SEBI/HO/MIRSD/MIRSD -PoD/P/CIR/2025/94

1 · Guidelines for Investment Advisers1

1 · Reference: Circular SEBI/HO/IMD/DF1/CIR/P/2020/182 dated September 23, 2020 and SEBI/HO/MIRSD/ MIRSD -PoD -1/P/CIR/2025/003 dated January 08, 2025

2 · "Group" and "family of an individual investment adviser" shall be as per Regulation 22(3)(iii) and Regulation 2. (1) (gc) respectively of the IA Regulations

5 · Reference: Circular no. SEBI/HO/MIRSD/MIRSD -PoD/P/CIR/2025/19 dated February 17, 2025

6 · For the existing clients as on February 17, 2025, the MITC shall be informed by the IAs to the clients via email or any other suitable mode of communication (which can be preserved) by June 30, 2025.

7 · Reference: Circular No. SEBI/HO/MIRSD/ MIRSD -PoD/P/CIR/2025/48 dated April 02, 2025

8 · Existing IAs, as on January 8, 2025, shall comply with the deposit requirement by September 30, 2025.

9 · For existing clients as on January 8, 2025, IAs shall ensure compliance with these requirements latest by July 31, 2025.

22A · of the IA Regulations provides that IAs may provide implementation services to the advisory clients in securities market. In this regard, IAs providing implementation/execution services shall maintain call recording of every consent for implementation/execution obtained from the client if advice/execution is given through telephone call. All such communications shall have time stamped to maintain clear audit trail. 10

10 · IAs shall ensure compliance with requirements under this clause latest by June 30, 2025

11 · Existing IAs, as on January 8, 2025, shall confirm the details of its website to IAASB latest by June 30, 2025 .

2 · Measures to strengthen the conduct of Investment Advisers 12

2 · 1 Restriction on free trial

2 · 2 Proper risk profiling and consent of client on risk profiling

2 · 3 Receiving fees though banking channel only

12 · Reference: Circular No. SEBI/HO/IMD/DF1/CIR/P/2019/169 dated December 27, 2019

2 · 4 Display of complaints status on website

13 · Reference: Circular No. SEBI/HO/MIRSD/MIRSD -PoD/P/CIR/2025/80 dated June 02, 2025

3 · 1. In terms of Regulation 38A of the 'SECC Regulations' 15 notified on April 26, 2024, a recognised Stock Exchange may undertake the activities of administration and supervision over specified intermediaries on such terms and conditions and to such an extent as may be specified. Accordingly, Stock Exchange shall now be recognised as RAASB 16 and IAASB17 under Regulation 14 of the 'RA Regulations' 18 and the IA Regulations for administration and supervision of Research Analysts ('RAs') and Investment Advisers ('IAs') respectively. The detailed framework for RAASB and IAASB is specified in Annexure D .

3 · 2. As per clause (xi) of Regulation 6 of RA Regulations and clause (n) of Regulation 6 of IA Regulations, an applicant seeking registration as RA and IA is required to be enlisted with RAASB and IAASB respectively. The provisions governing enlistment including enlistment of existing RAs/IAs and of applicants whose registration applications are under process as on the effective date of this circular are specified in the enclosed framework at Annexure D .

3 · 3. From the effective date of the provisions of clause 3, the erstwhile framework for administration and supervision of IAs as specified through SEBI circular number SEBI/HO/IMD/IMD -I/DOF1/P/CIR/2021/579 dated June 18, 2021

14 · Reference: Circular No. SEBI/HO/MIRSD/MIRSD -SEC -3/P/CIR/2024/34 dated May 2, 2024

15 · SECC Regulations- Securities Contracts (Regulation) (Stock Exchanges and Clearing Corporations) Regulations, 2018

16 · RAASB -Research Analyst Administration and Supervisory Body

17 · IAASB -Investment Adviser Administration and Supervisory Body

18 · RA Regulations- SEBI (Research Analysts) Regulations, 2014

3 · 4. In terms of regulation 30A of IA Regulations, notwithstanding the aforesaid rescission, any action taken or purported to have been taken or any action that may be taken against any person in relation to the membership of IAASB recognised under regulation 14 of IA Regulations, as applicable in the rescinded framework of IAASB, shall be deemed to have been done or taken or may be taken under the corresponding provisions of the amended IA Regulations.

3 · 5. Based on fulfillment of the criteria specified in Annexure D, a stock exchange shall be granted recognition as RAASB and IAASB. To begin with, in order to ensure efficiency in the system and economies of scale, RAASB and IAASB shall be one and the same stock exchange .

4 · 1. In pursuance of SEBI circular no. SEBI/HO/MIRSD/MIRSD-SEC3/P/CIR/2024/34, dated May 2, 2024, BSE Limited, has been granted recognition under Regulation 14 of the 'RA Regulations' and 'IA Regulations' for administration and supervision of Research Analysts ('RAs') and Investment Advisers ('IAs') respectively as RAASB and IAASB for a period of five years starting from July 25, 2024.

4 · 2. BSE shall formulate bye-laws with respect to its activities as RAASB and IAASB and shall issue circulars, Standard Operating Procedures (SOPs), Frequently Asked Questions (FAQs), etc. to provide guidance and ensure smooth adoption of the RAASB and IAASB framework by RAs and IAs.

19 · Reference: Circular No. SEBI/HO/MIRSD/MIRSD -POD -1/P/CIR/2024/101 dated July 12, 2024

4 · 3. Applicants seeking registration/renewal as RA/IA shall be liable to pay administrative fees, as specified by RAASB/IAASB.

4 · 4. The other terms and conditions as specified in the SEBI circular SEBI/HO/MIRSD/MIRSD -SEC -3/P/CIR/2024/34 dated May 2, 2024 shall continue to apply.

5 · Advisory for Financial Sector Organizations regarding Software as a Service (SaaS) based solutions 20

5 · 1. Ministry of Electronics & Information Technology, Govt. of India (MoE&IT), has informed SEBI that the financial sector institutions are availing or thinking of availing Software as a Service (SaaS) based solution for managing their Governance, Risk & Compliance (GRC) functions so as to improve their cyber Security Posture. As observed by MoE&IT, though SaaS may provide ease of doing business and quick turnaround, but it may bring significant risk to health of financial sector as many a time risk and compliance data of the institution moves beyond the legal and jurisdictional boundary of India due to nature of shared cloud SaaS, thereby posing risk to the data safety and security.

5 · 2. In this regard, Indian Computer Emergency Response Team (CERT-in) has issued an advisory for Financial Sector organizations. The advisory has been forwarded to SEBI for bringing the same to the notice of financial sector organization. The advisory can be viewed at Annexure E .

5 · 3. It is advised to ensure complete protection and seamless control over the critical systems at your organizations by continuous monitoring through direct control and supervision protocol mechanisms while keeping the critical data within the legal boundary of India.

5 · 4. The compliance of the advisory shall be reported half yearly by IAs to SEBI with an undertaking, "Compliance of the SEBI circular for Advisory for Financial Sector Organizations regarding Software as a Service (SaaS) based solutions has been made."

20 · Reference: Circular No. SEBI/HO/MIRSD2/DOR/CIR/P/2020/221 dated November 03, 2020.

6 · 1. SEBI has been taking various measures to create awareness among investors about grievance mechanisms available to them through workshops as well as through print and electronic media.

6 · 2. As an additional measure and for information of all investors who deal/ invest/ transact in the market, the IAs shall prominently display in their offices the following information about the grievance redressal mechanism available to investors:

6 · 3. IAs are also advised to refer to the following circulars on the redressal of investor grievances through the SEBI Complaints Redressal System (SCORES) platform and Online Dispute Resolution (ODR) Platform.

21 · Reference: Circular No.CIR/MIRSD/3/2014 dated August 28, 2014 , SEBI/HO/OIAE/IGRD/CIR/P/2023/156 dated September 20, 2023 and SEBI/HO/OIAE/OIAE_IAD-3/P/CIR/2023/195 dated July 31, 2023 (updated as on December 28, 2023)

7 · Investor Charter for Investment Advisers22

7 · 1 SEBI, vide Circular no. SEBI/HO/IMD/IMD-II CIS/P/CIR/2021/0686 dated December 13, 2021, inter alia, issued Investor charter for Investment Advisers.

7 · 2 In a move to enhance financial consumer protection alongside enhanced financial inclusion and financial literacy and in view of the recent developments in the securities market including introduction of Online Dispute Resolution (ODR) platform and SCORES 2.0, it has been decided to modify the investor charter for Investment Advisers.

7 · 3 In view of the above and based on consultation with Industry Standards Forum (ISF) for Investment Advisers, updated investor charter for Investment Advisers is placed at Annexure F . All IAs are required to bring the investor charter to the notice of their clients.

22 · Reference: Circular No. SEBI/HO/MIRSD/MIRSD -PoD/P/CIR/2025/80 dated June 2, 2025

7 · 4 In this regard, BSE Limited (presently recognized as IAASB) has been directed to advise Investment Advisers to bring the Investor Charter to the notice of their clients (existing as well as new clients) through disclosing the Investor Charter on their respective websites and mobile applications (if any), making them available at prominent places in the office, provide a copy of Investor Charter as a part of client on-boarding process, through e-mails/ letters etc.

7 · 5 Additionally, in order to ensure transparency in the Investor Grievance Redressal Mechanism, all the Investment Advisers shall continue to disclose on their respective websites and mobile applications (if any), the data on complaints received against them or against issues dealt by them and redressal thereof, latest by 7th of succeeding month, as per the format enclosed at Annexure C to this circular.

8 · Procedure for seeking prior approval for change in control 23

8 · 1. Regulation 15(11) of the IA Regulations , IA shall obtain prior approval of SEBI in case of change in control.

8 · 2. To streamline the process of providing approval to the proposed change in control of IA (hereinafter referred as IA or applicant), it has been decided as under:

23 · Reference: Circular No. SEBI/HO/MIRSD/ MIRSD -PoD -2/P/CIR/2022/163 dated November 28, 2022

8 · 3. To streamline the process of providing approval to the proposed change in control of an IA in matters which involve scheme(s) of arrangement which needs sanction of the National Company Law Tribunal ("NCLT") in terms of the provisions of the Companies Act, 2013, the following has been decided:

9 · 1Transfer /transmission of shareholding in case of unlisted body corporate intermediary:

9 · 2Transfer /transmission of shareholding in case of a proprietary firm type intermediary:

9 · 3Transfer /transmission of ownership interest in case of partnership firm type intermediary:

9 · 4Incoming entities/ shareholders becoming part of controlling interest in the intermediary pursuant to transfer of shares from immediate relative / transmission of shares (immediate relative or not), need to satisfy the fit and proper person criteria stipulated in Schedule II of SEBI (Intermediaries) Regulations, 2008.

9 · 5IAASB and RAASB shall -

10 · Advertisement code and usage of brand name/trade name 25

10 · 1. Investment Advisers shall ensure compliance with the advertisement code as prescribed below:

25 · Reference: Circular Nos. SEBI/HO/MIRSD/ MIRSD -PoD -2/P/CIR/2023/51 dated April 05, 2023 and SEBI/HO/MIRSD/ MIRSD -PoD -2/P/CIR/2023/52 dated April 06, 2023

10 · 2. In order to ensure the transparency in usage of brand name/trade name/logo, IA shall ensure that:

11 · Facilitating transaction in Mutual Fund schemes through the Stock Exchange Infrastructure 26

26 · Reference: Circular No. SEBI/HO/MRD/DSA/CIR/P/2016/113 dated October 19, 2016

12 · Unauthenticated news circulated by SEBI Registered Market Intermediaries through various modes of communication 27

13 · Guidelines on Outsourcing of Activities by Intermediaries 29

13 · 1. SEBI Regulations for various intermediaries require that they shall render at all times high standards of service and exercise due diligence and ensure proper care in their operations.

13 · 2. It has been observed that often the intermediaries resort to outsourcing with a view to reduce costs, and at times, for strategic reasons.

13 · 3. Outsourcing may be defined as the use of one or more than one third party

27 · Reference: Circular No. CIR/ISD/1/2011 dated March 23, 2011

28 · Circular CIR/ISD/2/2011 dated March 24, 2011.

29 · Circular CIR/MIRSD/24/2011 dated December 15, 2011.

13 · 4. Principles for Outsourcing

13 · 5. Activities that shall not be Outsourced:

13 · 6. Other Obligations:

14 · Framework for Regulatory Sandbox 30

14 · 1. The Objective of Regulatory Sandbox is to grant certain facilities and flexibilities to the entities regulated by SEBI so that they can experiment with FinTech solutions in a live environment and on limited set of real users for a limited time frame.

30 · Reference: Circular No. SEBI/HO/ITD/ITD/CIR/P/2021/575 dated June 14, 2021 and SEBI/HO/MIRSD/MIRSD_IT/P/CIR/2021/0000000658 dated November 16, 2021

14 · 2. The guidelines pertaining to the functioning of the Regulatory Sandbox are available at the link below:

15 · Optional mechanism for fee collection by SEBI registered Investment Advisers (IAs) and Research Analysts (RAs) 31

15 · 1 With growing interest in the securities market, there is a need for a mechanism for an investor to discern whether payment of fees is being made only to a registered IA/RA. In order to create a closed and transparent payment ecosystem, consultations were held with relevant stakeholders on the proposal of a separate centralized mechanism for fee collection by IAs and RAs.

15 · 2 Pursuant to public consultation and various discussions with stakeholders, the "Centralized Fee Collection Mechanism for IA and RA" (CeFCoM) has been operationalized to facilitate collection of fees by registered IAs and RAs from their clients

15 · 3 Under this mechanism, clients shall pay fees to IAs/RAs, through a designated platform/portal administered by recognized Administration and Supervisory Body (ASB).

15 · 4 The mechanism has been co -created by BSE Limited with the help of various stakeholders. The operational framework for the mechanism shall be as specified by BSE. The mechanism has been made operational from October 01, 2024.

15 · 5 Though the mechanism is optional, ASB (administration and supervisory body), in the interest of investors, shall take steps to encourage clients and the registered IAs and RAs to avail the services of this mechanism.

31 · Reference: Circular No. SEBI/HO/MIRSD/MIRSD -POD -1/P/CIR/2024/120 dated September 13, 2024

16 · General Guidelines for dealing with Conflicts of Interest of intermediaries and their Associated Persons in Securities Market.32

16 · 1. All intermediaries are presently governed by the provisions for avoidance of conflict of interest as mandated in the regulations read with relevant circulars issued from time to time by SEBI. On the lines of Principle 8 of the International Organisation of Securities Commissions (IOSCO) Objectives and Principles of Securities Regulations, it has been decided to put in place comprehensive guidelines to collectively cover such intermediaries, for elimination of their conflict of interest, as detailed hereunder.

16 · 2. Intermediaries shall adhere to these guidelines for avoiding or dealing with or managing conflict of interest. They shall be responsible for educating their associated persons for compliance of these guidelines.

16 · 3. For the purpose of these guidelines "associated persons" shall have the same meaning as defined in Securities and Exchange Board of India (Certification of Associated Persons in the Securities Markets) Regulations, 2007.

16 · 4. Intermediaries and their associated persons shall,

32 · Reference: Circular CIR/MIRSD/5/2013 dated August 27, 2013.

16 · 5. The Boards of intermediaries shall put in place systems for implementation of the aforementioned guidelines and provide necessary guidance enabling identification, elimination or management of conflict of interest situations. The Boards shall review the compliance of the above guidelines periodically.

17 · 1. IAs are advised to make note of the following:

17 · 2. Further, apart from the data made available free of cost, data which is chargeable should be appropriately identified as such in public domain.

33 · Reference: Circular SEBI/HO/DEPA -III/DEPA -III_SSU/P/CIR/2022/25 dated Feb 25,2022

19 · Norms for sharing of real time price data to third parties

20 · Know Your Client (KYC) Norms for the Securities market

21 · Association of persons regulated by the Board and their agents with certain persons

22 · Simplification of requirements for grant of accreditation to investors

23 · Recognition and operationalization of Past Risk and Return Verification Agency (PaRRVA)

16D · and 16E of the 'Securities and Exchange Board of India (Intermediaries) Regulations, 2008' ("Intermediaries Regulations"), provide for verification of risk and return metrics by a Past Risk and Return Verification Agency ("PaRRVA"). Accordingly, in terms of f the aforesaid regulations, claims may be made by IAs , in terms of risk and return metrics verified by PaRRVA. In this regard, IAs are advised to refer to circular no. SEBI/HO/MIRSD/MIRSD-

25 · Cybersecurity and Cyber Resilience Framework (CSCRF)

27 · Periodic reporting format for Investment Advisers 34

27 · 1. In terms of Regulation 15(12) of Securities and Exchange Board of India (Investment Advisers) Regulations, 2013 ("IA Regulations"), investment advisers are required to furnish to SEBI, information and reports as may be specified by SEBI from time to time.

27 · 2. The periodic reporting format for IAs shall be as specified by IAASB in consultation with SEBI, from time to time. Such changes shall be notified to IAs through circulars/notices .

27 · 3. For any changes in regulatory provisions in future, IAASB shall make appropriate consequential amendments to the reporting format and notify the same to IAs , through circulars/notices.

27 · 4. IAs shall submit periodic report for half-yearly periods ending on September 30 and March 31 of every financial year , within 30 days 35 from the end of the respective half-yearly period for which details are to be furnished . 36

28 · Other reporting requirements

28 · 1. Undertaking on compliance of the advisory for Financial Sector Organizations regarding Software as a Service (SaaS) based solutions to be submitted half yearly

34 · Reference: Circular SEBI/HO/MIRSD/MIRSD -POD -2/P/CIR/2024/38 dated May 07, 2024

35 · Reference: Circular No. SEBI/HO/MIRSD/MIRSD -PoD1/P/CIR/2024/147 dated October 25, 2024

36 · Note: Timeline for submission of periodic report for half-yearly period ending March 31, 2025 has been extended till July 31, 2025.

28 · 2. To conduct annual audit and submit a report and adverse findings, if any

5 · Investment objective and guidelines:

17 · Terms of fees and billing:

10 · The IA is required to carry out the client's risk profiling and suitability analysis before providing services and thereafter on an ongoing basis. The services provided will be in line with the assessed risk profile. IA shall also communicate the assessed risk profile to the client.

11 · As part of conflict of interest management, the client or the client's family members will not be provided any distribution services by IA or any of its group entity/ family members. IA shall, wherever available, advice direct plans (noncommission based) of products only.

12 · For any grievances,

13 · The SEBI registration, enlistment with IAASB, and NISM certification do not guarantee the performance of IA or assure returns to the client.

14 · Clients are required to keep contact details, including email id and mobile number/s updated with the IA at all times.

1 · Criteria for grant of recognition as RAASB and IAASB:

1 · 1. The recognition of a recognised stock exchange as RAASB and IAASB under regulation 14 of RA Regulations and IA Regulations respectively shall be based on the following eligibility criteria:

2 · 1.The stock exchange recognised as RAASB/IAASB shall include in its Memorandum of Association, Articles of Association and bye-laws, requisite provisions to fulfil the role and responsibilities specified in para 3 below.

2 · 2.The stock exchange recognised as RAASB/IAASB shall maintain necessary infrastructure like adequate office space, equipment and manpower to effectively discharge the responsibilities of RAASB/ IAASB. Infrastructure may be shared with other group entities where required.

2 · 3.The stock exchange recognised as RAASB/IAASB shall put in place systems/ processes for maintaining database of RAs/IAs, sharing of information with SEBI and discharging the responsibilities of RAASB/ IAASB.

2 · 4.RAASB and IAASB shall constitute an internal committee to oversee the activities of administration and supervision of RAs and IAs. The committee shall periodically review the performance of the stock exchange as RAASB/ IAASB and make recommendations to SEBI. The constitution of the committee shall be as follows:

3 · Responsibilities of SEBI and RAASB/ IAASB:

3 · 1. The core functions relating to registration, enforcement action and disciplinary or penal action shall remain with SEBI and SEBI shall continue to register IAs and RAs as per the mandate given under the Securities and Exchange Board of India Act, 1992. The following functions as specified in the table below shall be performed concurrently by SEBI and RAASB or IAASB , as the case may be.

3 · Supervision of RAs/IAs

4 · Taking enforcement action suo moto or otherwise

5 · Taking disciplinary/ penal action including levying penalty on recommendation of proposed body

6 · Grievance redressal

4 · Enlistment of RAs/IAs with RAASB/IAASB:

4 · 1. Amendments have been made to RA/IA Regulations to provide for 'enlistment' of RAs/IAs with RAASB/IAASB in place of the earlier provision of 'membership' of RAs/IAs with RAASB/IAASB . Under the amended regulations, an applicant seeking registration as RA./IA shall be required to 'enlist' with RAASB/IAASB.

4 · 2. Further, in order to provide ease of doing business and to ensure smooth operationalization of RAASB and IAASB framework and to prevent disruption for existing RAs and IAs registered with SEBI, the following has been provided for:

38 · BASL -BSE Administration and Supervision Limited ("BASL") which was recognized as IAASB at that point of time

5 · Repeal and Savings with respect to erstwhile IAASB framework

5 · 1 Any action taken or purported to have been taken or any action that may be taken against any person in relation to the membership of IAASB recognised under regulation 14 of IA Regulations shall be deemed to have been done or taken or may be taken under the corresponding provisions of the amended IA regulations.

6 · Measures for promoting efficiency

6 · 1 To begin with, in order to ensure efficiency in the system and economies of scale, RAASB and IAASB shall be one and the same stock exchange.

6 · 2 In cases where a person has registration as both RA as well as IA, in the interest of efficiency, a single window clearance of various approvals shall

7 · Submission of Periodic Reports

7 · 1 Pursuant to operationalization of RAASB/ IAASB framework, all registered RAs/ IAs shall submit periodic reports to RAASB/ IAASB in the manner specified by SEBI.

8 · Monitoring of RAASB/IAASB

8 · 1 SEBI shall monitor RAASB and IAASB through periodical reports and inspection regarding administration and supervision of RAs and IAs.

1 · 1. The policy shall cover activities or the nature of activities that can be outsourced, the authorities who can approve outsourcing of such activities, and the selection of third party to whom it can be outsourced. For example,

1 · 2. The Board shall mandate a regular review of outsourcing policy for such activities in the wake of changing business environment. It shall also have overall responsibility for ensuring that all ongoing outsourcing decisions taken by the intermediary and the activities undertaken by the third-party, are in keeping with its outsourcing policy.

2 · 1. An intermediary shall make an assessment of outsourcing risk which depends on several factors, including the scope and materiality of the outsourced activity, etc. The factors that could help in considering materiality in a risk management programme include-

2 · 1.1. The impact of failure of a third party to adequately perform the activity on the financial, reputational and operational performance of the intermediary and on the investors / clients;

2 · 1.2. Ability of the intermediary to cope up with the work, in case of non performance or failure by a third party by having suitable back-up arrangements;

2 · 1.3. Regulatory status of the third party, including its fitness and probity status;

2 · 1.4. Situations involving conflict of interest between the intermediary and the third party and the measures put in place by the intermediary to address such potential conflicts, etc.

2 · 2. While there shall not be any prohibition on a group entity / associate of the intermediary to act as the third party, systems shall be put in place to have an arm's length distance between the intermediary and the third party in terms of infrastructure, manpower, decision-making, record keeping, etc. for avoidance of potential conflict of interests. Necessary disclosures in this regard shall be made as part of the contractual agreement. It shall be kept in mind that the risk management practices expected to be adopted by an intermediary while outsourcing to a related party or an associate would be identical to those followed while outsourcing to an unrelated party.

2 · 3. The records relating to all activities outsourced shall be preserved centrally so that the same is readily accessible for review by the Board of the intermediary and / or its senior management, as and when needed. Such records shall be regularly updated and may also form part of the corporate governance review by the management of the intermediary.

2 · 4. Regular reviews by internal or external auditors of the outsourcing policies, risk management system and requirements of the regulator shall be mandated by the Board wherever felt necessary. The intermediary shall review the financial and operational capabilities of the third party in order to assess its ability to continue to meet its outsourcing obligations.

3 · 1. The intermediary shall be fully liable and accountable for the activities that are being outsourced to the same extent as if the service were provided in -house.

3 · 2. Outsourcing arrangements shall not affect the rights of an investor or client

3 · 3. The facilities / premises / data that are involved in carrying out the outsourced activity by the service provider shall be deemed to be those of the registered intermediary. The intermediary itself and Regulator or the persons authorized by it shall have the right to access the same at any point of time.

3 · 4. Outsourcing arrangements shall not impair the ability of SEBI/SRO or auditors to exercise its regulatory responsibilities such as supervision/inspection of the intermediary.

4 · 1. It is important that the intermediary exercises due care, skill, and diligence in the selection of the third party to ensure that the third party has the ability and capacity to undertake the provision of the service effectively.

4 · 2. The due diligence undertaken by an intermediary shall include assessment of:

4 · 2.1. third party's resources and capabilities, including financial soundness, to perform the outsourcing work within the timelines fixed;

4 · 2.2. compatibility of the practices and systems of the third party with the intermediary's requirements and objectives;

4 · 2.3. market feedback of the prospective third party's business reputation and track record of their services rendered in the past;

4 · 2.4. level of concentration of the outsourced arrangements with a single third party; and

4 · 2.5. the environment of the foreign country where the third party is located.

5 · 1. Outsourcing arrangements shall be governed by a clearly defined and legally binding written contract between the intermediary and each of the third parties, the nature and detail of which shall be appropriate to the materiality of the outsourced activity in relation to the ongoing business of the intermediary.

5 · 2. Care shall be taken to ensure that the outsourcing contract:

5 · 2.1. clearly defines what activities are going to be outsourced, including appropriate service and performance levels;

5 · 2.2. provides for mutual rights, obligations and responsibilities of the intermediary and the third party, including indemnity by the parties;

5 · 2.3. provides for the liability of the third party to the intermediary for unsatisfactory performance/other breach of the contract

5 · 2.4. provides for the continuous monitoring and assessment by the intermediary of the third party so that any necessary corrective measures can be taken up immediately, i.e., the contract shall enable the intermediary to retain an appropriate level of control over the outsourcing and the right to intervene with appropriate measures to meet legal and regulatory obligations;

5 · 2.5. includes, where necessary, conditions of sub-contracting by the

5 · 2.6. has unambiguous confidentiality clauses to ensure protection of proprietary and customer data during the tenure of the contract and also after the expiry of the contract;

5 · 2.7. specifies the responsibilities of the third party with respect to the IT security and contingency plans, insurance cover, business continuity and disaster recovery plans, force majeure clause, etc.;

5 · 2.8. provides for preservation of the documents and data by third party;

5 · 2.9. provides for the mechanisms to resolve disputes arising from implementation of the outsourcing contract;

5 · 2.10. provides for termination of the contract, termination rights, transfer of information and exit strategies;

5 · 2.11. addresses additional issues arising from country risks and potential obstacles in exercising oversight and management of the arrangements when intermediary outsources its activities to foreign third party. For example, the contract shall include choiceof -law provisions and agreement covenants and jurisdictional covenants that provide for adjudication of disputes between the parties under the laws of a specific jurisdiction;

5 · 2.12. neither prevents nor impedes the intermediary from meeting its respective regulatory obligations, nor the regulator from exercising its regulatory powers; and

5 · 2.13. provides for the intermediary and /or the regulator or the persons authorized by it to have the ability to inspect, access all books, records and information relevant to the outsourced activity with the third party.

6 · 1. Specific contingency plans shall be separately developed for each outsourcing arrangement, as is done in individual business lines.

6 · 2. An intermediary shall take appropriate steps to assess and address the potential consequence of a business disruption or other problems at the third party level. Notably, it shall consider contingency plans at the third party; co-ordination of contingency plans at both the intermediary and the third party; and contingency plans of the intermediary in the event of nonperformance by the third party.

6 · 3. To ensure business continuity, robust information technology security is a necessity. A breakdown in the IT capacity may impair the ability of the intermediary to fulfill its obligations to other market participants/clients/regulators and could undermine the privacy interests of its customers, harm the intermediary's reputation, and may ultimately impact on its overall operational risk profile. Intermediaries shall, therefore, seek to ensure that third party maintains appropriate IT security and robust disaster recovery capabilities.

6 · 4. Periodic tests of the critical security procedures and systems and review of the backup facilities shall be undertaken by the intermediary to confirm the adequacy of the third party's systems.

7 · 1. An intermediary that engages in outsourcing is expected to take appropriate steps to protect its proprietary and confidential customer information and ensure that it is not misused or misappropriated.

7 · 2. The intermediary shall prevail upon the third party to ensure that the

7 · 3. In cases where the third party is providing similar services to multiple entities, the intermediary shall ensure that adequate care is taken by the third party to build safeguards for data security and confidentiality.