SEBI/HO/CFD/PoD -1/P/CIR/2023/157

1 · 1.The SEBI Intermediary Portal is available at https://siportal.sebi.gov.in for SEBI registered intermediaries including Merchant Bankers to submit registration applications online. SEBI Intermediary Portal includes online application for registration, processing of application, grant of final registration, application for surrender/cancellation, submission of periodical reports, requests for change of name/ address/ other details, etc. The link for SEBI Intermediary Portal is also available on SEBI website – www.sebi.gov.in.

1 · 2.All applications for registration / surrender / other requests are required to be made through SEBI Intermediary Portal only. The applicants are separately required to submit relevant documents viz. declarations / undertakings required as a part of application forms prescribed in relevant regulations, in physical form, only for records without impacting the online processing of applications for registration.

1 · 3.In case of any queries and clarifications with regard to the SEBI Intermediary Portal, Merchant Bankers may contact on 022-26449364 or may write at portalhelp@sebi.gov.in .

2 · 1.With effect from July 01, 1998, a merchant banker shall undertake only those activities which are relating to securities market and which do not require registration/granted exemption from registration as an NBFC from RBI. It is clarified that, in particular, a merchant banker may undertake the following activities:

2 · 1.1. Managing of Public Issue of Securities.

1 · SEBI Circular No. SEBI/HO/MIRSD/MIRSD1/CIR/P/2017/38 dated May 02, 2017

2 · SEBI RMB CIRCULAR NO. 1(98-99) dated June 05, 1998 and RMB CIRCULAR NO. 2(98-99) dated August 11, 1998

3 · SEBI RMB CIRCULAR NO. 1(98-99) dated June 05, 1998

2 · 1.2. Underwriting connected with the aforesaid Public Issue Management Business

2 · 1.3. Managing/advising on International Offerings of Debt/Equity i.e. GDR, ADR, bonds and other instruments

2 · 1.4. Private Placement of Securities

2 · 1.5. Primary or Satellite dealership of Government Securities

2 · 1.6. Corporate Advisory Services related to the Securities Market such as takeovers, acquisitions, disinvestment etc.

2 · 1.7. Stock -broking

2 · 1.8. Advisory services for projects

2 · 1.9. Syndication of rupee term loans

2 · 1.10.International Financial Advisory Services

2 · 2.Source of Funds: A merchant banker may raise money by way of issue of Secured Debentures/Secured Bonds/ICDs as a source of fund.

2 · 3.It is clarified that 4 -

2 · 3.1. A merchant banker can deploy its surplus funds to the extent of its net worth in securities.

2 · 3.2. Subject to the provisions of regulation 3 (2A) of the Merchant Bankers Regulations 1992, a merchant banker can carry on -

2 · 3.2.1.underwriting activities and can acquire securities as a part of underwriting commitment in case of devolvement and dispose it off subsequently. However, such a merchant banker is restricted to engage in the purchase and sale of same securities like an investment company.

2 · 3.2.2.Portfolio Management activities.

4 · RMB/CIRCULAR NO.4 (98-99) dated March 30, 1999

2 · 3.3. A merchant banker is not allowed to borrow funds from the market and engage in the acquisition and sale of securities.

3 · 1.With respect to regulation 6(c) of the Merchant Bankers Regulations 1992, it is clarified that SEBI may consider grant of certificate of registration to an applicant, notwithstanding that another entity in the same group has been previously granted registration by the Board, if the following conditions are fulfilled:

3 · 1.1. The entities are incorporated as separate legal entities.

3 · 1.2. The entities have independent Board of Directors. Independent Board of Directors for this purpose means that common directors should not be in majority in both the Boards.

3 · 1.3. There is absolute arm's length relationship with reference to their operations.

3 · 1.4. The key personnel and infrastructure are independently available for each entity.

3 · 1.5. Each entity has independent regulatory controls and supervisory mechanism

3 · 2.It is also clarified that when two entities in the same group are granted registration, any action by way of suspension or cancellation of registration taken by SEBI against one entity, may entail action under regulation 35 of the Merchant Bankers Regulations 1992 against other entities of the same group registered in terms of the said Regulations.

5 · RMB Circular No. 1 (2002-2003) dated September 17, 2002

4 · 1.Merchant Bankers shall designate e-mail IDs for (i) registration and redressal of investor complaints and (ii) regulatory communication with SEBI and shall inform to SEBI at mb@sebi.gov.in as per the format prescribed at Annexure I .

4 · 2.The aforesaid e -mail IDs shall be exclusively used for the above purposes and shall not be a person-centric e-mail ID .

5 · Prior approval for change in control 7

5 · 1.To streamline the process of obtaining approval for the proposed change in control of Merchant Bankers, the following procedure has been specified:

5 · 1.1. The intermediary shall make an online application to SEBI for prior approval through the SEBI Intermediary Portal ('SI Portal') (https://siportal.sebi.gov.in).

5 · 1.2. The online application in SI portal shall be accompanied by the following information / declaration / undertaking about itself, the acquirer(s) / the person(s) who shall have the control and the directors / partners of the acquirer(s) / the person(s) who shall have the control:

5 · 1.2.1.Current and proposed shareholding pattern of the intermediary.

5 · 1.2.2.Whether any application was made in the past to SEBI seeking registration in any capacity but was not granted? If yes, details thereof.

5 · 1.2.3.Whether any action has been initiated/taken under Securities Contracts (Regulation) Act, 1956 (SCRA) / Securities and Exchange Board of India Act, 1992 (SEBI Act) or rules and

6 · SEBI Circular No. MIRSD/DPS III/Cir -01/07 dated January 22, 2007 and SEBI Circular No. MIRSD/ DPSIII/ Cir-24/ 08 dated July 25, 2008

7 · SEBI Circular No. SEBI/HO/CFD/PoD -2/P/CIR/2023/141 dated August 10, 2023

5 · 1.2.4.Whether any investor complaint is pending? If yes, steps taken and confirmation that the acquirer(s) / the person(s) who shall have the control shall resolve the same.

5 · 1.2.5.Details of litigation(s), if any.

5 · 1.2.6.Confirmation that all the fees due to SEBI have been paid.

5 · 1.2.7.Declaration cum undertaking of the intermediary and the acquirer(s) / the person(s) who shall have the control (in a format enclosed at Annexure II), duly stamped and signed by their authorized signatories that:

5 · 1.2.8.In case the incumbent intermediary is a registered stock broker, clearing member, depository participant, in addition to the above, it shall obtain approval / NOC from all the stock exchanges / clearing corporations / depositories, where the incumbent is a member/depository participant and submit self-attested copy of the same to SEBI.

5 · 1.3. Subject to other appropriate sectoral regulator's approval with regard to change in control, the prior approval granted by SEBI shall be valid for a period of six months from the date of SEBI's approval within which the applicant shall file application for fresh registration pursuant to change in control.

5 · 2.To streamline the process of providing approval to the proposed change in control of an intermediary in matters which involve scheme(s) of arrangement which needs sanction of the National Company Law Tribunal ("NCLT") in terms of the provisions of the Companies Act, 2013, the following has been decided:

5 · 2.1. The application for approval of the proposed change in control of the intermediary shall be filed with SEBI prior to filing the application with NCLT.

5 · 2.2. Upon being satisfied with compliance of the applicable regulatory requirements, an in-principle approval will be granted by SEBI;

5 · 2.3. The validity of such in-principle approval shall be three months from the date of issuance, within which the relevant application shall be made to NCLT.

5 · 2.4. Within 15 days from the date of order of NCLT, the intermediary shall submit an online application in terms of paragraph 3 of this circular along with the following documents to SEBI for final approval:

5 · 2.4.1.Copy of the NCLT Order approving the scheme;

5 · 2.4.2.Copy of the approved scheme;

5 · 2.4.3.Statement explaining modifications, if any, in the approved scheme vis -à -vis the draft scheme and the reasons for the same; and

5 · 2.4.4.Details of compliance with the conditions/ observations, if any, mentioned in the in -principle approval provided by SEBI.

5 · 3.With respect to transfer of shareholdings among immediate relatives and transmission of shareholdings and their effect on change in control, the

5 · 3.1. Transfer /transmission of shareholding in case of unlisted Merchant Bankers: In following scenarios, change in shareholding of the Merchant Bankers will not be construed as change in control:

5 · 3.1.1.Transfer of shareholding among immediate relatives shall not result into change in control. Immediate relative shall be construed as defined under Regulation 2(l) of the SAST Regulations, which inter-alia includes any spouse of that person, or any parent, brother, sister or child of the person or of the spouse.

5 · 3.1.2.Transfer of shareholding by way of transmission to immediate relative or not, shall not result into change in control.

5 · 3.1.3.Incoming entities/shareholders becoming part of controlling interest in the Merchant Bankers pursuant to transfer of shares from immediate relative / transmission of shares (immediate relative or not), need to satisfy the fit and proper person criteria stipulated in Schedule II to the Securities and Exchange Board of India (Intermediaries) Regulations, 2008.

6 · Transfer of business by SEBI registered intermediaries to other legal entity 9

6 · 1.In respect of the registration applications pursuant to transfer of business (SEBI regulated business activity) from one legal entity, which is a SEBI registered Intermediary (transferor), to other legal entity (transferee), the following is clarified:

6 · 1.1. The transferee shall obtain fresh registration from SEBI in the same capacity before the transfer of business if it is not registered with SEBI in the same capacity. SEBI shall issue new registration number to transferee different from transferor's registration number in the following scenario: "Business is transferred through regulatory process (pursuant to merger / amalgamation / corporate restructuring by way of order of

8 · SEBI/HO/MIRSD/DOR/CIR/P/2021/42 dated March 25 , 2021

9 · SEBI/HO/MIRSD/DOR/CIR/P/2021/46 dated March 26, 2021

6 · 2.In case of change in control pursuant to both regulatory process and nonregulatory process, prior approval and fresh registration shall be obtained. While granting fresh registration to the same legal entity pursuant to change in control, same registration number shall be retained.

6 · 3.If the transferor ceases to exist, its certificate of registration shall be surrendered.

6 · 4.In case of complete transfer of business by transferor, it shall surrender its certificate of registration.

6 · 5.In case of partial transfer of business by transferor, it can continue to hold its certificate of registration.

7 · Regulatory Compliance and Periodic Reporting 10

7 · 1.The Merchant Bankers are required to submit half-yearly reports to SEBI in electronic form only by e-mail within three months from the expiry of the half year. The format of the report is specified in Annexure III .

7 · 2.The Boards of Merchant Bankers shall, review the above half-yearly reports and record its observations on (i) the deficiencies and non-compliances; (ii) corrective measures initiated to avoid such instances in future; (iii) pre-issue and post-issue due diligence process followed and whether they are satisfied; and (iv) track record of past issues managed.

7 · 3.The compliance officer shall certify the above half-yearly reports and shall submit such reports to SEBI. Such reports shall be submitted in two files– one file in pdf format and the other in excel format.

7 · 4.The pdf/excel files containing the half-yearly report is required to be sent to email ID mb@sebi.gov.in with the subject/title "Half-yearly report submitted by AAA for the half -year ended XXX YYYY" where AAA represents the name of the Merchant Banker, XXX represents the month at the end of the half-year and YYYY represents the year. Also, the attached pdf/excel file containing the half yearly report shall bear the name of the Merchant Banker, the periodicity of the report as well as the month at the end of the half-year and the corresponding year. For example, if a Merchant Banker ABC Limited submits the report for the half year ended September, 2008, the report submitted to mb@sebi.gov.in shall bear the subject/title - "Half-yearly report submitted by ABC Limited for the halfyear ended September 2008" and the attached pdf/excel file shall bear the name "ABCLimitedhalfyearlySeptember2008".

7 · 5.The merchant bankers are also required to report the following change(s) to SEBI through the half-yearly reports: 11

10 · SEBI Cir. No. MIRSD/DPS -2/MB/Cir -16/2008 dated May 06, 2008 and SEBI Circular No. CIR/MIRSD/6/2012 dated May 14, 2012

11 · SEBI Circular No. CIR/MIRSD/7/2011 dated June 17, 2011

7 · 5.1. Amalgamation, demerger, consolidation or any other kind of corporate restructuring falling within the scope of section 230 of the Companies Act, 2013 or the corresponding provision of any other law for the time being in force;

7 · 5.2. Change in Director, including managing director/ whole-time director;

7 · 5.3. Change in shareholding not resulting in change in control.

8 · 1.In order to enable investors to understand the level of due diligence exercised by the merchant bankers in managing public issues, the merchant bankers are required to disclose the track record of the performance of the public issues managed by them. The track record is required to be disclosed for a period of three financial years from the date of listing for each public issue managed by the merchant banker. The format for disclosure of track records is given in the Annexure IV .

8 · 2.The track record shall be disclosed on the website of the merchant banker and a reference to this effect shall be made in the offer documents of public issues managed in the future. In case more than one merchant banker is associated with a public issue, all merchant bankers who have signed the due diligence certificate, as disclosed in the offer document, shall disclose the track record.

9 · 1.With a view to provide investors an idea about the various activities pertaining to primary market issuances as well as exit options like Takeovers, Buybacks or Delistings at one single place, an Investor Charter was developed.

9 · 2.All the registered merchant bankers shall disclose on their website, Investor Charter for each of the following categories, as provided at Annexure V to this circular –

12 · SEBI Circular No. CIR/MIRSD/1/2012 dated January 10, 2012

13 · SEBI/HO/CFD/DCR2/P/CIR/2021/0661 dated November 23, 2021

9 · 2.1. Initial Public Offer (IPO) and Further Public Offer (FPO) including Offer for Sale (OFS);

9 · 2.2. Rights Issue;

9 · 2.3. Qualified Institutions Placement (QIP);

9 · 2.4. Preferential Issue;

9 · 2.5. SME IPO and FPO including OFS;

9 · 2.6. Buyback of Securities;

9 · 2.7. Delisting of Equity Shares;

9 · 2.8. Substantial Acquisitions of Shares and Takeovers.

9 · 3.Additionally, in order to bring about transparency in the Investor Grievance Redressal Mechanism, all the registered Merchant Bankers shall disclose on their respective websites, the data on complaints received against them or against issues dealt by them and redressal thereof, on each of the aforesaid categories separately as well as collectively, latest by 7th of succeeding month, as per the format enclosed at Annexure VI to this circular.

10 · Advisory for Financial Sector Organizations regarding Software as a Service (SaaS) based solutions 14

10 · 1.Ministry of Electronics & Information Technology, Govt. of India (MoE&IT), had informed SEBI that the financial sector institutions avails or may avail Software as a Service (SaaS) based solution for managing their Governance, Risk & Compliance (GRC) functions so as to improve their cyber Security Posture. As observed by MoE&IT, though SaaS may provide ease of doing business and quick turnaround, but it may bring significant risk to health of financial sector as many a time risk and compliance data of the institution moves beyond the legal and jurisdictional boundary of India due to nature of shared cloud SaaS, thereby posing risk to the data safety and security.

10 · 2.In this regard, Indian Computer Emergency Response Team (CERT-in) had issued an advisory for Financial Sector organizations. The advisory had been

14 · SEBI/HO/MIRSD2/DOR/CIR/P/2020/221 dated November 03, 2020

10 · 3.Merchant Bankers are advised to ensure complete protection and seamless control over the critical systems at their organizations by continuous monitoring through direct control and supervision protocol mechanisms while keeping the critical data within the legal boundary of India.

10 · 4.The compliance of the advisory shall be reported in the half-yearly report to SEBI with an undertaking stating the following: "Compliance of the SEBI circular for Advisory for Financial Sector Organizations regarding Software as a Service (SaaS) based solutions has been made."

11 · Processing of Investor Complaints in SEBI Complaints Redress System (SCORES) 15

11 · 1.SEBI launched a centralized web based complaints redress system 'SCORES' in June 2011.

11 · 2.Merchant Bankers shall comply with the requirements laid down vide Master Circular No. SEBI/HO/OIAE/IGRD/P/CIR/2022/0150 dated November 7, 2022, as applicable and as amended from time to time.

11 · 3.As an additional measure and for information of all investors who deal/ invest/ transact in the market, the offices of Merchant Bankers shall display information as provided in Annexure VIII . 16

12 · Prevention of circulation of unauthenticated news by SEBI Registered Market Intermediaries through various modes of communication 17

12 · 1.As market rumours can do considerable damage to the normal functioning and behavior of the market and distort price recovery mechanisms, the Merchant Bankers are directed that:

12 · 1.1.Proper internal code of conduct and controls should be put in place.

12 · 1.2.Employees/temporary staff/voluntary workers etc. employed/working in the Offices of merchant bankers do not encourage or circulate rumours or unverified information obtained from client, industry, any trade or any other sources without verification.

12 · 1.3.Access to Blogs/Chat forums/Messenger sites etc. should either be restricted under supervision or access should not be allowed.

12 · 1.4.Logs for any usage of such Blogs/Chat forums/Messenger sites (called by any nomenclature) shall be treated as records and the same should

15 · CIR/MIRSD/17/2011 dated August 24, 2011

16 · CIR/MIRSD/3/2014 dated August 28, 2014

17 · SEBI Circulars No Cir/ ISD/1/2011 dated March 23, 2011 and Cir/ ISD/2/2011 dated March 24, 2011

12 · 1.5.Employees should be directed that any market related news received by them either in their official mail/personal mail/blog or in any other manner, should be forwarded only after the same has been seen and approved by the Compliance Officer of the merchant banker. If an employee fails to do so, he/she shall be deemed to have violated the various provisions contained in the SEBI Act/Rules/Regulations etc. and shall be liable for action. The Compliance Officer shall also be held liable for breach of duty in this regard.

13 · Guidelines on Outsourcing of Activities by Merchant Bankers 18

13 · 1.SEBI Regulations for various intermediaries require that they shall render at all times high standards of service and exercise due diligence and ensure proper care in their operations.

13 · 2.It has been observed that often the Merchant Bankers resort to outsourcing with a view to reduce costs, and at times, for strategic reasons.

13 · 3.Outsourcing may be defined as the use of one or more than one third party – either within or outside the group by a merchant banker to perform the activities associated with services which the merchant banker offers.

13 · 4.Principles for Outsourcing - The risks associated with outsourcing may be operational risk, reputational risk, legal risk, country risk, strategic risk, exitstrategy risk, counter party risk, concentration and systemic risk. The principles for outsourcing are given at Annexure IX which shall be followed by the merchant bankers.

13 · 5.Activities that are not to be Outsourced -The merchant bankers desirous of outsourcing their activities shall not, however, outsource their core business activities and compliance functions. In respect of Know Your Client (KYC) requirements, the merchant bankers are required to comply with the provisions of Securities and Exchange Board of India {KYC (Know Your Client)

18 · SEBI Circular No. CIR/MIRSD/24/2011 dated December 15, 2011

13 · 6.Reporting to Financial Intelligence Unit (FIU) – The merchant bankers are responsible for reporting of any suspicious transactions / reports to FIU or any other competent authority in respect of activities carried out by the third parties.

14 · General Guidelines for dealing with conflicts of interest of merchant bankers and their associated persons in Securities Market 19

14 · 1.Merchant Bankers and their associated persons shall abide by the following guidelines for avoidance of conflict of interest:

14 · 1.1.lay down, with active involvement of senior management, policies and internal procedures to identify and avoid or to deal or manage actual or potential conflict of interest, develop an internal code of conduct governing operations and formulate standards of appropriate conduct in the performance of their activities, and ensure to communicate such policies, procedures and code to all concerned;

14 · 1.2.at all times maintain high standards of integrity in the conduct of their business;

14 · 1.3.ensure fair treatment of their clients and not discriminate amongst them;

14 · 1.4.ensure that their personal interests do not, at any time, conflict with their duty to their clients and client's interest always takes primacy in their advice, investment decisions and transactions;

14 · 1.5.make appropriate disclosure to the clients of possible source or potential areas of conflict of interest which would impair their ability to render fair, objective and unbiased services;

14 · 1.6.endeavor to reduce opportunities for conflict through prescriptive measures such as through information barriers to block or hinder the flow of information from one department/ unit to another, etc.;

19 · SEBI Circular No. CIR/MIRSD/5/2013 dated August 27, 2013

14 · 1.7.place appropriate restrictions on transactions in securities while handling a mandate of issuer or client in respect of such security so as to avoid any conflict;

14 · 1.8.not deal in securities while in possession of material non published information;

14 · 1.9.not to communicate the material non published information while dealing in securities on behalf of others;

14 · 1.10. not in any way contribute to manipulate the demand for or supply of securities in the market or to influence prices of securities;

14 · 1.11. not have an incentive structure that encourages sale of products not suiting the risk profile of their clients;

14 · 1.12. not share information received from clients or pertaining to them, obtained as a result of their dealings, for their personal interest.

14 · 2.For the purpose of above guidelines "associated persons" shall have the same meaning as defined in the Securities and Exchange Board of India (Certification of Associated Persons in the Securities Markets) Regulations, 2007.

14 · 3.The Boards of merchant bankers shall put in place systems for implementation of the above guidelines and provide necessary guidance enabling identification, elimination or management of conflict of interest situations and shall periodically review the compliance of the aforesaid guidelines.

12 · Price -related data

14 · Any other material information

10 · Ensure listing and commencement of trading within six working days of the offer closing date

11 · Publish details of subscription, basis of allotment, date of credit of specified securities and date of filing of listing application, etc. in newspapers within ten days from the date of completion of each activity.

1 · 1. The policy shall cover activities or the nature of activities that can be outsourced, the authorities who can approve outsourcing of such activities, and the selection of third party to whom it can be outsourced. For example, an activity shall not be outsourced if it would impair the supervisory authority's right to assess, or its ability to supervise the business of the merchant banker. The policy shall be based on an evaluation of risk concentrations, limits on the acceptable overall level of outsourced activities, risks arising from outsourcing multiple activities to the same entity, etc.

1 · 2. The Board shall mandate a regular review of outsourcing policy for such activities in the wake of changing business environment. It shall also have overall responsibility for ensuring that all ongoing outsourcing decisions taken by the merchant banker and the activities undertaken by the third party, are in keeping with its outsourcing policy.

2 · 1. A merchant banker shall make an assessment of outsourcing risk which depends on several factors, including the scope and materiality of the outsourced activity, etc. The factors that could help in considering materiality in a risk management program include -

2 · 1.1. The impact of failure of a third party to adequately perform the activity on the financial, reputational and operational performance of the merchant banker and on the investors / clients;

2 · 1.2. Ability of the merchant banker to cope up with the work, in case of nonperformance or failure by a third party by having suitable back-up arrangements;

2 · 1.3. Regulatory status of the third party, including its fitness and probity status;

2 · 1.4. Situations involving conflict of interest between the merchant banker and the third party and the measures put in place by the merchant banker to address such potential conflicts, etc.

2 · 2. While there shall not be any prohibition on a group entity / associate of the merchant banker to act as the third party, systems shall be put in place to have an arm's length distance between the merchant banker and the third party in terms of infrastructure, manpower, decision-making, record keeping, etc. for avoidance of potential conflict of interests. Necessary disclosures in this regard shall be made as part of the contractual agreement. It shall be kept in mind that the risk management practices expected to be adopted by a merchant banker while outsourcing to a related party or an associate would be identical to those followed while outsourcing to an unrelated party.

2 · 3. The records relating to all activities outsourced shall be preserved centrally so that the same is readily accessible for review by the Board of the merchant banker and / or its senior management, as and when needed. Such records shall be regularly updated and may also form part of the corporate governance review by the management of the merchant banker .

2 · 4. Regular reviews by internal or external auditors of the outsourcing policies, risk management system and requirements of the regulator shall be mandated by the Board wherever felt necessary. Merchant banker shall review the financial and operational capabilities of the third party in order to assess its ability to continue to meet its outsourcing obligations.

3 · 1. The merchant banker shall be fully liable and accountable for the activities that are being outsourced to the same extent as if the service were provided in-house.

3 · 2. Outsourcing arrangements shall not affect the rights of an investor or client against the merchant banker in any manner. The merchant banker shall be liable to the investors for the loss incurred by them due to the failure of the third party and also be

3 · 3. The facilities / premises / data that are involved in carrying out the outsourced

3 · 4. Outsourcing arrangements shall not impair the ability of SEBI/SRO or auditors to exercise its regulatory responsibilities such as supervision/inspection of the merchant banker .

4 · 1. It is important that the merchant banker exercise due care, skill, and diligence in the selection of the third party to ensure that the third party has the ability and capacity to undertake the provision of the service effectively.

4 · 2. The due diligence undertaken by a merchant banker shall include assessment of:

4 · 2.1. third party's resources and capabilities, including financial soundness, to perform the outsourcing work within the timelines fixed;

4 · 2.2. compatibility of the practices and systems of the third party with the intermediary's requirements and objectives;

4 · 2.3. market feedback of the prospective third party's business reputation and track record of their services rendered in the past;

4 · 2.4. level of concentration of the outsourced arrangements with a single third party; and

4 · 2.5.the environment of the foreign country where the third party is located.

5 · 1. Outsourcing arrangements shall be governed by a clearly defined and legally binding written contract between the intermediary and each of the third parties, the nature and detail of which shall be appropriate to the materiality of the outsourced activity in relation to the ongoing business of the intermediary.

5 · 2. Care shall be taken to ensure that the outsourcing contract:

5 · 2.1. clearly defines what activities are going to be outsourced, including appropriate service and performance levels;

5 · 2.2. provides for mutual rights, obligations and responsibilities of the intermediary and the third party, including indemnity by the parties;

5 · 2.3. provides for the liability of the third party to the intermediary for unsatisfactory performance/other breach of the contract

5 · 2.4. provides for the continuous monitoring and assessment by the intermediary of the third party so that any necessary corrective measures can be taken up immediately, i.e., the contract shall enable the intermediary to retain an appropriate level of control over the outsourcing and the right to intervene with appropriate measures to meet legal and regulatory obligations;

5 · 2.5. includes, where necessary, conditions of sub-contracting by the third-party, i.e. the contract shall enable intermediary to maintain a similar control over the risks when a third party outsources to further third parties as in the original direct outsourcing;

5 · 2.6. has unambiguous confidentiality clauses to ensure protection of proprietary and customer data during the tenure of the contract and also after the expiry of the contract;

5 · 2.7. specifies the responsibilities of the third party with respect to the IT security and contingency plans, insurance cover, business continuity and disaster recovery plans, force majeure clause, etc.;

5 · 2.8. provides for preservation of the documents and data by third party;

5 · 2.9. provides for the mechanisms to resolve disputes arising from implementation of the outsourcing contract;

5 · 2.10. provides for termination of the contract, termination rights, transfer of information and exit strategies;

5 · 2.11. addresses additional issues arising from country risks and potential obstacles in exercising oversight and management of the arrangements when intermediary outsources its activities to foreign third party. For example, the contract shall include choice -of -law provisions and agreement covenants and jurisdictional covenants that provide for adjudication of disputes between the parties under the laws of a specific jurisdiction;

5 · 2.12. neither prevents nor impedes the intermediary from meeting its respective regulatory obligations, nor the regulator from exercising its regulatory powers; and

5 · 2.13. provides for the intermediary and /or the regulator or the persons authorized by it to have the ability to inspect, access all books, records and information relevant to the outsourced activity with the third party.

6 · 1. Specific contingency plans shall be separately developed for each outsourcing arrangement, as is done in individual business lines.

6 · 2. A merchant banker shall take appropriate steps to assess and address the potential consequence of a business disruption or other problems at the third party level. Notably, it shall consider contingency plans at the third party; co-ordination of contingency plans at both the merchant banker and the third party; and contingency plans of the merchant banker in the event of non-performance by the third party.

6 · 3. To ensure business continuity, robust information technology security is a necessity. A breakdown in the IT capacity may impair the ability of the merchant banker to fulfill its obligations to other market participants/clients/regulators and could undermine the privacy interests of its customers, harm the merchant banker's reputation, and may ultimately impact on its overall operational risk profile. Merchant banker shall, therefore, seek to ensure that third party maintains appropriate IT security and robust disaster recovery capabilities.

6 · 4. Periodic tests of the critical security procedures and systems and review of the backup facilities shall be undertaken by the merchant banker to confirm the adequacy of the third party's systems.

7 · 1. A merchant banker that engages in outsourcing is expected to take appropriate steps to protect its proprietary and confidential customer information and ensure that it is not misused or misappropriated.

7 · 2. The merchant banker shall prevail upon the third party to ensure that the employees of the third party have limited access to the data handled and only on a "need to know" basis and the third party shall have adequate checks and balances to ensure the same.

7 · 3. In cases where the third party is providing similar services to multiple entities, the merchant banker shall ensure that adequate care is taken by the third party to build safeguards for data security and confidentiality.