.in | SCORES 2.0 login credentials in broker name; designated grievance email; entry in SEBI Intermediary Master with active SCORES ID | Inability to receive auto-routed complaints; deemed non-compliance triggers financial disincentives and possible regulatory action per SCORES timelines circular | SEBI/HO/OIAE/IGRD/CIR/P/2023/156, CDSL/IG/DP/GENRL/2024/593 | SCORES 2.0 replaced legacy www.scores.gov.in. Brokers must update website footers and account-opening kits with new SCORES URL per CDSL Oct 2024 advisory. |
| GRIEVANCE-002 | Resolve SCORES complaint within 21-day first-level SLA | SEBI, NSE, BSE, MCX | continuous | Customer Service Lead | Complaint lodged on SCORES against broker; clock starts from auto-route date | SCORES Action Taken Report (ATR) with timestamp ≤ 21 calendar days; underlying email/call recordings; ledger reconciliation snapshots | Auto-escalation to first-review entity (exchange / depository / SEBI). Repeated breaches → financial disincentives per “Timelines for handling investor complaints by SCORES and action against non-compliance” Dec 2023 circular, warnings, regulatory action. | SEBI/HO/OIAE/IGRD/CIR/P/2023/156 | Replaced earlier 30-day SLA (Aug 2020 framework). Two-level review system — designated body (exchange/depository) reviews if dissatisfied, then SEBI. |
| GRIEVANCE-003 | Submit monthly complaint MIS on SCORES and broker website | SEBI | monthly | Compliance Officer | End of calendar month | SCORES monthly disclosure upload; broker website “Investor Complaints” page with prior-month opening/received/resolved/pending counts; archived snapshots | Non-disclosure flagged in exchange inspection. Standard non-compliance penalty grid per NSE penalty matrix. | SEBI/HO/MIRSD/DOP/CIR/P/2020/73, SEBI/HO/OIAE/IGRD/CIR/P/2023/156 | Disclosure format prescribed in Investor Charter circular Dec 2021 and refreshed Feb 2025 Investor Charter. |
| GRIEVANCE-004 | Enrol on Smart ODR portal (smartodr.in) as Market Participant | SEBI | one-time | Compliance Officer | Entity registered with SEBI as broker / depository participant after 16 Aug 2023 (effective date of original ODR circular) | smartodr.in registration certificate; entity profile listing ODR institutions panel; integration completion sign-off | Unable to participate in conciliation/arbitration; complaints default against broker; regulatory action for non-onboarding | SEBI/HO/OIAE/OIAE_IAD-1/P/CIR/2023/0182 | Master Circular Dec 20, 2023 consolidates July 31, 2023 original ODR circular and Aug 4, 2023 amendment. Applies to all SEBI intermediaries. |
| GRIEVANCE-005 | Participate in ODR conciliation cycle | SEBI | event-triggered | Customer Service Lead | Investor escalates SCORES-unresolved complaint to Smart ODR; ODR institution assigned | Conciliation reference letter; written submissions; conciliator’s settlement record or non-settlement note | Adverse cost award; reputational; published in ODR portal data | SEBI/HO/OIAE/OIAE_IAD-1/P/CIR/2023/0182 | Indicative timeline — conciliation typically 21 days; if unsuccessful, moves to arbitration. Fee schedule prescribed in master circular. |
| GRIEVANCE-006 | Participate in ODR arbitration cycle | SEBI | event-triggered | Compliance Officer | ODR conciliation failed or directly invoked | Arbitration reference order; statement of claim/defence; award copy; payment record if claim upheld | Adverse arbitral award (binding); cost award; regulatory escalation on non-honour | SEBI/HO/OIAE/OIAE_IAD-1/P/CIR/2023/0182 | ODR arbitration replaces exchange-only arbitration earlier under May 2022 SOP circular which is now subsumed. |
| GRIEVANCE-007 | Operate Internal Grievance Redressal Officer (IGRO) function | SEBI, NSE, BSE, MCX | continuous | Customer Service Lead | SEBI Master Circular for Stock Brokers — internal grievance redressal officer designation | Board-approved appointment letter; officer name + contact published on website and in account-opening kit; complaint register | Inspection observation; Standard Operating Procedure non-compliance penalty per NSE/INSP penalty matrix | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | Master Circular for Stock Brokers Jun 17, 2025 consolidates earlier IGRO obligations. Designated grievance email must be published. |
| GRIEVANCE-008 | Engage with exchange IGRC at first-level escalation | NSE, BSE, MCX | event-triggered | Compliance Officer | Investor escalates to exchange Investor Grievance Redressal Committee after SCORES / broker-level non-resolution | IGRC reference letter; written reply; committee decision letter; payout record if awarded | Adverse IGRC decision; possible disciplinary referral; payout from broker funds | SEBI/HO/OIAE/OIAE_IAD-1/P/CIR/2023/0182 | IGRC operates under exchange arbitration framework now subsumed by Smart ODR. Exchanges remain first-level review body for SCORES-routed complaints. |
| GRIEVANCE-009 | Publish Investor Charter on website and in account-opening kit | SEBI | continuous | Compliance Officer | Investor Charter circular Feb 2025 effective; replaces Dec 2021 charter | Investor Charter PDF on website footer “Investor Attention” section; charter copy in account-opening packet; periodic audit by exchange | Inspection observation; standard penalty grid applies | SEBI/HO/MIRSD/MIRSD-PoD/P/CIR/2025/0000013, SEBI/HO/MIRSD/MIRSD_RTAMB/P/CIR/2021/655 | Feb 2025 Investor Charter reflects SCORES 2.0 21-day SLA, ODR linkage, BSDA Rs.10 lakh, direct payout, revamped nomination, and broker complaint statistics. |
| GRIEVANCE-010 | Document and maintain complaint-handling policy | SEBI, NSE, BSE | as-required | Compliance Officer | Initial policy adoption; review when SCORES / ODR framework updates | Board-approved policy document; version history; review minutes | Inspection observation; possible enhanced supervision | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | Policy must align to 21-day SLA, escalation hierarchy (IGRO → IGRC → ODR), MIS publication routine, and recordkeeping. |
| GRIEVANCE-011 | Supervise Authorised Person complaint handling | NSE, BSE, MCX | continuous | Compliance Officer | AP-onboarded client raises complaint; AP supervisory framework Aug 2024 | AP complaint register; AP inspection report including grievance handling assessment; quarterly AP review minutes | Standard AP-related penalty per NSE penalty matrix; AP deactivation in severe cases | NSE/COMP/63628 | NSE/COMP/63628 (Aug 28, 2024) consolidates AP supervision framework (incl. AP complaint handling sample criteria), superseding NSE/COMP/48536, 49509, 50030, 56947, 58438. |
| GRIEVANCE-012 | Submit annual complaint summary report | SEBI, NSE, BSE | annual | Compliance Officer | Financial year close | Annual complaint summary on website with FY break-up (carried-over, received, resolved, pending, complaint-to-trade ratio if applicable) | Inspection observation; non-disclosure penalty per NSE matrix | SEBI/HO/MIRSD/MIRSD_RTAMB/P/CIR/2021/655, SEBI/HO/MIRSD/MIRSD-PoD/P/CIR/2025/0000013 | Feb 2025 Investor Charter requires disclosure of investor complaint statistics on broker website. |
DPDP / data protection (18 entries)
Section titled “DPDP / data protection (18 entries)”| ID | Name | Regulator | Frequency | Owner | Trigger | Evidence | Penalty | Circulars | Notes |
|---|---|---|---|---|---|---|---|---|---|
| DPDP-001 | Prepare for DPDP Act 2023 compliance by 13 May 2027 | MeitY | one-time | DPO | DPDP Rules 2025 notified 13 Nov 2025; 18-month substantive-compliance window ends 13 May 2027 | DPDP compliance programme plan; gap-assessment report; board-noted timeline; vendor / processor inventory | Up to Rs.250 crore per contravention under DPDP Act schedule; Data Protection Board enforcement orders | DPDP-Act-22-2023, DPDP-Rules-2025-Notification, DPDP-GSR-843-E-2025 | Brokers / DPs / KRAs / exchanges are Data Fiduciaries. Data Protection Board provisions (Sec 18-26) live since 13 Nov 2025 already; Rules 3, 5-16, 22, 23 substantive provisions tied to May 2027 window. |
| DPDP-002 | Determine Significant Data Fiduciary (SDF) status | MeitY | as-required | DPO | SDF criteria notified via MeitY notification under DPDP Act Sec 10 | Internal SDF-determination memo (volume + sensitivity assessment); board minute confirming non-SDF or SDF status; DPO appointment letter if SDF | SDF non-compliance attracts higher penalty band up to Rs.250 crore; potential reputational impact | DPDP-Rules-2025-Notification, DPDP-Act-22-2023 | SDF triggers DPO, DPIA, independent audit obligations. Specific volume/sensitivity thresholds to be notified by Central Government via subsequent MeitY notification. |
| DPDP-003 | Designate Data Protection Officer (where SDF) or grievance officer | MeitY | one-time | DPO | SDF determination, or DPDP Rules grievance-officer obligation | DPO appointment letter (resident in India, reporting to board); officer contact published in privacy notice and website | Non-designation → contravention exposing the data fiduciary to penalty | DPDP-Act-22-2023, DPDP-Rules-2025-Notification | For non-SDFs, a grievance officer at minimum; DPDP grievance handling SLA per Rules. |
| DPDP-004 | Operationalise consent management framework | MeitY | continuous | DPO | Onboarding, re-KYC, additional product subscription, marketing comms | Granular-purpose consent records with timestamp; consent withdrawal logs; tokenised consent IDs; consent UI screenshots | Up to Rs.200 crore (notice-and-consent contraventions); compounding for failure to honour withdrawal | DPDP-Act-22-2023, DPDP-Rules-2025-Notification | Free, specific, informed, unconditional, unambiguous consent with clear affirmative action. Withdrawal must be as easy as consent. |
| DPDP-005 | Engage / register Consent Manager (where applicable) | MeitY | one-time | DPO | DPDP Rules consent-manager registration window (12 months from notification → 13 Nov 2026) | Consent Manager onboarding agreement; integration sign-off; Consent Manager registration certificate from Data Protection Board (where broker itself is CM) | Failure to enable consent-manager-driven consent flow → contravention of Rule 5/Sec 6 | DPDP-Rules-2025-Notification, DPDP-Act-22-2023 | Consent Manager registration with Data Protection Board required for CM entities within 12 months of notification. |
| DPDP-006 | Honour data principal rights — access | MeitY | as-required | DPO | Data principal request for information on personal data processed | Request log; response packet with summary of data, processing purposes, third parties; SLA tracker | Up to Rs.50 crore per Sec 10(2)(c) failure | DPDP-Act-22-2023, DPDP-Rules-2025-Notification | Response timeline to be specified in Rules / Code of Practice. |
| DPDP-007 | Honour data principal rights — correction | MeitY | as-required | DPO | Data principal correction / update request (Sec 12) | Correction request ticket; updated record diff; closure intimation to principal | Same as access-right failure band | DPDP-Act-22-2023, DPDP-Rules-2025-Notification | Coordinate with KRA / CKYC / exchange UCC modifications to keep records consistent. |
| DPDP-008 | Honour data principal rights — erasure | MeitY | as-required | DPO | Data principal erasure request, or purpose-served retention boundary expiry | Erasure ticket; system-level deletion log; certificate of destruction for backups | Same as access-right band; potential breach if erasure not honoured | DPDP-Act-22-2023, DPDP-Rules-2025-Notification | Erasure may be denied where retention is mandated by SEBI, PMLA, IT Act, etc. — explicit overriding-law carve-out. |
| DPDP-009 | Provide nomination of data rights (“right to nomination”) | MeitY | as-required | DPO | Data principal nominates another individual to exercise rights upon death/incapacity (Sec 14) | Nomination record; identity verification of nominee; nomination handover ticket on trigger event | Standard DPDP penalty band | DPDP-Act-22-2023, DPDP-Rules-2025-Notification | Separate from securities nomination under SEBI nomination framework (SEBI/HO/MIRSD/POD-1/P/CIR/2025/04). Brokers may align with KRA demise-trigger workflow per CDSL/OPS/DP/POLCY/2025/307. |
| DPDP-010 | Provide data portability where applicable | MeitY | as-required | DPO | Data principal portability request (subject to Rules to be notified) | Portability ticket; structured data export (CSV / JSON) provided to principal or designated fiduciary | Standard penalty band | DPDP-Act-22-2023, DPDP-Rules-2025-Notification | DPDP Act references portability via Rules; exact field set TBD by MeitY operating manuals. |
| DPDP-011 | Report personal data breach to Data Protection Board | MeitY | event-triggered | DPO | Detection of personal data breach (Sec 8(6) + Rule 7) | Breach intake form; intimation to Data Protection Board with breach details; intimation to affected data principals | Up to Rs.200 crore for failure to notify breach | DPDP-Rules-2025-Notification, DPDP-Act-22-2023 | Operates alongside SEBI / CERT-In 6-hour cyber incident reporting under SEBI/HO/MIRSD/TPD/P/CIR/2022/93 and CERT-In Direction 20-3-2022. |
| DPDP-012 | Enforce data minimisation and purpose limitation | MeitY | continuous | DPO | Onboarding form design, product analytics, marketing, KYC capture | Data-element-to-purpose register; purpose-specific consent capture; periodic field audit | Standard penalty band per Sec 7-8 | DPDP-Act-22-2023, DPDP-Rules-2025-Notification | Coordinate with KYC OVD capture limits (e.g., 4-digit Aadhaar masking per CDSL/IG/DP/GENRL/2024/593). |
| DPDP-013 | Apply retention boundaries and time-bound erasure | MeitY | continuous | DPO | Account closure; product withdrawal; legal retention period expiry | Retention schedule by data class; automated purge logs; exception register for SEBI / PMLA retentions | Standard band | DPDP-Rules-2025-Notification, DPDP-Act-22-2023 | Override retention: PMLA 10-year (SEBI/HO/MIRSD/SECFATF/P/CIR/2024/78); SEBI brokers’ records (5-8 years per Master Circular). |
| DPDP-014 | Verifiable parental consent for children’s data (<18) | MeitY | as-required | DPO | Minor account / nominee / OTC processing involving data principal under 18 | Parent / guardian consent record; verification basis (DigiLocker / Aadhaar e-Sign / video) | Up to Rs.200 crore for child-data violations; tracking-and-targeted-advertising bar | DPDP-Act-22-2023, DPDP-Rules-2025-Notification | Tracking / behavioural monitoring / targeted advertising directed at children prohibited. |
| DPDP-015 | Honour cross-border transfer negative list | MeitY | continuous | DPO | Outbound transfer of personal data to processor / sub-processor outside India | Data transfer impact assessment; vendor location register; contract clauses; transfer blocked-country log | Standard band per Sec 16 | DPDP-Act-22-2023, DPDP-Rules-2025-Notification | Cross-border restriction operates via “negative list” mechanism — Central Government may notify restricted countries. Sectoral regulators (SEBI / RBI) can impose stricter localisation (e.g., CSCRF data-localisation under SEBI/HO/MIRSD/CIR/PoD-1/P/CIR/2024/113). |
| DPDP-016 | Publish privacy notice / policy | MeitY | continuous | DPO | Initial publication; revisions on processing change | Privacy notice published on website and within account-opening kit (English + other languages in eighth schedule list); version history | Standard band; inspection observation | DPDP-Rules-2025-Notification, DPDP-Act-22-2023 | Rule 3 prescribes minimum notice contents. Multi-language requirement (one of 22 official languages on principal’s request). |
| DPDP-017 | Handle consent withdrawal end-to-end | MeitY | as-required | DPO | Data principal withdraws consent (in-app / email / customer service) | Withdrawal request ticket; downstream processor notification trail; SLA tracker | Standard band; possible breach if downstream processors continue processing | DPDP-Act-22-2023, DPDP-Rules-2025-Notification | Continuation of processing pursuant to mandatory legal grounds (PMLA, SEBI) is permitted and should be clearly disclosed. |
| DPDP-018 | Conduct annual DPDP Data Protection Impact Assessment (SDF) | MeitY | annual | DPO | SDF designation | DPIA report covering high-risk processing; independent audit certificate; board review minutes | Standard SDF-band penalty for non-conduct | DPDP-Act-22-2023, DPDP-Rules-2025-Notification | Sec 10(2) imposes SDF-specific obligations including DPIA and periodic audit by an independent auditor. |
Member compliance (23 entries)
Section titled “Member compliance (23 entries)”| ID | Name | Regulator | Frequency | Owner | Trigger | Evidence | Penalty | Circulars | Notes |
|---|---|---|---|---|---|---|---|---|---|
| MEMBER-COMP-001 | Maintain stock-broker minimum networth | SEBI, NSE, BSE, MCX | continuous | Compliance Officer | SEBI Stock Brokers Regulations + NSE / BSE / MCX networth thresholds (Rs.3 crore minimum, plus exchange-specific variable networth) | Half-yearly networth certificate by statutory auditor uploaded via ENIT (Sep / Mar dates) | Late / short submission penalty per NSE penalty matrix (NSE/INSP/53530); networth shortfall → trading restrictions, suspension | NSE/COMP/64293, SEBI/LAD-NRO/GN/2026/291 | Threshold derived from SEBI Gazette SEBI/LAD-NRO/GN/2022/73 (Feb 23, 2022) and consolidated under 2026 SEBI (Stock Brokers) Regulations. MTF-availing members file by Oct 31; others by Nov 30 for Sep-end certificate. |
| MEMBER-COMP-002 | Submit half-yearly networth certificate | NSE, BSE, MCX | half-yearly | Compliance Officer | 30-Sep and 31-Mar half-year close | Statutory-auditor-signed networth certificate uploaded via ENIT-NEW-COMPLIANCE module | Late submission penalty per NSE/INSP/53530 grid; per-day fine + risk of disciplinary action | NSE/COMP/64293 | Networth ascertainment methodology per SEBI Gazette referenced in NSE/COMP/55447. |
| MEMBER-COMP-003 | Maintain Base Minimum Capital (BMC) at exchange | NSE, BSE, MCX | continuous | Compliance Officer | Trading-member admission; ongoing requirement per exchange byelaws | BMC ledger with exchange; cash + FD + BG composition statement | Trading suspension on shortfall; auto square-off limits invoked | SEBI/LAD-NRO/GN/2026/291 | BMC thresholds (Rs.10-50 lakh depending on segment / proprietary vs client trades) prescribed by exchange byelaws under SEBI (Stock Brokers) Regulations. |
| MEMBER-COMP-004 | Maintain Additional Base Capital (ABC) for trading exposure | NSE, BSE, MCX, NSCCL, ICCL, MCXCCL | continuous | RMS Lead | Trading exposure exceeding base capital; margin obligations | ABC ledger with clearing corporation; collateral haircut report | Margin shortfall penalty; auto square-off; trading restriction | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | ABC composition rules (cash : non-cash 50:50) under SEBI/CC framework. |
| MEMBER-COMP-005 | Maintain fit-and-proper continuing compliance | SEBI, NSE, BSE, MCX | continuous | Compliance Officer | Fit-and-proper Schedule II under SEBI (Intermediaries) Regulations / SEBI (Stock Brokers) Regulations 2026 | Annual fit-and-proper declaration; criminal-record/regulatory-debarment register; KMP changes intimation log | Cancellation / suspension of registration on findings of non-fit-and-proper | SEBI/LAD-NRO/GN/2026/291 | 2026 Regulations require designated director resident in India for 182+ days per FY. |
| MEMBER-COMP-006 | Ensure Compliance Officer holds NISM Series III-A certification | SEBI | continuous | Compliance Officer | Compliance Officer appointment; NISM cycle (3 years revalidation) | Valid NISM Series III-A certificate (Securities Intermediaries Compliance — Non-Fund); name on NSE / BSE compliance officer master | Inspection observation; member treated as non-compliant for compliance-function adequacy | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | Refresher / Continuing Professional Education window per NISM Regulations. |
| MEMBER-COMP-007 | Ensure Principal Officer holds NISM Series I or VII certification | SEBI, FIU-IND | continuous | Principal Officer | AML Principal Officer designation under PMLA + SEBI AML Master Circular | NISM certificate (Series I — Currency Derivatives / VII — Securities Operations & Risk Management as applicable); PO designation letter on file with FIU-IND | PMLA non-designation contravention; SEBI inspection observation | SEBI/HO/MIRSD/SECFATF/P/CIR/2024/78 | AML Master Circular Jun 6, 2024 reiterates PO obligations and revalidation cycle. |
| MEMBER-COMP-008 | Ensure Authorised Persons hold NISM Series VIII certification | NSE, BSE, MCX | continuous | Compliance Officer | AP registration; NISM cycle | NISM Series VIII (Equity Derivatives) certificate for each AP; AP registration confirmation from exchange | AP deactivation; member-side penalty per NSE penalty matrix | NSE/COMP/63628 | Joint-exchange AP supervisory framework (Aug 28, 2024) cross-checks AP certification, branch supervision, periodic inspection. |
| MEMBER-COMP-009 | Ensure dealers / approved users hold NISM Series VIII certification | NSE, BSE, MCX | continuous | Compliance Officer | User-ID activation on CTCL / IBT; NISM cycle | NISM Series VIII certificate per dealer; exchange approved-user master | Trading-user-ID suspension; exchange penalty | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | Different segments require corresponding NISM series (Currency / Commodity / IRD). |
| MEMBER-COMP-010 | Track NISM re-certification cycles for all designated roles | SEBI, NSE, BSE | as-required | Compliance Officer | 3-year validity expiry of each NISM certificate | Certificate-expiry register; CPE / re-certification proof; HR records | Lapse triggers staff disqualification for the relevant function | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | Industry practice — internal renewal calendar with 60-day pre-expiry alert. |
| MEMBER-COMP-011 | Maintain employee code of conduct and trading code | SEBI | continuous | Compliance Officer | Initial adoption; review on regulatory change | Board-approved employee code of conduct; trading code; periodic employee acknowledgement | Internal disciplinary; reputational; possible PIT contravention | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | Trading code references SEBI (PIT) Regulations 2015 — Code of Conduct under Schedule B. |
| MEMBER-COMP-012 | Maintain insider-trading code under PIT Regulations 2015 | SEBI | continuous | Compliance Officer | SEBI (PIT) Regulations 2015 as amended | Code of Conduct on PIT; Code of Fair Disclosure; trading window calendar; structured digital database | Up to Rs.25 crore or 3x profit (whichever higher) per Sec 15G SEBI Act for insider trading | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | [no direct circular — industry practice anchored to PIT Regulations 2015 itself]. Brokers also have UPSI obligations when handling client orders / research. |
| MEMBER-COMP-013 | Maintain Designated Person list and UPSI access logs | SEBI | continuous | Compliance Officer | PIT Regulations 2015 — designated persons list, structured digital database (SDD) | SDD with non-editable, time-stamped UPSI movement; designated-person register with family/immediate-relative details | PIT contravention penalty; structured digital database non-maintenance specific penalty | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | Industry practice — SDD as a non-editable log; many brokers use ETL into immutable storage (write-once). |
| MEMBER-COMP-014 | Operate pre-clearance and trading window closures | SEBI | as-required | Compliance Officer | Designated person trade above threshold; corporate-event-driven trading window closure | Pre-clearance request log; window-closure notice; designated-person trade confirmations | PIT violation penalty band | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | Threshold typically Rs.10 lakh+ per quarter (per PIT Reg). Industry practice — pre-clearance workflow in HRMS / GRC tool. |
| MEMBER-COMP-015 | Pre-approve advertisements per SEBI / exchange norms | SEBI, NSE, BSE, MCX | as-required | Compliance Officer | Any advertisement / collateral release | Pre-approval workflow ticket; ad copy with disclaimers; exchange filing acknowledgement (if required) | NSE penalty per matrix; ad withdrawal directive; possible SEBI penal action | NSE/INSP/66284, NSE/INSP/63425 | NSE clarifications on incentives/referral schemes (Jan 2025, Aug 2024) limit AP-only referrals; ad copy must reflect this. Industry practice — no guaranteed returns, no past-return claims without disclaimer. |
| MEMBER-COMP-016 | Operate Authorised Person supervisory framework | NSE, BSE, MCX | continuous | Compliance Officer | Member onboarding APs and branches | AP inspection plan; AP / branch periodic on-site visit log; AP supervision report | NSE penalty per matrix; AP-level deactivation in severe cases | NSE/COMP/63628, NSE/INSP/63425 | Aug 2024 framework consolidates earlier AP-supervisory circulars chain (NSE/COMP/48536, 49509, 50030, 56947, 58438) and harmonises NSE / BSE / MSEI supervision. |
| MEMBER-COMP-017 | Intimate KMP changes to exchanges | NSE, BSE, MCX | event-triggered | Compliance Officer | Change in Director / CEO / MD / Manager / CFO / CS / Compliance Officer | KMP-change intimation via ENIT; updated KMP master; PAN / contact updates; board resolution | Penalty per NSE/INSP/53530 grid for delayed or missing intimation | NSE/COMP/56766 | Identification per Section 2(51) of Companies Act 2013. |
| MEMBER-COMP-018 | Maintain resident director (designated director) per SEBI 2026 Regulations | SEBI | continuous | Designated Director | SEBI (Stock Brokers) Regulations 2026 — Reg requirement of at least one designated director resident in India for 182+ days per FY | Director residency declaration; passport / immigration record; board resolution | Registration suspension / cancellation; non-fit-and-proper finding | SEBI/LAD-NRO/GN/2026/291 | Effective 7 Jan 2026 with the new SEBI (Stock Brokers) Regulations. |
| MEMBER-COMP-019 | Confirm two-year securities-trading experience for new registration | SEBI | one-time | Compliance Officer | Fresh broker / clearing-member registration application after 7 Jan 2026 | Experience certificate(s) from prior employer / exchange membership history; director CVs; SEBI registration order | Application rejection | SEBI/LAD-NRO/GN/2026/291 | Replaces 1992 Stock Brokers Regulations eligibility criteria with a wholesale rewrite. |
| MEMBER-COMP-020 | Renew member registration with SEBI / exchanges | SEBI, NSE, BSE, MCX | as-required | Compliance Officer | Permanent registration with periodic fee cycle (5-year block) post 1 Apr 2007 SEBI fee regime | Fee receipts; SEBI registration certificate; exchange membership card / online status | Suspension on non-payment; registration cancellation | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94, SEBI/LAD-NRO/GN/2026/291 | 5-year block fee for stock brokers under SEBI (Stock Brokers) Regulations. |
| MEMBER-COMP-021 | Renew / maintain Authorised Person registration | NSE, BSE, MCX | annual | Compliance Officer | AP annual maintenance charge cycle; AP renewal under exchange byelaws | AP fee receipt (Rs.5,000/AP/year per NSE/COMP/60859 FY24-25); AP registration master | AP deactivation on non-payment; reinstatement subject to fresh registration | NSE/COMP/63628 | AP AMC of Rs.5,000/AP/year introduced via NSE/COMP/60859 FY2024-25. |
| MEMBER-COMP-022 | Intimate branch / authorised-person location changes | NSE, BSE, MCX | event-triggered | Compliance Officer | New branch / sub-broker / AP location opened or relocated | Branch / AP location master on ENIT; address proof; AP appointment letter | Penalty per NSE/INSP/53530 grid for non-intimation | NSE/COMP/63628 | AP supervisory framework Aug 2024 requires periodic location-master reconciliation. |
| MEMBER-COMP-023 | Maintain office infrastructure and supervisory presence | NSE, BSE, MCX | continuous | Compliance Officer | SEBI (Stock Brokers) Regulations + exchange Operating Instructions | Premises lease / ownership records; supervisory officer at each branch; CCTV / access-control logs (industry practice) | Inspection observation; suspension on findings of non-functioning premises | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | Industry practice — compliance officer must be physically based in India; back-office team residency typical norm. |
Investor servicing (15 entries)
Section titled “Investor servicing (15 entries)”| ID | Name | Regulator | Frequency | Owner | Trigger | Evidence | Penalty | Circulars | Notes |
|---|---|---|---|---|---|---|---|---|---|
| INVESTOR-SERVICING-001 | Issue digitally-signed Electronic Contract Note within 24 hours | SEBI, NSE, BSE | daily | Ops Lead | Trade execution; T+24h deadline for ECN dispatch | ECN PDF (digitally signed under IT Act) emailed to client; preserved-channel log; ECN archive 5+ years | Late / non-dispatch penalty per NSE/INSP/53530; SEBI penal action | NSE/INSP/61999, NSE/INSP/52604 | NSE/INSP/61999 (May 13, 2024) revised contract-note format. NSE/INSP/52604 (Jun 10, 2022) permits SMS / instant-messaging delivery in addition to email. |
| INVESTOR-SERVICING-002 | Distribute daily margin statement to client | SEBI, NSE | daily | Ops Lead | End-of-day margin obligation calculation | Daily margin statement (email / app); preserved-channel log; client signed acknowledgement (annual) | Margin disclosure default penalty per NSE/INSP/53525; client-complaint trigger | NSE/INSP/64315 | Format and content per “Guidelines on Margin collection & reporting” (NSE/INSP/64315 Oct 2024). |
| INVESTOR-SERVICING-003 | Send quarterly statement of accounts (running account settlement cycle) | SEBI, NSE, BSE | quarterly | Funds Ops | Quarterly running-account settlement window (first Friday and/or Saturday of settlement week from Jan-Mar 2024 quarter) | Statement of accounts emailed to client; settlement / retention details; payout proof | Penalty per NSE/INSP/53530 grid for non-dispatch; SCORES complaint exposure | SEBI/HO/MIRSD/DOP/P/CIR/2022/101, SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2023/187 | SEBI Dec 2023 circular (SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2023/187) eased running-account day from “single first Friday” to “Friday and/or Saturday”. |
| INVESTOR-SERVICING-004 | Send monthly statement (running-account monthly option) | SEBI, NSE, BSE | monthly | Funds Ops | Client opted monthly running-account cycle | Monthly statement dispatched; settlement record; client option register | Same as quarterly statement default penalty | SEBI/HO/MIRSD/DOP/P/CIR/2022/101 | Monthly or quarterly cycle is client-choice; cycle change requires client consent. |
| INVESTOR-SERVICING-005 | Send daily holding statement to active accounts via API / file | NSE, CDSL, NSDL | daily | Ops Lead | Daily portfolio service for active clients (industry practice + exchange API mandate) | Holding statement file delivered (email / API); daily-submission log | Inspection observation if portfolio service contracted but not delivered | NSE/INSP/55039 | NSE/INSP/55039 (Dec 28, 2022) standardises API for daily Holding Statement and Bank Balances submission to exchange. |
| INVESTOR-SERVICING-006 | Issue annual Form-16A TDS statement | SEBI | annual | Funds Ops | FY close; statutory TDS Form 16A under Income-tax Act | Form 16A generated from TRACES; despatched to client | Income-tax Act penalty for delayed Form 16A; SCORES complaint exposure | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | [no direct SEBI circular — Income-tax Act obligation]. Industry practice — bundle with annual statement. |
| INVESTOR-SERVICING-007 | Communicate corporate-action events (dividend / bonus / split / rights / buyback) | SEBI, CDSL, NSDL | event-triggered | Customer Service Lead | Depository corporate-action calendar | SMS / email / app notification log; record-date snapshot; entitlement intimation | SCORES complaint exposure; depository penalty on credit-failure (CDSL Operating Instructions) | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | Industry practice — feed-based corporate-action workflow tied to CDSL / NSDL announcement files. |
| INVESTOR-SERVICING-008 | Ensure SMS DLT-template compliance for client communications | SEBI, NSE, BSE | continuous | CISO | TRAI Commercial Communications Customer Preference Regulations 2018 + telco DLT enforcement; SEBI inputs on phishing mitigations | DLT-registered Sender ID + template; template-approval log with telco; preserved SMS log | Telco blocking of un-registered template; SEBI inspection observation; consumer complaint via TRAI / SEBI | NSE/INSP/52604 | NSE/INSP/52604 (Jun 10, 2022) permits SMS-channel ECN delivery subject to DLT compliance. Phishing mitigation references in SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2024/96. |
| INVESTOR-SERVICING-009 | Ensure email DLT / IT Act compliance for client communications | SEBI, MeitY | continuous | CISO | IT Act Sec 66A void; SPDI Rules 2011 / forthcoming DPDP Rules 2025 | Domain DKIM / SPF / DMARC records; opt-in register; unsubscribe trail | DPDP penalty up to Rs.200 crore post compliance window; reputational | DPDP-Rules-2025-Notification | Industry practice — Email Sender Score / spam-rate threshold tracking. |
| INVESTOR-SERVICING-010 | Verify mobile and email at onboarding and annually | SEBI, NSE, BSE, CDSL, NSDL | annual | Compliance Officer | Onboarding (mandatory OTP / link verification) + annual re-confirmation | OTP verification log at onboarding; annual re-confirmation campaign log; updated UCC / KRA / depository records | Inspection observation; SCORES complaint exposure; account freezing for unverified records | SEBI/HO/MIRSD/POD-1/P/CIR/2024/91, SEBI/HO/MIRSD/SECFATF/P/CIR/2024/79 | Verified mobile / email also required for BSDA, KRA, CKYC upload. |
| INVESTOR-SERVICING-011 | Comply with revised contract note format | SEBI, NSE, BSE | continuous | Ops Lead | NSE/INSP/61999 revision dated May 13, 2024 | ECN samples conforming to revised Annexure A / B; segment-wise field validation; digital pledge / MTF fields handled | Penalty per NSE/INSP/53530 for format breach | NSE/INSP/61999, NSE/INSP/63859 | NSE/INSP/63859 (Sep 10, 2024) FAQ supplement clarifies optional vs mandatory fields. |
| INVESTOR-SERVICING-012 | Dispatch annual P&L / capital-gains statement | SEBI | annual | Funds Ops | FY close | Annual P&L / capital-gains statement dispatched (email / app); CCA-summary record | SCORES complaint exposure | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | Industry practice — bundle with Form 16A and annual ledger. |
| INVESTOR-SERVICING-013 | Disclose brokerage and charges transparently | SEBI, NSE, BSE | continuous | Compliance Officer | Most Important Terms and Conditions (MITC) framework + tariff sheet | MITC document signed at onboarding; tariff sheet on website; ECN line-item disclosure | NSE penalty per matrix; SCORES complaint | NSE/INSP/61999 | MITC framework references in NSE/INSP/60147 (preserved-channel notion). |
| INVESTOR-SERVICING-014 | Dispatch physical statements only on client opt-in | SEBI | as-required | Ops Lead | Client opts for physical despatch in writing | Physical-despatch opt-in record; despatch register with proof-of-delivery | SCORES complaint exposure | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | Default mode is electronic; opt-in mandatory for physical to control cost and meet client preference. |
| INVESTOR-SERVICING-015 | Disseminate updated Investor Charter SCORES 2.0 information | SEBI, CDSL, NSDL | continuous | Compliance Officer | SCORES 2.0 URL / app launch Apr 1, 2024 | Website footer / app-help refreshed with scores.sebi.gov.in URL; updated mobile-app deep links | Inspection observation | CDSL/IG/DP/GENRL/2024/593, SEBI/HO/MIRSD/MIRSD-PoD/P/CIR/2025/0000013 | CDSL Oct 2024 advisory directs all DPs to update SCORES 2.0 information. |
Exchange & depository registration (30 entries)
Section titled “Exchange & depository registration (30 entries)”| ID | Name | Regulator | Frequency | Owner | Trigger | Evidence | Penalty | Circulars | Notes |
|---|---|---|---|---|---|---|---|---|---|
| EXCH-DEPOT-REG-001 | Upload UCC daily to NSE | NSE | daily | Ops Lead | New client onboarding / KYC modification | NSE UCC batch upload acknowledgement; 183-field UCC record validated by 4:00 PM trading-day cut-off | Inspection observation; trading restriction for client whose UCC not active by cut-off | 20240117-40, 20240223-42 | BSE / NSE UCC formats aligned to Protean PAN verification (name / DOB validation); old format rejected from Mar 28, 2024 EOD. |
| EXCH-DEPOT-REG-002 | Upload UCC daily to BSE | BSE | daily | Ops Lead | New client onboarding / KYC modification | BSE UCC batch acknowledgement; revised UCC format compliance | Same as NSE UCC default | 20240223-42, 20231227-66 | UCC file format includes FDI / DR category split since Jan 2025; nominee fields added per SEBI nomination revamp. |
| EXCH-DEPOT-REG-003 | Upload UCC daily to MCX | MCX | daily | Ops Lead | Client onboarding for commodity segment | MCX UCC batch acknowledgement; PAN / Aadhaar validation log | Trading restriction for the client till UCC active | MCX/MEM/105/2026 | MCX UCC handled via Member Portal; KYC overlap with NSE / BSE UCC. |
| EXCH-DEPOT-REG-004 | Process UCC modifications and unfreeze requests | NSE, BSE, MCX | as-required | Ops Lead | Name / DOB / PAN / bank / demat / nominee change | Modification request log; unfreeze acknowledgement from exchange; updated UCC record | Frozen UCC restricts trading; SCORES complaint exposure | 20240223-42 | Name / DOB modifications require Unfreeze with re-verification against Protean records. |
| EXCH-DEPOT-REG-005 | Activate CM (Cash Market) segment | NSE, BSE, NSCCL, ICCL | one-time | Compliance Officer | Member admission application; client trading-preferences default activation | SEBI registration certificate covering CM segment; exchange member-admission letter; client-segment activation register | Trade rejection for inactive segment; SCORES complaint | SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2023/95 | Trading Preferences circular Jun 2023 mandates default activation across all active exchanges with 3-month negative-consent window for existing clients. |
| EXCH-DEPOT-REG-006 | Activate F&O (Equity Derivatives) segment | NSE, BSE, NSCCL, ICCL | one-time | Compliance Officer | Member admission to F&O; client trading-preferences capture + income-proof for derivatives | SEBI segment endorsement; exchange F&O activation letter; client income-proof on file | Trade rejection; SCORES complaint | SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2023/95 | SEBI Oct 1, 2024 framework (SEBI/HO/MRD-PoD2/CIR/P/2024/00181) refreshes derivatives investor-protection. Income proof captured at onboarding (PMLA + exchange byelaw). |
| EXCH-DEPOT-REG-007 | Activate CD (Currency Derivatives) segment | NSE, BSE | one-time | Compliance Officer | Member admission for currency segment; client opt-in | SEBI segment endorsement; exchange CD activation letter; client opt-in record | Trade rejection; SCORES complaint | SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2023/95 | RBI / SEBI joint framework; underlying-exposure declaration required for non-hedge participants. |
| EXCH-DEPOT-REG-008 | Activate COM (Commodities) segment | MCX, MCXCCL, NSE | one-time | Compliance Officer | Member admission for commodities; client opt-in | MCX membership card; SEBI commodity-segment endorsement; client opt-in record | Trade rejection; SCORES complaint | MCX/MEM/105/2026 | MCX TM / TCM admission timelines per MCX/MEM/105/2026. |
| EXCH-DEPOT-REG-009 | Activate debt segment | NSE, BSE | one-time | Compliance Officer | Member admission for corporate / government debt segment | SEBI segment endorsement; exchange debt-segment activation | Trade rejection | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | SEBI Master Circular for Stock Brokers covers segment activation provisions. |
| EXCH-DEPOT-REG-010 | Activate IRD (Interest Rate Derivatives) segment | NSE, BSE | one-time | Compliance Officer | Member admission for IRD segment | SEBI segment endorsement; IRD activation letter | Trade rejection | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94 | Industry practice — limited client base; primarily institutional. |
| EXCH-DEPOT-REG-011 | Admission to NSE as trading member | NSE | one-time | Compliance Officer | Fresh member application | NSE membership card / admission letter; SEBI registration certificate | Application rejection | SEBI/LAD-NRO/GN/2026/291 | 2026 Regulations rewrite eligibility criteria. Two-year experience and resident-director mandates apply. |
| EXCH-DEPOT-REG-012 | Admission to BSE as trading member | BSE | one-time | Compliance Officer | Fresh member application | BSE membership card / admission letter; SEBI registration certificate | Application rejection | SEBI/LAD-NRO/GN/2026/291 | BSE byelaws (admission fee, security deposit, base capital). |
| EXCH-DEPOT-REG-013 | Admission to MCX as trading / clearing member | MCX, MCXCCL | one-time | Compliance Officer | Fresh member application; TCM / CM track | MCX membership card; MCXCCL clearing-member admission for TCM; six-month grace period for activation | Late-fee Rs.10,000/month from grace-period end (capped Rs.1,20,000 over 12 months); cancellation risk | MCX/MEM/105/2026 | Refined Mar 2, 2026 — six-month grace period for new members; late-fee regime introduced. |
| EXCH-DEPOT-REG-014 | Open demat BO account via CDSL (1-2 hour API) | CDSL | as-required | Ops Lead | Client onboarding chooses CDSL DP | BO ID generated; CDSL Easi link sent to client; signed account-opening form (digital / physical) archived | SCORES complaint; CDSL inspection observation | CDSL/RCD/DP/GENRL/2025/280, CDSL/OPS/DP/GENRL/2021/518 | CDSL Master Circular for DPs (CDSL/RCD/DP/GENRL/2025/280) consolidates account-opening obligations. Online opening extended to non-individual / other accounts per CDSL/OPS/DP/GENRL/2021/518. |
| EXCH-DEPOT-REG-015 | Open demat BO account via NSDL (Insta Interface API / paper file) | NSDL | as-required | Ops Lead | Client onboarding chooses NSDL DP | NSDL BO ID; Insta Interface API acknowledgement or paper-file index; signed AOF archived | NSDL inspection observation; SCORES complaint | NSDL/POLICY/2024/0003 | NSDL Account Opening API and Client Maintenance API form Insta Interface ecosystem (NSDL/POLICY/2024/0003 — Jan 10, 2024). |
| EXCH-DEPOT-REG-016 | Process BO modifications at CDSL | CDSL | as-required | Ops Lead | Name / address / bank / nominee / status modification request | Modification request form (digital / physical); CDSL modification confirmation; updated BO master | SCORES complaint; CDSL inspection observation | CDSL/RCD/DP/GENRL/2025/280 | Aadhaar masked format (first 8 X, last 4 visible) per CDSL nominee circular. |
| EXCH-DEPOT-REG-017 | Process BO modifications at NSDL | NSDL | as-required | Ops Lead | Modification request | Modification ticket via Insta Interface; NSDL acknowledgement; updated BO master | NSDL inspection observation | NSDL/POLICY/2024/0003 | NSDL Client Maintenance API supports modifications since Jan 10, 2024. |
| EXCH-DEPOT-REG-018 | Activate DDPI within 24 hours of eSign | SEBI, CDSL, NSDL | as-required | Ops Lead | Client e-Signs DDPI mandate | DDPI activation request via UDiFF; DP system activation log within 24 hours | Inspection observation; SCORES complaint | CDSL/OPS/DP/SYSTM/2022/332, CDSL/OPS/DP/SYSTM/2023/9 | DDPI scope limited (pay-in, MTF, MF subscription/redemption, settlement); replaces POA which is now optional per SEBI 2022 circular. |
| EXCH-DEPOT-REG-019 | Process DDPI revocation | SEBI, CDSL, NSDL | as-required | Ops Lead | Client revocation request | Revocation request log; CDSL / NSDL revocation acknowledgement; updated DDPI master | SCORES complaint exposure | CDSL/OPS/DP/SYSTM/2022/332 | Client may revoke without giving reason; revocation must be honoured within prescribed window. |
| EXCH-DEPOT-REG-020 | Process DDPI scope changes | CDSL, NSDL | as-required | Ops Lead | Client modifies DDPI consent-types (e.g., enable MTF) | Scope-change request; updated DDPI master | Operational error penalty | CDSL/OPS/DP/SYSTM/2023/9 | Consent-type additions defined under CDSL/OPS/DP/POLCY/2022/463 and successor circulars. |
| EXCH-DEPOT-REG-021 | Operate margin pledge | SEBI, CDSL, NSDL | continuous | RMS Lead | Client provides margin via securities pledge | Pledge instruction with OTP / DDPI authentication; pledge confirmation in BO; MG-22 form | Pledge invocation in shortfall; SCORES complaint on disputed pledge | CDSL/OPS/DP/SETT/2025/443 | Operates under Sep 2020 SEBI margin-pledge framework; refreshed Jun 3, 2025. |
| EXCH-DEPOT-REG-022 | Operate MTF pledge | SEBI, CDSL, NSDL | continuous | RMS Lead | Client uses Margin Trading Facility — funded position | MTF pledge instruction; client MTF agreement; pledge with TM-MTF flag | Funding-segment squareoff; SCORES complaint | CDSL/OPS/DP/SETT/2025/443 | Only MTF-approved brokers (SEBI registration endorsement) can offer MTF. |
| EXCH-DEPOT-REG-023 | Operate automated pledge release (PR-EP) | SEBI, CDSL, NSDL | continuous | RMS Lead | SEBI Jun 3, 2025 framework (effective Oct 10, 2025 post extension) | PR-EP transaction type in UDiFF; combined unpledge + early-pay-in confirmation in DP system; templates per Annexure 8.5 / 8.6 | Settlement default penalty; SCORES complaint | CDSL/OPS/DP/SETT/2025/443, CDSL/OPS/DP/POLCY/2025/657 | Implements SEBI/HO/MIRSD/MIRSD-PoD/P/CIR/2025/82 Jun 3, 2025. Effective date extended to Oct 10, 2025 via CDSL/OPS/DP/POLCY/2025/554. |
| EXCH-DEPOT-REG-024 | Operate automated pledge invocation (IV-EP / IV-RD) | SEBI, CDSL, NSDL | continuous | RMS Lead | Client default / redemption flow | IV-EP (confiscation) / IV-RD (redemption) transactions in DP system; signed TM / CM undertaking per Annexure A (since Feb 9, 2026) | Operational error penalty; SCORES complaint | CDSL/OPS/DP/SETT/2025/443, CDSL/OPS/DP/POLCY/2025/657 | From Apr 6, 2026 — signed undertaking (Sections 176, 177 Indian Contract Act 1872) required from pledger and pledgee per CDSL/OPS/DP/POLCY/2026/180. |
| EXCH-DEPOT-REG-025 | Obtain MTF eligibility approval from SEBI / exchange | SEBI, NSE, BSE | one-time | Compliance Officer | Member opts to offer MTF | SEBI approval letter for MTF; exchange MTF endorsement; networth + MTF-specific capital threshold compliance | MTF service withdrawal; possible SEBI penal action | NSE/COMP/64293 | MTF-availing members file networth certificate by Oct 31 (vs Nov 30 for others). |
| EXCH-DEPOT-REG-026 | Onboard MTF customer with explicit consent | SEBI, NSE, BSE | as-required | Compliance Officer | Client opts to use MTF | MTF risk-disclosure document signed; MTF agreement; UCC MTF flag set | SCORES complaint; SEBI penal action for mis-selling | NSE/INSP/61999 | Revised contract note format Annexure A / B handles MTF line items. |
| EXCH-DEPOT-REG-027 | Operate SLBM (Securities Lending and Borrowing) services | SEBI, NSE, NSCCL | continuous | Ops Lead | Client opts to lend / borrow securities via SLBM | SLBM order tickets; settlement calendar adherence; monthly SLBS-calendar reconciliation | Failed-leg penalty per SLBS rules; SCORES complaint | NSE/CMTR/71767 | Monthly SLBS settlement calendar per NCL/CMPT/67763 (Apr 30, 2025) and successor monthly calendars (CMPT71222 Dec 2025). |
| EXCH-DEPOT-REG-028 | Process member resignation procedure | SEBI, NSE, BSE, MCX | one-time | Compliance Officer | Board decision to exit membership | Member-resignation application; NOC from clients (or migration); SEBI surrender order; exchange relief order | N/A (voluntary) but failure to settle client obligations triggers PMLA / SEBI action | SEBI/LAD-NRO/GN/2026/291 | 2026 Regulations include surrender / cancellation procedure. |
| EXCH-DEPOT-REG-029 | Comply with member suspension / cancellation procedure | SEBI, NSE, BSE, MCX | event-triggered | Compliance Officer | SEBI suspension / cancellation order; exchange disciplinary action | SEBI / exchange order copy; client-migration plan; investor-protection fund (IPF) crystallisation | Cancellation of registration; bar on associated persons | SEBI/LAD-NRO/GN/2026/291 | Client-money refund + securities transfer to IPF / clearing-corp default-fund per SEBI defaulter committee rules. |
| EXCH-DEPOT-REG-030 | Maintain UDiFF file-format readiness across pledge / settlement | CDSL, NSDL, NSCCL, ICCL, MCXCCL | continuous | Ops Lead | UDiFF standardised file formats (CC → Member, DP → BO) | UDiFF master file with version; signed-off integration test reports; production cutover artefacts | Settlement disruption; reconciliation failure penalty | CDSL/OPS/DP/POLCY/2025/518, CDSL/OPS/DP/SETT/2025/443 | UDiFF catalogue updated to handle PR-EP / IV-EP / IV-RD without column additions (re-using CUSPA fields). |
Edge-case compliances (30 entries)
Section titled “Edge-case compliances (30 entries)”| ID | Name | Regulator | Frequency | Owner | Trigger | Evidence | Penalty | Circulars | Notes |
|---|---|---|---|---|---|---|---|---|---|
| EDGE-CASE-001 | Onboard NRI with NRE/NRO linkage | SEBI, RBI | event-triggered | Ops Lead | NRI requests demat + trading account | NRE/NRO bank-account proof; PIS letter from AD bank (for secondary-market equity); passport / OCI card; overseas address proof; FATCA-CRS self-cert | FEMA Sec 13 contravention if non-PIS route used; broker exposure | SEBI/HO/MIRSD/SECFATF/P/CIR/2023/169, CKYC/2025/03_Revised, RBI Master Direction DBR.AML.BC.No.81/14.01.001/2015-16 | NRO for repatriation-limited income; NRE for fully repatriable funds. |
| EDGE-CASE-002 | Enforce PIS-route delivery-only restriction | SEBI, RBI | continuous | RMS Lead | NRI client on PIS route placing orders | RMS block on intraday-square-off; only delivery / settled-position orders permitted; trade log tied to PIS reporting to AD bank | FEMA Sec 13; SEBI MIRSD inspection finding | RBI Master Direction DBR.AML.BC.No.81/14.01.001/2015-16 | PIS-route NRIs are delivery-only on equity cash; F&O routes via separate non-PIS scheme. |
| EDGE-CASE-003 | Onboard minor with guardian KYC | SEBI, CDSL, NSDL | event-triggered | Ops Lead | Account opened for minor (<18) with natural / court-appointed guardian | Minor’s birth certificate / school-leaving certificate; guardian’s full KYC pack; guardian-relationship document; account-master flagged “Minor” | CDSL/NSDL inspection finding; account freeze on guardian KYC gap | SEBI/HO/MIRSD/SECFATF/P/CIR/2023/169, CDSL/OPS/DP/POLCY/2024/580 | Trading not permitted in minor accounts (industry practice). Demat only. |
| EDGE-CASE-004 | Issue age-18 conversion notice to minor | CDSL, NSDL | event-triggered | Customer Service Lead | T-30 days from minor’s 18th birthday | Notice on file via email/SMS/letter; reminder log at T-15 and T-7; conversion-pack mail-out | Failure to notify → forced freeze on minor turning 18 (operational gap); investor grievance | NSDL/POLICY/2022/053, CDSL/OPS/DP/POLCY/2024/580 | Conversion requires fresh KYC pack from now-major holder; new mobile/email/PAN-Aadhaar. |
| EDGE-CASE-005 | Freeze minor-converted account on conversion lapse | CDSL, NSDL | event-triggered | DP Manager | Minor turns 18; conversion KYC not received | BO master frozen for debit; freeze-reason log; communication to (now-major) holder | Operational gap if not frozen — guardian continues operating major’s account = unauthorised | NSDL/POLICY/2022/053, CDSL/OPS/DP/POLCY/2024/580 | Industry practice — 30-day grace from DOB; freeze on grace expiry. |
| EDGE-CASE-006 | Open joint demat with multi-signatory e-Sign | SEBI, CDSL, NSDL | event-triggered | Ops Lead | Joint account-opening with 2 or 3 holders | All holders’ KYC packs; multi-signatory e-Sign trail (Aadhaar e-Sign / DSC) per holder; AOF specifying operating mode | Incomplete signature trail → account-opening rejection at depository | CDSL/OPS/DP/GENRL/2021/447, SEBI/HO/MIRSD/SECFATF/P/CIR/2023/169 | Maximum 3 holders for demat. Online opening permitted via semi-automated route since Oct 2021. |
| EDGE-CASE-007 | Set operating mode for joint demat (Single/Joint/EOS) | CDSL, NSDL | event-triggered | Ops Lead | Joint account-opening or change in operating-mode | Holding mode flagged in BO master (Joint = Anyone or Survivor / Single = First Holder operates / EOS = Either or Survivor); modification form for change | Wrong mode causes settlement / transmission ambiguity; investor grievance | NSDL/POLICY/2022/053, SEBI/HO/MIRSD/MIRSD-PoD/P/CIR/2025/15 | Survivorship rule for joint holdings clarified in Feb 2025 SEBI nomination amendment. |
| EDGE-CASE-008 | Onboard HUF demat with joint individuals | SEBI, CDSL | event-triggered | Ops Lead | HUF requests demat with up to 2 individual joint holders | HUF PAN (4th letter “H”); Karta declaration; coparcener list; joint-holder PANs (4th letter “P”); Karta’s KYC pack | Wrong PAN-structure tagging → account-opening rejection; nomination treatment inapplicable | CDSL/OPS/DP/POLCY/2025/818, CDSL/OPS/DP/POLCY/2026/218 | HUF demat exists in perpetuity → no nomination facility. Joint with up to 2 individuals permitted per SEBI Aug 2025 letter. |
| EDGE-CASE-009 | Capture coparcener details for HUF demat | CDSL | event-triggered | Ops Lead | HUF demat account opening / amendment | Coparcener master with PAN/Aadhaar, relationship, age, gender; field-level capture per CDSL/OPS/DP/POLCY/2026/209 | CDSL inspection observation | CDSL/OPS/DP/POLCY/2026/218 | Effective Mar 2026 onwards. Aligned with PMLA BO identification for HUF. |
| EDGE-CASE-010 | Onboard partnership firm / LLP | SEBI, CERSAI | event-triggered | Ops Lead | Partnership / LLP requests trading + demat account | Partnership deed / LLP agreement; PAN of firm; partners’ KYC packs; authorised-signatory resolution; BO declaration; CKYC LE upload reference | KYC pack rejection; PMLA BO non-identification breach | SEBI/HO/MIRSD/SECFATF/P/CIR/2023/169, CKYC/2020/11, CDSL/OPS/DP/POLCY/2021/127 | BO threshold 10% (post Mar 2023). Authorised signatories per partnership deed. |
| EDGE-CASE-011 | Onboard corporate / company client | SEBI, CERSAI | event-triggered | Ops Lead | Corporate body / private limited / public limited / unlisted company seeks account | MOA/AOA; Certificate of Incorporation; PAN of company; Board Resolution; authorised signatories’ KYC packs; BO chain-of-control identifying natural persons; CKYC LE upload | PMLA Section 13(2); SEBI MIRSD AML inspection observation | SEBI/HO/MIRSD/SECFATF/P/CIR/2023/169, SEBI/HO/MIRSD/SECFATF/P/CIR/2024/78, CKYC/2020/11 | BO threshold 10%; multiple ownership layers traced to natural persons. |
| EDGE-CASE-012 | Onboard trust client | SEBI, CERSAI | event-triggered | Ops Lead | Public / private / charitable trust seeks account | Trust deed; PAN (4th letter “T”); Trustee KYC packs; Settlor/Author identification; beneficiaries declaration (or class description); BO declaration | PMLA breach if BO untraceable; SEBI inspection finding | SEBI/HO/MIRSD/SECFATF/P/CIR/2024/78, CKYC/2020/11 | For discretionary trusts — beneficiaries identified by class. Settlor and trustees treated as BOs. |
| EDGE-CASE-013 | Collect FATCA/CRS per authorised signatory of non-individual | SEBI | event-triggered | Ops Lead | Non-individual account onboarding / signatory change | FATCA-CRS self-cert from each authorised signatory; entity-level FATCA-CRS classification; KRA upload of self-cert | Income-tax Rule 114F-H breach; FATCA inter-government reporting gap | SEBI/HO/MIRSD/SECFATF/P/CIR/2024/12, SEBI/HO/MIRSD/SECFATF/P/CIR/2023/169 | Entity classification (Active NFE / Passive NFE / FFI) drives BO disclosure depth. |
| EDGE-CASE-014 | Process multi-signatory e-Sign for non-individual modification | SEBI, CDSL, NSDL | event-triggered | Customer Service Lead | Bank update / signatory change / address change for non-individual | Board resolution / Karta direction; each authorised signatory’s Aadhaar e-Sign or DSC; modification form with trail | Unauthorised modification → reversal + investor-protection action | CDSL/OPS/DP/GENRL/2021/447, SEBI/HO/MIRSD/DoP/P/CIR/2022/44 | Operating mode + minimum signatories per BR enforced at modification time. |
| EDGE-CASE-015 | Process NRI-to-resident conversion | SEBI, RBI, CDSL, NSDL | event-triggered | Customer Service Lead | NRI returns to India and becomes resident under FEMA | Resident-status declaration; PIS-letter cancellation with AD bank; NRE/NRO closure; updated KYC pack as resident; new bank linkage; segment-reactivation (F&O allowed) | Continued NRI tagging → FEMA contravention; tax-residency mismatch under FATCA-CRS | SEBI/HO/MIRSD/SECFATF/P/CIR/2023/169, CKYC/2025/03_Revised, RBI Master Direction DBR.AML.BC.No.81/14.01.001/2015-16 | 182-day rule (FEMA). CKYC Residential Status field updated. Industry practice — close PIS account and open resident demat fresh. |
| EDGE-CASE-016 | Process resident-to-NRI conversion | SEBI, RBI, CDSL, NSDL | event-triggered | Customer Service Lead | Resident becomes NRI under FEMA | Resident-to-NRI declaration; PIS letter from AD bank for new NRO/NRE; updated KYC with NRI status; CKYC Residential Status updated; segment-restrictions imposed (F&O reset per scheme) | FEMA non-compliance; continued domestic-bank linkage post-NRI status | SEBI/HO/MIRSD/SECFATF/P/CIR/2023/169, CKYC/2025/03_Revised, RBI Master Direction DBR.AML.BC.No.81/14.01.001/2015-16 | Resident-to-NRI requires closing/redesignating domestic bank to NRO; intraday-square-off disabled if shifting to PIS route. |
| EDGE-CASE-017 | Apply 3-holder maximum for demat | CDSL, NSDL | continuous | Ops Lead | Joint account-opening with more than 3 holders attempted | Account-opening rejection log when 4+ holders requested; client communication | Depository system rejects 4th holder; account cannot be created | NSDL/POLICY/2022/053, CDSL/OPS/DP/GENRL/2021/447 | Hard cap; no exception. Trust accounts treated separately (multiple trustees but single entity). |
| EDGE-CASE-018 | Capture nominee details (DOB, % share, relationship) at onboarding | SEBI, CDSL, NSDL | event-triggered | Ops Lead | New account opening or nomination modification | Nominee name, DOB, serial number, % share, relationship with BO mandatory; Guardian details mandatory if nominee is minor; Aadhaar masked | Incomplete capture → account-opening reject at depository | CDSL/OPS/DP/POLCY/2024/580, SEBI/HO/MIRSD/MIRSD-PoD/P/CIR/2025/04 | Aadhaar masked (first 8 X, last 4 visible). All other nominee fields optional. |
| EDGE-CASE-019 | Use e-DIS for NRI / minor / joint demat | CDSL, NSDL | event-triggered | Ops Lead | NRI sole holder / minor through guardian / joint holders deliver securities | TPIN + OTP authentication log; e-DIS valid for one calendar day; suitable undertaking for sole-NRI | Mis-authenticated DIS = unauthorised pay-in / payout | CDSL/OPS/DP/GENRL/2021/446 | Extended to all investor categories Oct 2021. Sole-NRI requires explicit DP undertaking. |
| EDGE-CASE-020 | Apply 2FA on easi/easiest for NRIs | CDSL | continuous | DP Manager | NRI logs into easi/easiest BO portal | Email-OTP delivered (NRI mobile-OTP exempt); 5-minute OTP validity log; session audit | Account-access disabled if 2FA fails; investor grievance on access | CDSL/OPS/DP/POLCY/2024/484 | NRIs receive email-only OTP given international-SMS unreliability. |
| EDGE-CASE-021 | Onboard foreign-national client | SEBI, CERSAI | event-triggered | Ops Lead | Non-PIO / non-NRI foreign national seeks securities-market access | Passport copy; foreign-government-issued documents / Foreign Embassy / Mission letter as address proof; Residential Status flagged “Foreign National”; FATCA self-cert | Wrong residential-status flag → tax-reporting error; KYC rejection | CKYC/2025/03_Revised, SEBI/HO/MIRSD/SECFATF/P/CIR/2023/169 | Limited products available (FPI route via separate registration). Stock-broker direct onboarding rare. |
| EDGE-CASE-022 | Operate demat for incapacitated/special-needs investor | SEBI, CDSL, NSDL | event-triggered | Customer Service Lead | BO becomes incapacitated / certified disability / very old age | Power of attorney / court order; nominee-operation flow per CDSL/NSDL/AMFI SOP; original BO retained; transactions logged with explicit authorisation trail | Unauthorised nominee operation pre-demise = fraud risk; SEBI investor-protection action | CDSL/OPS/DP/POLCY/2025/393 | Common SOP across CDSL+NSDL+AMFI. BO remains beneficial owner; nominee acts as operator. |
| EDGE-CASE-023 | Apply CKYC differently-abled fields at modification | CERSAI | event-triggered | Customer Service Lead | Existing customer discloses disability post-onboarding | CKYC update with Differently Abled Status / Impairment Type / Percentage / UDID; bulk update file v1.3 | Failure violates Hon’ble SC accessibility order 30 Apr 2025 | CKYC/2025/11 | Effective 30 Sep 2025. Triggers accessibility flow at all linked REs. |
| EDGE-CASE-024 | Process untraceable-client funds and securities | SEBI, BSE, NSE | quarterly | Compliance Officer | Client untraceable (returned mail, no response across attempts) | Segregated dedicated bank + dedicated demat account for untraceable clients; audit trail; quarterly report to exchange | Co-mingled funds violate SEBI client-funds segregation; exchange fine | SEBI/HO/MIRSD/POD-1/P/CIR/2025/94, NSE/INSP/43488 | Zero-balance excluded; non-zero balance disclosed each quarter. BSE INSP inactive-client equivalent referenced in BSE master framework but not surfaced as discrete ID in current circulars index. |
| EDGE-CASE-025 | Map FPI to broker without CKYC upload | SEBI, CERSAI | event-triggered | Ops Lead | FPI category-I/II onboarding via custodian | FPI registration certificate; custodian KYC pack; no CKYCRR upload (per Jan 2022 exemption); FATCA-CRS at FPI level | Wrongful CKYC upload = unnecessary data disclosure; CERSAI advisory note | CKYC/2022/01, SEBI/HO/MIRSD/SECFATF/P/CIR/2024/79 | FPI exempt from Rule 9(1A); broker still maintains internal KYC under SEBI FPI framework. |
| EDGE-CASE-026 | Handle short-allocation reason code for NRI trades | NSE, BSE, NSCCL, ICCL | monthly | RMS Lead | NRI client short-allocation flagged in CC monitoring | Reason code “NRI trades” submitted in member-side SA file; supporting trade-and-position evidence | False short-allocation reporting attracts CC false-margin-reporting penalty; member disciplinary action | NSE/INSP/49691, NCL/CMPT/55381, ICCL 20230126-1 | Standard reason codes include excess collateral at other CCs, EPI of securities, wrong-client trades, NRI trades, late-allocation acceptance. |
| EDGE-CASE-027 | Process succession certificate / probate handling | SEBI, CDSL, NSDL | event-triggered | Customer Service Lead | Deceased holder without nominee; holdings above simplified-transmission threshold | Succession certificate / probate / letters of administration / legal-heirship certificate; standardised transmission form; valuation evidence; threshold review (Rs 5 lakh demat across DPs) | Mishandling → civil suit + investor grievance under SEBI ODR | SEBI/HO/MIRSD/MIRSD_RTAMB/P/CIR/2022/65, SEBI/HO/MIRSD/MIRSD-PoD/P/CIR/2025/04 | Above threshold = mandatory court document. Below threshold = simplified form + indemnity (but no demand for notarisation post Jan 2025). |
| EDGE-CASE-028 | Process minor demat opened via natural guardian | CDSL, NSDL | event-triggered | Ops Lead | Natural guardian (parent) opens demat for minor child | Birth certificate; guardian’s full KYC; guardian-minor relationship document; account flagged “Operated by Guardian”; trading not enabled | Operational gap if guardian KYC stale → account-freeze risk on minor’s KYC review | NSDL/POLICY/2022/053, CDSL/OPS/DP/GENRL/2021/447 | Court-appointed guardian: court order required in lieu of natural-guardian declaration. |
| EDGE-CASE-029 | Block trading on minor account | SEBI, NSE, BSE | continuous | RMS Lead | Minor demat linked to trading platform | UCC tagged “Minor — Demat only”; RMS rule blocking F&O / cash trades; only IPO / corporate-action / off-market permitted | SEBI MIRSD inspection finding; investor-protection breach | SEBI/HO/MIRSD/SECFATF/P/CIR/2023/169 | Industry practice — trading disabled for minor accounts. IPO and DP transactions only. |
| EDGE-CASE-030 | Apply legacy-CKYC search for pre-2017 accounts | CERSAI | event-triggered | Ops Lead | Account opened before 1 Jan 2017 (pre-CKYCRR go-live) being modified / re-KYCed | Multi-parameter search log (Mobile, PAN, last-4 Aadhaar+Name+DOB+Gender, Voter ID, DL, Passport, NREGA, NPR); fresh upload only if no match | Duplicate CKYC records create reconciliation cost; CERSAI inspection observation | CKYC/2026/08 | ~112 crore CKYC records as of Apr 2026. Legacy mismatch a substantive concern. |
Practical notes
Section titled “Practical notes”- [industry practice] Ops teams typically operate from a weekly compliance calendar — they take this blueprint, filter to their domain, and slot recurring items into the calendar. Event-triggered items are handled via runbook.
- [gotcha] Several compliances have overlapping evidence requirements (e.g., the same trade file is evidence for margin reporting AND settlement). Mapping evidence-to-source once and reusing is a substantial efficiency win.
- [risk trade-off] “Continuous” frequencies (concurrent audit, surveillance) cannot be batched without breaching the obligation; “event-triggered” can be queued with SLAs.
- [cost optimization] Many small brokers under-resource their reporting function and pay penalties; the marginal cost of an extra reporting analyst is often less than the average annual penalty for a mid-size broker (industry-reported figures vary; verify in your books).
Verified through
Section titled “Verified through”2026-05-14
AI-generated and not legal, financial, or compliance advice. See the project README for full disclaimer.