Internal Control Policy

PP1 - BRIEF OF INTERNAL CONTROL POLICY

INTERNAL CONTROL POLICY is requires for the purpose of controlling the activity of the organisation which is an important part of the organisation for their business enhancement & maintain the ethics for achieve the compliance level as per accordance with the rules, bylaw & regulation of the regulatory.

Internal control is the integrated of the activities, plans, attitudes, policies, applicable laws and regulations, and efforts of the people of an organisation working together to provide reasonable assurance that the organisation will achieve its objective and mission.

PP2 - INFORMATION SECURITY

PURPOSE

By information security we mean protection of the Organisation's data, applications, networks, and computer systems from unauthorized access, alteration, or destruction.

The purpose of the information security policy is:

To establish a Organisation-wide approach to information security.
To prescribe mechanisms that help identify and prevent the compromise of information security and the misuse of Organisation data, applications, networks and computer systems.
Confidentiality of information:
E-mail should not be used for confidential information exchange
Clients/ Employee Information maintain & keep in safe custody of the company after the proper verification.

Appropriate Use

The computers of the Organisation are used only by the relevant authorised persons only by their relevant password only.
The Authority of accessing of back office Software (i.e. shilpi) where all the data related to Clients has been controlled by the user ids & their relevant passwords.
The Authority for working on back office software (i.e. shilpi) has been distributed according to the nature of their work.
The Documents related to the Organisations & their clients are maintained by the appointed persons only under the supervision of the senior official of the organization. No other persons are permitted for access the documents without the permission.
Sharing of information related to the organizations & their clients prohibited sharing with the outsider of this organization.
Use of e-mails will be restricted for business use only.

PP3 - PRIVACY POLICY

This privacy policy sets out how “MSB e-Trade Securities Ltd.” uses and protects any information that you give “MSB e-Trade Securities Ltd.” when you use this website.

“MSB e-Trade Securities Ltd.” is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.

“MSB e-Trade Securities Ltd.” may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.

What we collect

We may collect the following information:

name and job title
contact information including email address
demographic information such as postcode, preferences and interests
other information relevant to customer surveys and/or offers

What we do with the information we gather

We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:

Internal record keeping.
We may use the information to improve our products and services.
We may periodically send promotional email about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail.
We may use the information to customize the website according to your interests.

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links to other websites

Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Controlling your personal information

You may choose to restrict the collection or use of your personal information in the following ways:

whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes
if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at [email address]

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.

You may request details of personal information which we hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you please write to [address].

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.

RECORD KEEPING

All the Documents with the relevant to the conduct of the business of the company to be keep under the safe custody of the person designated to do such act.
Client’s information is the valuable for the company growth. That’s why all the record with the client registration document under the safe custody of the person appointed to do such act.
All the documents with relevant to the company & Clients registration documents are strictly restricted to retrieval other than person or persons appointed to do such act.
All the information of the client also restricted to share with other than person related to the company.
All the information & documents with related to client registration documents & other documents provide to respective client only after the requesting by such client or provide to the authorities as per the rule, bylaw & regulations of the exchanges, regulatory and other authorities which is authorised to get such information.

PP4 - Backup

Backup Policy

Overview
This policy defines the backup policy for computers within the organization (onsite on-line backup) & off-site off-line backup which are expected to have their data backed up.

Purpose
This policy is designed to protect data in the organization to be sure it is not lost and can be recovered in the event of an equipment failure, intentional destruction of data, or disaster.

Scope
This policy applies to all equipment and data owned and operated by the organization.

Timing
The Organization must take Full backups performed nightly on daily (every working day) basis at user level as well as admin level.

Storage of Back up

The Organization is taking onsite on-line backup on the server itself on daily basis, off-site off-line backup on Two USB drive/CD media/dat drive (80 GB) on daily/weekly basis. One USB drive/CD media/dat drive is kept at the office area another at the remote site.

Testing of USB drive / CD media

The Organization is testing periodically USB drive / CD media/ DAT drive, which are used for storage of off-site off-line backup backup. If there is any possibility for change / replace of such storage media then get it done by the responsible person of the organization.

Responsibility
The Organization appointed a persons perform regular backups. The appointed person must follow develop a procedure for testing backups and test the ability to restore data from backups on a daily/weekly basis.

Testing
The ability to restore data from backups shall be tested by senior official of the organization.

Backup Register

The Organization is maintaining the backup registered (Physically or electronically) for the purpose of maintain the records for daily backup taken by whose official and when it taken.

This policy defines the backup policy for computers within the organization (onsite on-line backup) & off-site off-line backup which are expected to have their data backed up.

The Organization must take Full backups performed nightly on daily (every working day) basis at user level as well as admin level.

The Organization is taking onsite on-line backup on the server itself on daily basis, off-site off-line backup on USB drive/CD media on daily/weekly basis. USB drive/CD media is kept at remote site.

The Organization adequate Backup facility as we have two dat drive (One is 500 GB other one is 500 GB sure store DAT) in which we take backup of all of our important data.

The Organization appointed a persons perform regular backups. The appointed person must follow develop a procedure for testing backups and test the ability to restore data from backups on a daily basis.

The ability to restore data from backups shall be tested by senior official of the organization.

PP5 - Password Policy

Overview

Passwords are an important aspect of computer security. They are the front line of protection for user IDs/accounts. A poorly chosen password may result in the compromise of entire corporate network. As such, all employees are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.

Purpose

The purpose of this policy is to establish a standard for creation of strong passwords, the protection of those passwords, and the frequency of change.

Scope

The scope of this policy includes all personnel who have or are responsible for an account (or any form of access that supports or requires a password) on any system that resides at any facility, has access to the network, or stores any non-public information.

Policy

General

☞ All system-level passwords (e.g., root, enable, NT admin, application administration accounts, etc.) must be changed on at least a monthly basis.

☞ All user-level passwords (e.g., user ids, etc.) must be changed at least every15 days.

☞ Passwords must not be inserted into email messages or other forms of electronic communication.

☞ All user-level and system-level passwords must conform to the guidelines described below.

Two factor Authentication
1. Guidelines

Password Creation Guidelines:

The following password creation guidelines are based upon experience and common sense. The software used to change passwords will screen for most of these guidelines as an aid in creating secure passwords. This does not relieve a person of responsibility for creating and securing a good password.

It must be at least eight characters in length. (Longer is generally better.)
It must contain at least one alphabetic and one numeric character. (Alpha – Numeric generally better)
It must be significantly different from previous passwords.
It should not be the same as the user ID, email IDs, telephone no., date of birth, nick name, house no., vehicle no., & some common nos.
It should not start or end with the initials of the person issued the user ID.
It should not include the first, middle, or last name of the person issued the user ID.
Special characters may be used to strengthen the password.
It should not be information easily obtainable about you. This includes license plate, social security, telephone numbers, or street address.
1. General Password Construction Guidelines

Passwords are used for various purposes at MSB e Trade Securities Ltd. Some of the more common uses include:

User level, accounts, email, screens saver protection. Since very few systems have support for one-time tokens (i.e., dynamic passwords which are only used once), everyone should be aware of how to select strong passwords.

Poor, weak passwords have the following characteristics:

The password contains less than eight characters
The password is a word found in a dictionary (English or foreign)
The password is a common usage word such as:
- Names of family, pets, friends, co-workers, fantasy characters, etc.
- Computer terms and names, commands, sites, companies, hardware, software.
- The words "<MSB e_TRADE SECURITIES LTD.>
- Birthdays and other personal information such as addresses and phone numbers.
- Word or number patterns like aaabbb, qwerty, zyxwvuts, , aaaaaaaa, 123321, 123456, 00000000, etc.

Any of the above spelled backwards.

Any of the above preceded or followed by a digit (e.g., secret1, 1secret)

NOTE: Do not use either of these examples as passwords!

1. Password Protection Standards
Do not share < MSB e_Trade Securities Limited > passwords with anyone, including administrative assistants or secretaries.
All passwords are to be treated as sensitive, Confidential < MSB e_Trade Securities Limited > information.

Here is a list of "dont's":

Don't reveal a password over the phone to ANYONE

Don't reveal a password in an email message
Don't reveal a password to the boss
Don't talk about a password in front of others
Don't hint at the format of a password (e.g., "my family name")
Don't reveal a password on questionnaires or security forms
Don't share a password with family members
Don't reveal a password to co-workers while on vacation
If someone demands a password, refer them to this document or have them call Direct to the Director without hesitation.
Do not use the "Remember Password" feature of applications.
Again, do not write passwords down and store them anywhere in your office. Do not store passwords in a file on ANY computer system (including Palm Pilots or similar devices) without encryption.
Change passwords at least once every 15 days. The recommended change interval is every 15 days.

If password is suspected to have been compromised, report the director and change all passwords.

Password cracking or guessing may be performed on a periodic or random basis by InfoSec or its delegates.

If a password is guessed or cracked during one of these scans, the user will be required to change it.

Two Factor Authentication (2FA)

Brief of Two Factor Authentication (2FA)

Knowledge factor (something only the user knows): - for e.g., Password, PIN.
Possession factor (something only the user has): - for e.g., OTP, security token, authenticator apps on smartphones etc. In case of OTP, the same should be sent to clients through both email and SMS on their registered email ID and Mobile number.

Company shall provide the Two Factor Authentication (2FA) on application offered by the company to clients for trading like OTP, PIN etc. on every session by the client login through Internet Based Trading (IBT) and Securities Trading through Wireless Technology (STWT).

PP6 - Risk Management System (RMS)/ Surveillance PROCESS

The purpose of RMS Policy is eliminating the risk of the Company /client from the volatility of the market.

6.1 RMS works on the following concepts:

Cash

The clear balance available in the customer’s ledger account in our books.

Margin

The underlying stake provided by the customer in the form of cash, FDR and/or stock to mitigate market (price) or settlement (auction) risk

Exposure

The aggregate of the customer’s obligations arising out of buy + sell trades awaiting settlement in the cash segment and profit/ loss amounts that are yet to be settled on the closed positions.

d. Exposure multiple

The number of times that exposure is allowed on the underlying margin sales on the cash segment would have to be made either on the availability of cash margin or on the availability of the stocks (which are to be sold) in our margin account, by executing a transfer before the sale order is initiated.

e. Stock qualifying for margin in cash & F&O segment transactions

Securities in the approved list of Stock Exchange as per SEBI guidelines after applicable hair cut as per exchange.

Total Deposit

The aggregate of client deposit available with us in the form of cash, Shares (After Applicable Hair Cut) and FDR.

e. Mark to Market Losses

Mark to market losses shall be collected in the following manner:

Mark to market loss shall be calculated by marking each transaction in security to the closing price of the security at the end of trading. In case the security has not been traded on a particular day, the latest available closing price at the exchange shall be considered as the closing price. In case the net outstanding position in any security is nil, the difference between the buy and sell values shall be considered as notional loss for the purpose of calculating the mark to market margin payable.
The mark to market margin (MTM) shall be collected from the member before the start of the trading of the next day.
The MTM margin shall also be collected/adjusted from/against the cash/cash equivalent component.
The MTM margin shall be collected on the gross open position of the Client.
There would be no netting off of the positions and setoff against MTM profits across two rolling settlements i.e. T day and T-1 day. However, for computation of MTM profits/losses for the day, netting or setoff against MTM profits would be permitted.
In case of Trade for Trade Segment (TFT segment) each trade shall be marked to market based on the closing price of that security.
The MTM margin so collected shall be released on completion of pay-in of the settlement.

6.2 CATAGORY OF CUSTOMER TRANSACTIONS

a. Intraday - Cash segment

The amounts of purchase (or sale) in a scrip on any trading day that is reversed by the end of the day by making a contra sale (or purchase) of the exact same quantity, thereby nullifying the original position.

b. Delivery Trades

The net purchase or sale of scrip in a client account that is settled by way of a delivery on T+1. Delivery in respect of sale transactions in the cash segment has to be settled by the client by tendering securities in demat form before the pay-in deadline. Else the client faces the risk of auction. A purchase transaction in the cash segment would fall into one or more of the following categories:

c. Sell against Buying

A purchase order executed on the Exchange today and the (undelivered) purchased stock sold in its entirety on the next trading day. In this case the first transaction would be settled on T+1 while the sale would be settled on the third business day after the purchase transaction.

1. Execution of Orders – For Execution of orders define the limit as under as per the USER ID & BRANCH ID basis :-
Quantity limit for each order.
Value Limit for each order.
User value limit for each user ID.
Branch value limit for each branch ID.
Security wise limit for each user ID.

6.3 Handling of client Securities

(A) The following demat account to deal with the client securities:-

Pool account (MSB e-Trade – Pool account)
Client Unpaid Securities Account (to be close by April-2023 or as per SEBI/Exchange guidelines.
Early Pay-in Account

(B) As per normal practise to deal with the securities of the client which the client bought through their trading a/c or transfer to us, we used to transfer these securities of the client into their registered demat account except in the following circumstances:

“Unpaid Securities” (for which the client(s) not paid or partially paid) – In case of non-payment or partial payment, Securities are kept in “Client Unpaid Securities Account” (partial or fully) & shall be disposed-off (partially or fully based on their unpaid amount) with 5 days from the pay-out or;
Based on earlier record of the Client with us we Can be return to the client’s there unpaid securities (partially or fully) in case client given us the Demat Debit and Pledge Instruction [DDPI] / Power of Attorney “POA” to meet the client obligation in their registered demat account maintained with MSB e-Trade (DP-CDSL).
Pledge of Client securities towards margin shall be handle through Client Margin Pledge process via Pledge market in the respective client demat a/c, whose DDPI/POA is provided earlier as per the their request.

(C) In case there are multiple securities in the “Client unpaid securities account” and the Stock Broker wishes to liquidate the same, is there any logic like First in First Out (FIFO) to be followed?

DO: (also please refer above and exchange’s circulars for details)

Client Securities kept in “Client Unpaid Securities Account” only be transferred to Respective client Demat A/c or to Pool A/c. (the quantify of securities based on the payment i.e. fully or partially)
Securities can be transferred from “Client Collateral Account” or “Collateral Account” to Pool account for the purpose of making pay-in for settlement of respective client.
Client Securities can receive in the “Client Collateral Account” and can be transferred to Clearing Member or “Collateral Account” for pledging with CCs.
However, sale of securities lying in collateral account, based on client’s instruction, can be considered towards such unpaid securities provided clear funds are received within such 5 trading day.
Based on earlier record of the Client with us we Can be return to the client’s there unpaid securities (partially or fully) in case client given us the Power of Attorney “POA” to meet the client obligation in their registered Demat account maintained with MSB e-Trade (DP-CDSL).

DON’TS: (also please refer above and exchange’s circulars for details)

Securities cannot be transferred from “Client unpaid securities account” directly to the “Client Collateral account” or “Collateral Account”
Client Securities cannot be transferred from “Client Collateral Account” or Collateral Account to “Client unpaid securities account”
Securities kept in “Client unpaid securities account” cannot be considered towards client’s margin obligation.
Further exposure cannot be grant to such client having debit balances.

6.4. Offline Alert / Back Office Alert

We are further investigated at the time of generation of billing by the Back Office Billing Department & the scrips are scanned for the quantity traded vis-a-vis exchange volume on that day, the frequency of trade done by the client & see if a trend is discernible.

The surveillance clientwise takes cue from the alerts generated scripwise. All the clients who have traded in the scrip placed in “SCRIP ALERT” are scrutinized for their other scrip dealings. Looking at the general quality of scrips that they are dealing in, Surveillance Officer reports to the Director for further action.

Further any big value transactions are checked for whether the client is not trading beyond ones known Income (i.e. Income declared in KYC)

Note – MSB e-Trade will not be responsible for any Short payout of security from exchange/Clearing Corporation/Clearing Member.

PP7. MARGIN COLLECTION AND REPORTING PROCEDURE

Initial Margin

Initial Margin required to taken before entering of Trade (Buy and/or Sale) as upfront margin from the client in all the segments (CM, FO, CD, CO, etc.) as per the exchanges specified rate from time to time. Margin can be meet with the “Early Pay In” (EPI) in the case of sale delivery of security. As well as EPI benefit of margin as per the exchange may grant to the client.

Other margins & MTM

Shortage of Other margin required if any shall be ask & shall be receive from the client as per the time line of the exchange.

Peak Margin

Peak margin is the applicable highest Initial margin at any point of time during the trading hours in all the segments. Highest peak margin required to be maintain before entering of trade as upfront margin.

Mode of Margin

Margin can be given in form of Cash or collaterals / Non Cash i.e. Securities etc. Securities only be accepted by the way of Margin Pledge procedure of the SEBI/Exchange after applicable haircut on the valuation of security.

Client Margin information will convey to according to the following procedures

The information conveys to client by telephonically or by email (whichever is applicable) to the relevant client on same day (trading day) basis about their margins & positions in CM, F&O, CD, CO and other Segments. Client Margin information also clarify to the relevant client if required the all the necessary details must be provided to clients as per format prescribed by the exchange.

MARGIN COLLECTION FROM CONSTITUENTS

After the information given by telephonically/ email to the relevant client about their Margin, the required margin will be asked from the relevant client within the period as prescribed by the exchange.

The required margin will collect from the constituents before with the time period as prescribed by the exchange from time to time by RTGS/NEFT/approved electronica mode / cheque /demand draft only at the earliest.

Penalty in case of short margin passed to the client.

(Ref. NSE circular NSE/INSP/64315 dt. October 01, 2024) (MCX/INSP/662/2024 dt. October 03, 2024)

Penalty levied by clearing corporations of short/non-collection of upfront margins may be passed on to client if short/non collection of upfront margin is on account of following reasons attributable to client:

Cheque issued by client to member is dishonoured
Increase in margins on account of change in hedge position by client/ expiry of some leg(s) of the hedge positions of the clients

Note: This procedure follow by the M/s MSB e-Trade Securities Ltd. it will review time to time and put the necessary modification.

PP8. Capacity Management

Capacity Management ensures that adequate capacity is available to deliver the services such that the Service Levels are not compromised due to resource crunch. It is a day to day operation like the Service Support functions but has been placed under Service Delivery because strategic inputs from the other Service Delivery functions are very important for its accuracy and delivery efficiency.

Capacity Management can classified into two types: Service Capacity Management and Resource Capacity Management.

Service Capacity Management: This is driven by the current service trends, target Service Levels defined by Service Level Management and/or Business inputs from the management. In this category the Capacity Management Function would focus on adequate skilled manpower, availability of vendors, availability of space (example, seating and storage areas), capacity of Communications facilities (like telephone lines), etc.

Resource Capacity Management: This is driven by the capacity of the current technology infrastructure, the future scalability, and the capacity burn rate.

These two Capacity Management areas can have common work areas. However the focus of the former is to maintain targeted Service Levels and focus of the latter is to maintain targeted Technology Levels. To deliver the services accurately, both of them need timely and accurate inputs from:

The Management - Pertaining to future business expansions or acquisitions, Budgets, financial growth plans, etc.

The Service Level Management - Pertaining to target service levels.
Change Management - Pertaining to Forward Planning with schedules and Magnitudes of Changes.
The System Monitoring - Pertaining to Transaction Volume Trend Analysis, Capacity Burn Rates, Performance Trends, etc - all with accurate triggers and alerts at the right time.

The Organization review there capacity regarding the Service & Resource after some time or when necessary like:-

Monitoring of performance and throughput of all services
Deploying new technology in line with business requirements (time, cost, and functionality).
All networking equipment: LANs, WANs, bridges, routers, and so on.
All Hardware: Hard Disk, Ram, Mouse, Key Board, Printer etc.
All peripherals: Storage devices, printers, and so on.
All software: Operating system, network, in-house developed, and purchased packages,

PP9. NETWORK SECURITY POLICY

Preamble

This document establishes the network security policy for the M/s MSB e-Trade Securities Ltd, MSB e-Trade, MSB.

The network security policy is intended to protect the integrity of MSB networks and to mitigate the risks and losses associated with security threats to MSB networks and network resources.

Goals

The goals of this network security policy are:

to establish Corporate wide policies to protect the MSB e-Trade's networks and computer systems from abuse and inappropriate use.
to establish mechanisms that will aid in the identification and prevention of abuse of MSB e-Trade networks and computer systems.
to provide an effective mechanism for responding to external complaints and queries about real or perceived abuses of MSB e-Trade networks and computer systems.
to establish mechanisms that will protect the reputation of the MSB e-Trade and will allow the MSB e-Trade to satisfy its all responsibilities with regard to its networks' and computer systems' connectivity to the

Policy Statement

The MSB e-Trade provides network resources to its organizations in support of its Trading Activity. This policy puts in place measures to prevent or at least minimize the number of security incidents on the organisations network without impacting the Trading Activity or the integrity of the MSB e-Trade's many different computing communities.

The responsibility for the security of the MSB e-Trade's computing resources rests with the system administrators who manage those resources. Technical Operations persons will help to carry out these responsibilities according to this policy.

The Technical Operations persons of the organisation will review and respond to formal complaints resulting from the implementation of this policy.

Technical Operations persons which administer LANs connected to the backbone will:

assign to an individual, the authority to connect systems to the organisation network(s).
ensure this information is kept accurate and up to date.

The Computer Security Technical Operations Persons will:

co-ordinate all CNS network security efforts and act as the primary administrative contact for all related activities,
co-ordinate investigations into any alleged computer or network security compromises, incidents and/or problems.
co-operate in the identification and prosecution of activities contrary to MSB e-Trade policies. Actions will be taken in accordance with relevant MSB e-Trade Policies, Codes and Procedures with, as appropriate, the involvement of the Campus Police and/or other law enforcement agencies,
in consultation with system administrators, develop procedures for handling and tracking a suspected intrusion, and deploy those procedures in the resolution of security incidents.
Ensure that no one can access to the other network.

Technical Persons will:

protect the networks and systems for which they are responsible,
employ CNS recommended practice and guidelines where appropriate and practical,
co-operate with CNS in addressing security problems identified by network monitoring,
address security vulnerabilities identified by CNS scans deemed to be a significant risk to others,
report significant computer security compromises to Computer Security Administration.

Network users will:

abide by the Appropriate Use of Information Technology policy of the MSB e-Trade,
abide by this policies governing connection to organisation networks.

PP10. Application Software Policy

1. Introduction The availability, reliability and integrity of a Use & developed application system, is a critical service provided by Services Providers like FT, Shilpi & Microsoft etc & also the software provided by the exchange.

Development of Application Software

These developed applications come about when there is a requirement to meet Organization needs.

The objective of this policy is to create an environment for the meaningful and consistent application development to attain high quality results.

Definition

Application software development is the act of reviewing, evaluating, designing, coding (programming) and implementing a software application by Service Providers through the technical department time to time.

Development of Application software is done by the software vendors under the needs of organization through the technical department time to time.

Some of the software update under the instructions of the NSE or service providers on regular basis.

Conditions of Use

Only authorised persons has right to access the application software those are use by the organization.

Every users has different authority according to the nature of there work i.e accounts persons has the different authority rather than the person look after the DP or trading software.

Instructions to the Users of the application software for an organization.

Almost the application software has there login ids & password.
Users are instructed not to share there password of the application software.
The Password must be alpha numeric & must be changed periodically
Users are clearly prohibited for access user of others. Prior intimation & permission is required for use of different user.
Where is the concern of “TRADING TERMINALS” All the orders are accepted by the clients after authentication of identity of the client like ‘Code’ / ‘Pan No.’/ ‘DOB’ etc. & then punch to trading terminals.

PP11. Business Continuity Planning and Disaster Recovery

Business continuity planning and disaster recovery planning are fundamental to the well being of an organization. Clearly, they are intended to ensure continuity in the face of unforeseen or difficult circumstances.

Planning for these situations is not always straight forward of course, and neither is identifying suitable sources of information, services and products. The requisite planning tasks themselves can also be challenging.... none more so than the building of the plan itself.

Introduction

With the increasing importance of information technology for the continuation of business critical functions, combined with a transition to an around-the-clock economy, the importance of protecting an organization's data and IT infrastructure in the event of a disruptive situation has become an increasing and more visible business priority in recent years.

Our business is based on technology like Computer VSAT, Lease line, router, Internet services & telephone etc.

“We can say that if business is the life than the technology is the heart”

Level 1:.Minor Outage Scenario

In the event of a minor outage, business processes may experience minor damage / outage and will run at a sub-standard level. Scenarios include link connectivity being temporarily down, switch or router port failures, System or network CPU failures, System Fan failures, System or Network Power supply failures, Ethernet card failures.

PLAN:

Company deputes the Technical person for technical problem like switch, router port failures system failures, Ethernet card failures for rectification at the earliest or replacement. Company keeps all necessary equipment in spare for replacement.

Level 2: Moderate Outage Scenario

In this scenario, some or all business processes at the location may experience moderate damage / outage. Processes may not continue or may run at a degraded level. An alternate site may not be required for continuing business but alternate equipment may be required depending on the criticality of the business process and infrastructure.

Some of the examples of such scenarios can be:-

Equipment is damaged due to Power surge.
ISDN/VSAT/Circuit router failure
Core access layer switch failure
Access/Distribution switch failure.
LAN switch or router failure.
Temporary outage of power.

PLAN :

Company is having 1 (One) VSAT (Very Small Aperture Terminal) & 1 (One Lease line) with auto transfer scenario from Lease line to VSAT & vise-a-versa.

In case of damaged of any equipment technical person replace at the earliest.

Company is having UPS as a backup for temporary power supply, which is automatically works after power failures, also having a Generator for power supply.

Level 3: Disaster Scenario

In this scenario, the Member infrastructure may experience a severe disaster resulting in the total shut down of infrastructure of the Member. Full processing capability of all business processes like Trading, Risk Management, settlement systems etc. from that location and related infrastructure may be down. Key personnel may not be able to access the premises. There may also be non-availability of key resources in the building.

Some of the examples of such scenarios can be

1. Flood / Rain/Fire making office premises like building and Data centers inaccessible.

2. Riots /war etc., at a location near one of the offices or within the premises of the member may render the office premises inaccessible.

3. Complete power shutdown due to unavailability of generators.

In this scenario if complete power shutdown due to unavailability of generators we are also having UPS for power supply.

We are having our branch, where our business can be carried out due to any shutdown in the main office.

Under this scenario, Members may have to switch their business over to the BCP site. Key factors which will determine the Recovery Time Objective would be key personnel availability, resilient IT infrastructure and robust BCP processes.

Level 4: Catastrophe

In this scenario, a major disaster strikes which would result in a major disruption of services. Full processing capability cannot be achieved for a substantial period of time. Recovery will require use of alternate processing site as well as offsite offices for employees over an extended period of time

Some of the examples of such scenarios can be

War
Earthquake
Extended Communal Riots etc

In such a scenario, capability to achieve their Recovery time objectives would critically depend upon Key personnel availability, resilient IT infrastructure and robust BCP processes.

PLAN: Company is having the internet connectivity of the exchange for this purpose every client of the company can do the trade direct with exchange provided platform along-with their provide login id & password.

PP12. Policy regarding treatment of inactive accounts

M/s MSB E-TRADE SECURITIES LIMITED as a matter of policy accepts and realizes that the investor community is made of traders as well as investors. Whereas traders trade frequently, the investors trade with long gaps. The inactive client policy is framed keeping the same in mind:

Definition

1. Definition of Inactive Trading Account: In case of trading account, the term inactive account refers to such account wherein any of below mentioned activities has not been carried out by client since last 24 (Twenty-Four) months:
Trading or participation in OFS/buy-back/Open Offer across any of the exchanges/segments* of the exchanges through the same Member or

*Cash/Equity Derivative/ Currency Derivative/ Commodities Derivative/EGR /Debt/Online Bond Platform/ Execution Only Platform /Any other segment as may be allowed by SEBI/stock exchanges from time to time.

Transaction in nature of applying/subscribing IPOs (where the IPO bid is successful & not cancelled)/SGBs/Mutual Funds (lumpsum investment or investments through successful SIP instalment payments) on the Mutual Fund platform of the stock exchanges through the same Member or
Modification/updation of e-mail Id/Mobile Number/Address in KYC record of client through the same Member and the same has been uploaded to KRA to ensure Validated/Registered status.

What happens when a client is declared inactive?

1. The inactive accounts identified based on the above criteria shall be flagged as ’Inactive’ by the Trading Member in UCC database of all the respective Exchanges.
2. In case the client who is flagged as inactive seeks re-activation of the trading account, the Trading Member, while reactivating the said client, shall:
Mandatorily comply with In-Person Verification/Video In-Person Verification (IPV/VIPV) requirement specified in the SEBI Master Circular on KYC dated October 12, 2023.
Seek confirmation from the client if there is any change in clients’ basic details such as Address, Mobile number, Email ID, Bank/DP account, income, etc. as registered with the Member. In case of changes in any of the said details, the Member shall seek the updated details along with the necessary documents and update in its records as well in the UCC records of the respective Exchanges. In case of KRA Validated status or Registered status through same intermediary cases, the Trading Member may fetch the details along with the necessary documents from the KRA record and display the said details for confirmation of the client and updation in its record. If there is change, then member shall update the UCC records of Exchanges as well as KRA. If client has confirmed that there is no change, the Member shall maintain the verifiable logs of the same.
Notwithstanding anything contained above, in case a client seeks re-activation then member shall verify client status as per KRA and if the client status as per KRA is not validated ( i.e. "On hold"/"Rejected"/”Registered” through other intermediary, etc.) then the member shall seek basic details like Address, Mobile number, Email ID, Bank/DP account, income, etc. along with the necessary documents as required by KRA and upload the same to KRA to ensure validated/registered status as per KRA before permitting client to trade on the Exchanges.
1. Once an inactive trading account is re-activated as per the procedure prescribed in point no. 3 mentioned above, the computation of next 24 months for the purpose of identifying client as inactive in the subsequent period shall be considered from the date of last reactivation of trading account.
2. Member may send the communication/notification to the clients prior to flagging their trading account as inactive however such communication/notification should not ask the clients to trade in order to prevent their accounts from being flagged as inactive. Any non-compliance in this regard shall be viewed seriously and strict disciplinary actions against the Trading Member may be initiated.
3. In case of existing clients who are inactive as per earlier guidelines, but are active as per revised guidelines, they may be considered as active client for trading. However, while reactivating such clients’ accounts, the members shall also ensure to update the status of such clients as active in UCC database of Exchange.
4. The Trading Member shall not be required to upload the details of such inactive clients having NIL balances in daily submission of Holding Statement to the Exchange as prescribed and daily submission of Segregation and Monitoring of Collateral at Client level to Clearing Members/Clearing Corporations. However, details of the clients having funds or securities balances shall be reported (daily submission of Segregation and Monitoring of Collateral at Client level file reporting to Clearing Corporations in case of funds and daily submission of Holding Statement to the Exchange in case of securities) even if their UCC has been flagged as ‘Inactive’.
5. Notwithstanding anything contained above, the Member shall also ensure adequate due diligence of the client on an ongoing basis (including, but not limited to, doing Re-KYC) in compliance with the provisions of the PMLA guidelines issued from time to time and in accordance with their respective KYC policies.
6. Return of Clients assets: Members are required to ensure that all client accounts are settled on monthly or quarterly basis (as per the client preferences) in the manner prescribed from time to time. In case a member is unable to settle the client accounts due to non-availability of client’s account details and non-traceability of client, Members are advised to make all efforts to trace the clients to settle client account and maintain an audit trail for such efforts made for tracing such clients and settling their account. In case of receipt of any claims from such clients, members are advised to settle the accounts immediately and ensure that the payment/delivery is made to the respective clients only. Member shall ensure to keep such unsettled funds upstreamed to Clearing Corporations.

Procedure to activate the client

To reactivate the account, the client is expected to write to the TM requesting for activation of the account, based on which the account would be activated after due diligence by the TM.

- If the client come within 1 year of after inactivation, then required only activation form if no change in the existing KYC information.

-If the client come after 2 years of after inactivation, then required Re-KYC.

PP13. POLICY FOR CONDUCT FOR PREVENTION OF INSIDER TRADING

The purpose of this Policy is to maintaining code of Internal Procedures and Conduct for prevention of Insider Trading.

The organization/firm has a senior level employee reporting to the Managing Partner/Chief Executive Officer.

The senior level employee shall be responsible for setting forth policies and procedures and monitoring adherence to the rules for the preservation of “Price Sensitive Information”, pre-clearing of all designated employees and their dependents trades (directly or through respective department heads as decided by the organization/firm), monitoring of trades and the implementation of the code of conduct under the overall supervision of the partners/proprietors.

The senior level employee shall also assist all the employees/directors/partners in addressing any clarifications regarding SEBI (Prohibition of Insider Trading) Regulations, 1992 and the organization/firm’s code of conduct.

The senior level employee shall maintain a record of the designated employees and any changes made in the list of designated employees.

Preservation of “Price Sensitive Information”

Employees/directors/partners shall maintain the confidentiality of all Price Sensitive Information. Employees/directors/partners must not pass on such information directly or indirectly by way of making a recommendation for the purchase 55[or] sale of securities.

Prevention of misuse of Price Sensitive Information

Employees/directors/partners shall not use Price Sensitive Information to buy or sell securities of any sort, whether for their own account, their relative’s account, organization/firm’s account or a client’s account. The following trading restrictions shall apply for trading in securities.

Pre-clearance of trades

All directors/officers/designated employees of the organization/firm who intend to deal in the securities of the client company (above a minimum threshold limit to be determined by the organization/firm) shall pre-clear the transactions as per the predealing procedure as described hereunder.

PP14. POLICY FOR UNAUTHENTIC NEWS CIRCULATION

No staff member or associate is authorised to send any communication to any client by way of SMS / Email / Letter / Notice / etc., unless such communication is specifically authorised by the Compliance Office
Any Equity Research Reports, Advisory Notes and Stock Recommendations sent out to the client can be sent out only from a designated Sender ID and should be duly authorised by the Compliance Officer.
Log of all such communication sent to the clients should be maintained.

PP15. WRITE UP ON REDRESSAL FOR INVESTOR GRIEVANCE REDRESSAL POLICY

The designated Email ID for lodging investor complains should be clearly displayed on the website and on all information sent to the clients
An investor grievances escalation matrix should be clearly displayed on the website of the company
All the investor complaints received by email on the designated email ID should be duly saved and recorded in the investor grievances register.
All investor grievances which are not redressed at the first level must be escalated to the next level within 7 days
Information regarding SEBI complaint redress system (SCORES) regarding filing of complaint on SCORES – Easy & Quick provide on website of the company.
And the director link for SCORES provide on the website of the company.

PP16. Client Code Modification “CCM” and error Code Policy

Client Code Modification (Rectification of error code) “CCM” is a vital problem of the broking company. The main objective of a policy for Client code modification or Rectification of error code for post trade execution and takes the report on such modification/rectification of client codes. Also aware the dealers/trading personals about the policy for Client Code Modification (Rectification of error code) “CCM”.

A. Circumstances about Client code Modification

“CCM” means modification of client code of those order has been executed or those order has converted to become trade. The stock exchange provides a facility to modify the client code to rectify an error. Further only the genuine errors will be modify and after being transferred to ‘Error Account’. The modification should be done within the Stock Exchange guidelines. The modification of client code is to be done only in exceptional cases and not in routine case.

B. Details about Genuine error

The following trades shall be modify/ allowed to be modify, shall be treated as genuine error and transferred to Error Account.

Punching error / typing error of client codes due to any genuine error or mistake in order entry, while punching the order, by any of dealer.
Trade entered for wrong client due to any miscommunication from the client /authorized representative of the client.
Client code/name and modified client code/name are similar to each other but such Modifications are not repetitive.
Family Code (spouse, dependent parents, dependent children and HUF)
Institutional trades modified to broker error/pro account.

C Classification of Genuine Error

The criteria for determining the genuineness of client code modification are as follows:

Client code M020 wrongly entered N020 (if there is punching error), whereas M020 entered as M002 or M200 may be a genuine punching error.

D. The Board and Management Directives

The Board and Management of the company have approved under mention policy in this regard and instruct all the staff of the office to follow it strictly.

It has been decided that a separate error account in the name of “MSB e-Trade Securities Limited”must open as per the exchange circular for rectification.
It has been decided that client code mapping in trading terminals to prevent the punching error into those codes which are not given to anyone.
It has been decided to periodically review the list of inactive clients into CTCL System.
It has been instruct to all the Dealers to hear clearly the client code /scrip name /price and reconfirm the same before placing order into the trading system.
/management on the implementation of the said policy periodically.
It has been decided that maintain the register for “CCM” with immediate effect for recording the errors.
It has been advice to the Department head/ Compliance officer for analyses the mistake and to take/implement corrective measures to their best possible efforts to minimize the same.
It has been advice to the Department Head/ Compliance officer to update the Board regarding the same.

E Reporting System

✓ Any issues regarding the “CCM” should be reported to the designated officer and can be done only after getting approval after knowing it’s genuinely as per exchange directives.

Any client code modification shall be subjected to this policy be carried at Head Office of the company in the normal circumstances.
The designated officer review the Error Account file send by the Exchange on daily basis.
A separate register for “CCM” to be maintained by the company for above purpose where full details will be recorded.

F Reference to the Circular

F (i) SEBI – Circulars No. – CIR/DNPD/6/2011 dated January 01, 2011

Circulars No. – CIR/DNPD/01/2011 dated July 05, 2011

F(ii) NSE – Circular No. - NSE/INVG/2011/596 dated February 17, 2011

Circular No.- NSE/INVG/2011/18484 dated July 29, 2011

Circular No. - NSE /INVG/2011/870 dated August 26, 2011.

PP17. Policy for PRE FUNDED INSTRUMENTS from Clients

Objective:

The objective of the policy is to prevent acceptance of third party funds and to prescribe process to deal with instruments issued by third party when received.

Background:

SEBI vide circular no. SEBI/MRD/SE/Cir-33/2003/27/08 dated August 27, 2003 has specified that the stock brokers can accept demand drafts from their clients. However, SEBI vide circular no. CIR/MIRSD/03/2011 dated June 9, 2011 and National Stock Exchange vide its circular no. NSE/INSP/18024 dated 09-Jun-11 has advised stock brokers to maintain an audit trail while receiving funds from the clients through Demand Draft (DD)/Pay Order (PO)/Bankers Cheque (BC) since such third party pre-paid instruments do not contain the details like name of the client, bank account number are not mentioned on such instruments. Non maintenance of audit trail may result in flow of third party funds or unidentified money which may result into breach of regulations issued under PMLA and SEBI circulars.

Terms used in this policy:

1. Prefunded Instruments - Referred as Payorder, Demand Draft, banker’s cheque etc.

2. Electronic Fund Transfers - Referred as transfer of funds using net banking

Policy:

SEBI vide circular no. SEBI/MRD/SE/Cir-33/2003/27/08 dated August 27, 2003 has specified that the stock brokers can accept demand drafts from their clients. However, in accordance with SEBI circular no. CIR/MIRSD/03/2011 dated June 9, 2011, the following needs to be complied:

A “Pre-paid instrument received register” with columns for date, name of the client, Particulars of instrument (like amount, instrument drawn on bank name) and such other columns as found necessary shall be maintained. The register may be maintained either in a physical form or in electronic form.
Pre-paid instruments of the value of less than Rs 50,000 may be accepted from the client. Whenever such instruments are received, entry into ‘Pre-paid instruments Received register’ shall be made.
If the pre-paid instrument is for value more than Rs 50,000 or If the aggregate value of prefunded instruments is Rs. 50,000/- or more, per day per client is presented for acceptance, such instrument or instruments may be accepted, only if the same is/are accompanied by the name of the bank account holder and number of the bank account debited for the purpose, duly certified by the issuing bank. The mode of certification may include the following:
1. Certificate from the issuing bank or its letter head or on a plain paper with the seal of the issuing bank.
2. Certified copy of the requisition slip (portion which is retained by the bank) to issue the instrument.
3. Certified copy of the passbook / bank statement for the account debited to issue the instrument.
4. Authentication of the bank account-number debited and name of the account holder by the issuing bank on the reverse of the instrument.
If a client submits pre-paid instruments at different times during the day, details and certificates as stated above may be collected along with the instrument with which the aggregate value of pre-paid instruments submitted exceeds Rs 50,000 for that date.
In case of any receipt of funds by way of Electronic fund transfer, an audit trail to ensure that funds are received from respective client only has to be maintained. Necessary details may be collected from banker at which the amount is received.
If the pre-paid instrument is received through post or any other method where client does not directly interface for submission of the instrument and the instrument does not contain the information as required above, the following action may be taken:

Contact the client immediately and seek information. Not to bank the instrument until the information is given by the client.
If the pre-paid instrument is bank transfer, contact banker immediately for the details; not utilize the amount so credited until the details are received/ confirm and not to give credit to the customer until banker gives the details/certification.

While giving credit to respective client’s ledger, Head office needs to cross check / verify with documents that such instrument is received from respective client’s.

Review Policy :

This policy may be reviewed as and when there are any changes introduced by any statutory authority or as and when it is found necessary to change the policy due to business needs.

The policy may be reviewed by the Managing Director/CEO and place the changes in policy before the Board at the meeting first held after such changes are introduced.

Policy communication:

A copy of this policy shall be made available to all the relevant staff who are responsible for receipt of funds from clients and customer service executives.

PP18. Internal Policy - NISM-Series –VII: Securities Operation and Risk Management Certification Examination

Circulars & References:-

SEBI Notification No.LAD-NRO/GN/2010-11/21/29390 published in the Gazette of India on December 10, 2010
NSE Circular no. NSE/INSP/16536 December 15, 2010
NSE Circular no. NSE/INSP/27495 September 02, 2014
BSE Notice no.20101215-19 dated December 15,2010
BSE Notice no. 20140902-8 dated September 02,2014

Brief

SEBI issued Notification no. LAD-NRO/GN/2010-11/21/29390 dated December 10, 2010, in which the categories of associated persons associated with a registered stock broker/trading member/clearing member in any recognized stock exchanges, who are involved in, or deal with any of the following:

a. Assets or Funds of investors or clients
b. Redressal of investor grievances
c. Internal control or risk management
d. Activities having a bearing on operational risk

shall be required to have a valid NISM certification of NISM Series VII – Securities Operation & Risk Management (SORM) from National Institute of Securities Market (NISM).

Requirement of the Policy

The Company being a trading member NSE, BSE, MSEI, MCX, NCDEX & DP-CDSL, provisions of the aforesaid requirement is applicable to all its employees & sub-brokers involved in the activities as mentioned above.

Definition of “Associated Person”

“Associated Person” means a principal or employee of an intermediary or an agent or distributor or other natural person engaged in the securities business and includes an employee of a foreign institutional investor or a foreign venture capital investor working in India.

Policy

As required in the aforesaid notification of SEBI, all existing persons associated with the Company as on date of publication and engaged in deal with:

(a) Assets of funds of investors or clients
(b) Redressal of investor grievances
(c) Internal control or risk management
(d) Activities having a bearing on operational risk
shall obtain the valid certification of NISM Series VII - Securities Operation and Risk, Management (SORM) within two years from the date of such notification. Simultaneously whenever the company employs any associated person specified as mentioned above, the said associated person shall obtain valid certification of NISM Series VII – Securities Operation and Risk Management (SORM) within one year from the date of his /her employment/registration as sub-broker.

Exemption

Associated persons handling the basic clerical / elementary functions in the aforesaid specified areas shall be exempted from obtaining the certification of NISM Series VII - Securities Operation and Risk Management (SORM). For this purpose, the company considers following activities as basic elementary lever / clerical level:

Internal Control or Risk Management

Inwarding or collateral’s / Cheques
Person performing market entries
Maker entry in the database
Photocopying, printouts, scanning of documents
Preparing of MIS
Sending of letters / reports to clients, Exchanges, SEBI
Attending Calls, etc.

Redressal of Investor Grievances
Inwarding of complaints
Seeking documents from clients
Person performing maker entries
Maker entry in the database
Photocopying, printouts, scanning of documents
Preparing of MIS
Sending of letters / reports to clients, Exchanges, SEBI updation, data entry, uploading on SCORES
Attending calls, etc

Activities having a being on operational risk and dealing with assets of funds of investors of clients

Person performing maker entries
Maker entry in the database
Preparing of MIS
Generating of reports, Files
Photocopying, printouts, scanning of documents
Dispatching documents to clients
Sending of letters / reports to clients, Exchanges, SEBI
Attending calls, etc

However, any area (as stated herein above) being performed by the respective persons, obtaining, NISM-SORM Certification shall be optional provided that they are supervised by his / her supervisor who shall have to obtain / continue to have NISM – SORM Certification or such other prescribed certification at all times.

PP19. POLICIES & PROCEDURE

As per SEBI Circular No: MIRSD/SE/Cir-19/2009 Dated 3rd December, 2009

1. Refusal of orders for penny / illiquid stock

The stock broker may from time to time limit (quantity/value) / refuse orders in one or more securities due to various reasons including market liquidity, value of security(ies), the order being for securities which are not in the permitted list of the stock broker / exchange(s) / SEBI. Provided further that stock broker may require compulsory settlement / advance payment of expected settlement value/ delivery of securities for settlement prior to acceptance / placement of order(s) as well. The client agrees that the losses, if any on account of such refusal or due to delay caused by such limits, shall be borne exclusively by the client alone.

The stock broker may require reconfirmation of orders, which are larger than that specified by the stock broker’s risk management, and is also aware that the stock broker has the discretion to reject the execution of such orders based on its risk perception.

2. Setting up client’s exposure limits and conditions under which a client may not be allowed to take further position or the broker may close the existing position of a client

The stock broker may from time to time impose and vary limits on the orders that the client can place through the stock broker’s trading system (including exposure limits, turnover limits, limits as to the number, value and/or kind of securities in respect of which orders can be placed etc.). The client is aware and agrees that the stock broker may need to vary or reduce the limits or impose new limits urgently on the basis of the stock broker’s risk perception and other factors considered relevant by the stock broker including but not limited to limits on account of exchange/ SEBI directions/limits ( such as broker level/ market level limits in security specific / volume specific exposures etc.) , and the stock broker may be unable to inform the client of such variation, reduction or imposition in advance. The client agrees that the stock broker shall not be responsible for such variation, reduction or imposition or the client’s inability to route any order through the stock broker’s trading system on account of any such variation, reduction or imposition of limits. The client further agrees that the stock broker may at any time, at its sole discretion and without prior notice, prohibit or restrict the client’s ability to place orders or trade in securities through the stock broker, or it may subject any order placed by the client to a review before its entry into the trading systems and may refuse to execute / allow execution of orders due to but not limited to the reason of lack of margin / securities or the order being outside the limits set by stock broker / exchange/ SEBI and any other reasons which the stock broker may deem appropriate in the circumstances.

For Non-Payment or erosion of margins or other amounts, outstanding debts, etc. & adjust the proceeds of such liquidation/ close out if any, against the client’s liabilities/obligations.
Any order which is executed without the required margin in the client’s account or the broker’s exposure is more than 90% and above so no fresh trade will be taken.
The client hereby authorizes the stock broker to squareup all his outstanding positions at the discretion of the stock broker, which are not marked for delivery, 15 minutes before the closing time of the normal market or if the client’s margin is evaporated by 90% in any of the exchange(s), MSB e-Trade reserves the right to square off positions.
Under certain market conditions, it may be difficult or impossible to liquidate a position in the market at a reasonable price or at all, when there are no outstanding orders either on the buy side or the sell side, or if trading is halted in a security due to any action on account of unusual trading activity or stock hitting circuit filters or any other reason as prescribed or instructed by SEBI.

The client agrees that the losses, if any on account of such refusal or due to delay caused by such review, shall be borne exclusively by the client alone.

The stock broker is required only to communicate / advise the parameters for the calculation of the margin / security requirements as rate(s) / percentage(s) of the dealings, through anyone or more means or methods such as post / speed post / courier / registered post / registered A.D / facsimile / telegram / cable / e-mail / voice mails / telephone (telephone includes such devices as mobile phones etc.) including SMS on the mobile phone or any other similar device; by messaging on the computer screen of the client’s computer; by informing the client through employees / agents of the stock broker; by publishing / displaying it on the website of the stock broker / making it available as a download from the website of the stock broker; by displaying it on the notice board of the branch / office through which the client trades or if the circumstances, so require, by radio broadcast / television broadcast / newspapers advertisements etc; or any other suitable or applicable mode or manner. Once parameters for margin / security requirements are so communicated, the client shall monitor his / her / its position (dealings / trades and valuation of security) on his / her / its own and provide the required / deficit margin / security forthwith as required from time to time whether or not any margin call or such other separate communication to that effect is sent by the stock broker to the client and /or whether or not such communication is received by the client.

The client is not entitled to trade without adequate margin / security and that it shall be his / her / its responsibility to ascertain beforehand the margin / security requirements for his/ her /its orders / trades / deals and to ensure that the required margin / security is made available to the stock broker in such form and manner as may be required by the stock broker. If the client’s order is executed despite a shortfall in the available margin, the client, shall, whether or not the stock broker intimates such shortfall in the margin to the client, make up the shortfall suo moto immediately. The client further agrees that he /she / it shall be responsible for all orders (including any orders that may be executed without the required margin in the client’s account) & / or any claim /loss/ damage arising out of the non availability /shortage of margin /security required by the stock broker & / or exchange & / or SEBI.

The stock broker is entitled to vary the form (i.e., the replacement of the margin / security in one form with the margin / security in any other form, say, in the form of money instead of shares) & / or quantum & / or percentage of the margin & / or security required to be deposited / made available, from time to time.

The margin / security deposited by the client with the stock broker are not eligible for any interest.

The stock broker is entitled to include / appropriate any / all payout of funds & / or securities towards margin / security without requiring specific authorizations for each payout.

The stock broker is entitled to disable / freeze the account & / or trading facility / any other service, facility, if, in the opinion of the stock broker, the client has committed a crime / fraud or has acted in contradiction of this agreement or / is likely to evade / violate any laws, rules, regulations, directions of a lawful authority whether Indian or foreign or if the stock broker so apprehends.

3. Applicable brokerage rate

The stock broker is entitled to charge brokerage within the limits imposed by exchange which at present is as under:

For Cash Market Segment: The maximum brokerage chargeable in relation to trades effected in the securities admitted to dealings on the Capital Market segment of the Exchange shall be 2.5 % of the contract price exclusive of statutory levies. It is hereby further clarified that where the sale / purchase value of a share is Rs.10/- or less, a maximum brokerage of 25 paise per share may be collected.
For Option contracts: Brokerage for option contracts would not exceed Rs. 100/- (per lot) single side or such other rates as provided by the exchange(s)/SEBI.
For Derivatives contracts: Brokerage for derivatives contracts would not exceed 2.5%/- (per lot) single side or such other rates as provided by the exchange(s)/SEBI.

4. Imposition of penalty / delayed payment charges

Clients will be liable to pay late pay in/delayed payment charges for not making payment of their paying/margin obligation on time as per the exchange requirement/schedule at the rate of 2% per month. The client agree that the Stock broker may impose fine and penalties for the order/ trades/deals/ actions of the clients which is contrary to these agreement/rules/ regulations/ bye laws of the exchange or any other law for the time being in force at such rates and in such form as it may deem fit. Further where the stock broker has to pay any fine or bear any punishment from any authority in connection with/as a consequence of/in relation to any of the orders/trades/deals/actions of the client, the same shall be borne by the client.

The client agrees to pay to the stock broker brokerage, commission, fees, all taxes, duties, levies imposed by any authority including but not limited to the stock exchanges (including any amount due on account of reassessment / backlogs etc.), transaction expenses, incidental expenses such as postage, courier etc. as they apply from time to time to the client’s account / transactions / services that the client avails from the stock broker.

5. The right to sell clients’ securities or close clients’ positions, without giving notice to the client, on account of non-payment of client’s dues

The stock broker maintains centralized banking and securities handling processes and related banking and depository accounts at designated place. The client shall ensure timely availability of funds/securities in designated form and manner at designated time and in designated bank and depository account(s) at designated place, for meeting his/her/its pay in obligation of funds and securities. The stock broker shall not be responsible for any claim/loss/damage arising out of non availability/short availability of funds/securities by the client in the designated account(s) of the stock broker for meeting the pay in obligation of either funds or securities. If the client gives orders / trades in the anticipation of the required securities being available subsequently for pay in through anticipated payout from the exchange or through borrowings or any off market delivery(s) or market delivery(s) and if such anticipated availability does not materialize in actual availability of securities / funds for pay in for any reason whatsoever including but not limited to any delays / shortages at the exchange or stock broker level / non release of margin by the stock broker etc., the losses which may occur to the client as a consequence of such shortages in any manner such as on account of auctions / square off / closing outs etc., shall be solely to the account of the client and the client agrees not to hold the stock broker responsible for the same in any form or manner whatsoever.

In case the payment of the margin / security is made by the client through a bank instrument, the stock broker shall be at liberty to give the benefit / credit for the same only on the realization of the funds from the said bank instrument etc. at the absolute discretion of the stock broker. Where the margin /security is made available by way of securities or any other property, the stock broker is empowered to decline its acceptance as margin / security & / or to accept it at such reduced value as the stock broker may deem fit by applying haircuts or by valuing it by marking it to market or by any other method as the stock broker may deem fit in its absolute discretion.

The stock broker has the right but not the obligation, to cancel all pending orders and to sell/close/liquidate all open positions/ securities / shares at the pre-defined square off time or when Mark to Market (M-T-M) percentage reaches or crosses stipulated margin percentage mentioned on the website, whichever is earlier. The stock broker will have sole discretion to decide referred stipulated margin percentage depending upon the market condition. In the event of such square off, the client agrees to bear all the losses based on actual executed prices. In case open position (i.e. short/long) gets converted into delivery due to non square off because of any reason whatsoever, the client agrees to provide securities/funds to fulfill the pay-in obligation failing which the client will have to face auctions or internal close outs; in addition to this the client will have to pay penalties and charges levied by exchange in actual and losses, if any.

Without prejudice to the foregoing, the client shall also be solely liable for all and any penalties and charges levied by the exchange(s).

The stock broker is entitled to prescribe the date and time by which the margin / security is to be made available and the stock broker may refuse to accept any payments in any form after such deadline for margin / security expires.

Notwithstanding anything to the contrary in the agreement or elsewhere, if the client fails to maintain or provide the required margin/fund / security or to meet the funds/margins/ securities pay in obligations for the orders / trades / deals of the client within the prescribed time and form, the stock broker shall have the right without any further notice or communication to the client to take any one or more of the following steps:

To withhold any payout of funds / securities.
To withhold / disable the trading / dealing facility to the client.
To liquidate one or more security(s) of the client by selling the same in such manner and at such rate which the stock broker may deem fit in its absolute discretion. It is agreed and understood by the client that securities here includes securities which are pending delivery / receipt.
To liquidate / square off partially or fully the position of sale & / or purchase in anyone or more securities /contracts in such manner and at such rate which the stock broker may decide in its absolute discretion.
To take any other steps which in the given circumstances, the stock broker may deem fit.

The client agrees that the loss(s) if any, on account of anyone or more steps as enumerated herein above being taken by the stock broker, shall be borne exclusively by the client alone and agrees not to question the reasonableness, requirements, timing, manner, form, pricing etc., which are chosen by the stock broker.

6. Shortages in obligations arising out of internal netting of trades

Stock broker shall not be obliged to deliver any securities or pay any money to the client unless and until the same has been received by the stock broker from the exchange, the clearing corporation/ clearing house or other company or entity liable to make the payment and the client has fulfilled his / her/ its obligations first.

The policy and procedure for settlement of shortages in obligations arising out of internal netting of trades is as under:

The securities delivered short are purchased from market on T+1 day which is the Auction Day on Exchange, and the purchase consideration (inclusive of all statutory taxes & levies) is debited to the short delivering seller client.
In case, the shares are not purchased from the market for whatsoever reason, the seller account shall be debited by the closing price of shares on the date of the auction plus 2% over and above the closing price or minimum 50 paise per shares on the date the auction for the settlement which ever is higher.
In cases of securities having corporate actions all cases of short delivery of cum transactions which cannot be auctioned on cum basis or where the cum basis auction payout is after the book closure / record date, would be compulsory closed out at higher of 10% above the official closing price on the auction day or the highest traded price from first trading day of the settlement till the auction day.

7. Temporarily suspending or closing a client’s account at the client’s request

The client may request the stock broker to temporarily suspend his account, stock broker may do so subject to client accepting / adhering to conditions imposed by stock broker including but not limited to settlement of account and/ or other obligation.
The stock broker can with hold the payouts of client and suspend his trading account due to his surveillance action or judicial or / and regulatory order/action requiring client suspension.

8. De-registering a client

Notwithstanding anything to the contrary stated in the agreement, the stock broker shall be entitled to terminate the agreement with immediate effect in any of the following circumstances:

If the action of the Client are prima facie illegal/ improper or such as to manipulate the price of any securities or disturb the normal/ proper functioning of the market, either alone or in conjunction with others.
If there is any commencement of a legal process against the Client under any law in force;
On the death/lunacy or other disability of the Client;
If a receiver, administrator or liquidator has been appointed or allowed to be appointed of all or any part of the undertaking of the Client;
If the Client has voluntarily or compulsorily become the subject of proceedings under any bankruptcy or insolvency law or being a company, goes into liquidation or has a receiver appointed in respect of its assets or refers itself to the Board for Industrial and Financial Reconstruction or under any other law providing protection as a relief undertaking;
If the Client being a partnership firm, has any steps taken by the Client and/ or its partners for dissolution of the partnership;
If the Client have taken or suffered to be taken any action for its reorganization, liquidation or dissolution;
If the Client has made any material misrepresentation of facts, including (without limitation) in relation to the Security;
If there is reasonable apprehension that the Client is unable to pay its debts or the Client has admitted its inability to pay its debts, as they become payable;
If the Client suffers any adverse material change in his / her / its financial position or defaults in any other agreement with the Stock broker;
If the Client is in breach of any term, condition or covenant of this Agreement;
If any covenant or warranty of the Client is incorrect or untrue in any material respect;

However notwithstanding any termination of the agreement, all transactions made under / pursuant to this agreement shall be subject to all the terms and conditions of this agreement and parties to this agreement submit to exclusive jurisdiction of courts of law at the place of execution of this agreement by Stock Broker.

Client Acceptance of Policies and Procedures stated here in above:

l/We have fully understood the same and do hereby sign the same and agree not to call into question the validity, enforceability and applicability of any provision/clauses this document any circumstances what so ever. These Policies and Procedures may be amended / changed unilaterally by the broker, provided the change is informed to me / us with through anyone or more means or methods such as post / speed post / courier / registered post / registered AD / facsimile / telegram / cable / e-mail / voice mails / telephone (telephone includes such devices as mobile phones etc.) including SMS on the mobile phone or any other similar device; by messaging on the computer screen of the client’s computer; by informing the client through employees / agents of the stock broker; by publishing / displaying it on the website of the stock broker / making it available as a download from the website of the stock broker; by displaying it on the notice board of the branch / office through which the client trades or if the circumstances, so require, by radio broadcast / television broadcast / newspapers advertisements etc; or any other suitable or applicable mode or manner. I/we agree that the postal department / the courier company /newspaper company and the e-mail/ voice mail service provider and such other service providers shall be my/our agent and the delivery shall be complete when communication is given to the postal department / the courier company / the e-mail/voice mail service provider, etc. by the stock broker and I/we agree never to challenge the same on any grounds including delayed receipt / non receipt or any other reasons whatsoever. These Policies and Procedures shall always be read along with the agreement and shall be compulsorily referred to while deciding any dispute / difference or claim between me/ us and stock broker before any court of law / judicial / adjudicating authority including arbitrator/ mediator etc.

TARIFF SHEET

Segment

Cash Segment

Equity Future & Option Segment

Currency Derivative

Charges

Square Up Transaction

Delivery Transaction

Future Segment

Option Segment

Currency Future

Currency Option

% age

Min. Paise

(per share)

% age

Min. Paise (per share)

% age

Min.

(Per Lot)

% age

Min.

(Per Lot)

% age

Min.

(Per Lot)

% age

Min.

(Per Lot)

Brokerage

Other Charges

Important Note:

Exchange Turnover Charges, Security Transaction Tax, Stamp Duty, Service Tax, & other Statutory & Govt. Levies are as per applicable by the relevant authority.
Rs. 25 per may charge as stationary and postage charges in case of dispatching of duplicate copy of physical contract note in additional to brokerage, STT or other statutory charges as mentioned above.

* END *

PP20. Policies to Identify or avoid or manage Conflict of Interest

Policy and the objectives

In order to strive for achieving management of conflict of interests, MSB E-TRADE shall endeavor-

To promote high standards of integrity in the conduct of business
To ensure fairness of dealing with clients
To guide for identification, elimination or management of conflict of interest situations
To provide a mechanism for review and assessment of the policy(ies) on conflict of interests

The conflict of interest policy aims to ensure that the Company’s clients are treated fairly and at the highest level of integrity and that their interests are protected at all times. It also aims to identify conflicts of interest between:

The Company and a Client
Relevant Person and a Client
A Company of the Group and a Client
Two or more Clients of the Company in the course of providing services to these Clients
A Company service provider and a Client

In addition it aims to prevent conflicts of interest from adversely affecting the interest of its Client.

Conflicts of Interest Policy sets out:

The Company will identify circumstances which may give rise to conflicts of interest entailing a material risk of damage to our Clients’ interests;
The Company has established appropriate mechanisms and systems to manage those conflicts;
The Company maintains systems designed to prevent damage to our Clients’ interests through identified conflicts.

“Intermediary” and “Associated Person”

Securities and Exchange Board of India (Certification of Associated Persons in the Securities Markets) Regulations,

2007 defines the term “intermediaries" and "associated persons". Accordingly, “intermediary” means an entity registered under SEBI Act and includes any person required to obtain any membership or approval from a stock exchange or a self-regulatory organization; and “associated person” means a principal or employee of an intermediary or an agent or distributor or other natural person engaged in the securities business and includes an employee of a foreign institutional investor or a foreign venture capital investor working in India;

“Conflict of Interest”

Conflicts of Interest can be defined in many ways, including any situation in which an individual or corporation (either private or governmental) is in a position to exploit a professional or official capacity in some way for their personal or corporate benefit. A conflict of interest is a manifestation of the moral hazard problem, particularly when a financial institution provides multiple services and the potentially competing interests of those services may lead to a concealment of information or dissemination of misleading information. A conflict of interest exists when a party to a transaction could potentially make gain from taking actions that are detrimental to the other party in the transaction.

Identification of Conflicts of Interests

The Company shall take adequate steps to identify conflicts of interest. In identifying conflicts of interest, the Company will take into account situations where the Company or an employee or a Relevant Person:

Is likely to make a financial gain, or avoid a financial loss, at the expense of the Client;
Has an interest in the outcome of a service provided to the Client or of a transaction carried out on behalf of the Client, which is distinct from the Client’s interest in that outcome;
Has a financial or other incentive to favour the interest of one Client over another;
Carries out the same business as the Client; or
Receives from a person other than a Client an inducement in relation to a service provided to a Client, in the form of monies, goods or services, other than the standard commission or fee for that service.

Potential Conflict of Interest

In order to avoid, manage or deal with conflict of interest with the intermediary or the Associated Persons, it is important to identify the possible areas of conflict of interest. MSB E-TRADE lists out the following potential conflict of interest that may affect the company.

Directorships or other employment;
interests in business enterprises or professional practices;
Share ownership;
Beneficial interests in trusts;
Personal Account Trading;
Professional associations or relationships with other organizations;
Personal associations with other groups or organizations, or family relationships;
Front running;
Rebates;
Kickbacks;
Commission;
Where the company carries on the same business as a client;
Where the company designs, markets or recommends a product or service without properly considering all our other products and services and the interest of all our clients;
Where the company has a financial or other incentive to favour the interest of another client or group of clients over the interests of a client;
Where the company has an interest in the outcome of a service provided to, or of a transaction carried out on behalf of, a client which is distinct from that client’s interest in that outcome;
Where the company is likely to make a financial gain or avoid a financial loss at the expense of a client; and
Where the company receives, or will receive, from the person other than a client an inducement in relation to the service provided to that client in the form of monies, goods or services, other than the standard commission or fee for that service;

Measures to avoid or to deal or manage actual or potential Conflict of Interests

Should a conflict of interest arise, it needs to be managed promptly and fairly. The Company puts in place following arrangements to ensure that:

There is a clear distinction between the different departments’ operations;
No single person will gather conflicting information, thus counterfeiting or hiding information from investors is minimized;
The Company’s employees are prohibited from investing in a financial instrument for which they have access to non-public or confidential information;
Transactions by the Company’s employees are neither performed nor executed by themselves.
Employees sign a contract of employment including confidentiality clauses. No associated person may disclose inside information to others, except disclosures made in accordance with the Company's policies and procedures, to other Company personnel or persons outside the Company who have a valid business reason for receiving such information;
Each department will control the flow of information where, otherwise, the risk of conflict of interest may harm the interest of a Client;
Relevant information is recorded promptly in a secure environment to enable identification and management of conflicts of interests;
Adequate records are maintained of the services and activities of the Company where a conflict of interest has been identified;
In certain jurisdictions appropriate disclosure may be made to the Client in a clear, fair and not misleading manner to enable the Client to make an informed decision;
There is a periodic review of the adequacy of the Company’s systems and controls.
Employees are required to avoid conflicts of interest with activities they undertake outside MSB E-TRADE.

Information limitations

The Company respects the confidentiality of information it receives regarding its Clients and operates a “Need to Know” approach and complies with all applicable laws in respect of the handling of that information. Access to confidential information is restricted to those who have a proper requirement for the information consistent with the legitimate interest of a Client of the Company. The Company operates internal organizational arrangements to avoid conflicts of interest by controlling, managing or restricting, as deemed appropriate, the flow of confidential information between different areas of business or within a specific division or department. In particular, Chinese Walls are a key tool for conflict of interest prevention, avoiding insider dealing and market manipulation risks. Furthermore, Chinese Walls can involve separation of premises, personnel, reporting lines, files and IT-systems and controlled procedures for the movement of personnel and information between the Company and any other part of the Company. The Company maintains permanent information barriers between different departments.

Disclosure to clients of possible source or potential areas of conflict of interest (COI):

MSB E-TRADE or its associated persons should, in writing, disclose to a client any COI in respect of that client including –
Measures taken to avoid or mitigate the conflict;
Any ownership interest or financial interest that the provider or representative may be or become eligible for;
The nature of the relationship or arrangements with a third party that gives rise to a COI in sufficient detail to enable the client to understand the exact nature of the COI.
MSB E-TRADE or its associated persons should, in writing, inform a client of the policy on Management of Conflict of Interest and how it may be accessed.
Intimation of an actual or potential COI should be made to a person with responsibility for the issue or area, such as the relevant management team, head of the department or key individual.
In accordance with an employee’s obligation to act in the best interest of MSB E-TRADE, it is not permissible for employees to engage in conduct that would amount to a COI with MSB E-TRADE.
Staff that fail to disclose a potential or actual COI in accordance with this policy may be liable to disciplinary procedures.
Where a conflict arises MSB E-TRADE or its Associated Persons will, if it is aware of it, disclose it to a client prior to undertaking trading activity for that client or, if the company does not believe that disclosure is appropriate, to manage the conflict, the company may opt not to proceed with the transaction or matter giving rise to the conflict.
Where there is no other way of managing a conflict, or where the measures in place do not sufficiently protect Clients’ interests, the conflict will be disclosed to allow the Client to make an informed decision on whether to continue using our service in the situation concerned.
MSB E-TRADE may decline to act for a Client in cases where we believe a conflict of interest cannot be managed in any other way.

Policies and procedures

The Company has developed and implemented policies and procedures throughout its business to prevent or manage potential conflicts of interest. Our employees receive guidance and training in these policies and procedures, and they are subject to monitoring and review processes.

Procedure to comply with the policy

Every staff member must have a copy of the Policy on management of Conflicts of Interest.
If a potential COI arises, the transaction must first be discussed with management before entering into the transaction.
All new employees shall be required to declare their outside interests when they join the firm.
All staff maintaining personal trading accounts outside of the company are required to instruct their broker to send copy contract notes and periodic statements to the company for reconciliation purposes.

Inducements

The Company does not offer, solicit or accept any inducements, other than the following:

the fee, commission or benefit which is disclosed to a client, prior to the provision of the relevant service; and
it is designed to enhance the quality of the relevant service to a client and in line with the Company’s duty to act in the best interests of a client.
Proper fees for the provision of investment services, such as custody costs, settlement and exchange fees, regulatory levies or legal fees, and which cannot give rise to conflicts with the Company’s duties to act honestly, fairly and professionally in accordance with the best interests of its clients.

PP21. CYBER SECURITY AND CYBER RESILIENCE POLICY

INDEX

S. No.	Topic
1	Statutory Mandate
2	Objective of the Framework
3	Applicability
4	Scope Of The Framework
5	Designated Officer
6	Constitution Of Technology Committee
7	Identification, Assessment And Management Of Cyber Security Risk
8	Protection Of National Critical Information Infrastructure
9	Communication Of Unusual Activities And Events
10	Submission Of Quarterly Reports
11	Submission Of Quarterly Reports
12	Training And Education
13	Systems Managed By Vendors
14	Systems Managed
15	Periodic Audit
16	Annexure A
17	Annexure B
18	Annexure C
19	Standard Operating Procedure (SOP) for handling Cyber Security Incidents

CYBER SECURITY AND CYBER RESILIENCE POLICY

STATUTORY MANDATE This Policy / framework is made based as accordance with the requirements of the SEBI Circular SEBI/HO/MIRSD/CIR/PB/2018/147 (“the circular”) dated December 3, 2018.
OBJECTIVE OF THE FRAMEWORK The objective of this framework is to provide robust cyber security and cyber resilience to the Stock brokers and depository participants to perform their significant functions in providing services to the holders of securities.
APPLICABILITY Provisions of the said circular and framing of cyber security and cyber resilience are required to be complied by all Stock Brokers and Depository Participants registered with SEBI. The policy has been considered, taken on record and approved by the board of directors of the company at their duly convened meeting held on March 16, 2019.
SCOPE OF THE FRAMEWORK Cyber‐attacks and threats attempt to compromise the Confidentiality, Integrity and Availability (CIA) of the computer systems, networks and databases (Confidentiality refers to limiting access of systems and information to authorized users, Integrity is the assurance that the information is reliable and accurate, and Availability refers to guarantee of reliable access to the systems and information by authorized users). Cyber security framework includes measures, tools and processes that are intended to prevent cyber‐attacks and improve cyber resilience. Cyber Resilience is an organization’s ability to prepare and respond to a cyber‐attack and to continue operation during, and recover from, a cyber‐attack. With the view to strengthen and improve Cyber Security and Cyber Resilience framework, the board of directors of the company shall review this policy documents and implementation thereof at least once annually.
DESIGNATED OFFICER The company nominates Mr. MUNISH BAJAJ as Designated Officer of the company to assess, identify, and reduce security and Cyber Security risks, respond to incidents, establish appropriate standards and controls, and direct the establishment and implementation of processes and procedures as per the Cyber Security Policy.
CONSTITUTION OF TECHNOLOGY COMMITTEE
1. The Company constitutes a technology committee (“the committee”) with following members:

Sr. No.	Name of the committee Members	Designation of the Members
1	Mr. MUNISH BAJAJ	Designated officer/Chairperson
2	Mr. SATEESH CHANDRA RAI	Member

6.2 Such committee shall on a half yearly basis review the implementation of the Cyber Security and Cyber Resilience policy. Such review shall include but not limited up to, reviewing of current IT and Cyber Security and Cyber Resilience capabilities, setting up of goals for a target level of Cyber Resilience, and establishing plans to improve and strengthen Cyber Security and Cyber Resilience. The review shall be placed before the Board of directors for taking appropriate action(s), if required.

6.3 The Designated officer and the technology committee shall periodically review instances of cyber‐attacks, if any, domestically and globally, and take steps to strengthen Cyber Security and cyber resilience framework.

IDENTIFICATION, ASSESSMENT AND MANAGEMENT OF CYBER SECURITY RISK

The company shall ensure the following steps in order to identify, assess, and manage Cyber Security risk associated with processes, information, networks and systems.

IDENTIFICATION OF CRITICAL IT ASSETS AND RISKS ASSOCIATED WITH SUCH ASSETS The committee and designated officer shall identify the critical assets based on their sensitivity and criticality for business operations, services and data management including various servers, data processing systems, and information technology (IT) related hardware and software etc. The IT team shall maintain up‐to‐date inventory of its hardware and systems and the personnel to whom these have been issued, software and information assets (internal and external), details of its network resources, connections to its network and data flows.
PROTECTION OF ASSETS BY DEPLOYING SUITABLE CONTROLS, TOOLS AND MEASURES

In order to protect the cyber safety, the company shall ensure the measures which include, however not limited up to:

• Access controls

• Physical Security

• Network Security Management

• Data security

• Hardening of Hardware and Software

• Application Security in Customer Facing Applications

• Certification of off‐the‐shelf products

• Patch management •Disposal of data, systems and storage devices

• Vulnerability Assessment and Penetration Testing (VAPT)

The company shall take all such steps to protect assets of the company by deploying suitable controls, tools and measures in conformity with the provisions of SEBI circular SEBI/HO/MIRSD/CIR/PB/2018/147 dated December 3, 2018 and any amendment or substitution thereof. However, the committee and designated officer of the company shall additionally deploy such measures in this respect, as may be warranted from time to time.

7.3 DETECTION OF INCIDENTS, ANOMALIES AND ATTACKS THROUGH APPROPRIATE MONITORING TOOLS/PROCESSES

Necessary steps as may be required to monitor and for early detection of unauthorised or malicious activities, unauthorised changes, unauthorised access and unauthorised copying or transmission of data / information held in contractual or fiduciary capacity, by internal and external parties shall be maintained, appreciated and taken care on. The security logs of systems, applications and network devices exposed to the internet shall also be, from to time, monitored for anomalies, if any. The company shall ensure high resilience, high availability and timely detection of attacks on systems and networks exposed to the internet, and implement suitable mechanisms to monitor capacity utilization of its critical systems and networks that are exposed to the internet.

7.4 RESPONDING BACK BY TAKING IMMEDIATE STEPS AFTER IDENTIFICATION OF THE INCIDENT, ANOMALY OR ATTACK

The alerts generated from monitoring and detection of systems in order to determine activities that are to be performed to prevent expansion of such incident of cyber-attack or breach, mitigate its effect and eradicate the incident. In case of affection of systems by incidents of cyber‐attacks or breaches, the company shall ensure timely restoration of the same in order to provide uninterrupted services. The committee and designated officer shall ensure to have the same Recovery Time Objective (RTO) and Recovery Point Objective (RPO) as per regulatory requirements. With a view to providing quick responses to such cyber‐attacks, the committee shall formulate a response plan defining responsibilities and actions to be performed by its employees and support / outsourced staff in the event of cyber‐attacks or breach of Cyber Security mechanism. Such plan and any modification therein shall be circulated amongst all the employees and support / outsourced staff from time to time.

7.5 RECOVERY FROM INCIDENT(S) THROUGH INCIDENT MANAGEMENT AND OTHER APPROPRIA TERECOVERY MECHANISMS

The company shall take into account the outcomes of any incident of loss or destruction of data or systems and accordingly shall take precautionary measures to strengthen the security mechanism and improve recovery planning and processes. Periodic checks to test the adequacy and effectiveness of the aforementioned response and recovery plan shall be done.

The technology committee in accordance with the provisions of the said circular and formed hereinafter this framework, shall ensure that this framework considers the principles prescribed by National Critical Information Infrastructure Protection Centre (NCIIPC) of National Technical Research Organization (NTRO), Government of India (titled ‘Guidelines for Protection of National Critical Information Infrastructure’) and subsequent revisions, if any, from time to time.
COMMUNICATION OF UNUSUAL ACTIVITIES AND EVENTS IT team of the company under guidance of the committee shall monitor unusual activities and events and shall facilitate communication of the same to designated officer for necessary actions, as may be required.

To prevent the cyber-attacks, the employees, members and participants shall assist the company to mitigate cyber-attacks by adhering the followings:

To attend the cyber safety and trainings programs as conducted by the company from time to time.
To endure installation, usage and regular update of antivirus and antispyware software on computer used by them.
Use a firewall for your Internet connection.
Download and install software updates for your operating systems and applications as they become available.
Make backup copies of important business data and information.
Control physical access to your computers and network components.
Keep your Wi‐Fi network secured and hidden.
To adhere limited employee access to data and information and limited authority to install software.
Regularly change passwords.
Do not use or attach unauthorised devices.
Do not try to open restricted domains.
Avoid saving your personal information on computer or any financial data on any unauthentic website.
To get your computer regularly scanned with anti‐virus software.
Do not release sensitive data of the organization.
Further the company shall ensure that:
No person by virtue of rank or position shall have any intrinsic right to access confidential data, applications, system resources or facilities.
Any access to the systems, applications, networks, databases, etc., shall be for a defined purpose and for a defined period. The company shall grant access to IT systems, applications, databases and networks on a need‐to‐use basis and based on the principle of least privilege. Such access shall be for the period when the access is required and should be authorized using strong authentication mechanisms.
An access policy which addresses strong password controls for users’ access to systems, applications, networks and databases shall be implemented.
All critical systems accessible over the internet should have two‐factor security (such as VPNs, Firewall controls etc.), as far as possible.
The company shall ensure that records of user access to critical systems, wherever possible, are uniquely identified and logged for audit and review purposes and such logs would be maintained and stored in a secure location for a time period not less than two (2) years.
The company shall be required to deploy controls and security measures to supervise staff with elevated system access entitlements (such as admin or privileged users) to company’s critical systems. Such controls and measures shall inter‐alia include restricting the number of privileged users, if any, periodic review of privileged users’ activities, disallow privileged users from accessing systems logs in which their activities are being captured, strong controls over remote access by privileged users, etc.
Employees and outsourced staff such as employees of vendors or service providers, who may be given authorized access to the critical systems, networks and other computer resources, shall be subject to stringent supervision, monitoring and access restrictions.
An Internet access policy to monitor and regulate the use of internet and internet based services such as social media sites, cloud‐based internet storage sites, etc. within the company’s critical IT infrastructure shall be formulated.
User Management shall address deactivation of access of privileges of users who are leaving the organization or whose access privileges have been withdrawn.
Physical access to the critical systems shall be restricted to minimum and only to authorized officials. Physical access of outsourced staff / visitors shall be properly supervised by ensuring at the minimum that outsourced staff / visitors are accompanied at all times by authorized employees.
Physical access to the critical systems shall be revoked immediately if the same is no longer required.
The company will ensure that the perimeter of the critical equipments room, if any, shall be physically secured and monitored by employing physical, human and procedural controls such as the use of security guards, CCTVs, card access systems, mantraps, bollards, etc. where appropriate.
The company shall establish baseline standards to facilitate consistent application of security configurations to operating systems, databases, network devices and enterprise mobile devices within their IT environment. The LAN and wireless networks shall be secured within the premises with proper access controls.
For algorithmic trading facilities, adequate measures shall be taken to isolate and secure the perimeter and connectivity to the servers running algorithmic trading applications, if any.
The company shall install network security devices, such as firewalls, proxy servers, intrusion detection and prevention systems (IDS) to protect their IT infrastructure which is exposed to the internet, from security exposures originating from internal and external sources.
Adequate controls shall be deployed to address virus / malware / ransomware attacks. These controls may include host / network / application based IDS systems, customized kernels for Linux, anti‐virus and anti‐malware software etc.
Critical data shall be identified and encrypted in motion and at rest by using strong encryption methods. Illustrative measures in this regard are given in Annexure A and B.
The company shall implement measures to prevent unauthorized access or copying or transmission of data / information held in contractual or fiduciary capacity. It shall ensure that confidentiality of information is not compromised during the process of exchanging and transferring information with external parties.
This security policy also covers use of devices such as mobile phones, faxes, photocopiers, scanners, etc., within their critical IT infrastructure, that can be used for capturing and transmission of sensitive data. For instance, defining access policies for personnel, and network connectivity for such devices etc.
The company shall allow only authorized data storage devices within their IT infrastructure through appropriate validation processes.
The company shall only deploy hardened hardware / software, including replacing default passwords with strong passwords and disabling or removing services identified as unnecessary for the functioning of the system.
Open ports on networks and systems which are not in use or that can be potentially used for exploitation of data shall be blocked and measures taken to secure them.
Application security for Customer facing applications offered over the Internet such as IBTs (Internet Based Trading applications), portals containing sensitive or private information and Back office applications (repository of financial and personal information offered by Brokers to Customers) are paramount as they carry significant attack surfaces by virtue of being available publicly over the Internet for mass use. Required measures for ensuring security in such applications shall be ensured.
The company shall ensure that off the shelf products, if any, being used for core business functionality (such as Back office applications) should bear Indian Common criteria certification of Evaluation Assurance Level 4. The Common criteria certification in India is being provided by (STQC) Standardisation Testing and Quality Certification (Ministry of Electronics and Information Technology). Custom developed / in‐house software and components need not obtain the certification, but have to undergo intensive regression testing, configuration testing etc. The scope of tests shall include business logic and security controls.
The company establish and ensure that the patch management procedures include the identification, categorization and prioritization of patches and updates. An implementation timeframe for each category of patches should be established to apply them in a timely manner.
The company shall perform rigorous testing of security patches and updates, where possible, before deployment into the production environment so as to ensure that the application of patches do not impact other systems.
Suitable policy for disposal of storage media and systems shall be framed as may be required. The critical data / Information on such devices and systems shall be removed by using methods such as crypto shredding / degauss / Physical destruction as applicable.
The company shall formulate a data‐disposal and data‐retention policy to identify the value and lifetime of various parcels of data.
The company shall regularly conduct vulnerability assessment to detect security vulnerabilities in their IT environments exposed to the internet, as and when required.
The company with systems publicly available over the internet shall also carry out penetration tests, at‐least once a year, in order to conduct an in‐depth evaluation of the security posture of the system through simulations of actual attacks on its systems and networks that are exposed to the internet. In addition, the company shall perform vulnerability scanning and conduct penetration testing prior to the commissioning of a new system that is accessible over the internet.
In case of vulnerabilities discovered in off‐the‐shelf products (used for core business) or applications provided by exchange empanelled vendors, the company shall report them to the vendors and the exchanges in a timely manner.
Remedial actions, if required, shall be immediately taken to address gaps that are identified during vulnerability assessment and penetration testing.
The company shall establish appropriate security monitoring systems and processes to facilitate continuous monitoring of security events / alerts and timely detection of unauthorised or malicious activities, unauthorised changes, unauthorised access and unauthorised copying or transmission of data / information held in contractual or fiduciary capacity, by internal and external parties. The security logs of systems, applications and network devices exposed to the internet shall also be monitored for anomalies, if any.
Further, to ensure high resilience, high availability and timely detection of attacks on systems and networks exposed to the internet, the company shall implement suitable mechanisms to monitor capacity utilization of its critical systems and networks that are exposed to the internet, for example, controls such as firewalls to monitor bandwidth usage.
Alerts, if any, generated from monitoring and detection systems shall be suitably investigated in order to determine activities that are to be performed to prevent expansion of such incident of cyber attack or breach, mitigate its effect and eradicate the incident.
The response and recovery plan of the company shall have plans for the timely restoration of systems affected by incidents of cyber‐attacks or breaches, for instance, offering alternate services or systems to Customers. The company shall have the same Recovery Time Objective (RTO) and Recovery Point Objective (RPO) as per regulatory requirements.
Responsibilities and actions to be performed by company’s employees and support / outsourced staff in the event of cyber‐attacks or breach of Cyber Security mechanism shall be defined.
Any incident of loss or destruction of data or systems shall be thoroughly analyzed and lessons learned from such incidents shall be incorporated to strengthen the security mechanism and improve recovery planning and processes.
Suitable periodic checks to test the adequacy and effectiveness of the aforementioned response and recovery plan shall be done.

11. SUBMISSION OF QUARTERLY REPORTS

Quarterly reports containing information on cyber‐attacks and threats experienced, if any, by the company and measures taken to mitigate vulnerabilities, threats and attacks including information on bugs / vulnerabilities / threats that may be useful for other Stock Brokers / Depository Participants shall be submitted to Stock Exchanges / Depositories, as per statutory requirements / guidelines.

12. TRAINING AND EDUCATION

The committee and designated officer shall conduct training and educational sessions for employees to make them aware on building Cyber Security and basic system hygiene awareness, to enhance knowledge of IT / Cyber Security Policy and standards among the employees incorporating up‐to‐date Cyber Security threat alerts, including to outsourced staff, vendors, if any, and shall take all such steps as may be deemed appropriate by them in this respect.

13. SYSTEMS MANAGED BY VENDORS

Whenever the systems (IBT, Back office and other Customer facing applications, IT infrastructure, etc.) of the company are managed by vendors and the company may not be able to implement some of the aforementioned guidelines directly, the company shall, from time to time, instruct the vendors to adhere to the applicable guidelines in the Cyber Security and Cyber Resilience policy and obtain the necessary self‐certifications from them to ensure compliance with the policy guidelines.

14 . SYSTEMS MANAGED BY MIIS Wherever

the applications are offered to customers over the internet by MIIs (Market Infrastructure Institutions), for eg.: NSE’s NOW, BSE’s BEST etc., the responsibility of ensuring Cyber Resilience on those applications reside with the MIIs and not with the company. In such case, the company is exempted from applying the aforementioned guidelines to such systems offered by MIIs such as NOW, BEST, etc.

15. PERIODIC AUDIT

The company shall arrange to have its systems audited on an annual basis by a CERT‐IN empanelled auditor or an independent CISA / CISM qualified auditor to check compliance with the above areas and shall submit the report to Stock Exchanges / Depositories along with the comments of the Board / committee / any committee thereof within three months of the end of the financial year.

Enclosures:

Annexure A: Illustrative Measures for Data Security on Customer Facing Applications

Annexure B: Illustrative Measures for Data Transport Security

Annexure C: Illustrative Measures for Application Authentication Security

Annexure A

Illustrative Measures for Data Security on Customer Facing Applications

Analyse the different kinds of sensitive data shown to the Customer on the frontend application to ensure that only what is deemed absolutely necessary is transmitted and displayed.
Wherever possible, mask portions of sensitive data. For instance, rather than displaying the full phone number or a bank account number, display only a portion of it, enough for the Customer to identify, but useless to an unscrupulous party who may obtain covertly obtain it from the Customer’s screen. For instance, if a bank account number is “123 456 789”, consider displaying something akin to “XXX XXX 789” instead of the whole number. This also has the added benefit of not having to transmit the full piece of data over various networks.
Analyse data and databases holistically and draw out meaningful and “silos” (physical or virtual) into which different kinds of data can be isolated and cordoned off. For instance, a database with personal financial information need not be a part of the system or network that houses the public facing websites of the Stock Broker. They should ideally be in discrete silos or DMZs.
Implement strict data access controls amongst personnel, irrespective of their responsibilities, technical or otherwise. It is infeasible for certain personnel such as System Administrators and developers to not have privileged access to databases. For such cases, take strict measures to limit the number of personnel with direct access, and monitor, log, and audit their activities. Take measures to ensure that the confidentiality of data is not compromised under any of these scenarios.
Use industry standard, strong encryption algorithms (eg: RSA, AES etc.) wherever encryption is implemented. It is important to identify data that warrants encryption as encrypting all data is infeasible and may open up additional attack vectors. In addition, it is critical to identify the right personnel to be in charge of, and the right methodologies for storing the encryption keys, as any compromise to either will render the encryption useless.
Ensure that all critical and sensitive data is adequately backed up, and that the backup locations are adequately secured. For instance, on servers on isolated networks that have no public access endpoints, or on‐premise servers or disk drives that are off‐limits to unauthorized personnel. Without up‐to‐date backups, a meaningful recovery from a disaster or cyber‐attack scenario becomes increasingly difficult.

Annexure B

Illustrative Measures for Data Transport Security

1.When an Application transmitting sensitive data communicates over the Internet with the Stock Brokers’ systems, it should be over a secure, encrypted channel to prevent Man‐In‐The‐Middle (MITM) attacks, for instance, an IBT or a Back office communicating from a Customer’s web browser or Desktop with the Stock Brokers’ systems over the internet, or intra or inter organizational communications. Strong transport encryption mechanisms such as TLS (Transport Layer Security, also referred to as SSL) should be used.
For Applications carrying sensitive data that are served as web pages over the internet, a valid, properly configured TLS (SSL) certificate on the web server is mandatory, making the transport channel HTTP(S).
Avoid the use of insecure protocols such as FTP (File Transfer Protocol) that can be easily compromised with MITM attacks. Instead, adopt secure protocols such as FTP(S), SSH and VPN tunnels, RDP (with TLS) etc.

Annexure C

Illustrative Measures for Application Authentication Security

1.Any Application offered by Stock Brokers to Customers containing sensitive, private, or critical data such as IBTs, SWSTs, Back office etc. referred to as “Application” hereafter) over the Internet should be password protected. A reasonable minimum length (and no arbitrary maximum length cap or character class requirements) should be enforced. While it is difficult to quantify password “complexity”, longer passphrases have more entropy and offer better security in general. Stock Brokers should attempt to educate Customers of these best practices.
2.Passwords, security PINs etc. should never be stored in plain text and should be one‐way hashed using strong cryptographic hash functions (e.g.: bcrypt, PBKDF2) before being committed to storage. It is important to use one‐way cryptographic hashes to ensure that stored password hashes are never transformed into the original plaintext values under any circumstances.
For added security, a multi‐factor (e.g.: two‐factor) authentication scheme may be used (hardware or software cryptographic tokens, VPNs, biometric devices, PKI etc.). In case of IBTs and SWSTs, a minimum of two‐factors in the authentication flow are mandatory.
In case of Applications installed on mobile devices (such as smartphones and tablets), a cryptographically secure biometric two‐factor authentication mechanism may be used.
After a reasonable number of failed login attempts into Applications, the Customer’s account can be set to a “locked” state where further logins are not possible until a password and authentication reset is performed via an out‐of‐band channel validation, for instance, a cryptographically secure unique link that is sent to the Customer’s registered e‐mail, a random OTP (One Time Password) that is sent as an SMS to the Customer’s registered mobile number, or manually by the Broker after verification of the Customer’s identity etc.
Avoid forcing Customers to change passwords at frequent intervals which may result in successive, similar, and enumerated passwords. Instead, focus on strong multi‐factor authentication for security and educate Customers to choose strong passphrases. Customers may be reminded within reasonable intervals to update their password and multi‐factor credentials, and to ensure that their out‐of‐band authentication reset information (such as e‐mail and phone number) are up‐to‐date.
Both successful and failed login attempts against a Customer’s account may be logged for a reasonable period of time. After successive login failures, it is recommended that measures such as CAPTCHAs or rate‐limiting be used in Applications to thwart manual and automated brute force and enumeration attacks against logins.

Note: Reference SEBI circular, Exchange’s Circular

19. Standard Operating Procedure (SOP) for handling Cyber Security Incidents

References of SOP:

SEBI circular SEBI/HO/MIRSD/CIR/PB/2018/147 dated December 03, 2018

NSE Exchange circular:

NSE/INSP/41723 dated July 26, 2019, NSE/INSP/42422 dated October 16, 2019, NSE/INSP/44826 dated June 30, 2020

MCX Exchange circular:

MCX/TECH/144/2019 dated March 19, 2019, MCX/TECH/375/2019 dated July 19, 2019, MCX/TECH/587/2019 dated October 16, 2019, MCX/TECH/275/2021 dated May 01, 2021

CDSL Communique: CDSL/OPS/DP/POLCY/2019/375 dt.06th July 2019

CDSL/OPS/DP/POLCY/2019/535 dt 23rd Oct 2019 CDSL/OPS/DP/POLCY/2021/207 dt. May 04, 2021

“Cyber Security & Cyber Resilience framework for Stock Brokers / Depository Participants” and SEBI email dated April 16, 2021 with the subject “Standard Operating Procedure (SOP) for handling cyber security incidents”.

Members/DP are hereby advised by exchange/regulators to prepare the SOP regarding handling as well as reporting of Cyber Security incidents faced by the MSBeTRADE as per following:-

MSBeTrade shall have a documented Cyber Security incident handling procedure (Standard Operating Procedure “SOP”)
Such Policy shall be approved by Board of the Member and shall be reviewed annually by the “Internal Technology Committee”
MSBeTrade shall examine the Cyber Security incident and classify the Cyber Security incident into LOW/MEDIUM/HIGH
The Cyber Security incident procedure document shall explain decision on Action/Response for the Cyber Security Incident based on severity.
MSBe-Trade shall report the Cyber Security incident to Indian Computer Emergency Response Team (CERT-in)
MSBe-Trade Shall provide the reference details of the reported Cyber Security Incident with CERT-in to the Exchange and SEBI. Also provide details, regarding whether CERT-in team is in touch with the MSBe-Trade for any assistance on the reposted Cyber Security incident. It the Cyber Security incident is not reported to CERT-in, MSBe-Trade shall submit the reasons for the same to the Exchange and SEBI. MSBe-Trade shall communicate with CERT-in/Ministry of Home Affairs (MHA)/Cyber Security Cell of Police for further assistance on the reported Cyber Security incident.
MSBe-Trade shall submit details whether Cyber Security incident has been registered as a complaint with law enforcement agencies such as Police or its Cyber Security cell. And also details will be provided to Exchange and SEBI.
If complaint is not registered, then the reason for not registering complaint shall also be provide to Exchange and SEBI.

The detail of the reported Cyber Security incident and submission to various agencies by the MSBe-Trade shall submit it to Division Chefs (In-Charges of division) of DOS-MIRSD and CISO of SEBI.

The Designated Officer /Technology Committee of the MSBe-Trade formed as the guidelines of SEBI/Exchange/Depository and shall continue to report any unusual activities and events within 24 hours of receipt of such information as well as submit the quarterly report on the cyber attack & threats within 15 days after the end of the quarter in the manner as specified by SEBI/Exchanges/Depository

The details of Technology Committee of the MSBe-Trade:

Sr. No.	Name of the committee Members	Designation of the Members
1	Mr. MUNISH BAJAJ	Designated officer/Chairperson
2	Mr. SATEESH CHANDRA RAI	Member

PP22. Policy for outsourcing activities

Purpose & Scope

SEBI Regulations for various intermediaries require that they shall render at all times high standards of service and exercise due diligence and ensure proper care in their operations.

It has been observed that often the intermediaries resort to outsourcing with a view to reduce costs, and at times, for strategic reasons.

Meaning Outsourcing

Meaning Outsourcing may be defined as the use of one or more than one third party – either within or outside the group - by a registered intermediary to perform the activities associated with services which the intermediary offers.

Direction

SEBI vide its circular no. CIR/MIRSD/24/2011 dated December 15, 2011 issued a General Guidelines on Outsourcing of Activities by Intermediaries, SEBI decided to put in place comprehensive guidelines to collectively cover principals for outsourcing for Intermediaries. Core business activities are not to be outsourced by stock brokers.

Principles for outsourcing for intermediaries

Assessment of activities to be outsourced
Comprehensive outsourcing risk management programme
Due diligence of intermediary selected
Outlining Outsourcing relationship
Confidentiality of the information outsourced
Concentration of outsourced services in the hands of a select few third parties Risks involved in outsourcing of activities
1. Operational risk
2. Reputational risk
3. Legal risk
4. Country risk
5. Strategic risk
6. Exit-strategy risk
7. Counter party risk
8. Systemic risk

Activities that shall not be Outsourced

MSB e-Trade desirous of outsourcing their activities shall not, however, outsource their core business activities and compliance functions. A few examples of core business activities may be – execution of orders and monitoring of trading activities of clients in case of stock brokers; dematerialisation of securities in case of depository participants; investment related activities in case of Mutual Funds and Portfolio Managers. Regarding Know Your Client (KYC) requirements, the intermediaries shall comply with the provisions of SEBI {KYC (Know Your Client) Registration Agency} Regulations, 2011 and Guidelines issued thereunder from time to time.

We, MSB e-Trade Securities Limited, have at the moment decided not to outsource any functional/ operational activities of the company.

PP23. SURVEILLANCE POLICY

BACKGROUND

Exchange(s) / Depository(es) vide their circulars Circular No. NSE/SURV/48818 dated July 01, 2021 and Circular Nos CDSL/OPS/DP/SYSTM/2021/309 dated July 15, 2021 have mandated the need of on-going framework for surveillance obligation of trading members / depository participants and has identified enhancements to make the said earlier framework more effective.

The company has laid down policy guidelines which have been framed in the light of above said circulars, we are adopting and implementing this surveillance policy applicable to both Stock Broking and Depository Participant`s Operations of the company w.e.f. 01.08.2021.

The policy has been approved by its Board of Directors in Board Meeting held at the Registered Office of the company on ____________

What is Surveillance?

Surveillance is the process of collecting and analyzing information concerning markets in order to detect unfair transactions that may violate securities related laws, rules and regulations. In order to ensure investor protection and to safeguard the integrity of the markets, it is imperative to have in place an effective market surveillance mechanism. The main objective of the surveillance function is to help maintain a fair and effective market for securities.

Therefore, we have decided to undertake adequate measures for ensuring effectiveness and efficiency of the trading and depository system. The Company with the above motive in mind has framed Surveillance policy focusing on:

To establish a surveillance mechanisms and controls in the operations /trading activity
To put in place appropriate controls for the detection and reporting of suspicious trading activities in accordance with applicable laws/laid down procedures.
To comply with applicable laws and regulatory guidelines.
1. Surveillance Policy for Stock Broking Operations:-
The Stock Exchange(s) are providing alerts based on predefined criteria to the all the stock brokers through their portals. As per applicable Circulars, the Company is reviewing these alerts and taking appropriate actions after carrying out due diligence viz. either disposing off alerts with appropriate reasons/findings recorded or filing Suspicious Transaction Report (STR) with FIU-India in accordance with provisions of PMLA (Maintenance of records) Rules,2005.

TYPE of TRANSACTIONAL ALERTS DOWNLOADED BY THE EXCHANGE

Sr. No.	Transactional Alerts	Segment
1	Significantly increase in Client Activity	Cash
2	Sudden Trading activity in dormant account	Cash
3	Clients/Group of client(s), deal in common scrips	Cash
4	Client(s)/Group of Client(s) is concentrated in a few illiquid scrips	Cash
5	Client(s)/ Group of Client(s) dealing in scrip in minimum lot size	Cash
6	Client/ Group of Client(s) Concentration in a scrip	Cash
7	Circular Trading	Cash
8	Pump and Dump	Cash
9	Reversal of Trades	Cash & Derivatives
10	Front Running	Cash
11	Concentrated position in the Open Interest/High turnover concentration	Derivatives
12	Order Book Spoofing i.e. large orders away from market	Cash

In addition to above, the company has also implemented the mechanism to generate alerts as per guidance provided in exchange circulars based on following criteria:-
Trading activity in a single day by one client or group of clients who have contributed more than 25% in a single scrip or a single derivative contract.
A client or a group of clients who are either new client/ clients or who have reactivated their trading account after significant time gap and who have contributed more than 50% of the total trading volume of a single scrip or derivative contract in a single day.
Client or a group of clients dealing frequently in small quantities in a scrip.
Trading activity of a client found to be disproportionate considering a reported income range details or networth.
A client who has submitted modification request for changes in his/her/its demographic details of address, email id, mobile number, bank details etc. at least twice in a month.
A client or a group of clients who have been found to have direct or indirect connection with a listed company and who have executed any transactions prior to any dissemination of any price sensitive information by such listed company.
A client or group of clients having more than 20% volume of any scrip listed in for ‘information list’ or ‘current watch list’.
A client or group of clients which persistently earn or incur high amount of loss through their trading activities or clients who appear to have executed trades with the objective of transfer of profits or losses.
A client who is holding more than 5% of paid up capital of a listed company and has pledged 100% of his/her/it’s such holding for margin purpose and who has also significant trading volume in the same scrip which he/she/it holds.
In case of a client or a group of clients who have been identified as per any of the above criteria and whose orders are placed through a dealing office which is far from such client’s address as per his/her/its KYC.
A client having demat account with the company and who has holding in a scrip of more than 5% of paid up capital of a listed company which has received the same shares though off-market transfer.
A client who has received shares of a listed company through multiple off- market transfer and has pledged such shares.
Identification of IP addresses of clients to identify multiple client codes Page 3 of 8 trading from same IP address.
Clients who are connected with each other as per key KYC parameters of the clients as updated by respective client.

23.2 Surveillance Policy for operations as Depository Participant:-

Depositories are providing transactional alerts on biweekly basis based on threshold defined by NSDL / CDSL to the all the DPs report download utility. As per applicable Circular, the company is reviewing these alerts and taking appropriate actions after carrying out due diligence viz. either disposing off alerts with appropriate reasons/findings recorded or filing Suspicious Transaction Report (STR) with FIU-India in accordance with provisions of PMLA (Maintenance of records) Rules,2005.

In addition to the same, company has identified various Surveillance parameters in respect of its operations as Depository Participant to generate alerts as per guidance provided in NSDL / CDSL Circulars based on following criteria:

Multiple Demat accounts opened with same PAN/mobile number/ email ID/ bank account details/ address. While reviewing BO account details, the details of existing BO shall also be considered.
Email/ letters sent to clients on their registered email ID/address which bounces/ returns undelivered.
BO who has submitted modification request for changes in his/her/its demographic details of address, email id, mobile number, bank details, POA holder, Authorised Signatory etc. at least twice in a month.
Frequent off-market transfer of securities more than twice in a month without genuine reasons.
Off-market transactions not commensurate with the income/networth of the BO.
Pledge transactions not commensurate with the income/networth of the BO.
High value off-market transfer immediately after modification of either email ID/mobile number/ address without genuine reason.
Review of reasons for off-market transfer provided by the BO which appears non-genuine based on either profile of the BO or on account of reason codes, including frequent off-market transfer with reason code gift/donation to unrelated parties and/or with reason code off-market sales.
Sudden increase in transaction activity in a newly opened account in a short span of time. An account in which securities balance suddenly reduces to zero and an active account with regular transaction suddenly becomes dormant.

Depository to generate additional surveillance alerts:-

Sr. No.	Indicative themes:
1	Alert for multiple demat accounts opened with same demographic details: Alert for accounts opened with same PAN /mobile number / email id/ bank account no. / address considering the existing demat accounts held with the DP.
2	Alert for communication (emails/letter) sent on registered Email id/address of clients are getting bounced.
3	Frequent changes in details of demat account such as, address, email id, mobile number, Authorized Signatory, POA holder etc.
4	Frequent Off-Market transfers by a client in a specified period
5	Off-market transfers not commensurate with the income/Networth of the client.
6	Pledge transactions not commensurate with the income/Networth of the client.
7	Off-market transfers (High Value) immediately after modification of details in demat account
8	Review of reasons of off-market transfers provided by client for off-market transfers vis-à-vis profile of the client e.g. transfers with reason code Gifts with consideration, frequent transfers with reason code Gifts/Donation to unrelated parties, frequent transfers with reason code off-market sales
9	Alert for newly opened accounts wherein sudden Increase in transactions activities in short span of time and suddenly holding in demat account becomes zero or account becomes dormant after some time.
10	Any other alerts and mechanism in order to prevent and detect any type of market manipulation activity carried out by their clients.

23.3 Standard Operating Procedures (SOP) for PROCESSING AND REVIEW AND DISPOSAL OF ALERTS:-

The surveillance process shall be conducted under overall supervision of its Compliance Officer and he / she shall be the designated official tasked with the review, processing and disposal of alerts.

If the designated official finds after review and due diligence that the alert is required to be closed, the official shall close the same with appropriate remarks on Maker-Checker mechanism.

If the designated official after due diligence and making such inquiry, as such official finds necessary, comes to a conclusion that the given alert warrants an action, the official will forward the same with his/her views to the Designated Director for his/her approval.

In order to review, analyze and dispose off the alerts, the designated official may:-

Seek explanation / information from such identified Client(s) / Group of Client(s) for entering into such transactions. Letter/ email to be sent to client asking the client to confirm that client has adhered to trading regulations and details may be sought pertaining to source of funds and securities, economic sense and trading pattern.
Seek documentary evidence such as Bank Statement / Demat Transaction Statement, Financial Statements or any other documents to support the trading pattern of the client.

After analyzing the documentary evidences, including the Bank / Demat statement, the observations shall be recorded for such identified transactions or Client(s) / Group of Client(s).

If the designated official finds that action in respect of such alert is warranted, he/she shall take such actions including filing STR with FIU-India, informing to Stock Exchanges and Depository and/or discontinue the relationship with the client.

In case of adverse observations, the report of such instances along with adverse observations and details of actions taken shall be submitted to the Stock Exchanges/ Depository within 7 days from date of identification of such instances.

In case the client does not cooperate or does not revert within reasonable period, Exchange to be informed based on the information available with the member.

All efforts shall be made to dispose off a given alert within 45 days of its receipt / generation.

The records of alerts generated, disposed of as closed and details of action taken wherever applicable shall be maintained with such security measures as would make such records temper proof and the access is available on to designated officials under the supervision of the Compliance Officer.

23.4 MONITORING AND RECORD MAINTENANCE

The surveillance process shall be conducted under overall supervision of its Compliance Officer and based on facts and circumstances, he / she is required to take adequate precaution.

A quarterly MIS shall be put up by the Compliance Officer to the board and the Designated Director giving number of alerts generated during the quarter, number of alerts closed, number of alerts on which action taken with details of action taken and number of alerts pending at the end of the quarter along with reasons for pendency and action plan for closure. The Board as well as the Designated Director shall be appraised of any exception noticed during the disposal of the alerts

Reasons for pendency shall be discussed and appropriate action would be taken. In case of any exception noticed during the disposition of alerts, the same shall be put up to the Board.

Internal auditor shall review this policy, its implementation, effectiveness and review the alerts generated during the period of audit. Internal auditor shall record the observations with respect to the same in their report.

23.5 REPORTING OF ALERTS

The Company shall provide duly approved status of the Alerts on a Quarterly basis to the exchange in the format prescribed by the exchange within 15 days from the end of the quarter.

In case zero alert during the quarter, NIL report need to be submit to the exchange as per the prescribed format.

In case, Exchange/Depository provides any transactional alerts, Company shall ask the client to present the documents for clarifying the transaction within the period of 15 days from the date of alert and the same shall be disposed off within the period of 45 days (for Depository within the period of 30 days) and if the same is not disposed off within 45 days of the date of alert, then reason for the same shall be documented.

In case of Proprietary alerts, Company itself shall analyze and review the transactional alerts and disposed off the same within 45 (for Depository within the period of 30 days) days from the date of generation of alerts.

In case of adverse observations are recorded, the Company shall report all such instances to the Exchange within 45 days (for Depository within the period of 30 days) from the date of alert generation.

In case, Depository provides any transactional alerts, Company shall ask the client to present the documents for clarifying the transaction within the period of 15 days from the date of alert and the same shall be disposed off within the period of 45 days (for Depository within the period of 30 days) and if the same is not disposed off within 45 days (for Depository within the period of 30 days) of the date of alert, then reason for the same shall be documented.

23.6. REVIEW POLICY

This policy will be reviewed by the Designated Director, as and when there are any changes introduced by any statutory authority or atleast once in a year to ensure that same is updated and inline with market trends, updated regulations and practices.

PP24. POLICY FOR VOLUNTARY FREEZING OF ONLINE ACCESS OF CLIENT’S TRADING ACCOUNT

1. Introduction

This is with reference SEBI vide it’s circular SEBI/HO/MIRSD/POD-1/P/CIR/2024/4 dated January 12, 2024 and Exchanges vide their circulars dated April 08, 2024 on the subject “Ease of Doing Investments by investors - facility of voluntary freezing/blocking the online access to the clients on account of suspicious activities.

Purpose

The policy aims to guide MSB e-Trade clients on the process, modes, time lines, and other details for facilitating the voluntary freezing of their trading accounts to avoid any suspicious activity.

Scope and Applicability

This policy shall be applicable as and when clients intend to voluntary freeze / block online access to their trading account and subsequently desires to unfreeze the same. This is policy is the part of Risk Management Policy.This policy shall also form a part of the account opening kit for all new clients on boarded with effect from July 01, 2024.

Process & Procedute by the client to Voluntary freezing of online access of client’s trading account

a. Request for freezing

Through the Website

Client may request for voluntary freezing / blocking the online access to their trading account through the website www.msbetrade.com, the client must enter all following details Displays on the Page and submit the request:-

Client Code/ UCC Code no.
Client Name
E-mail id
Mobile no. (Registered)

Through Dedicated Email

Client may request by Dedicated Mail id - “stoptrade@msbetrade.co.in” with the following details

Subjecting of the Email “Request to freezing / blocking the online access to their trading account.”
Mail Text atleast “Request to freezing / blocking the online access to their trading account.”
Client Code/ UCC Code no.
Client Name
E-mail id
Mobile no. (Registered)
The client shall submit request for freeze.

b. Request for Un-freezing

Through the Website

Client may request for unfreezing / unblocking the online access to their trading account through the website www.msbetrade.com, the client must enter all following details Displays on the Page and submit the request:-

Client Code/ UCC Code no.
Client Name
E-mail id
Mobile no. (Registered)

Through Dedicated Email

Client may request by Dedicated Mail id - “kychelp@msbetrade.com” with the following details

Subjecting of the Email “Request to unfreezing / unblocking the online access to their trading account.”
Mail Text atleast “Request to unfreezing / unblocking the online access to their trading account.”
Client Code/ UCC Code no.
Client Name
E-mail id
Mobile no. (Registered)

Process & Procedute by the msb e-Trade to Voluntary freezing/blocking & unfreezing/unblocking of online access of client’s trading account

On receipt of such request, the online access of the client's trading account shall be voluntary freezed/blocked & unfreezed/unblocked by the backend team within the stipulated time frame i.w. within 15 minutes (for freezed/blocked)

Important Points to Note:

It is advised that the client closed all his open positions before giving the request for freezing the account.
Client’s account will be blocked, within 15 minutes of receiving the freeze request.
Confirmation of the freeze of the account will be sent via email and SMS, including process to unfreeze the account.
All pending orders, whether placed online or offline by the client, will be cancelled by the system and trading access will be blocked.
Clients will receive details of any open positions along with contract expiry information within an hour of freezing the account.
Upon freezing, the client will be logged out of the app but can log in for exploratory purposes without the ability to place trades.
Fund addition and withdrawal will be allowed.
In case client MTM is 80% or above, all the open positions will be auto squared off as per risk management policy of MSB e-Trade
In case of margin shortage, client position will be auto squared off to the extent of margin shortage.
If client’s account has a negative balance, their investments will be sold to cover the amount owed.
Any open position under Intraday product will be auto squared off by the system as per the Intraday product policy.
Simultaneously all the pending orders including ‘Good till date’ and Equity, F&O, CD, Commodity orders shall be cancelled.

7. Policy Review:

The said policy shall be a part of MSBETRADE’s Risk Management Policy and shall be reviewed along with the said policy on a half yearly basis.

8. Circular references:

SEBI/HO/MIRSD/POD-1/P/CIR/2024/4 dated January 12, 2024
NSE/INSP/61529 dated April 08, 2024
BSE notice 20240408-12 dated 08 Apr 2024
MCX/INSP/218/2024 dated April 09, 2024
NCDEX/COMPLIANCE-025/2024 dated April 09, 2024

PP25 POLICY FOR ANTI MONEY LAUNDERING :

Please find separately as per the PMLA policy of the company

“POLICY FOR ANTI MONEY LAUNDERING”

[AML AND COMBATING FINANCING OF TERRORISM (CFT)]

Point No. From – To	Particulars
1-2	Introduction
3-4	Background
5-7	Policies and Procedures to Combat Money Laundering (ML) and Terrorist financing (TF) - Essential Principles:
8-12	Obligation to establish policies and procedures
13-13	Anti Money Laundering Procedures
14-17	Customer Due Diligence (CDD)
18-18	Policy for acceptance of clients
19-23	Client identification procedure
24-25	Reliance on third party for carrying out Client Due Diligence (CDD)
26-28	Risk Based Approach
29-32	Risk Assessment
33-37	Monitoring of transactions
38-42	Suspicious Transaction Monitoring & Reporting
43-43	Information to be maintained
44-53	Record Keeping
54-61	Procedure for freezing of funds, financial assets or economic resources or related services
62-70	List of Designated Individuals/ Entities
71-72	Jurisdictions that do not or insufficiently apply the FATF Recommendations
73-75	Reporting to Financial Intelligence Unit-India
76-76	Designation of officers for ensuring compliance with provisions of PMLA Appointment of a Principal Officer
77-79	Appointment of a Designated Director
80-80	Hiring and Training of Employees and Investor Education
81-81	Training of Employees:
82-82	Investor Education
83-83	Repeal and Savings
83-83	References
83-83	Appendix - Circulars shall stand rescinded from the date of issuance of this Circular

Definitions

In this Policy unless the context otherwise requires:-

“Registered Intermediary(ies)” or Intermediary(ies) means a MSB e-Trade Securities Limited (MSB e-Trade) (Trading Member of NSE/BSE/MSEI/MCX/NCDEX DP:CDSL)

Introduction

Money laundering and terrorist financing summarizes the main provisions of the applicable anti money laundering and anti-terrorist financing legislation in India and provides guidance on the practical implications of the Act. The Guidelines also sets out the steps that we & our representatives, should implement to discourage and identify any money laundering or terrorist financing activities. The relevance and usefulness of these Guidelines will be kept under review and it may be necessary to issue amendments from time to time.
These Guidelines are intended for use primarily by the company should consider the specific nature of its business, organizational structure, type of customers and transactions, etc. when implementing the suggested measures and procedures to ensure that they are effectively applied. The overriding principle is that we should adequate, appropriate and follow the spirit of these measures and the requirements as enshrined in the Prevention of Money Laundering Act, 2002. (PMLA).

Background

1. The Prevention of Money Laundering Act, 2002 came into effect from 1^st July 2005, the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005 (PML Rules), Necessary Notifications as amended from time to time and notified by the Govt. of India / Rules under the said Act were published in the Gazette of India on 1^st July 2005 by the Department of Revenue, Ministry of Finance, and Government of India. As per the provisions of the Act, every banking company, financial institution (which includes chit fund company, a co-operative bank, a housing finance institution and a non-banking financial company) and intermediary (which includes a stock-broker, sub-broker, share transfer agent, banker to an issue, trustee to a trust deed, registrar to an issue, merchant banker, underwriter, portfolio manager, investment adviser and any other intermediary associated with securities market and registered under section 12 of the Securities and Exchange Board of India Act, 1992) shall have to maintain a record of all the transactions; the nature and value of which has been prescribed in the Rules under the PMLA. Such transactions include:
All cash transactions of the value of more than Rs 10 lacs or its equivalent in foreign currency.
All series of cash transactions integrally connected to each other which have been valued below Rs 10 lakhs or its equivalent in foreign currency where such series of transactions take place within one calendar month.
All suspicious transactions whether or not made in cash and including, inter-alia, credits or debits into from any non-monetary account such as d-mat account, security account maintained by the registered intermediary.
1. The PMLA inter alia provides that violating the prohibitions on manipulative and deceptive devices, insider trading and substantial acquisition of securities or control , It may, however, be clarified that for the purpose of suspicious transactions reporting, apart from ‘transactions integrally connected’, ‘transactions remotely connected or related’ should also be considered.

Policies and Procedures to Combat Money Laundering (ML) and Terrorist financing (TF)

Essential Principles:

The Directives/Guidelines and suggested measures and procedures having taken into account as per the PMLA in preventing ML and TF but also the company shall consider carefully the specific nature of its business, organizational structure, type of client and transaction, etc. to satisfy itself that the measures taken by it are adequate and appropriate and follow the spirit of the suggested measures and the requirements as laid down time to time.
Client Due Diligence (CDD)/ Anti Money Laundering (AML) standards specified by SEBI and the regulators of the host country, branches/overseas subsidiaries of registered intermediaries are required to adopt the more stringent requirements of the two.
If the host country does not permit the proper implementation of AML/CFT measures consistent with the home country requirements, financial groups shall be required to apply appropriate additional measures to manage the ML/TF risks, and inform SEBI.

Obligation to establish policies and procedures

Global measures taken to combat drug trafficking, terrorism and other organized and serious crimes have all emphasized the need for financial institutions, including securities market intermediaries, to establish internal procedures that effectively serve to prevent and impede money laundering and terrorist financing. The PMLA is in line with these measures and mandates that all registered intermediaries ensure the fulfilment of the aforementioned obligations
The term “group" shall have the same meaning assigned to it in clause (cba) of sub-rule (1) of Rule 2 of the PML Rules as amended from time to time. Groups shall implement group-wide policies for the purpose of discharging obligations under Chapter IV of the PMLA
Financial groups shall be required to implement group wide programmes for dealing with ML/TF, which shall be applicable, and appropriate to, all branches and majority owned subsidiaries of the financial group as under:

a. policies and procedures for sharing information required for the purposes of CDD and ML/TF risk management;

b. the provision, at group level compliance, audit, and/or AML/CFT functions, of customer, account, and transaction information from branches and subsidiaries when necessary for AML/CFT purposes. This shall include information and analysis of transactions or activities which appear unusual (if such analysis was done); similar provisions for receipt of such information by branches and subsidiaries from these group level functions when relevant and appropriate to risk management; and

c. adequate safeguards on the confidentiality and use of information exchanged, including safeguards to prevent tipping-off.

To be in compliance with these obligations, the senior management of the company shall be fully committed to establishing appropriate policies and procedures for the prevention of ML and TF and ensuring their effectiveness and compliance with all relevant legal and regulatory requirements. We shall issue a statement of policies and procedures for dealing with ML and TF, Periodically / regularly as required provide the awareness/training/understood by all official staff to ensure effectiveness, system in place for identifying, monitoring and reporting suspected ML or TF transaction accordingly.

“issue a statement of policies and procedures and implement, on a group basis where applicable, for dealing with ML and TF reflecting the current statutory and regulatory requirements;”
ensure that the content of these Directives are understood by all staff members;
regularly review the policies and procedures on the prevention of ML and TF to ensure their effectiveness. Further, in order to ensure the effectiveness of policies and procedures, the person doing such a review shall be different from the one who has framed such policies and procedures;
adopt client acceptance policies and procedures which are sensitive to the risk of ML and TF;
undertake CDD measures to an extent that is sensitive to the risk of ML and TF depending on the type of client, business relationship or transaction;
have a system in place for identifying, monitoring and reporting suspected ML or TF transactions to the law enforcement authorities; and
develop staff members’ awareness and vigilance to guard against ML and TF.
1. Our policies and procedures cover
Communication of group policies relating to prevention of ML and TF to all management and relevant staff that handle account information, securities transactions, money and client records etc. whether in branches, departments or subsidiaries;
Client acceptance policy and client due diligence measures, including requirements for proper identification;
Maintenance of records;
Compliance with relevant statutory and regulatory requirements;
Co-operation with the relevant law enforcement authorities, including the timely disclosure of information; and
Role of internal audit or compliance function to ensure compliance with the policies, procedures, and controls relating to the prevention of ML and TF, including the testing of the system for detecting suspected money laundering transactions, evaluating and checking the adequacy of exception reports generated on large and/or irregular transactions, the quality of reporting of suspicious transactions and the level of awareness of front line staff, of their responsibilities in this regard; and,
The internal audit function shall be independent, adequately resourced and commensurate with the size of the business and operations, organization structure, number of clients and other such factors.
1. Anti Money Laundering Procedures procedure shall include inter alia, the following four specific parameters which are related to the overall ‘Client Due Diligence Process’
Policy for acceptance of clients
Procedure for identifying the clients
Risk Management
Monitoring of Transactions

Customer Due Diligence

The customers due diligence (“CDD”) means due diligence carried out on a client referred to in clause (ha) of sub-section (1) of section 2 of the PMLA using reliable and independent sources of identification
The CDD shall have regard to the money laundering and terrorist financing risks and the size of the business and shall include policies, controls and procedures, approved by the senior management, to enable the reporting entity to manage and mitigate the risk that have been identified either by the registered intermediary or through national risk assessment.
The CDD measures comprise the following:

Obtaining sufficient information in order to identify persons who beneficially own or control securities account. Whenever it is apparent that the securities acquired or maintained through an account are beneficially owned by a party other than the client, that party should be identified using client identification and verification procedures. The beneficial owner is the natural person or persons who ultimately own, control or influence a client and/or persons on whose behalf a transaction is being conducted. It also incorporates those persons who exercise ultimate effective control over a legal person or arrangement.
Identify the clients, verify their identity using reliable and independent sources of identification, obtain information on the purpose and intended nature of the business relationship, where applicable;
Verify the customer’s identity using reliable, independent source documents, data or information. Where the client purports to act on behalf of juridical person or individual or trust, the registered intermediary shall verify that any person purporting to act on behalf of such client is so authorized and verify the identity of that person.” Provided that in case of a Trust, the reporting entity shall ensure that trustees disclose their status at the time of commencement of an account based relationship.
Identify beneficial ownership and control, i.e. determine which individual(s) ultimately own(s) or control(s) the client and/or the person on whose behalf a transaction is being conducted -

The beneficial owner shall be determined as under-

where the client is a company, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical person, has a controlling ownership interest or who exercises control through other means.

Explanation:- For the purpose of this sub-clause:-

"Controlling ownership interest" means ownership of or entitlement to more than ten per cent of shares or capital or profits of the company;
"Control" shall include the right to appoint majority of the directors or to control the management or policy decisions including by virtue of their shareholding or management rights or shareholders’ agreements or voting agreements;

where the client is a partnership firm, the beneficial owner is the natural person(s) who, whether acting alone or together, or through one or more juridical person, has ownership of/ entitlement to more than ten percent of capital or profits of the partnership or who exercises control through other means.

Explanation:- For the purpose of this clause:- “Control” shall include the right to control the management or policy decision;

where the client is an unincorporated association or body of individuals , the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical person, has ownership of or entitlement to more than 15% (fifteen per cent.) of the property or capital or profits of such association or body of individuals;

where no natural person is identified under (a) or (b) or (c) above, the beneficial owner is the relevant natural person who holds the position of senior managing official;

Where the client is a trust, the identification of beneficial owner(s) shall include identification of the author of the trust, the trustee, the beneficiaries with 10 % (ten per cent) or more interest in the trust, settlor, protector and any other natural person exercising ultimate effective control over the trust through a chain of control or ownership; and

where the client or the owner of the controlling interest is an entity listed on a stock exchange in India, or it is an entity resident in jurisdictions notified by the Central Government and listed on stock exchanges in such jurisdictions notified by the Central Government, or it is a subsidiary of such listed entities, it is not necessary to identify and verify the identity of any shareholder or beneficial owner of such entities.

Applicability for foreign investors: Registered intermediaries dealing with foreign investors’ may be guided by SEBI Master Circular SEBI/HO/AFD-2/CIR/P/2022/175 dated December 19, 2022 and amendments thereto, if any, for the purpose of identification of beneficial ownership of the client;

The Stock Exchanges and Depositories shall monitor the compliance of the aforementioned provision on identification of beneficial ownership through half yearly internal audits. In case of mutual funds, compliance of the same shall be monitored by the Boards of the Asset Management Companies and the Trustees and in case of other registered intermediaries, by their Board of Directors.

Verify the identity of the beneficial owner of the customer and/or the person on whose behalf a transaction is being conducted, corroborating the information provided in relation to (c); and
Understand the ownership and control structure of the client;
Conduct ongoing due diligence and scrutiny, i.e. perform ongoing scrutiny of the transactions and account throughout the course of the business relationship to ensure that the transactions being conducted are consistent with the registered intermediary’s knowledge of the customer, its business and risk profile, taking into account, where necessary, the customer’s source of funds.
Registered intermediaries shall review the due diligence measures including verifying again the identity of the client and obtaining information on the purpose and intended nature of the business relationship, as the case may be, when there are suspicions of money laundering or financing of the activities relating to terrorism or where there are doubts about the adequacy or veracity of previously obtained client identification data; and
Registered intermediaries shall periodically update all documents, data or information of all clients and beneficial owners collected under the CDD process such that the information or data collected under client due diligence is kept up-to-date and relevant, particularly for high risk clients.
Every registered intermediary shall register the details of a client, in case of client being a non-profit organisation, on the DARPAN Portal of NITI Aayog, if not already registered, and maintain such registration records for a period of five years after the business relationship between a client and the registered intermediary has ended or the account has been closed, whichever is later.
Where registered intermediaries is suspicious that transactions relate to money laundering or terrorist financing, and reasonably believes that performing the CDD process will tip-off the client, the registered intermediary shall not pursue the CDD process, and shall instead file a STR with FIU-IND.”

Clarification on Know Your Client (KYC) Process and Use of Technology for KYC

Know Your Customer (KYC) and Customer Due Diligence (CDD) policies as part of KYC are the foundation of an effective Anti-Money Laundering process. The KYC process requires every SEBI registered intermediary (hereinafter referred to as ‘RI’) to collect and verify the Proof of Identity (PoI) and Proof of Address (PoA) from the investor.

The provisions as laid down under the Prevention of Money-Laundering Act, 2002, Prevention of Money-Laundering (Maintenance of Records) Rules, 2005, SEBI Master Circular on Anti Money Laundering (AML) dated October 15, 2019 and relevant KYC / AML circulars issued from time to time shall continue to remain applicable. Further, the SEBI registered intermediary shall continue to ensure to obtain the express consent of the investor before undertaking online KYC.

SEBI, from time to time has issued various circulars to simplify, harmonize the process of KYC by investors / RI. Constant technology evolution has taken place in the market and innovative platforms are being created to allow investors to complete KYC process online. SEBI held discussions with various market participants and based on their feedback and with a view to allow ease of doing business in the securities market, it has been decided to make use of following technological innovations which can facilitate online KYC:

eSign service is an online electronic signature service that can facilitate an Aadhaar holder to forward the document after digitally signing the same provided the eSign signature framework is operated under the provisions of Second schedule of the Information Technology Act and guidelines issued by the controller.
In terms of PML Rule 2 (1) (cb) “equivalent e-document” means an electronic equivalent of a document, issued by the issuing authority of such document with its valid digital signature, including documents issued to the Digital Locker account of the investor as per Rule 9 of the Information Technology (Preservation and Retention of Information by Intermediaries Providing Digital Locker Facilities) Rules, 2016.
Section 5 of the Information Technology Act, 2000 recognizes electronic signatures (which includes digital signature) and states that where any law provides that information or any other matter shall be authenticated by affixing the signature or any document shall be signed or bear the signature of any person then such requirement shall be deemed to have been satisfied, if such information or matter is authenticated by means of a digital signature affixed in such manner as prescribed by the Central Government. Therefore, the eSign mechanism of Aadhaar shall be accepted in lieu of wet signature on the documents provided by the investor. Even the cropped signature affixed on the online KYC form under eSign shall also be accepted as valid signature.

In order to enable the Online KYC process for establishing account based relationship with the RI, Investor’s KYC can be completed through online / App based KYC, in-person verification through video, online submission of Officially Valid Document (OVD) / other documents under eSign, in the following manner:

The investor visits the website/App/digital platform of the RI and fills up the online KYC form and submits requisite documents online.
The name, photograph, address, mobile number, email ID, Bank details of the investor shall be captured online and OVD / PAN / signed cancelled cheque shall be provided as a photo / scan of the original under eSign and the same shall be verified as under:

Mobile and email is verified through One Time Password (OTP) or other verifiable mechanism. The mobile number/s of investor accepted as part of KYC should preferably be the one seeded with Aadhaar. (the RI shall ensure to meet the requirements of the mobile number and email as detailed under SEBI circular no. CIR/MIRSD/15/2011 dated August 02, 2011)
Aadhaar is verified through UIDAIs authentication / verification mechanism. Further, in terms of PML Rule 9 (16), every RI shall, where the investor submits his Aadhaar number, ensure that such investor to redact or blackout his Aadhaar number through appropriate means where the authentication of Aadhaar number is not required under sub-rule (15). RI shall not store/ save the Aadhaar number of investor in their system. e-KYC through Aadhaar Authentication service of UIDAI or offline verification through Aadhaar QR Code/ XML file can be undertaken, provided the XML file or Aadhaar Secure QR Code generation date is not older than 3 days from the date of carrying out KYC. In terms of SEBI circular No. CIR/MIRSD/29/2016 dated January 22, 2016 the usage of Aadhaar is optional and purely on a voluntary basis by the investor.
PAN is verified online using the Income Tax Database.
Bank account details are verified by Penny Drop mechanism or any other mechanism using API of the Bank. (Explanation: based on bank details in the copy of the cancelled cheque provided by the investor, the money is deposited into the bank account of the investors to fetch the bank account details and name.) The name and bank details as obtained shall be verified with the information provided by investor.
Any OVD other than Aadhaar shall be submitted through Digiocker / under eSign mechanism.

iii. In terms of Rule 2 (d) of Prevention of Money-Laundering (Maintenance of Records) Rules, 2005 (PML Rules) “Officially Valid Documents” means the following:

the passport,
the driving licence,
proof of possession of Aadhaar number,
the Voter's Identity Card issued by Election Commission of India,
job card issued by NREGA duly signed by an officer of the State Government and

the letter issued by the National Population Register containing details of name, address, or any other document as notified by the Central Government in consultation with the Regulator.

iv. Further, Rule 9(18) of PML Rules states that in case OVD furnished by the investor does not contain updated address, the document as prescribed therein in the above stated Rule shall be deemed to be the OVD for the limited purpose of proof of address.

v. PML Rules allows an investor to submit other OVD instead of PAN, however, in terms of SEBI circular No. MRD/DoP/Cir- 05/2007 dated April 27, 2007 the requirement of mandatory submission of PAN by the investors for transaction in the securities market shall continue to apply.

vi. Once all the information as required as per the online KYC form is filled up by the investor, KYC process could be completed as under:

a. The investor would take a print out of the completed KYC form and after affixing their wet signature, send the scanned copy / photograph of the same to the RI under eSign, or

b. Affix online the cropped signature on the filled KYC form and submit the same to the RI under eSign.

vii. The RI shall forward the KYC completion intimation letter through registered post/ speed post or courier, to the address of the investor in cases where the investor has given address other than as given in the OVD. In such cases of return of the intimation letter for wrong / incorrect address, addressee not available etc, no transactions shall be allowed in such account and intimation shall also sent to the Stock Exchange and Depository.

viii. The original seen and verified requirement under SEBI circular no. MIRSD/SE/Cir-21/2011 dated October, 5 2011 for OVD would be met where the investor provides the OVD in the following manner:

As a clear photograph or scanned copy of the original OVD, through the eSign mechanism, or;
ii As digitally signed document of the OVD, issued to the DigiLocker by the issuing authority.

ix. SEBI vide circular no. MIRSD/Cir- 26 /2011 dated December 23, 2011 had harmonized the IPV requirements for the intermediaries. In order to ease the IPV process for KYC, the said SEBI circular pertaining to IPV stands modified as under:

IPV/ VIPV would not be required when the KYC of the investor is completed using the Aadhaar authentication / verification of UIDAI.
IPV / VIPV shall not be required by the RI when the KYC form has been submitted online, documents have been provided through digiocker or any other source which could be verified online.

Features for online KYC App of the RI - SEBI registered intermediary may implement their own Application (App) for undertaking online KYC of investors. The App shall facilitate taking photograph, scanning, acceptance of OVD through Digilocker, video capturing in live environment, usage of the App only by authorized person of the RI. The App shall also have features of random action initiation for investor response to establish that the interactions not pre-recorded, time stamping, geo-location tagging to ensure physical location in India etc is also implemented. RI shall ensure that the process is a seamless, real-time, secured, end-to-end encrypted audiovisual interaction with the customer and the quality of the communication is adequate to allow identification of the customer beyond doubt. RI shall carry out the liveliness check in order to guard against spoofing and such other fraudulent manipulations. The RI shall before rolling out and periodically, carry out software and security audit and validation of their App. The RI may have additional safety and security features other than as prescribed above.

Feature for Video in Person Verification (VIPV) for Individuals – To enable ease of completing IPV of an investor, intermediary may undertake the VIPV of an individual investor through their App. The following process shall be adopted in this regard:

Intermediary through their authorised official, specifically trained for this purpose, may undertake live VIPV of an individual customer, after obtaining his/her informed consent. The activity log along with the credentials of the person performing the VIPV shall be stored for easy retrieval.
The VIPV shall be in a live environment.
The VIPV shall be clear and still, the investor in the video shall be easily recognisable and shall not be covering their face in any manner.
The VIPV process shall include random question and response from the investor including displaying the OVD, KYC form and signature or could also be confirmed by an OTP.
The RI shall ensure that photograph of the customer downloaded through the Aadhaar authentication / verification process matches with the investor in the VIPV.
The VIPV shall be digitally saved in a safe, secure and tamper-proof, easily retrievable manner and shall bear date and time stamping.
The RI may have additional safety and security features other than as prescribed above.
1. No transaction or account-based relationship shall be undertaken without following the CDD procedure.
2. Policy for acceptance of clients:

The Registered intermediaries shall develop client acceptance policies and procedures that aim to identify the types of clients that are likely to pose a higher than average risk of ML or TF. By establishing such policies and procedures, they will be in a better position to apply client due diligence on a risk sensitive basis depending on the type of client business relationship or transaction. In a nutshell, the following safeguards are to be followed while accepting the clients:

No registered intermediary shall allow the opening of or keep any anonymous account or account in fictitious names or account on behalf of other persons whose identity has not been disclosed or cannot be verified;
Factors of risk perception (in terms of monitoring suspicious transactions) of the client are clearly defined having regard to clients’ location (registered office address, correspondence addresses and other addresses if applicable), nature of business activity, trading turnover etc. and manner of making payment for transactions undertaken. The parameters shall enable classification of clients into low, medium and high risk. Clients of special category (as given below) may, if necessary, be classified even higher; Such clients require higher degree of due diligence and regular update of Know Your Client (KYC) profile;
The Registered intermediaries shall undertake enhanced due diligence measures as applicable for Clients of Special Category (CSC). CSC shall include the following:
Non - resident clients;
High net-worth clients;
Trust, Charities, Non-Governmental Organizations (NGOs)and organizations receiving donations;
Companies having close family shareholdings or beneficial ownership;
“Politically Exposed Persons” (PEPs). PEP shall have the same meaning as given in clause (db) of sub-rule (1) of rule 2 of the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005. The additional norms applicable to PEP as contained in paragraph 14 of the Master Circular shall also be applied to the accounts of the family members or close relatives of PEPs.”
Clients in high risk countries. While dealing with clients from or situate in high risk countries or geographic areas or when providing delivery of services to clients through high risk countries or geographic areas i.e. places where existence or effectiveness of action against money laundering or terror financing is suspect, registered intermediaries apart from being guided by the FATF statements that inter alia identify such countries or geographic areas that do not or insufficiently apply the FATF Recommendations, published by the FATF on its website (www.fatf-gafi.org) from time to time, shall also independently access and consider other publicly available information along with any other information which they may have access to. However, this shall not preclude registered intermediaries from entering into legitimate transactions with clients from or situate in such high risk countries and geographic areas or delivery of services through such high risk countries or geographic areas;
Non face to face clients. Non face to face clients means clients who open accounts without visiting the branch/offices of the registered intermediaries or meeting the officials of the registered intermediaries. Video based customer identification process is treated as face-to-face onboarding of clients;
Clients with dubious reputation as per public information available etc;

The above-mentioned list is only illustrative and the intermediary shall exercise independent judgment to ascertain whether any other set of clients shall be classified as CSC or not.

Documentation requirements and other information to be collected in respect of different classes of clients depending on the perceived risk and having regard to the requirements of Rule 9 of the PML Rules, Directives and Circulars issued by SEBI from time to time.
Ensure that an account is not opened where the intermediary is unable to apply appropriate CDD measures. This shall apply in cases where it is not possible to ascertain the identity of the client, or the information provided to the intermediary is suspected to be non - genuine, or there is perceived non - co-operation of the client in providing full and complete information. The registered intermediary shall not continue to do business with such a person and file a suspicious activity report. It shall also evaluate whether there is suspicious trading in determining whether to freeze or close the account. The registered intermediary shall be cautious to ensure that it does not return securities or money that may be from suspicious trades. However, the registered intermediary shall consult the relevant authorities in determining what action it shall take when it suspects suspicious trading.
The circumstances under which the client is permitted to act on behalf of another person / entity shall be clearly laid down. It shall be specified in what manner the account shall be operated, transaction limits for the operation, additional authority required for transactions exceeding a specified quantity/value and other appropriate details. Further the rights and responsibilities of both the persons i.e. the agent- client registered with the intermediary, as well as the person on whose behalf the agent is acting shall be clearly laid down. Adequate verification of a person’s authority to act on behalf of the client shall also be carried out.
Necessary checks and balance to be put into place before opening an account so as to ensure that the identity of the client does not match with any person having known criminal background or is not banned in any other manner, whether in terms of criminal or civil proceedings by any enforcement agency worldwide.
The CDD process shall necessarily be revisited when there are suspicions of ML/TF.

No Cash Transaction from the client. Only Cheque/draft or All mode of payment as prescribed by Exchange/SEBI.

Client identification procedure

1. The KYC policy shall clearly spell out the client identification procedure (CIP) to be carried out at different stages i.e. while establishing the intermediary – client relationship, while carrying out transactions for the client or when the intermediary has doubts regarding the veracity or the adequacy of previously obtained client identification data.
The ‘Know your Client’ (KYC) policy should clearly spell out the client identification procedure to be carried out at different stages i.e. while establishing client relationship, while carrying out transactions for the client or when the intermediary has doubts regarding the honesty or the adequacy of previously obtained client identification data.
The KYC /client identification procedures have been specified and strengthened by SEBI, Stock Exchange & other relevant authority from time to time. Subsequently in order to bring about uniformity in documentary requirements across different segments and exchanges as also to avoid duplication and multiplicity of documents, uniform documentary requirements for trading across different segments and exchanges have been specified vide SEBI.
In order to further strengthen the KYC norms and identify every participant in the securities market with their respective PAN (after verifying from Income Tax Department through Internet) thereby ensuring sound audit trail of all the transactions, PAN has been made sole identification number for all participants transacting in the securities market, irrespective of the amount of transaction.
1. Registered intermediaries shall be in compliance with the following requirements while putting in place a CIP:
1. The Company shall proactively put in place appropriate risk management systems to determine whether their client or potential client or the beneficial owner of such client is a politically exposed person. Such procedures shall include seeking relevant information from the client, referring to publicly available information or accessing the commercial electronic databases of PEPs.
2. The Company are required to obtain senior management approval for establishing business relationships with PEPs. Where a client has been accepted and the client or beneficial owner is subsequently found to be, or subsequently becomes a PEP, registered intermediaries shall obtain senior management approval to continue the business relationship.
3. The Company shall also take reasonable measures to verify the sources of funds as well as the wealth of clients and beneficial owners identified as PEP.
4. The client shall be identified by the intermediary by using reliable sources including documents / information. The intermediary shall obtain adequate information to satisfactorily establish the identity of each new client and the purpose of the intended nature of the relationship.
5. The information must be adequate enough to satisfy competent authorities (regulatory / enforcement authorities) in future that due diligence was observed by the intermediary in compliance with the directives. Each original document shall be seen prior to acceptance of a copy.
6. Failure by prospective client to provide satisfactory evidence of identity shall be noted and reported to the higher authority within the intermediary.
  1. SEBI has specified the minimum requirements relating to KYC for certain classes of registered intermediaries from time to time. Taking into account the basic principles enshrined in the KYC norms which have already been specified or which may be specified by SEBI from time to time, all registered intermediaries shall frame their own internal directives based on their experience in dealing with their clients and legal requirements as per the established practices.
  2. Further, the intermediary shall conduct ongoing due diligence where it notices inconsistencies in the information provided. The underlying objective shall be to follow the requirements enshrined in the PMLA, SEBI Act and Regulations, directives and circulars issued thereunder so that the intermediary is aware of the clients on whose behalf it is dealing.
  3. Every intermediary shall formulate and implement a CIP which shall incorporate the requirements of the PML Rules Notification No. 9/2005 dated July 01, 2005 (as amended from time to time), which notifies rules for maintenance of records of the nature and value of transactions, the procedure and manner of maintaining and time for furnishing of information and verification of records of the identity of the clients of the banking companies, financial institutions and intermediaries of securities market and such other additional requirements that it considers appropriate to enable it to determine the true identity of its clients.

It may be noted that irrespective of the amount of investment made by clients, no minimum threshold or exemption is available to registered intermediaries (brokers, depository participants, AMCs etc.) from obtaining the minimum information/documents from clients as stipulated in the PML Rules/ SEBI Circulars (as amended from time to time) regarding the verification of the records of the identity of clients. Further no exemption from carrying out CDD exists in respect of any category of clients. In other words, there shall be no minimum investment threshold/ category-wise exemption available for carrying out CDD measures by registered intermediaries. This shall be strictly implemented by all registered intermediaries and non-compliance shall attract appropriate sanctions.

Reliance on third party for carrying out Client Due Diligence (CDD)

Registered intermediaries may rely on a third party for the purpose of -

identification and verification of the identity of a client and
Determination of whether the client is acting on behalf of a beneficial owner, identification of the beneficial owner and verification of the identity of the beneficial owner. Such third party shall be regulated, supervised or monitored for, and have measures in place for compliance with CDD and record-keeping requirements in line with the obligations under the PML Act.
1. Such reliance shall be subject to the conditions that are specified in Rule 9 (2) of the PML Rules and shall be in accordance with the regulations and circulars/ guidelines issued by SEBI from time to time. In terms of Rule 9(2) of PML Rules:
The Registered intermediaries shall immediately obtain necessary information of such client due diligence carried out by the third party;
The Registered intermediaries shall take adequate steps to satisfy itself that copies of identification data and other relevant documentation relating to the client due diligence requirements will be made available from the third party upon request without delay;
The Registered intermediaries shall be satisfied that such third party is regulated, supervised or monitored for, and has measures in place for compliance with client due diligence and record-keeping requirements in line with the requirements and obligations under the Act;
The third party is not based in a country or jurisdiction assessed as high risk;
The Registered intermediaries shall be ultimately responsible for CDD and undertaking enhanced due diligence measures, as applicable

Risk-Based Approach

Risk-based Approach - for mitigation and management of the identified risk and should have policies approved by their senior management, controls and procedures in this regard. Further, the registered intermediaries shall monitor the implementation of the controls and enhance them if necessary.
It is generally recognized that certain customers may be of a higher or lower risk category depending on circumstances such as the customer’s background, type of business relationship or transaction etc. As such, we should apply each of the customer due diligence measures on a risk sensitive basis. The basic principle enshrined in this approach is that we should adopt an enhanced customer due diligence process for higher risk categories of customers. Conversely, a simplified customer due diligence process may be adopted for lower risk categories of customers. In line with the risk-based approach, the type and amount of identification information and documents that we should obtain necessarily depend on the risk category of a particular customer.
Further, low risk provisions shall not apply when there are suspicions of ML/FT or when other factors give rise to a belief that the customer does not in fact pose a low risk.

Risk Assessment

Registered intermediaries shall carry out risk assessment to identify, assess and take effective to mitigate its money laundering and terrorist financing risk with respect to the clients, countries or geographical areas, nature and volume of transactions, payment methods used by the client etc.

We shall take care the information circulated by the authority as per authorized by such act. We shall determine/assessment the level of overall risk and appropriate level and type of mitigation to be applied as “LOW”, “MEDIUM” & “HIGH” risk. The document for determine / assessment shall maintained.

The risk assessment carried out shall consider all the relevant risk factors before determining the level of overall risk and the appropriate level and type of mitigation to be applied. The assessment shall be documented, updated regularly and made available to competent authorities and self-regulating bodies, as and when required.

Periodicity of risk assessment to updating and collection of document from the relevant Client
Risk Category / Transaction	Periodicity
LOW	5 Year
MEDIUM	3 Year
High	1 Year
In the case of any Alert received	As when required

Note: Update the financial details and collecting of documents also applicable as per the SEBI/Stock exchange requirement for derivative segment or any segment when as required to update.

The Stock Exchanges and registered intermediary shall identify and assess the ML/TF risks that may arise in relation to the development of new products and new business practices, including new delivery mechanisms, and the use of new or developing technologies for both new and existing products. The Stock Exchanges and registered intermediaries shall ensure:

a. To undertake the ML/TF risk assessments prior to the launch or use of such products, practices, services, technologies; and

b. Adoption of a risk based approach to manage and mitigate the risks”.

The risk assessment shall also take into account any country specific information that is circulated by the Government of India and SEBI from time to time, as well as, the updated list of individuals and entities who are subjected to sanction measures as required under the various United Nations' Security Council Resolutions.

Monitoring of transactions

The senior official of the company should regular monitor the transactions being carried out so that it can identify deviation in transactions / activities.
The intermediary shall pay special attention to all complex unusually large transactions / patterns which appear to have no economic purpose. The intermediary may specify internal threshold limits for each class of client accounts and pay special attention to transactions which exceeds these limits. The background including all documents/office records /memorandums/clarifications sought pertaining to such transactions and purpose thereof shall also be examined carefully and findings shall be recorded in writing. Further such findings, records and related documents shall be made available to auditors and also to SEBI/stock exchanges/FIU-IND/ other relevant Authorities, during audit, inspection or as and when required.
The Registered intermediaries shall apply client due diligence measures also to existing clients on the basis of materiality and risk, and conduct due diligence on such existing relationships appropriately. The extent of monitoring shall be aligned with the risk category of the client.
The intermediary shall ensure a record of the transactions is preserved and maintained in terms of Section 12 of the PMLA and that transactions of a suspicious nature or any other transactions notified under Section 12 of the Act are reported to the Director, FIU-IND. Suspicious transactions shall also be regularly reported to the higher authorities within the intermediary.
The senior official should randomly examine a selection of transaction undertaken by clients to comment on their nature i.e. whether they are in the suspicious transactions or not.

Suspicious Transaction Monitoring & Reporting

Registered intermediaries should ensure to take appropriate steps to enable suspicious transactions to be recognised and have appropriate procedures for reporting suspicious transactions. While determining suspicious transactions, intermediaries should be guided by definition of suspicious transaction contained in PML Rules as amended from time to time.
A list of circumstances which may be in the nature of suspicious transactions is given below. This list is only illustrative and whether a particular transaction is suspicious or not will depend upon the background, details of the transactions and other facts and circumstances:

Clients whose identity verification seems difficult or clients appears not to cooperate
Asset management services for clients where the source of the funds is not clear or not in keeping with clients apparent standing /business activity;
Clients in high-risk jurisdictions or clients introduced by banks or affiliates or other clients based in high risk jurisdictions;
Substantial increases in business without apparent cause;
Clients transferring large sums of money to or from overseas locations with instructions for payment in cash;
Attempted transfer of investment proceeds to apparently unrelated third parties;
Unusual transactions by CSCs and businesses undertaken by offshore banks /financial services.
1. Any suspicion transaction must be immediately notified to the Designated / Principal Officer of the company within the intermediary. The notification may be done in the form of a detailed report with specific reference to the clients, transactions and the nature /reason of suspicion. However, it should be ensured that there is continuity in dealing with the client as normal until told otherwise and the client should not be told of the report/suspicion. In exceptional circumstances, consent may not be given to continue to operate the account, and transactions may be suspended, in one or more jurisdictions concerned in the transaction, or other action taken. “The Principal Officer/Money Laundering Control Officer of the company and other appropriate compliance, risk management and related staff members shall have timely access to customer identification data and other CDD information, transaction records and other relevant information.”
2. It is likely that in some cases transactions are abandoned /aborted by customers on being asked to give some details or to provide documents. It is clarified that intermediaries should report all such attempted transactions in STRs, even if not completed by customers, irrespective of the amount of the transaction.
3. Clients of high risk countries, including countries where existence and effectiveness of money laundering controls is suspect or which do not or insufficiently apply FATF standards, as ‘Clients of Special Category’. Intermediaries are directed that such clients should also be subject to appropriate counter measures. These measures may include a further enhanced scrutiny of transactions, enhanced relevant reporting mechanisms or systematic reporting of financial transactions, and applying enhanced due diligence while expanding business relationships with the identified country or persons in that country etc.”

Record Management

Information to be maintained

Registered intermediaries are required to maintain and preserve the following information in respect of transactions referred to in Rule 3 of PML Rules:

the nature of the transactions;
the amount of the transaction and the currency in which it is denominated;
the date on which the transaction was conducted; and
the parties to the transaction.

Record Keeping

1. Registered intermediaries should ensure compliance with the record keeping requirements contained as per Stock Exchange & SEBI, Rules and Regulations made there-under, PML Act, 2002 as well as other relevant legislation, Rules, Regulations, Exchange Bye-laws and Circulars.
2. Registered intermediaries shall maintain such records as are sufficient to permit reconstruction of individual transactions (including the amounts and types of currencies involved, if any) so as to provide, if necessary, evidence for prosecution of criminal behaviour.
3. In case of any suspected laundered money or terrorist property, the competent investigating authorities would need to trace through the audit trail for reconstructing a financial profile of the suspect account. To enable this reconstruction, registered intermediaries should retain the following information for the accounts of their customers in order to maintain a satisfactory audit trail:
1. the beneficial owner of the account;
2. the volume of the funds flowing through the account; and
3. for selected transactions:
  1. the origin of the funds;
  2. the form in which the funds were offered or withdrawn, e.g. cash, cheques, etc.;
  3. the identity of the person undertaking the transaction;
  4. the destination of the funds;
  5. the form of instruction and authority.
  6. Registered intermediaries should ensure that all client and transaction records and information are available on a timely basis to the competent investigating authorities. Where appropriate, they should consider retaining certain records, e.g. customer identification, account files, and business correspondence, for periods which may exceed those required under the SEBI Act, Rules and Regulations framed thereunder PMLA, other relevant legislations, Rules and Regulations or Exchange byelaws or circulars.
  7. More specifically, we should maintaining proper record of transactions as mentioned below:
4. all cash transactions of the value of more than ten lakh rupees or its equivalent in foreign currency;
5. all series of cash transactions integrally connected to each other which have been individually valued below rupees ten lakh or its equivalent in foreign currency where such series of transactions have taken place within a month and the monthly aggregate exceeds an amount of ten lakh rupees or its equivalent in foreign currency;
6. It may, however, be clarified that for the purpose of suspicious transactions reporting, apart from ‘transactions integrally connected’, ‘transactions remotely connected or related’ shall also be considered.
7. all cash transactions where forged or counterfeit currency notes or bank notes have been used as genuine or where any forgery of a valuable security or a document has taken place facilitating the transactions;
8. all suspicious transactions whether or not made in cash and including, inter-alia, credits or debits into or from any non-monetary account such as demat account, security account maintained by the registered intermediary.
  1. Where the registered entity does not have records of the identity of its existing clients, it shall obtain the records forthwith, failing which the registered intermediary shall close the account of the clients after giving due notice to the client.

Explanation: For this purpose, the expression “records of the identity of clients” shall include updated records of the identification date, account files and business correspondence and result of any analysis undertaken under Rules 3 and 9 of the PML Rules.

Registered intermediaries shall take appropriate steps to evolve an internal mechanism for proper maintenance and preservation of such records and information in a manner that allows easy and quick retrieval of data as and when requested by the competent authorities.

All the above documents related to account opening activity shall be maintained as long as the account is active and, subsequently, for a minimum period of 8 years or any such period as specified by SEBI/CDSL/ Prevention of Money Laundering Act 2002, whichever is higher, after the account is closed and subject to any other law in force for the time being.

As stated in paragraph 19 and 20, registered intermediaries are required to formulate and implement the CIP containing the requirements as laid down in Rule 9 of the PML Rules and such other additional requirements that it considers appropriate. Records evidencing the identity of its clients and beneficial owners as well as account files and business correspondence shall be maintained and preserved for a minimum period of 8 years or any such period as specified by SEBI/CDSL/ Prevention of Money Laundering Act 2002, whichever is higher, after the account is closed and subject to any other law in force for the time being.
In situations where the records relate to on-going investigations or transactions, which have been the subject of a suspicious transaction reporting, they should be retained until it is confirmed that the case has been closed.
Registered intermediaries shall maintain and preserve the records of information related to transactions, whether attempted or executed, which are reported to the Director, FIU – IND, as required under Rules 7 and 8 of the PML Rules, for a period of five years from the date of the transaction between the client and the intermediary.

Procedure for freezing of funds, financial assets or economic resources or related services

The Stock exchanges and the registered intermediaries shall ensure that in terms of Section 51A of the Unlawful Activities (Prevention) Act, 1967 (UAPA) and amendments thereto, they do not have any accounts in the name of individuals/entities appearing in the lists of individuals and entities, suspected of having terrorist links, which are approved by and periodically circulated by the United Nations Security Council (UNSC)
“In order to ensure expeditious and effective implementation of the provisions of Section 51A of UAPA, Government of India has outlined a procedure through an order dated February 02, 2021 (Annexure 1) for strict compliance. These guidelines have been further amended vide a Gazette Notification dated June 08, 2021 (Annexure 2). A corrigendum dated March 15, 2023 has also been issued in this regard (Annexure 3). The list of Nodal Officers for UAPA is available on the website of MHA”.

Procedure for implementation of Section 12A of the Weapons of Mass Destruction and their Delivery Systems (Prohibition of Unlawful Activities) Act, 2005 – Directions to stock exchanges and registered intermediaries

The Government of India, Ministry of Finance has issued an order dated January 30, 2023 vide F. No. P-12011/14/2022-ES Cell-DOR (“the Order”) detailing the procedure for implementation of Section 12A of the Weapons of Mass Destruction and their Delivery Systems (Prohibition of Unlawful Activities) Act, 2005 (“WMD Act”). The Order may be accessed by clicking on DoR_Section_12A_WMD.pdf.
In terms of Section 12A of the WMD Act, the Central Government is empowered as under:

“(2) For prevention of financing by any person of any activity which is prohibited under the WMD Act, or under the United Nations (Security Council) Act, 1947 or any other relevant Act for the time being in force, or by an order issued under any such Act, in relation to weapons of mass destruction and their delivery systems, the Central Government shall have power to—

(a) Freeze, seize or attach funds or other financial assets or economic resources—

(i) owned or controlled, wholly or jointly, directly or indirectly, by such person; or

(ii) held by or on behalf of, or at the direction of, such person; or

(iii) derived or generated from the funds or other assets owned or controlled, directly or indirectly, by such person;

(b) prohibit any person from making funds, financial assets or economic resources or related services available for the benefit of persons related to any activity which is prohibited under the WMD Act, or under the United Nations (Security Council) Act, 1947 or any other relevant Act for the time being in force, or by an order issued under any such Act, in relation to weapons of mass destruction and their delivery systems.

(3) The Central Government may exercise its powers under this section through any authority who has been assigned the power under sub-section (1) of section 7.”

The stock exchanges and registered intermediaries are directed to comply with the procedure laid down in the said Order.
The stock exchanges and registered intermediaries shall:
1. Maintain the list of individuals/entities (“Designated List”) and update it, without delay, in terms of paragraph 2.1 of the Order;
2. verify if the particulars of the entities/individual, party to the financial transactions, match with the particulars of the Designated List and in case of match, stock exchanges and registered intermediaries shall not carry out such transaction and shall immediately inform the transaction details with full particulars of the funds, financial assets or economic resources involved to the Central Nodal Officer (“CNO”), without delay.

The details of the CNO are as under:The Director FIU-INDIA Tel.No.:011-23314458, 011-23314459 (FAX) Email:dir@fiuindia.gov.in

1. run a check, on the given parameters, at the time of establishing a relation with a client and on a periodic basis to verify whether individuals and entities in the Designated List are holding any funds, financial assets or economic resources or related services, in the form of bank accounts, stocks, insurance policies etc. In case, the clients’ particulars match with the particulars of Designated List, stock exchanges and registered intermediaries shall immediately inform full particulars of the funds, financial assets or economic resources or related services held in the form of bank accounts, stocks or insurance policies etc., held on their books to the CNO, without delay;
2. send a copy of the communication, mentioned in paragraphs 59(ii) and 59(iii) above, without delay, to the Nodal Officer of SEBI. The communication shall be sent to SEBI through post and through email (sebi_uapa@sebi.gov.in) to the Nodal Officer of SEBI, Deputy General Manager, Division of FATF, Market Intermediaries Regulation and Supervision Department, Securities and Exchange Board of India, SEBI Bhavan II, Plot No. C7, “G” Block, Bandra Kurla Complex, Bandra (E), Mumbai 400 051;
3. prevent such individual/entity from conducting financial transactions, under intimation to the CNO, without delay, in case there are reasons to believe beyond doubt that funds or assets held by a client would fall under the purview of Section 12A (2)(a) or Section 12A(2)(b) of the WMD Act;
4. file a Suspicious Transaction Report (STR) with the FIU-IND covering all transactions in the accounts, covered under paragraphs 59(ii) and (iii) above, carried through or attempted through.
1. Upon the receipt of the information above, the CNO would cause a verification to be conducted by the appropriate authorities to ensure that the individuals/entities identified are the ones in the Designated List and the funds, financial assets or economic resources or related services, reported are in respect of the designated individuals/entities. In case, the results of the verification indicate that the assets are owned by, or are held for the benefit of, the designated individuals/entities, an order to freeze these assets under section 12A would be issued by the CNO and be conveyed to the concerned reporting entity so that any individual or entity may be prohibited from making any funds, financial assets or economic resources or related services available for the benefit of the designated individuals/entities.
2. Reporting entities shall also comply with the provisions regarding exemptions from the above orders of the CNO and inadvertent freezing of accounts, as may be applicable.

List of Designated Individuals/ Entities

The Ministry of Home Affairs, in pursuance of Section 35(1) of UAPA 1967, declares the list of individuals/entities, from time to time, who are designated as 'Terrorists'. The registered intermediaries shall take note of such lists of designated individuals/terrorists, as and when communicated by SEBI.
All orders under section 35 (1) and 51A of UAPA relating to funds, financial assets or economic resources or related services, circulated by SEBI from time to time shall be taken note of for compliance.
An updated list of individuals and entities which are subject to various sanction measures such as freezing of assets/accounts, denial of financial services etc., as approved by the Security Council Committee established pursuant to various United Nations' Security Council Resolutions (UNSCRs) can be accessed at its website at https://press.un.org/en/content/press-release. The details of the lists are as under:

The “ISIL (Da’esh) &Al-Qaida Sanctions List”, which includes names of individuals and entities associated with the Al-Qaida. The updated ISIL & Al-Qaida Sanctions List is available at: https://www.un.org/securitycouncil/sanctions/1267/press-releases.
The list issued by United Security Council Resolutions 1718 of designated Individuals and Entities linked to Democratic People's Republic of Korea www.un.org/securitycouncil/sanctions/1718/press-releases.
1. Registered intermediaries are directed to ensure that accounts are not opened in the name of anyone whose name appears in said list. Registered intermediaries shall continuously scan all existing accounts to ensure that no account is held by or linked to any of the entities or individuals included in the list.
2. The Stock Exchanges and the registered intermediaries shall maintain updated designated lists in electronic form and run a check on the given parameters on a regular basis to verify whether the designated individuals/entities are holding any funds, financial assets or economic resources or related services held in the form of securities with them.
3. “The Stock Exchanges and the registered intermediaries shall leverage latest technological innovations and tools for effective implementation of name screening to meet the sanctions requirements.”
4. The Stock exchanges and the registered intermediaries shall also file a Suspicious Transaction Report (STR) with FIU-IND covering all transactions carried through or attempted in the accounts covered under the list of designated individuals/entities under Section 35 (1) and 51A of UAPA.
5. Full details of accounts bearing resemblance with any of the individuals/entities in the list shall immediately be intimated to the Central [designated] Nodal Officer for the UAPA, at Fax No.011-23092551 and also conveyed over telephone No. 011-23092548. The particulars apart from being sent by post shall necessarily be conveyed on email id: jsctcr-mha@gov.in.
6. The Stock exchanges and the registered intermediaries shall also send a copy of the communication mentioned above to the UAPA Nodal Officer of the State/UT where the account is held and to SEBI and FIU-IND, without delay. The communication shall be sent to SEBI through post and through email (sebi_uapa@sebi.gov.in) to the UAPA nodal officer of SEBI, Deputy General Manager, Division of FATF, Market Intermediaries Regulation and Supervision Department, Securities and Exchange Board of India, SEBI Bhavan II, Plot No. C7, “G” Block, Bandra Kurla Complex, Bandra (E), Mumbai 400 051. The consolidated list of UAPA Nodal Officers is available at the website of Government of India, Ministry of Home Affairs.

Jurisdictions that do not or insufficiently apply the FATF Recommendations

FATF Secretariat after conclusion of each of it’s plenary, releases public statements and places jurisdictions under increased monitoring to address strategic deficiencies in their regimes to counter money laundering, terrorist financing, and proliferation financing risks. In this regard, FATF Statements circulated by SEBI from time to time, and publicly available information, for identifying countries, which do not or insufficiently apply the FATF Recommendations, shall be considered by the registered intermediaries.
The registered intermediaries shall take into account the risks arising from the deficiencies in AML/CFT regime of the jurisdictions included in the FATF Statements. However, it shall be noted that the regulated entities are not precluded from having legitimate trade and business transactions with the countries and jurisdictions mentioned in the FATF statements.

Reporting to Financial Intelligence Unit-India

In terms of the PML Rules, registered intermediaries are required to report information relating to cash and suspicious transactions to the Director, Financial Intelligence Unit-India (FIU-IND) at the following address:

Director, FIU-IND,

Financial Intelligence Unit - India

6th Floor, Tower-2, Jeevan Bharati Building,

Connaught Place, New Delhi-110001, INDIA

Telephone : 91-11-23314429, 23314459

91-11-23319793(Helpdesk) Email:helpdesk@fiuindia.gov.in

(For FINnet and general queries)

ctrcell@fiuindia.gov.in

(For Reporting Entity / Principal Officer registration related queries)

complaints@fiuindia.gov.in

Website: http://fiuindia.gov.in

Registered intermediaries shall carefully go through all the reporting requirements and formats that are available on the website of FIU – IND under the Section Obligation of Reporting Entity – Furnishing Information -Reporting Format (https://fiuindia.gov.in/files/downloads/ Filing_Information.html). These documents contain detailed directives on the compilation and anner/procedure of submission of the reports to FIU-IND.

The related hardware and technical requirement for preparing reports, the related data files and data structures thereof are also detailed in these documents. While detailed instructions for filing all types of reports are given in the instructions part of the related formats, registered intermediaries shall adhere to the following:

The Cash Transaction Report (CTR) (wherever applicable) for each month shall be submitted to FIU-IND by 15th of the succeeding month.
The Suspicious Transaction Report (STR) shall be submitted within 7 days of arriving at a conclusion that any transaction, whether cash or non-cash, or a series of transactions integrally connected are of suspicious nature. The Principal Officer shall record his reasons for treating any transaction or a series of transactions as suspicious. It shall be ensured that there is no undue delay in arriving at such a conclusion.
The Non Profit Organization Transaction Reports (NTRs) for each shall be submitted to FIU-IND by 15th of the succeeding month.
The Principal Officer will be responsible for timely submission of CTR, STR and NTR to FIU-IND;
Utmost confidentiality shall be maintained in filing of CTR, STR and NTR to FIU-IND.
No nil reporting needs to be made to FIU-IND in case there are no cash/ suspicious/non-profit organization transactions to be reported.
Non-profit organization” means any entity or organisation, constituted for religious or charitable purposes referred to in clause (15) of section 2 of the Income-tax Act, 1961 (43 of 1961), that is registered as a trust or a society under the Societies Registration Act, 1860 (21 of 1860) or any similar State legislation or a Company registered under the section 8 of the Companies Act, 2013 (18 of 2013);”
1. Registered Intermediaries shall not put any restrictions on operations in the accounts where an STR has been made. Registered intermediaries and their directors, officers and employees (permanent and temporary) shall be prohibited from disclosing (“tipping off”) the fact that a STR or related information is being reported or provided to the FIU-IND. This prohibition on tipping off extends not only to the filing of the STR and/ or related information but even before, during and after the submission of an STR. Thus, it shall be ensured that there is no tipping off to the client at any level.

It is clarified that the registered intermediaries, irrespective of the amount of transaction and/or the threshold limit envisaged for predicate offences specified in part B of Schedule of PMLA, 2002, shall file STR if they have reasonable grounds to believe that the transactions involve proceeds of crime.

It is further clarified that "proceeds of crime" include property not only derived or obtained from the scheduled offence but also any property which may directly or indirectly be derived or obtained as a result of any criminal activity relatable to the scheduled offence.

Designation of officers for ensuring compliance with provisions of PMLA

Appointment of a Principal Officer: To ensure that the registered intermediaries properly discharge their legal obligations to report suspicious transactions to the authorities, the Principal Officer would act as a central reference point in facilitating onward reporting of suspicious transactions and for playing an active role in the identification and assessment of potentially suspicious transactions and shall have access to and be able to report to senior management at the next reporting level or the Board of Directors. Names, designation and addresses (including email addresses) of ‘Principal Officer’ including any changes therein shall also be intimated to the Office of the Director-FIU-IND. As a matter of principle, it is advisable that the ‘Principal Officer’ is of a sufficiently senior position and is able to discharge the functions with independence and authority.
Appointment of a Designated Director: In addition to the existing requirement of designation of a Principal Officer, the registered intermediaries shall also designate a person as a 'Designated Director'. In terms of Rule 2 (ba) of the PML Rules, the definition of a Designated Director reads as under:

“Designated director means a person designated by the reporting entity to ensure overall compliance with the obligations imposed under chapter IV of the Act and the Rules and includes –

the Managing Director or a Whole-Time Director duly authorized by the Board of Directors if the reporting entity is a company,
the managing partner if the reporting entity is a partnership firm,
the proprietor if the reporting entity is a proprietorship firm,
the managing trustee if the reporting entity is a trust,
a person or individual, as the case may be, who controls and manages the affairs of the reporting entity if the reporting entity is an unincorporated association or a body of individuals, and
such other person or class of persons as may be notified by the Government if the reporting entity does not fall in any of the categories above”.

Principal Officer & Designated Director of the MSB e-Trade Securities Limited:

Name of Principal Office of the MSB e-Trade Securities Limited:

Mr. MUNISH BAJAJ is appointed and inform to FIU on dt. 16-03-2009

Name of Designated Director of the MSB e-Trade Securities Limited:

Mr. MUNISH BAJAJ is appointed and inform to FIU on dt. 21-04-2014

In terms of Section 13 (2) of the PMLA, the Director, FIU – IND can take appropriate action, including levying monetary penalty, on the Designated Director for failure of the intermediary to comply with any of its AML/CFT obligations.
Registered intermediaries shall communicate the details of the Designated Director, such as, name designation and address to the Office of the Director, FIU – IND.

Hiring and Training of Employees and Investor Education

Hiring of Employees: The registered intermediaries shall have adequate screening procedures in place to ensure high standards when hiring employees. They shall identify the key positions within their own organization structures having regard to the risk of money laundering and terrorist financing and the size of their business and ensure the employees taking up such key positions are suitable and competent to perform their duties.
Training of Employees: The registered intermediaries shall have an ongoing employee training programme so that the members of the staff are adequately trained in AML and CFT procedures. Training requirements shall have specific focuses for frontline staff, back office staff, compliance staff, risk management staff and staff dealing with new clients. It is crucial that all those concerned fully understand the rationale behind these directives, obligations and requirements, implement them consistently and are sensitive to the risks of their systems being misused by unscrupulous elements.
Investor Education: Implementation of AML/CFT measures requires registered intermediaries to demand certain information from investors which may be of personal nature or has hitherto never been called for. Such information can include documents evidencing source of funds/income tax returns/bank records etc. This can sometimes lead to raising of questions by the client with regard to the motive and purpose of collecting such information. There is, therefore, a need for registered intermediaries to sensitize their clients about these requirements as the ones emanating from AML and CFT framework. Registered intermediaries shall prepare specific literature/ pamphlets etc. so as to educate the client of the objectives of the AML/CFT programme.

Repeal and Savings

On and from the issue of this Circular, the circulars listed out in the Appendix to this Circular shall stand rescinded. Notwithstanding such rescission, anything done or any action taken or purported to have been done or taken, shall be deemed to have been done or taken under the corresponding provisions of this Master Circular.

Reference:

Master circular EBI/HO/MIRSD/MIRSDSECFATF/P/CIR/2024/78 dt. June 06, 2024

Appendix

The following Circulars shall stand rescinded from the date of issuance of this Circular

SEBI/HO/MIRSD/MIRSDSECFATF/P/CIR/2023/091 dated June 16, 2023 -Amendment to the Guidelines on Anti-Money Laundering (AML) Standards and Combating the Financing of Terrorism (CFT) /Obligations of Securities Market Intermediaries under the Prevention of Money-laundering Act, 2002 and Rules framed there under.
SEBI/HO/MIRSD/SEC-FATF/P/CIR/2023/0170 dated October 13, 2023 -Amendment to the Guidelines on Anti-Money Laundering (AML) Standards and Combating the Financing of Terrorism (CFT) /Obligations of Securities Market Intermediaries under the Prevention of Money-laundering Act, 2002 and Rules framed there under.
SEBI/HO/MIRSD/SEC-5/P/CIR/2023/062 dated April 26, 2023 - Procedure for implementation of Section 12A of the Weapons of Mass Destruction and their Delivery Systems (Prohibition of Unlawful Activities) Act, 2005 – Directions to stock exchanges and registered intermediaries.
SEBI/HO/MIRSD/MIRSD-SEC-5/P/CIR/2023/022 dated February 03, 2023 –Guidelines on Anti-Money Laundering (AML) Standards and Combating the Financing of Terrorism (CFT) /Obligations of Securities Market Intermediaries under the Prevention of Money Laundering Act, 2002 and Rules framed there under.

PP26 FINALLY INTERNAL AUDIT, SYSTEM AUDIT & FINANCIAL AUDIT CONDUCT BY THE QUALIFY PERSON LIKE CA, CS, ICWA OR OTHER AUTHORITIES AS PER THE SEBI & EXCHANGE

MSBeTrade is committed to conduct all the Audits and appoint the auditors as per the requirement of the applicable authority time-by-time or periodically within the stipulated time and submit the same accordingly.

PP27. COMMON SOP for operations of accounts in case of an incapacitated investor

Applicable to Depositories and Mutual Funds

Background:

SEBI vide its Circulars dated January 10, 2025 and February 28, 2025 revised the norms for nomination for demat accounts and Mutual Fund (MF) folios in the Indian Securities Market.

In order to have uniformity in dealing with incapacitated investors and those with special needs or sick or old investors in the securities market, SEBI has mandated the Depositories and AMFI to put in place common Standard Operating Procedure (SOP). This SOP is intended to provide more clarity on the processes to be followed in alignment to the current regulatory guidelines and may undergo changes based on regulatory/statutory guidelines or due to other legal aspects from time to time. Please check the latest guidelines before reliance on the same.

A. Operational guidelines to be followed by the registered intermediaries for operation of accounts in case of investors who are physically incapacitated, but are competent to contract:

1. Operational procedures to appoint nominee to act on behalf of incapacitated Investors:

The registered intermediaries shall provide the investors having single or joint holding in the account / folio, the option to:

empower, any one of the nominees (excluding minor nominee) to operate the investor’s account / folio, if the investor is physically incapacitated, but still has the capacity to contract,
specify either the percentage or absolute value of assets in the account / folio that can be encashed by such nominee,

c) change such nominee any number of times without any restriction.

The above clause shall be applicable for an account / folio having multiple holders, irrespective of mode of holding and only in the event where all the holders are simultaneously incapacitated and having registered nominee/s.

2. Definition of Incapacitation:

Incapacitation referred to here is the physical incapacitation but having capacity to enter into a contract in terms of section 11 of the Indian Contract Act, 1872. Hence, this SOP does not include investors who are otherwise incapacitated because of being in coma or are unconscious or in support of a ventilator.

3. Procedure to be followed by the registered intermediaries for operation of accounts in case of an incapacitated investor, after the person has become incapacitated:

a) Intimation of incapacitation – An intimation by way of a written request (format attached via Annexure A) stating that the Client/investor is incapacitated to sign (specifying the reason therein and its tenure of Incapacitation), can be received by DP/AMC/RTA from an “empowered nominee” of the investor/Client (Empowered Nominee means a Nominee who has been given power by the investor to act on his/her behalf during incapacitation). The intimation of incapacitation request can be accepted from any other person as well.

b) In case there is no nominee registered, or Nominee Opt-out has been registered in the account/folio, investor has to first register nominee in the presence of DP/RTA/AMC personnel, followed by appointing him/her as “empowered nominee”.

c) The empowered nominee or any other person shall provide a medical certificate issued by an appropriately qualified doctor which clearly states that the Client / investor is unable to sign, the reason for the same and period since the Client is unable to sign.

d) Upon receipt of written request accompanied with medical certificate regarding incapacitation of investor, a responsible officer of the DP / AMC / RTA shall visit the incapacitated investor in-person.

e) This officer shall first hand ascertain whether the investor has the capacity to contract in terms of section 11 of the Indian Contract Act, 1872 (i.e. to exclude investors who may be in ventilator, coma or are in an unconscious state).

f) Additional checks to be done by the officer include, (i) where the Client cannot put his/her signature, then is he/she in a position to put his/her thumb or toe impression or ‘a mark’ on his/her own, without the assistance of any other person, and (ii) whether the Client understands the consequence of putting his/her thumb impression on a document to facilitate a transaction or empower the nominee to carry out the transaction on his/her behalf.

g) Depending on the nature and degree of incapacitation, this officer shall obtain a thumb or toe impression or ‘a mark’ of the Client, as the case may be, on the written request allowing empowered nominee for transacting in the account / folio of the incapacitated investor, in the presence of an independent witness. (Independent witness shall be an individual who is not directly related to the Client or the intermediary)

h) This officer shall record his/her name, signature and suitable remarks to the effect that “Thumb impression / toe impression / mark affixed in my presence” on the written request.

i) POI document number of such nominee (which should match with details of Empowered Nominee as registered in the demat account/folio), who will act on behalf of incapacitated investor, shall be taken on record and capture the same against the said nominee in the Depository/AMC/RTA system.

j) Upon registration of incapacitation details in the depository/AMC/RTA system, DP/AMC/RTA shall intimate the client and empowered nominee about the same suitably.

k) Empowered Nominee should intimate the respective broker/trading member/DP/AMC/MFD/RTA through whom transactions are going to be performed during incapacitation of Client. This has been included in the letter for intimating incapacitation under the heading ‘Declaration from Empowered Nominee’.

l) Upon receipt of the instruction from such Empowered Nominee, DP/AMC/RTA shall match the signature, as available on the record, against such Empowered Nominee. If the signature is matched, DP/AMC/RTA shall execute the instruction in the Depository/DP/RTA/AMC system for such incapacitated investor/ Beneficiary Owner (BO). If the signature does not match, DP/AMC/RTA shall not execute the instruction and shall inform the Empowered Nominee accordingly, clearly stating the reason for non-execution of instruction. DP/AMC/RTA shall also inform such nominee to submit fresh instruction with the proper signature.

m) The Empowered Nominee can only be one of the registered nominees. No third party including legal heirs can be allowed, if they are not registered as nominee. In case of court appointed nominee, it will overrule the existing nominee. Further, in case where the investor does not have the capacity to contract (for eg.: investor is on ventilator support or in coma or in unconscious state or is of unsound mind), operation of the account / folio shall be as per the norms under the applicable laws.

n) The Empowered Nominee shall require to be KYC compliant before carrying out transaction on behalf of the incapacitated investor/s (not at the time of nomination).

o) The registered intermediaries shall upload the details of mobile number and email address of Empowered Nominee on the KRA system. It shall be ensured that the mobile no. / email addresses of their employees / authorized persons, distributors etc. are not uploaded on behalf of Empowered Nominee.

4. Further, the DP / RTA / AMC are advised to ensure the following:

a) Take into account, the available transaction limits flagged off to the Empowered Nominee dealing on behalf of incapacitated investor.

b) DP/AMC/RTA shall inform the investor and empowered nominee regarding the transaction threshold limit along with the utilised and un-utilised limit suitably, as and when transaction is processed. After the expiry of a cooling off period of 48 hours post updation of such incapacitation, DP/RTA/AMC shall permit the transactions in those account(s) – offline and online mode, if it is signed or initiated by the Empowered nominee, subject to limit specified by the investor in amount or percentage* on the date of updation of incapacitation status in depository/AMC/RTA systems. Further, on the date of updation of incapacitation status in depository/AMC/RTA systems, the percentage limit of the holding would be converted to the absolute limit value based on last available price/NAV. This will remain static throughout incapacitation period and will not be undergoing any change owing to market movement or

subsequent investments. In case of mutual funds, Percentage / value limit will be for the PAN, encompassing all folios under the PAN, where incapacitated investor is the first holder and covering all transactions made by the Empowered Nominee during incapacitation.

c) If any partial transaction limits are available, transactions should be settled with the available transaction limits.

d) If at the time of settlement of transactions e.g. traded on exchange at “X” value and at the time of settlement, value is “X +/- 5 %” of the available limits in depository systems, such transactions up to + / - 5 % value would be allowed for settlements to avoid any failure of transactions / loss to the incapacitated investors.

e) In case of demat account, the transaction limits will be applicable for all market transfer instructions initiated through physical / POA / DDPI / online.

f) In case of mutual fund transactions, redemption / switch-out shall be allowed subject to 95% of the transaction limit only at the time of acceptance, as NAV for the day may go up or down.

g) Any credit transaction such as fresh purchase/SIP/IDCW reinvestment etc., will be allowed during the incapacitation period, subject to existing regulations such as third party etc. However, fresh pledge creation (includes the margin pledge) would not be allowed.

h) In case of investments in Mutual Funds, funds should be received from the investor’s bank account and not from empowered nominee’s bank account and MF/RTA/CC is able to validate the same independently at their end.

i) Any encashment by such Empowered Nominee shall be credited only to the bank account linked to the account / folio of the incapacitated investor.

j) DP / RTA/ AMC shall not allow any service request, including change in bank account, email address, mobile number etc. by such Empowered nominee.

k) Initially, after the expiry of a cooling-off period of 48 hours post updation of incapacitation, the DP / RTA / AMC shall allow empowered nominee to carry out online transactions on behalf of the incapacitated investor, using the investor’s login credentials (i.e. using registered email ID and mobile number of incapacitated investor), subject to the transaction limit specified by the investor. Going forward, the DP / RTA / AMC shall put in place necessary system changes to allow empowered nominee to operate the account / folio of incapacitated investor using his / her own login credentials (i.e. using registered email ID and mobile number of empowered nominee), after completing KYC process of such nominee, subject to the limit specified by the investor. This facility shall be revoked once the investor recovers from incapacitation.

l) The requisite system changes allowing empowered nominee to operate the account / folio of incapacitated investor using own login credentials shall be put in place by the DPs and AMCs / their RTAs together after deliberation and go live at the same time, in order to have uniformity across demat accounts and MF folios.

m) IDCW payout/Cash Corporate Action process can be allowed and paid to the investor’s bank account only.

n) Procedure as specified above in Para 3 shall be followed in case the investor recovers from incapacitation and the incapacitation flag / date in the demat account/folio shall be removed, and the signature of the empowered nominee shall be removed from the depository/AMC/RTA system.

Post removal of incapacitation flag / date, if any change (non-financial transactions including nominee registration, change of empowered nominee to transact on investor’s behalf, etc.) is initiated by the investor after recording such incapacitation, then appropriate due diligence has to be made before allowing such updates/changes.

Request format for Incapacitation intimation refer Annexure -A

B. Specialized Doorstep Support for Senior Citizens, investors with special needs or sick investors may be provided by DP / RTA / AMC.

SEBI envisages that specialized doorstep support needs to be facilitated for Senior Citizens, investors with special needs or sick investors, not only related to incapacitation but also for other services like;

a) collection of transaction requests, service request including nomination registration/changes thereto, registration of empowered nominee, etc., subject to the availability of the nearest branches, distance between branch and investor location, based on the specific request with relevant proofs thereof for sick investors and investors with special needs.

a) For Senior Citizens, based on the age as per records, such specialized services may be facilitated.

Disclaimer:

Compliance with the SOP does not substitute compliance with applicable laws. Accordingly, while following the SOP, compliance with laws, as may be applicable, shall also be met.

Link for Letter for intimating Incapacitation of the investor and relevant authorization:

https://msbetrade.com/forms

Policy S. No.	Particulars of Policy & Procedure
PP 1	Brief of Internal Control Policy
PP 2	Information Security
PP 3	Privacy Policy
PP 4	Back up Policy
PP 5	Password Policy
PP 6	Risk Management, Surveillance and Business Rules
PP 7	Margin Collection And Reporting Procedure
PP 8	Capacity Management
PP 9	Network Security Policy
PP 10	Application Software Policy
PP 11	Business Continuity Planning and Disaster Recovery
PP 12	Policy Regarding Treatment of Inactive Account
PP 13	Policy for conduct for prevention of insider trading
PP 14	Policy for unauthentic news circulation
PP 15	Policy for redressal of investor grievance
PP 16	Client Code Modification “CCM” and error Code Policy
PP 17	Policy For Pre Funded Instruments From Clients
PP 18	Internal Policy- NISM-Series –VII: Securities Operation and Risk Management Certification Examination
PP 19	Policy & Procedure
PP 20	Policies to Identify or avoid or manage Conflict of Interest
PP 21	Cyber Security And Cyber Resilience Policy
PP 22	Policy for Outsourcing activities
PP 23	Surveillance Policy
PP 24	Policy For Voluntary Freezing Of Online Access Of Client’s Trading Account
PP 25	Policy For Anti Money Laundering
PP 26	Audit
PP 27	COMMON SOP for operations of accounts in case of an incapacitated investor

Address line 1	A-17
Address line 2	Upper Ground Floor, Block-A,
Address line 3	Pushpanjali Enclave Pitampura
City/Town	NEW DELHI
District	DELHI
Pin code	110034
State	DELHI
Phone no.	011-47107777

grievances@msbetrade.com	for trading related grievances.
dpgrievances@msbetrade.com	for DP related grievances.
Click here to file complaint Online through SEBI SCORES -	Click here
Click here to file complaint Online with NSE-	Click here
Click here to file complaint Online with BSE -	Click here
Click here to file complaint Online with MCX-	Click here
Click here to file complaint Online with NCDEX -	Click here
Click here to file complaint Online with CDSL -	Click here

Index

PP1 - BRIEF OF INTERNAL CONTROL POLICY

PP2 - INFORMATION SECURITY

PURPOSE

The purpose of the information security policy is:

Appropriate Use

PP3 - PRIVACY POLICY

What we collect

What we do with the information we gather

Security

How we use cookies

Links to other websites

Controlling your personal information

RECORD KEEPING

PP4 - Backup

PP5 - Password Policy

Overview

Purpose

Scope

Policy

Password Creation Guidelines:

Passwords are used for various purposes at MSB e Trade Securities Ltd. Some of the more common uses include:

Poor, weak passwords have the following characteristics:

NOTE: Do not use either of these examples as passwords!

Brief of Two Factor Authentication (2FA)

PP6 - Risk Management System (RMS)/ Surveillance PROCESS

6.1 RMS works on the following concepts:

d. Exposure multiple

e. Stock qualifying for margin in cash & F&O segment transactions

e. Mark to Market Losses

6.2 CATAGORY OF CUSTOMER TRANSACTIONS

a. Intraday - Cash segment

b. Delivery Trades

c. Sell against Buying

6.3 Handling of client Securities

(A) The following demat account to deal with the client securities:-

DO: (also please refer above and exchange’s circulars for details)

DON’TS: (also please refer above and exchange’s circulars for details)

6.4. Offline Alert / Back Office Alert

PP7. MARGIN COLLECTION AND REPORTING PROCEDURE

Initial Margin

Other margins & MTM

Peak Margin

Mode of Margin

Client Margin information will convey to according to the following procedures

MARGIN COLLECTION FROM CONSTITUENTS

PP8. Capacity Management

PP9. NETWORK SECURITY POLICY

Preamble

Goals

Policy Statement

Technical Operations persons which administer LANs connected to the backbone will:

The Computer Security Technical Operations Persons will:

Technical Persons will:

Network users will:

PP10. Application Software Policy

Development of Application Software

Definition

Conditions of Use

PP11. Business Continuity Planning and Disaster Recovery

Introduction

“We can say that if business is the life than the technology is the heart”

Level 1:.Minor Outage Scenario

PLAN:

Level 2: Moderate Outage Scenario

PLAN :

Level 3: Disaster Scenario

Level 4: Catastrophe

PP12. Policy regarding treatment of inactive accounts

Definition

What happens when a client is declared inactive?

Procedure to activate the client

PP13. POLICY FOR CONDUCT FOR PREVENTION OF INSIDER TRADING

Preservation of “Price Sensitive Information”

Prevention of misuse of Price Sensitive Information

Pre-clearance of trades

PP14. POLICY FOR UNAUTHENTIC NEWS CIRCULATION

PP15. WRITE UP ON REDRESSAL FOR INVESTOR GRIEVANCE REDRESSAL POLICY

PP16. Client Code Modification “CCM” and error Code Policy

* END *