SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2024/49 May 21, 2024

1 · Procedural Guidelines for Proxy Advisors 1

1 · 1 Regulation 24(2) read with regulation 23(1) of the Securities and Exchange Board of India (Research Analyst) Regulations, 2014 ('the Regulations') mandates proxy advisors to abide by Code of Conduct specified therein. It is decided that proxy advisors shall also comply with the following procedural guidelines:

1 · Reference: Circular No. SEBI/HO/IMD/DF1/CIR/P/2020/147 dated August 03, 2020

2 · Reference: Circular No. SEBI/HO/IMD/DF1/CIR/P/2020/256 dated December 31, 2020.

1 · 2 The provisions of Clause 1.1(c) and 1.1(e) became applicable with effect from February 01, 2021. 3 All other provisions of clause 1.1 became applicable with effect from January 01, 2021. 4

3 · Reference: Circular No. SEBI/HO/IMD/DF1/CIR/P/2020/157 dated August 27, 2020 and Circular No. SEBI/HO/IMD/DF1/CIR/P/2020/256 dated December 31, 2020

4 · Reference: Circular No. SEBI/HO/IMD/DF1/CIR/P/2020/157 dated August 27, 2020.

2 · 1. In terms of Regulation 38A of the 'SECC Regulations' 6 notified on April 26, 2024, a recognised Stock Exchange may undertake the activities of administration and supervision over specified intermediaries on such terms and conditions and to such an extent as may be specified. Accordingly, Stock Exchange shall now be recognised as RAASB 7 and IAASB8 under Regulation 14 of the 'RA Regulations' 9 and 'IA Regulations' 10 for administration and supervision of Research Analysts ('RAs') and Investment Advisers ('IAs') respectively. The detailed framework for RAASB and IAASB is specified in Annexure F.

2 · 2. As per clause (xi) of Regulation 6 of RA Regulations and clause (n) of Regulation 6 of IA Regulations, an applicant seeking registration as RA and IA is required to be enlisted with RAASB and IAASB respectively. The provisions governing enlistment including enlistment of existing RAs/IAs and of applicants whose registration applications are under process as on the effective date of this circular are specified in the enclosed framework at Annexure F .

2 · 3. Based on fulfillment of the criteria specified in Annexure F, a stock exchange

5 · Reference: Circular No. SEBI/HO/MIRSD/MIRSD-SEC-3/P/CIR/2024/34 dated May 2, 2024

6 · SECC Regulations- Securities Contracts (Regulation) (Stock Exchanges and Clearing Corporations) Regulations, 2018

7 · RAASB- Research Analyst Administration and Supervisory Body

8 · IAASB- Investment Adviser Administration and Supervisory Body

9 · RA Regulations- SEBI (Research Analysts) Regulations, 2014

10 · IA Regulations- SEBI (Investment Advisers) Regulations, 2013

2 · 4. The above provisions of clause 2 as well as provisions contained in Annexure F shall become effective on July 25, 2024 (ninetieth day from the date of publication in the Official Gazette of the amendments to RA Regulations made vide the SEBI (Research Analysts) (Amendment) Regulations, 2024 and the amendments to IA Regulations made vide the SEBI (Investment Advisers) (Amendment) Regulations, 2024).

3 · 1. Regulation 4(2)(a) of the Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) Regulations, 2015 ('LODR Regulations') casts certain obligations on listed entities to protect and facilitate the exercise of the rights of shareholders, including:

11 · Reference: Circular No. SEBI/HO/CFD/CMD1/CIR/P/2020/119 dated August 04, 2020

3 · 2. Proxy advisors, over the past few years, have played a key role in enabling shareholders to effectively participate in corporate governance decisions and thus, furthering the achievement of the above objectives. Proxy advisors provide advice to institutional investors / shareholders of a listed entity, in relation to exercise of their rights in the company including voting recommendation on agenda items. However, due to the inherent nature of the work, it is probable that proxy advisors and listed entities may have different views on any agenda item of the listed entity leading to grievances.

3 · 3. In order to facilitate resolution of such grievances of listed entities against SEBI registered proxy advisors, the listed entities may approach SEBI. SEBI will examine the matter for non-compliance by proxy advisors with the provisions of the Code of Conduct under regulation 24(2) read with regulation 23(1) of the Regulations and the procedural guidelines for proxy advisors as mentioned at clause 1.1.

3 · 4. The provisions under this clause became applicable with effect from January 01, 2021.12

4 · 1. SEBI has been taking various measures to create awareness among investors about grievance mechanisms available to them through workshops as well as through print and electronic media.

12 · Reference: Circular No. SEBI/HO/CFD/CMD1/CIR/P/2020/159 dated August 27, 2020.

13 · Reference: Circular No. CIR/MIRSD/3/2014 dated August 28, 2014, SEBI/HO/OIAE/IGRD/P/CIR/2022/0150 dated November 07, 2022, SEBI/HO/OIAE/IGRD/CIR/P/2023/156 dated September 20, 2023 and SEBI/HO/OIAE/OIAE_IAD-3/P/CIR/2023/195 dated July 31, 2023 (updated as on December 28, 2023)

4 · 2. As an additional measure and for information of all investors who deal/ invest/ transact in the market, the research analysts shall prominently display in their offices the following information about the grievance redressal mechanism available to investors.

4 · 3. Research analysts are also advised to refer to the following circulars on the redressal of investor grievances through the SEBI Complaints Redressal System (SCORES) platform and Online Dispute Resolution (ODR) Platform.

5 · 1. In order to facilitate investor awareness about various activities which an investor deals with while availing the services provided by research analysts, SEBI has developed an Investor Charter for Research Analysts. This Charter is a brief document containing details of services provided to investors, their rights, dos and don'ts, responsibilities, investor grievance handling mechanism and estimated timelines thereof etc., at one single place, in a lucid language, for ease of reference.

5 · 2. All registered Research Analysts are advised to bring to the notice of their clients the Investor Charter as provided at Annexure A by prominently displaying on their websites and mobile applications. Research Analysts not

14 · Reference: Circular No. SEBI/HO/IMD/IMD-II CIS/P/CIR/2021/0685 dated December 13, 2021

5 · 3. Additionally, in order to enhance transparency in grievance redressal, Research Analyst (RA) shall disclose on their websites/mobile applications, all complaints including SCORES complaints received by them in the format mentioned in Annexure B on a monthly basis. The information shall be made available by 07th of the succeeding month. Research Analysts not having websites/mobile applications shall send status of Investor Complaints to the investors on their registered email on a monthly basis.

5 · 4. Further, Research Analysts are advised to display link/option to lodge complaint with them directly on their websites and mobile apps. Additionally, link to SCORES website/ link to download mobile app (SEBI SCORES) may also be provided.

5 · 5. The disclosure requirements under this clause came into effect from January 01, 2022.

6 · Advisory for Financial Sector Organizations regarding Software as a Service (SaaS) based solutions 15

5 · 1 Ministry of Electronics & Information Technology, Govt. of India ('MEITy'), has informed SEBI that the financial sector institutions are availing or thinking of availing Software as a Service (SaaS) based solution for managing their Governance, Risk & Compliance (GRC) functions so as to improve their cyber Security Posture. As observed by MEITy, though SaaS

15 · Reference: Circular No. SEBI/HO/MIRSD2/DOR/CIR/P/2020/221 dated November 03, 2020

5 · 2 In this regard, Indian Computer Emergency Response Team (CERT-in) has issued an advisory for Financial Sector organizations. The advisory has been forwarded to SEBI for bringing the same to the notice of financial sector organization. The advisory can be viewed at Annexure C .

5 · 3 It is advised to ensure complete protection and seamless control over the critical systems at your organizations by continuous monitoring through direct control and supervision protocol mechanisms while keeping the critical data within the legal boundary of India.

5 · 4 The compliance of the advisory shall be reported half yearly by research analysts to SEBI with an undertaking, "Compliance of the SEBI circular for Advisory for Financial Sector Organizations regarding Software as a Service (SaaS) based solutions has been made."

7 · Procedure for seeking prior approval for change in control 16

6 · 1 Regulation 24(3) of the Regulations provide that research analyst or research entity shall obtain prior approval of SEBI in case of change in control.

16 · Reference: Circular No. SEBI/HO/MIRSD/ MIRSD-PoD-2/P/CIR/2022/163 dated November 28, 2022

6 · 2 To streamline the process of providing approval to the proposed change in control of research analyst or research entity (hereinafter referred as intermediary or applicant), it has been decided as under:

6 · 3 To streamline the process of providing approval to the proposed change in control of an intermediary in matters which involve scheme(s) of arrangement which needs sanction of the National Company Law Tribunal

8 · 1. Research Analysts shall ensure compliance with the advertisement code as prescribed below:

17 · Reference: Circular Nos. SEBI/HO/MIRSD/ MIRSD-PoD-2/P/CIR/2023/51 dated April 05, 2023 and SEBI/HO/MIRSD/ MIRSD-PoD-2/P/CIR/2023/52 dated April 06, 2023

8 · 2. In order to ensure the transparency in usage of brand name/trade name/logo, RA shall ensure that:

8 · 3. The aforesaid provisions on advertisement code and usage of brand name/ trade name became applicable with effect from May 01, 2023.

9 · Unauthenticated news circulated by SEBI Registered Market Intermediaries through various modes of communication 18

9 · 1. Due to lack of proper internal controls and poor training, employees of intermediaries are sometimes not aware of the damage which can be caused by circulation of unauthenticated news or rumours. It is a well established fact that market rumours can do considerable damage to the normal functioning and behaviour of the market and distort the price discovery mechanisms.

9 · 2. In view of the above facts, SEBI Registered Market Intermediaries are directed that:

18 · Reference: Circular No. CIR/ISD/1/2011 dated March 23, 2011

10 · Guidelines on Outsourcing of Activities by Intermediaries 20

10 · 1. SEBI Regulations for various intermediaries require that they shall render at all times high standards of service and exercise due diligence and ensure proper care in their operations.

10 · 2. It has been observed that often the intermediaries resort to outsourcing with a view to reduce costs, and at times, for strategic reasons.

19 · Circular No. CIR/ISD/2/2011 dated March 24, 2011.

20 · Circular No. CIR/MIRSD/24/2011 dated December 15, 2011.

10 · 3. Outsourcing may be defined as the use of one or more than one third party – either within or outside the group - by a registered intermediary to perform the activities associated with services which the intermediary offers.

10 · 4. Principles for Outsourcing

10 · 5. Activities that shall not be Outsourced:

10 · 6. Other Obligations:

11 · Framework for Regulatory Sandbox 21

11 · 1. The Objective of Regulatory Sandbox is to grant certain facilities and flexibilities to the entities regulated by SEBI so that they can experiment with FinTech solutions in a live environment and on limited set of real users for a limited time frame.

11 · 2. The guidelines pertaining to the functioning of the Regulatory Sandbox are provided vide SEBI Circular No. SEBI/HO/ITD/ITD/CIR/P/2021/575 dated June 14, 2021 and SEBI/HO/MIRSD/MIRSD_IT/P/CIR/2021/0000000658 dated November 16, 2021 which are available at the link below:

12 · General Guidelines for dealing with Conflicts of Interest of intermediaries and their Associated Persons in Securities Market.22

12 · 1. All intermediaries are presently governed by the provisions for avoidance of conflict of interest as mandated in the regulations read with relevant circulars issued from time to time by SEBI. On the lines of Principle 8 of the International Organisation of Securities Commissions (IOSCO) Objectives and Principles of Securities Regulations, it has been decided to put in place comprehensive guidelines to collectively cover such intermediaries, for elimination of their conflict of interest, as detailed hereunder.

12 · 2. Intermediaries shall adhere to these guidelines for avoiding or dealing with or managing conflict of interest. They shall be responsible for educating their

21 · Reference: Circular No. SEBI/HO/ITD/ITD/CIR/P/2021/575 dated June 14, 2021 and SEBI/HO/MIRSD/MIRSD_IT/P/CIR/2021/0000000658 dated November 16, 2021

22 · Reference: Circular CIR/MIRSD/5/2013 dated August 27, 2013.

12 · 3. For the purpose of these guidelines "associated persons" shall have the same meaning as defined in Securities and Exchange Board of India (Certification of Associated Persons in the Securities Markets) Regulations, 2007.

12 · 4. Intermediaries and their associated persons shall,

12 · 5. The Boards of intermediaries shall put in place systems for implementation of the aforementioned guidelines and provide necessary guidance enabling identification, elimination or management of conflict of interest situations. The Boards shall review the compliance of the above guidelines periodically.

12 · 6. The said guidelines shall be in addition to the provisions, if any, contained in respective regulations/ circulars issued by the Board from time to time regarding dealing with conflict of interest, in respect of intermediaries.

13 · 1. Research Analysts are advised to make note of the following:

13 · 2. Further, apart from the data made available free of cost, data which is chargeable should be appropriately identified as such in public domain.

23 · Reference: Circular SEBI/HO/DEPA-III/DEPA-III_SSU/P/CIR/2022/25 dated Feb 25,2022

3 · To conduct annual audit:

1 · 1. The policy shall cover activities or the nature of activities that can be outsourced, the authorities who can approve outsourcing of such activities, and the selection of third party to whom it can be outsourced. For example, an activity shall not be outsourced if it would impair the supervisory authority's right to assess, or its ability to supervise the business of the intermediary. The policy shall be based on an evaluation of risk concentrations, limits on the acceptable overall level of outsourced activities, risks arising from outsourcing multiple activities to the same entity, etc.

1 · 2. The Board shall mandate a regular review of outsourcing policy for such activities in the wake of changing business environment. It shall also have overall responsibility for ensuring that all ongoing outsourcing decisions taken by the intermediary and the activities undertaken by the third-party, are in keeping with its outsourcing policy.

2 · 1. An intermediary shall make an assessment of outsourcing risk which depends on several factors, including the scope and materiality of the outsourced activity, etc. The factors that could help in considering materiality

2 · 1.1. The impact of failure of a third party to adequately perform the activity on the financial, reputational and operational performance of the intermediary and on the investors / clients;

2 · 1.2. Ability of the intermediary to cope up with the work, in case of non performance or failure by a third party by having suitable back-up arrangements;

2 · 1.3. Regulatory status of the third party, including its fitness and probity status;

2 · 1.4. Situations involving conflict of interest between the intermediary and the third party and the measures put in place by the intermediary to address such potential conflicts, etc.

2 · 2. While there shall not be any prohibition on a group entity / associate of the intermediary to act as the third party, systems shall be put in place to have an arm's length distance between the intermediary and the third party in terms of infrastructure, manpower, decision-making, record keeping, etc. for avoidance of potential conflict of interests. Necessary disclosures in this regard shall be made as part of the contractual agreement. It shall be kept in mind that the risk management practices expected to be adopted by an intermediary while outsourcing to a related party or an associate would be identical to those followed while outsourcing to an unrelated party.

2 · 3. The records relating to all activities outsourced shall be preserved centrally so that the same is readily accessible for review by the Board of the intermediary and / or its senior management, as and when needed. Such records shall be regularly updated and may also form part of the corporate governance review by the management of the intermediary.

2 · 4. Regular reviews by internal or external auditors of the outsourcing policies, risk management system and requirements of the regulator shall be

3 · 1. The intermediary shall be fully liable and accountable for the activities that are being outsourced to the same extent as if the service were provided inhouse.

3 · 2. Outsourcing arrangements shall not affect the rights of an investor or client against the intermediary in any manner. The intermediary shall be liable to the investors for the loss incurred by them due to the failure of the third party and also be responsible for redressal of the grievances received from investors arising out of activities rendered by the third party.

3 · 3. The facilities / premises / data that are involved in carrying out the outsourced activity by the service provider shall be deemed to be those of the registered intermediary. The intermediary itself and Regulator or the persons authorized by it shall have the right to access the same at any point of time.

3 · 4. Outsourcing arrangements shall not impair the ability of SEBI/SRO or auditors to exercise its regulatory responsibilities such as supervision/inspection of the intermediary.

4 · 1. It is important that the intermediary exercises due care, skill, and diligence in the selection of the third party to ensure that the third party has the ability and capacity to undertake the provision of the service effectively.

4 · 2. The due diligence undertaken by an intermediary shall include assessment

4 · 2.1. third party's resources and capabilities, including financial soundness, to perform the outsourcing work within the timelines fixed;

4 · 2.2. compatibility of the practices and systems of the third party with the intermediary's requirements and objectives;

4 · 2.3. market feedback of the prospective third party's business reputation and track record of their services rendered in the past;

4 · 2.4. level of concentration of the outsourced arrangements with a single third party; and

4 · 2.5. the environment of the foreign country where the third party is located.

5 · 1. Outsourcing arrangements shall be governed by a clearly defined and legally binding written contract between the intermediary and each of the third parties, the nature and detail of which shall be appropriate to the materiality of the outsourced activity in relation to the ongoing business of the intermediary.

5 · 2. Care shall be taken to ensure that the outsourcing contract:

5 · 2.1. clearly defines what activities are going to be outsourced, including appropriate service and performance levels;

5 · 2.2. provides for mutual rights, obligations and responsibilities of the intermediary and the third party, including indemnity by the parties;

5 · 2.3. provides for the liability of the third party to the intermediary for unsatisfactory performance/other breach of the contract

5 · 2.4. provides for the continuous monitoring and assessment by the intermediary of the third party so that any necessary corrective measures can be taken up immediately, i.e., the contract shall enable the intermediary to retain an appropriate level of control over the outsourcing and the right to intervene with appropriate measures to meet legal and regulatory obligations;

5 · 2.5. includes, where necessary, conditions of sub-contracting by the third-party, i.e. the contract shall enable intermediary to maintain a similar control over the risks when a third party outsources to further third parties as in the original direct outsourcing;

5 · 2.6. has unambiguous confidentiality clauses to ensure protection of proprietary and customer data during the tenure of the contract and also after the expiry of the contract;

5 · 2.7. specifies the responsibilities of the third party with respect to the IT security and contingency plans, insurance cover, business continuity and disaster recovery plans, force majeure clause, etc.;

5 · 2.8. provides for preservation of the documents and data by third party;

5 · 2.9. provides for the mechanisms to resolve disputes arising from implementation of the outsourcing contract;

5 · 2.10. provides for termination of the contract, termination rights, transfer of information and exit strategies;

5 · 2.11. addresses additional issues arising from country risks and potential obstacles in exercising oversight and management of the arrangements when intermediary outsources its activities to foreign third party. For example, the contract shall include choice-of-law provisions and agreement covenants and jurisdictional covenants that provide for adjudication of disputes between the parties under the laws of a specific jurisdiction;

5 · 2.12. neither prevents nor impedes the intermediary from meeting its respective regulatory obligations, nor the regulator from exercising its regulatory powers; and

5 · 2.13. provides for the intermediary and /or the regulator or the persons authorized by it to have the ability to inspect, access all books, records and information relevant to the outsourced activity with the third party.

6 · 1. Specific contingency plans shall be separately developed for each outsourcing arrangement, as is done in individual business lines.

6 · 2. An intermediary shall take appropriate steps to assess and address the potential consequence of a business disruption or other problems at the third party level. Notably, it shall consider contingency plans at the third party; coordination of contingency plans at both the intermediary and the third party; and contingency plans of the intermediary in the event of non-performance by the third party.

6 · 3. To ensure business continuity, robust information technology security is a necessity. A breakdown in the IT capacity may impair the ability of the intermediary to fulfill its obligations to other market participants/clients/regulators and could undermine the privacy interests of

6 · 4. Periodic tests of the critical security procedures and systems and review of the backup facilities shall be undertaken by the intermediary to confirm the adequacy of the third party's systems.

7 · 1. An intermediary that engages in outsourcing is expected to take appropriate steps to protect its proprietary and confidential customer information and ensure that it is not misused or misappropriated.

7 · 2. The intermediary shall prevail upon the third party to ensure that the employees of the third party have limited access to the data handled and only on a "need to know" basis and the third party shall have adequate checks and balances to ensure the same.

7 · 3. In cases where the third party is providing similar services to multiple entities, the intermediary shall ensure that adequate care is taken by the third party to build safeguards for data security and confidentiality.

1 · Criteria for grant of recognition as RAASB and IAASB:

1 · 1. The recognition of a recognised stock exchange as RAASB and IAASB under regulation 14 of RA Regulations and IA Regulations respectively shall be based on the following eligibility criteria:

2 · Setting up of requisite systems by stock exchange recognised as RAASB/ IAASB:

2 · 1. The stock exchange recognised as RAASB/IAASB shall include in its Memorandum of Association, Articles of Association and bye-laws, requisite provisions to fulfil the role and responsibilities specified in para 3 below.

2 · 2. The stock exchange recognised as RAASB/IAASB shall maintain necessary infrastructure like adequate office space, equipment and manpower to effectively discharge the responsibilities of RAASB/ IAASB. Infrastructure may be shared with other group entities where required.

2 · 3. The stock exchange recognised as RAASB/IAASB shall put in place systems/ processes for maintaining database of RAs/IAs, sharing of information with SEBI and discharging the responsibilities of RAASB/ IAASB.

2 · 4. RAASB and IAASB shall constitute an internal committee to oversee the activities of administration and supervision of RAs and IAs. The committee shall periodically

3 · Responsibilities of SEBI and RAASB/ IAASB:

3 · 1. The core functions relating to registration, enforcement action and disciplinary or penal action shall remain with SEBI and SEBI shall continue to register IAs and RAs as per the mandate given under the Securities and Exchange Board of India Act, 1992. The following functions as specified in the table below shall be performed concurrently by SEBI and RAASB or IAASB, as the case may be.

4 · Enlistment of RAs/IAs with RAASB/IAASB:

4 · 1. Amendments have been made to RA/IA Regulations to provide for 'enlistment' of RAs/IAs with RAASB/IAASB in place of the earlier provision of 'membership' of RAs/IAs with RAASB/IAASB. Under the amended regulations, an applicant seeking registration as RA./IA shall be required to 'enlist' with RAASB/IAASB.

4 · 2. Further, in order to provide ease of doing business and to ensure smooth operationalization of RAASB and IAASB framework and to prevent disruption for existing RAs and IAs registered with SEBI, the following has been provided for:

24 · BASL- BSE Administration and Supervision Limited ("BASL") which is currently recognized as IAASB

5 · Repeal and Savings with respect to erstwhile IAASB framework

5 · 1 Any action taken or purported to have been taken or any action that may be taken against any person in relation to the membership of IAASB recognised under regulation 14 of IA Regulations shall be deemed to have been done or taken or may be taken under the corresponding provisions of the amended IA regulations.

6 · Measures for promoting efficiency

6 · 1 To begin with, in order to ensure efficiency in the system and economies of scale, RAASB and IAASB shall be one and the same stock exchange.

6 · 2 In cases where a person has registration as both RA as well as IA, in the interest of efficiency, a single window clearance of various approvals shall be adopted. Details in this regard shall be specified by the recognised RAASB and IAASB.

7 · Submission of Periodic Reports

7 · 1 Pursuant to operationalization of RAASB/ IAASB framework, all registered RAs/ IAs shall submit periodic reports to RAASB/ IAASB in the manner specified by SEBI.

8 · Monitoring of RAASB/IAASB

8 · 1 SEBI shall monitor RAASB and IAASB through periodical reports and inspection regarding administration and supervision of RAs and IAs.