SEBI/HO/CFD/PoD -1/P/CIR/2024/072

1 · Online Registration Mechanism for BTI 1

1 · 1.The SEBI Intermediary Portal is available at https://siportal.sebi.gov.in for SEBI registered intermediaries including BTI to submit registration applications online. SEBI Intermediary Portal includes online application for registration, processing of application, grant of final registration, application for surrender/cancellation, submission of periodical reports, requests for change of name/ address/ other details, etc. The link for SEBI Intermediary Portal is also available on SEBI website – www.sebi.gov.in .

1 · 2. All applications for registration / surrender / other requests are required to be made through SEBI Intermediary Portal only. The applicants are separately required to submit relevant documents viz. declarations / undertakings required as a part of application forms prescribed in relevant regulations, in physical form, only for records without impacting the online processing of applications for registration.

1 · 3.In case of any queries and clarifications with regard to the SEBI Intermediary Portal, BTI may contact on 022-26449364 or may write at portalhelp@sebi.gov.in .

2 · Transfer of business by SEBI registered intermediaries to other legal entity 2

2 · 1.In respect of the registration applications pursuant to transfer of business (SEBI regulated business activity) from one legal entity, which is a SEBI registered Intermediary (transferor), to other legal entity (transferee), the following is clarified:

1 · SEBI Circular No. SEBI/HO/MIRSD/MIRSD1/CIR/P/2017/38 dated May 02, 2017

2 · SEBI Circular No. SEBI/HO/MIRSD/DOR/CIR/P/2021/46 dated March 26, 2021

2 · 1.1. The transferee shall obtain fresh registration from SEBI in the same capacity before the transfer of business if it is not registered with SEBI in the same capacity. SEBI shall issue new registration number to transferee different from transferor's registration number in the following scenario:

2 · 2.In case of change in control pursuant to both regulatory process and nonregulatory process, prior approval and fresh registration shall be obtained. While granting fresh registration to the same legal entity pursuant to change in control, same registration number shall be retained.

2 · 3.If the transferor ceases to exist, its certificate of registration shall be surrendered.

2 · 4.In case of complete transfer of business by transferor, it shall surrender its certificate of registration.

2 · 5.In case of partial transfer of business by transferor, it can continue to hold its certificate of registration.

3 · Prior approval for change in control 3

3 · 1.To streamline the process of providing approval to the proposed change in control of BTIs, the following procedure has been specified:

3 · 1.1. BTIs shall make an online application to SEBI for prior approval through the SEBI Intermediary Portal ('SI Portal') (https://siportal.sebi.gov.in).

3 · 1.2. The online application in SI portal shall be accompanied by the following information / declaration / undertaking about itself, the acquirer(s) / the

3 · SEBI Circular no. SEBI/HO/CFD/PoD -2/P/CIR/2023/141 dated August 10, 2023

3 · 1.3. Subject to appropriate other sectoral regulator's approval with regard to change in control, the prior approval granted by SEBI shall be valid for a period of six months from the date of SEBI's approval within which the applicant shall file application for fresh registration pursuant to change in control.

3 · 2. To streamline the process of providing approval to the proposed change in control of BTI in matters which involve scheme(s) of arrangement which needs sanction of the NCLT in terms of the provisions of the Companies Act, 2013, the following has been decided:

3 · 2.1. The application seeking approval for the proposed change in control of the BTI shall be filed with SEBI prior to filing the application with NCLT.

3 · 2.2. Upon being satisfied with compliance of the applicable regulatory requirements, an in-principle approval will be granted by SEBI;

3 · 2.3. The validity of such in-principle approval shall be three months from the date issuance, within which the relevant application shall be made to NCLT.

3 · 2.4. Within 15 days from the date of order of NCLT, BTI shall submit an online application in terms of para 3.1 of this Master Circular along with the following documents to SEBI for final approval:

3 · 3. Transfer of shareholdings among immediate relatives and transmission of shareholdings and their effect on change in control 4

3 · 3.1. Transfer /transmission of shareholding in case of unlisted body corporate BTI: In the following scenarios, change in shareholding of the BTI will not be construed as change in control:

3 · 3.2. Incoming entities/ shareholders becoming part of controlling interest in the BTI pursuant to transfer of shares from immediate relative / transmission of shares (immediate relative or not), need to satisfy the fit and proper person criteria stipulated in Schedule II of the Intermediaries Regulations.

4 · Registration of Non-scheduled Payments Banks as Bankers to an Issue 5

4 · 1.Non -scheduled Payments Banks, which have prior approval from Reserve Bank of India, shall be eligible to act as a BTI subject to fulfilment of the conditions as stipulated in the BTI Regulations.

4 · 2.Payments Banks registered as a BTI shall also be permitted to act as a SelfCertified Syndicate Bank subject to the fulfilment of the criteria laid down by SEBI in this regard from time to time. The blocking / movement of funds from the investor to issuer shall only be made through the savings account of the investor held with the payments bank.

4 · SEBI Circular no. SEBI/HO/MIRSD/DOR/CIR/P/2021/42 dated March 25, 2021

5 · SEBI Circular no. SEBI/HO/MIRSD/MIRSD_DOR/P/CIR/ 605 / 2021 dated August 03, 2021

5 · 1.BTIs shall designate e-mail IDs for (i) registration and redressal of investor complaints and (ii) regulatory communication with SEBI and shall inform to SEBI at bti@sebi.gov.in as per the format prescribed at Annexure 2 .

5 · 2.The aforesaid e -mail IDs shall be exclusively used for the above purposes and shall not be a person-centric e-mail ID .

5 · 3.All registered BTI shall display the email ID and other relevant details prominently on their websites and in the various materials/pamphlets/advertisement campaigns initiated by them for creating investor awareness.

6 · SEBI Circular No. MIRSD/DPS III/Cir -01/07 dated January 22, 2007 and SEBI Circular no. MIRSD/ DPSIII/ Cir -21/ 08 dated July 07, 2008

6 · Regulatory Compliance and Periodic Reporting 7

6 · 1.The BTIs are required to submit half-yearly reports to SEBI in electronic form only by e-mail within three months from the expiry of the half year. The format of the report is specified in Annexure 3 .

6 · 2.The Board of Directors of BTIs shall review the half -yearly reports and record its observations on (i) the deficiencies and non-compliances; and (ii) corrective measures initiated to avoid such instances in future .

6 · 3.The compliance officer of BTI shall send the report in excel format to SEBI at bti@sebi.gov.in on half-yearly basis within three months from the expiry of the half year .

6 · 4.The excel files containing the half-yearly report is required to be sent to email ID bti@sebi.gov.in with the subject/title "Half-yearly report submitted by AAA for the half -year ended XXX YYYY" where AAA represents the name of the BTI, XXX represents the month at the end of the half-year and YYYY represents the year. Also, the attached excel file containing the half yearly report shall bear the name of the BTI, the periodicity of the report as well as the month at the end of the halfyear and the corresponding year. For example, if a BTI ABC Limited submits the report for the half year ended September, 2008, the report submitted to bti@sebi.gov.in shall bear the subject/title - "Half-yearly report submitted by ABC Limited for the half -year ended September 2008" and the attached excel file shall bear the name "ABCLimitedhalfyearlySeptember2008".

7 · SEBI Circular no. CIR/MIRSD/4/2012 dated March 29, 2012; SEBI Circular no. MIRSD/DPS-2/BTI/Cir15/2008 dated May 06, 2008; SEBI Circular no. BTI Circular no. 3 (1999-2000) dated July 09, 1999 and SEBI Circular no. RBTI ( G I Series) Circular no. 1 (95-96) dated April 21, 1995

6 · 5.BTIs shall also report the following change(s) to SEBI in the half-yearly reports: 8

7 · Strengthening the Guidelines and Raising Industry standards for BTI 9

7 · 1.BTIs , shall strictly comply with guidelines placed at Annexure 4 to the extant relevant to them.

7 · 2.The guidelines annexed to this master circular cover the following broad areas:

7 · 2.1. Provisions with respect to Payment of Dividend / interest / redemption

7 · 2.2. Provisions with respect to Transfer / Transmission / Correction of errors etc.

7 · 3.The records /documents described in Annexure 4 shall be maintained for period not less than eight years after completion of the relevant transactions by BTIs .

7 · 4.BTIs can put in place more stringent internal checks and controls if they so desire.

8 · 1. Ministry of Electronics & Information Technology, Govt. of India (MoE&IT), had informed SEBI that the financial sector institutions avails or may avail Software as a Service (SaaS) based solution for managing their Governance, Risk & Compliance (GRC) functions so as to improve their cyber Security Posture. As observed by MoE&IT, though SaaS may provide ease of doing business and quick turnaround, but it may bring significant risk to health of financial sector as many a time risk and compliance data of the institution moves beyond the legal and jurisdictional boundary of India due to nature of shared cloud SaaS, thereby posing risk to the data safety and security.

8 · SEBI Circular no. CIR/MIRSD/11/2011 dated June 20, 2011

9 · SEBI Circular no. SEBI/HO/MIRSD/DOP1/CIR/P/2018/73 dated April 20, 2018

10 · SEBI Circular no. SEBI/HO/MIRSD2/DOR/CIR/P/2020/221 dated November 03, 2020

8 · 2. In this regard, Indian Computer Emergency Response Team (CERT-in) had issued an advisory for Financial Sector organizations. The advisory had been forwarded to SEBI for bringing the same to the notice of financial sector organization. The advisory is enclosed at Annexure 5 .

8 · 3. BTIs are advised to ensure complete protection and seamless control over the critical systems at their organizations by continuous monitoring through direct control and supervision protocol mechanisms while keeping the critical data within the legal boundary of India.

8 · 4. The compliance of the advisory shall be reported in the half-yearly report to SEBI with an undertaking stating the following , "Compliance of the SEBI circular for Advisory for Financial Sector Organizations regarding Software as a Service (SaaS) based solutions has been made."

9 · 1.SEBI has launched a centralized web based complaints redress system 'SCORES' in June 2011.

9 · 2.BTIs shall comply with the requirements laid down vide Master Circular No. SEBI/HO/OIAE/IGRD/CIR/P/2023/156 dated September 20, 2023, as applicable and as amended from time to time.

9 · 3.As an additional measure and for information of all investors who deal/ invest/ transact in the market, the offices of BTI shall display information as provided in Annexure 6 .

10 · 1. In order to strengthen the Know Your Client (KYC) norms and identify every participant in the securities market , PAN shall be the sole identification number for all participants transacting in the securities market irrespective of the amount of transaction, thereby ensuring sound audit trail of all the transactions .

10 · 2. In this regard , the BTIs shall -

10 · 2.1. put in the necessary systems in place so that all the individual databases of their clients and clients' transactions are linked to the PAN details of the client with which analysis can be made .

10 · 2.2. build the necessary infrastructure for enabling accessibility and query based on PAN thereby enabling retrieval of all the details of the clients that is available including transactions done by them .

10 · 2.3. collect copies of PAN cards issued to their clients by the Income Tax Department and maintain the same in their record after verifying with the

11 · SEBI Circular no. CIR/MIRSD/3/2014 dated August 28, 2014

12 · SEBI Circular no. MRD/DoP/Cir -05/2007 dated April 27, 2007 and SEBI Circular no. MRD/DoP/Cir20/2008 dated June 30, 2008

10 · 2.4. cross -check the aforesaid details collected from their clients with the details on the website (link is given below) of the Income Tax Department . ( https://www.incometaxmumbai.gov.in/pan/online-pan-verification/ )

10 · 3. PAN may not be insisted in the case of Central Government, State Government, and the officials appointed by the courts e.g. Official liquidator, Court receiver etc. (under the category of Government) for transacting in securities market .

10 · 4. However, the aforementioned clarification would be subject to the BTIs verifying the veracity of the claim of the specified organizations, by collecting sufficient documentary evidence in support of their claim for such an exemption.

11 · Prevention of circulation of unauthenticated news by SEBI Registered Market Intermediaries through various modes of communication 13

11 · 1. As market rumours can do considerable damage to the normal functioning and behavior of the market and distort price recovery mechanisms, the BTIs are directed that:

11 · 1.1. Proper internal code of conduct and controls should be put in place.

11 · 1.2. Employees/temporary staff/voluntary workers etc. employed/working in the Offices of BTIs do not encourage or circulate rumours or unverified information obtained from client, industry, any trade or any other sources without verification.

11 · 1.3. Access to Blogs / Chat forums / Messenger sites etc. should either be restricted under supervision or access should not be allowed.

11 · 1.4. Logs for any usage of such Blogs/Chat forums/Messenger sites (called by any nomenclature) shall be treated as records and the same should

13 · SEBI Circular no. Cir/ ISD/1/2011 dated March 23, 2011; and SEBI Circular no. Cir/ISD/2/2011 dated March 24, 2011

11 · 1.5. Employees should be directed that any market related news received by them either in their official mail/personal mail/blog or in any other manner, should be forwarded only after the same has been seen and approved by the Compliance Officer of the BTI. If an employee fails to do so, he/she shall be deemed to have violated the various provisions contained in the SEBI Act / Rules / Regulations etc. and shall be liable for action. The Compliance Officer shall also be held liable for breach of duty in this regard.

12 · Guidelines on Outsourcing of Activities by BTI 14

12 · 1. SEBI Regulations for BTIs require that they shall render at all times high standards of service and exercise due diligence and ensure proper care in their operations.

12 · 2. It has been observed that often the BTIs resort to outsourcing with a view to reduce costs, and at times, for strategic reasons.

12 · 3. Outsourcing may be defined as the use of one or more than one third party – either within or outside the group by a BTI to perform the activities associated with services which the BTI offers.

12 · 4. Principles for Outsourcing - The risks associated with outsourcing may be operational risk, reputational risk, legal risk, country risk, strategic risk, exitstrategy risk, counter party risk, concentration and systemic risk. The principles for outsourcing are given at Annexure 7 which shall be followed by BTIs .

12 · 5. Activities that are not to be Outsourced -The BTIs desirous of outsourcing their activities shall not, however, outsource their core business activities and compliance functions. In respect of Know Your Client (KYC) requirements, the

14 · SEBI Circular no. CIR/MIRSD/24/2011 dated December 15, 2011

12 · 6. Reporting to Financial Intelligence Unit (FIU) - The BTIs are responsible for reporting of any suspicious transactions / reports to FIU or any other competent authority in respect of activities carried out by the third parties.

13 · General Guidelines for dealing with conflicts of interest of BTIs and their associated persons in the Securities Market 15

13 · 1. BTIs and their associated persons shall abide by the following guidelines for avoidance of conflict of interest and they shall be responsible for educating their associated persons for compliance of these guidelines:

13 · 1.1. lay down, with active involvement of senior management, policies and internal procedures to identify and avoid or to deal or manage actual or potential conflict of interest, develop an internal code of conduct governing operations and formulate standards of appropriate conduct in the performance of their activities, and ensure to communicate such policies, procedures and code to all concerned;

13 · 1.2. at all times maintain high standards of integrity in the conduct of their business;

13 · 1.3. ensure fair treatment of their clients and not discriminate amongst them;

13 · 1.4. ensure that their personal interest does not, at any time conflict with their duty to their clients and client's interest always takes primacy in their advice, investment decisions and transactions;

13 · 1.5. make appropriate disclosure to the clients of possible source or potential areas of conflict of interest which would impair their ability to render fair, objective and unbiased services;

15 · SEBI Circular no. CIR/MIRSD/5/2013 dated August 27, 2013

13 · 1.6. endeavor to reduce opportunities for conflict through prescriptive measures such as through information barriers to block or hinder the flow of information from one department/ unit to another, etc.;

13 · 1.7. place appropriate restrictions on transactions in securities while handling a mandate of issuer or client in respect of such security so as to avoid any conflict;

13 · 1.8. not deal in securities while in possession of material non published information;

13 · 1.9. not to communicate the material non published information while dealing in securities on behalf of others;

13 · 1.10. not in any way contribute to manipulate the demand for or supply of securities in the market or to influence prices of securities;

13 · 1.11. not have an incentive structure that encourages sale of products not suiting the risk profile of their clients;

13 · 1.12. not share information received from clients or pertaining to them, obtained as a result of their dealings, for their personal interest;

13 · 2. For the purpose of above guidelines "associated persons" shall have the same meaning as defined in the Securities and Exchange Board of India (Certification of Associated Persons in the Securities Markets) Regulations, 2007 .

13 · 3. The Boards of BTIs shall put in place systems for implementation of aforementioned provisions and provide necessary guidance enabling identification, elimination or management of conflict of interest situations and shall periodically review the compliance of the aforesaid guidelines.

14 · Reporting requirement under Foreign Accounts Tax Compliance Act (FATCA) 16

14 · 1. India joined the Multilateral Competent Authority Agreement (MCAA) on Automatic Exchange of Financial Account Information on June 3, 2015. In terms of the MCAA, all countries which are a signatory to the MCAA, are obliged to exchange a wide range of financial information after collecting the same from financial institutions in their country/jurisdiction.

14 · 2. Further, on July 9, 2015, the Governments of India and United States of America (USA) have signed an agreement to improve international tax compliance and to implement the Foreign Account Tax Compliance Act (FATCA) in India. The USA has enacted FATCA in 2010 to obtain information on accounts held by U.S. taxpayers in other countries. As per the aforesaid agreement, foreign financial institutions (FFls) in India will be required to report tax information about U.S. account holders/taxpayers directly to the Indian Government which will, in turn, relay that information to the U.S. Internal Revenue Service (IRS).

14 · 3. For implementation of the MCAA and agreement with USA, the Government of India has made necessary legislative changes to Section 285BA of the Income -tax Act, 1961. Further, the Government of India has notified Rules 114F to 114H under the Income Tax Rules, 1962 and form No. 61B for furnishing of statement of reportable account as specified in the Rules.

14 · 4. The "Guidance Note on implementation of Reporting Requirements under Rules 114F to 114H of the Income Tax Rules" as issued by the Department of Revenue, Ministry of Finance vide F.No.500/137/2011-FTTR-III dated August 31, 2015 is available at http://www.incometaxindia.gov.in/communications/notification/guidance_note s_on_implementation_31_08_2015.pdf . and https://incometaxindia.gov.in/Documents/exchange-of-information/LETTER-FNO -500 -137 -2011%20_1_.pdf

14 · 5. BTIs are advised to take necessary steps to ensure compliance with the requirements specified in the aforesaid Rules after carrying out necessary due diligence .

16 · SEBI Circular CIR/MIRSD/2/2015 dated August 26, 2015 and SEBI Circular CIR/MIRSD/3/2015 dated September 10, 2015

17 · SEBI Circular no. SEBI/HO/MIRSD/MIRSD -SEC -5/P/CIR/2023/022 dated February 03, 2023

1 · 1 . The policy shall cover activities or the nature of activities that can be outsourced, the authorities who can approve outsourcing of such activities, and the selection of third party to whom it can be outsourced. For example, an activity shall not be outsourced if it would impair the supervisory authority's right to assess, or its ability to supervise the business of the BTI . The policy shall be based on an evaluation of risk concentrations, limits on the acceptable overall level of outsourced activities, risks arising from outsourcing multiple activities to the same entity, etc.

1 · 2. The Board shall mandate a regular review of outsourcing policy for such activities in the wake of changing business environment. It shall also have overall responsibility for ensuring that all ongoing outsourcing decisions taken by the BTI and the activities undertaken by the third-party, are in keeping with its outsourcing policy.

2 · 1 . A BTI shall make an assessment of outsourcing risk which depends on several factors, including the scope and materiality of the outsourced activity, etc. The factors that could help in considering materiality in a risk management programme include-

2 · 2 While there shall not be any prohibition on a group entity I associate of the BTI to act as the third party, systems shall be put in place to have an arm's length distance between the BTI and the third party in terms of infrastructure, manpower, decisionmaking, record keeping, etc. for avoidance of potential conflict of interests. Necessary

2 · 3 The records relating to all activities outsourced shall be preserved centrally so that the same is readily accessible for review by the Board of the BTI and I or its senior management, as and when needed. Such records shall be regularly updated and may also form part of the corporate governance review by the management of the BTI .

2 · 4 Regular reviews by internal or external auditors of the outsourcing policies, risk management system and requirements of the regulator shall be mandated by the Board wherever felt necessary. The BTI shall review the financial and operational capabilities of the third party in order to assess its ability to continue to meet its outsourcing obligations.

3 · 1 The BTI shall be fully liable and accountable for the activities that are being outsourced to the same extent as if the service were provided in-house.

3 · 2 Outsourcing arrangements shall not affect the rights of an investor or client against the BTI in any manner. The BTI shall be liable to the investors for the loss incurred by them due to the failure of the third party and also be responsible for redressal of the grievances received from investors arising out of activities rendered by the third party.

3 · 3 The facilities / premises / data that are involved in carrying out the outsourced activity by the service provider shall be deemed to be those of the BTI. The BTI itself and regulator or the persons authorized by it shall have the right to access the same at any point of time.

3 · 4 Outsourcing arrangements shall not impair the ability of SEBI/SRO or auditors to exercise its regulatory responsibilities such as supervision/inspection of the BTI .

4 · 1 It is important that the BTI exercises due care, skill, and diligence in the selection of the third party to ensure that the third party has the ability and capacity to undertake the provision of the service effectively.

4 · 2 The due diligence undertaken by an BTI shall include assessment of:

5 · 1 Outsourcing arrangements shall be governed by a clearly defined and legally binding written contract between the BTI and each of the third parties, the nature and detail of which shall be appropriate to the materiality of the outsourced activity in relation to the ongoing business of the BTI .

5 · 2 Care shall be taken to ensure that the outsourcing contract:

6 · 1 Specific contingency plans shall be separately developed for each outsourcing arrangement, as is done in individual business lines.

6 · 2 BTI shall take appropriate steps to assess and address the potential consequence of a business disruption or other problems at the third party level. Notably, it shall consider contingency plans at the third party; co-ordination of contingency plans at both the BTI and the third party; and contingency plans of the BTI in the event of non-performance by the third party.

6 · 3 To ensure business continuity, robust information technology security is a necessity. A breakdown in the IT capacity may impair the ability of the BTI to fulfill its obligations to other market participants / clients / regulators and could undermine the privacy interests of its customers, harm the BTI's reputation, and may ultimately impact on its overall operational risk profile. BTIs shall, therefore, seek to ensure that third party maintains appropriate IT security and robust disaster recovery capabilities.

6 · 4 Periodic tests of the critical security procedures and systems and review of the back-up facilities shall be undertaken by the BTI to confirm the adequacy of the third party's systems.

7 · 1 BTI that engages in outsourcing is expected to take appropriate steps to protect its proprietary and confidential customer information and ensure that it is not misused or misappropriated.

7 · 2 The BTI shall prevail upon the third party to ensure that the employees of the third party have limited access to the data handled and only on a "need to know" basis and the third party shall have adequate checks and balances to ensure the same.

7 · 3 In cases where the third party is providing similar services to multiple entities, the BTI shall ensure that adequate care is taken by the third party to build safeguards for data security and confidentiality.

8 · 1. In instances, where the third party acts as an outsourcing agent for multiple BTIs, it is the duty of the third party and the BTI to ensure that strong safeguards are put in place so that there is no co -mingling of information /documents, records and assets.