SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2024/50 May 21, 2024

1 · Guidelines for Investment Advisers1

1 · 1. SEBI, after considering the inputs from public consultation, reviewed the framework for regulation of IAs and notified Securities and Exchange Board of India (Investment Advisers) (Amendment) Regulations, 2020 on July 03, 2020. These amendments came into force on September 30, 2020.

1 · 2. In accordance with the Securities and Exchange Board of India (Investment Advisers) Regulations, 2013 ('the IA Regulations'), IAs shall ensure compliance with the following guidelines:

1 · Reference: Circular SEBI/HO/IMD/DF1/CIR/P/2020/182 dated September 23, 2020

2 · "Group" and "family of an individual investment adviser" shall be as per Regulation 22(3)(iii) and Regulation 2. (1) (gc) respectively of the IA Regulations

3 · "Family of client" shall be as per Regulation 2(1) (gb) of the IA Regulations.

15A · of the IA Regulations provides that IAs shall be entitled to charge fees from a client in the manner as specified by SEBI. Accordingly, IAs shall charge fees from the clients in either of the two modes:

4 · Reference: Circular No. SEBI/HO/IMD/IMD-I/DOF1/P/CIR/2021/694 dated December 21, 2021

7 · of the IA Regulations specifies the minimum qualification, experience and certification requirements for IAs. Regulation 7(1) of IA Regulations, was amended vide SEBI (Investment Advisers) (Amendment) Regulations, 2020 to specify enhanced qualification and experience requirement for individual investment adviser or a principal officer of a non-individual investment adviser and persons associated with investment advice. First proviso to the amended Regulation 7(1) specified that the individual investment advisers registered under these regulations or principal officer of a non-individual investment adviser registered under these regulations and persons associated with investment advice shall comply with the applicable enhanced qualification and experience requirement within a period of three years. The three-year period referred herein ended on September 30, 2023.

5 · Reference: Circular No. SEBI/HO/MIRSD/MIRSD-PoD-2/P/CIR/2023/168 dated October 10, 2023

16 · and 17 of the IA Regulations mandate risk profiling and suitability for all categories of clients.

1 · 3. Applicability

2 · Measures to strengthen the conduct of Investment Advisers 6

2 · 1 Restriction on free trial

2 · 2 Proper risk profiling and consent of client on risk profiling

6 · Reference: Circular No. SEBI/HO/IMD/DF1/CIR/P/2019/169 dated December 27, 2019

2 · 3 Receiving fees though banking channel only

2 · 4 Display of complaints status on website

3 · Administration and Supervision of Investment Advisers 8

3 · 1 SEBI, vide Circular SEBI/HO/MRD/DSA/CIR/P/2016/113 dated October 19,

7 · Reference: Circular No. SEBI/HO/IMD/IMD-II CIS/P/CIR/2021/0686 dated December 13, 2021

8 · Reference: Circular No. SEBI/HO/IMD/DF1/CIR/P/2020/148 dated August 06, 2020

3 · 2 As per Regulation 14 of the IA Regulations, SEBI can recognize any body/body corporate for the purpose of regulating IAs. It further provides that SEBI may, at the time of recognition of such body or body corporate, delegate administration and supervision of IAs to such body or body corporate on such terms and conditions as may be specified.

3 · 3 Further, the second proviso to Regulation 38 (2) of the Securities Contracts (Regulation) (Stock Exchanges and Clearing Corporations) Regulations, 2018 states, inter alia, that a recognized stock exchange may engage in activities, whether involving deployment of funds or otherwise that are unrelated or not incidental to its activity as a stock exchange, through a separate legal entity and subject to approval of the Board.

3 · 4 Considering the growing number of registered IAs and the above mentioned provisions, it was decided to recognize a wholly-owned subsidiary of the stock exchange (stock exchange subsidiary) to administer and supervise IAs registered with SEBI.

4 · 1 As per Regulation 14 of the IA Regulations, SEBI may, inter-alia, recognize

9 · Reference: Circular No. SEBI/HO/IMD/IMD-I/DOF1/P/CIR/2021/579 dated June 18, 2021

4 · 2 In this regard, BSE Administration & Supervision Limited (BASL), a wholly owned subsidiary of BSE Limited, has been granted recognition as IAASB for a period of three years from June 01, 2021. The details may be perused in the Press Release issued by SEBI on June 14, 2021 and available at https://www.sebi.gov.in/media/press-releases/jun-2021/bse-administrationand-supervision-limited-granted-recognition-for-administration-andsupervision-of-investment-advisers_50540.html, which also provides a link for the Standard Operating Procedure (SOP) and the Frequently Asked Questions (FAQs) issued by BASL.

4 · 3 IAASB shall inter-alia have following responsibilities:

4 · 4 The Board of the IAASB shall, at all times, be chaired by a Public Interest Director and shall also have, at all times, a Director who will bring investor perspective.

4 · 5 SEBI shall continue to concurrently administer and supervise all registered IAs and IAASB shall be subject to periodic inspection by SEBI.

4 · 6 Pursuant to grant of aforementioned recognition, SEBI registered IAs are required to ensure compliance with the following:

5 · 1. In terms of Regulation 38A of the 'SECC Regulations' 11 notified on April 26, 2024, a recognised Stock Exchange may undertake the activities of administration and supervision over specified intermediaries on such terms and conditions and to such an extent as may be specified. Accordingly, Stock Exchange shall now be recognised as RAASB 12 and IAASB13 under Regulation 14 of the 'RA Regulations' 14 and the IA Regulations for administration and supervision of Research Analysts ('RAs') and Investment Advisers ('IAs') respectively. The detailed framework for RAASB and IAASB is specified in Annexure C .

5 · 2. As per clause (xi) of Regulation 6 of RA Regulations and clause (n) of Regulation 6 of IA Regulations, an applicant seeking registration as RA and IA is required to be enlisted with RAASB and IAASB respectively. The provisions governing enlistment including enlistment of existing RAs/IAs and of applicants whose registration applications are under process as on the effective date of this circular are specified in the enclosed framework at Annexure C .

10 · Reference: Circular No. SEBI/HO/MIRSD/MIRSD-SEC-3/P/CIR/2024/34 dated May 2, 2024

11 · SECC Regulations- Securities Contracts (Regulation) (Stock Exchanges and Clearing Corporations) Regulations, 2018

12 · RAASB- Research Analyst Administration and Supervisory Body

13 · IAASB- Investment Adviser Administration and Supervisory Body

14 · RA Regulations- SEBI (Research Analysts) Regulations, 2014

5 · 3. From the effective date of the provisions of clause 5, the existing framework for administration and supervision of IAs as specified through SEBI circular number SEBI/HO/IMD/IMD-I/DOF1/P/CIR/2021/579 dated June 18, 2021 and subsequently incorporated under the head "Administration and Supervision of Investment Advisers" as clause 4 of this Master Circular shall stand rescinded.

5 · 4. In terms of regulation 30A of IA Regulations, notwithstanding the aforesaid rescission, any action taken or purported to have been taken or any action that may be taken against any person in relation to the membership of IAASB recognised under regulation 14 of IA Regulations, as applicable in the rescinded framework of IAASB, shall be deemed to have been done or taken or may be taken under the corresponding provisions of the amended IA Regulations.

5 · 5. Based on fulfillment of the criteria specified in Annexure C, a stock exchange shall be granted recognition as RAASB and IAASB. To begin with, in order to ensure efficiency in the system and economies of scale, RAASB and IAASB shall be one and the same stock exchange.

5 · 6. The provisions of clause 5 as well as provisions contained in Annexure C shall become effective on July 25, 2024 (ninetieth day from the date of publication in the Official Gazette of the amendments to RA Regulations and IA Regulations notified vide SEBI (Research Analysts) (Amendment) Regulations, 2024 and SEBI (Investment Advisers) (Amendment) Regulations, 2024) dated April 26, 2024).

6 · Advisory for Financial Sector Organizations regarding Software as a Service (SaaS) based solutions 15

6 · 1. Ministry of Electronics & Information Technology, Govt. of India (MoE&IT), has informed SEBI that the financial sector institutions are availing or thinking of availing Software as a Service (SaaS) based solution for managing their Governance, Risk & Compliance (GRC) functions so as to improve their cyber Security Posture. As observed by MoE&IT, though SaaS may provide ease of doing business and quick turnaround, but it may bring significant risk to health of financial sector as many a time risk and compliance data of the institution moves beyond the legal and jurisdictional boundary of India due to nature of shared cloud SaaS, thereby posing risk to the data safety and security.

6 · 2. In this regard, Indian Computer Emergency Response Team (CERT-in) has issued an advisory for Financial Sector organizations. The advisory has been forwarded to SEBI for bringing the same to the notice of financial sector organization. The advisory can be viewed at Annexure D .

6 · 3. It is advised to ensure complete protection and seamless control over the critical systems at your organizations by continuous monitoring through direct control and supervision protocol mechanisms while keeping the critical data within the legal boundary of India.

6 · 4. The compliance of the advisory shall be reported half yearly by IAs to SEBI with an undertaking, "Compliance of the SEBI circular for Advisory for Financial Sector Organizations regarding Software as a Service (SaaS) based solutions has been made."

15 · Reference: Circular No. SEBI/HO/MIRSD2/DOR/CIR/P/2020/221 dated November 03, 2020. SEBI vide e-mail dated November 14, 2022 communicated the extended timeline for compliance by IAs to BSE Administration & Supervision Limited

7 · 1. SEBI has been taking various measures to create awareness among investors about grievance mechanisms available to them through workshops as well as through print and electronic media.

7 · 2. As an additional measure and for information of all investors who deal/ invest/ transact in the market, the IAs shall prominently display in their offices the following information about the grievance redressal mechanism available to investors:

16 · Reference: Circular No.CIR/MIRSD/3/2014 dated August 28, 2014, SEBI/HO/OIAE/IGRD/P/CIR/2022/0150 dated November 07, 2022, SEBI/HO/OIAE/IGRD/CIR/P/2023/156 dated September 20, 2023 and SEBI/HO/OIAE/OIAE_IAD-3/P/CIR/2023/195 dated July 31, 2023 (updated as on December 28, 2023)

7 · 3. IAs are also advised to refer to the following circulars on the redressal of investor grievances through the SEBI Complaints Redressal System (SCORES) platform and Online Dispute Resolution (ODR) Platform.

8 · 1. In order to facilitate investor awareness about various activities which an

17 · Reference: Circular No. SEBI/HO/IMD/IMD-II CIS/P/CIR/2021/0686 dated December 13, 2021

8 · 2. All registered IAs are advised to bring to the notice of their clients the Investor Charter as provided at Annexure E by prominently displaying on their websites and mobile applications. IAs not having websites/mobile applications shall, as a one-time measure, send Investor Charter to the investors on their registered e-mail address.

8 · 3. IAs shall disclose the details of investor complaints by 7th of the succeeding month in the revised format as per Annexure B on a monthly basis. IAs not having websites/mobile applications shall send status of Investor Complaints to the investors on their registered email on a monthly basis.

8 · 4. Further, the IAs are advised to display link/option to lodge complaint with them directly on their websites and mobile apps. Additionally, link to SCORES website/ link to download mobile app (SEBI SCORES) may also be provided.

8 · 5. The disclosure requirements under this clause came into effect from January 01, 2022.

9 · Procedure for seeking prior approval for change in control 18

9 · 1. Regulation 15(11) of the IA Regulations, IA shall obtain prior approval of SEBI in case of change in control.

9 · 2. To streamline the process of providing approval to the proposed change in control of IA (hereinafter referred as IA or applicant), it has been decided as under:

18 · Reference: Circular No. SEBI/HO/MIRSD/ MIRSD-PoD-2/P/CIR/2022/163 dated November 28, 2022

9 · 3. To streamline the process of providing approval to the proposed change in control of an IA in matters which involve scheme(s) of arrangement which needs sanction of the National Company Law Tribunal ("NCLT") in terms of the provisions of the Companies Act, 2013, the following has been decided:

10 · Advertisement code and usage of brand name/trade name 19

10 · 1. Investment Advisers shall ensure compliance with the advertisement code as prescribed below:

19 · Reference: Circular Nos. SEBI/HO/MIRSD/ MIRSD-PoD-2/P/CIR/2023/51 dated April 05, 2023 and SEBI/HO/MIRSD/ MIRSD-PoD-2/P/CIR/2023/52 dated April 06, 2023

10 · 2. In order to ensure the transparency in usage of brand name/trade name/logo, IA/RA shall ensure that:

10 · 3. The aforesaid provisions on advertisement code and usage of brand name/trade name became applicable with effect from May 01, 2023.

11 · Facilitating transaction in Mutual Fund schemes through the Stock Exchange Infrastructure 20

20 · Reference: Circular No. SEBI/HO/MRD/DSA/CIR/P/2016/113 dated October 19, 2016

12 · Unauthenticated news circulated by SEBI Registered Market Intermediaries through various modes of communication 21

13 · Guidelines on Outsourcing of Activities by Intermediaries 23

13 · 1. SEBI Regulations for various intermediaries require that they shall render at all times high standards of service and exercise due diligence and ensure proper care in their operations.

21 · Reference: Circular No. CIR/ISD/1/2011 dated March 23, 2011

22 · Circular CIR/ISD/2/2011 dated March 24, 2011.

23 · Circular CIR/MIRSD/24/2011 dated December 15, 2011.

13 · 2. It has been observed that often the intermediaries resort to outsourcing with a view to reduce costs, and at times, for strategic reasons.

13 · 3. Outsourcing may be defined as the use of one or more than one third party – either within or outside the group - by a registered intermediary to perform the activities associated with services which the intermediary offers.

13 · 4. Principles for Outsourcing

13 · 5. Activities that shall not be Outsourced:

13 · 6. Other Obligations:

14 · Framework for Regulatory Sandbox 24

14 · 1. The Objective of Regulatory Sandbox is to grant certain facilities and flexibilities to the entities regulated by SEBI so that they can experiment with FinTech solutions in a live environment and on limited set of real users for a limited time frame.

14 · 2. The guidelines pertaining to the functioning of the Regulatory Sandbox are available at the link below:

15 · General Guidelines for dealing with Conflicts of Interest of intermediaries and their Associated Persons in Securities Market.25

15 · 1. All intermediaries are presently governed by the provisions for avoidance of conflict of interest as mandated in the regulations read with relevant circulars issued from time to time by SEBI. On the lines of Principle 8 of the International Organisation of Securities Commissions (IOSCO) Objectives and Principles of Securities Regulations, it has been decided to put in place comprehensive guidelines to collectively cover such intermediaries, for elimination of their conflict of interest, as detailed hereunder.

15 · 2. Intermediaries shall adhere to these guidelines for avoiding or dealing with or managing conflict of interest. They shall be responsible for educating their associated persons for compliance of these guidelines.

24 · Reference: Circular No. SEBI/HO/ITD/ITD/CIR/P/2021/575 dated June 14, 2021 and SEBI/HO/MIRSD/MIRSD_IT/P/CIR/2021/0000000658 dated November 16, 2021

25 · Reference: Circular CIR/MIRSD/5/2013 dated August 27, 2013.

15 · 3. For the purpose of these guidelines "associated persons" shall have the same meaning as defined in Securities and Exchange Board of India (Certification of Associated Persons in the Securities Markets) Regulations, 2007.

15 · 4. Intermediaries and their associated persons shall,

15 · 5. The Boards of intermediaries shall put in place systems for implementation of the aforementioned guidelines and provide necessary guidance enabling identification, elimination or management of conflict of interest situations. The Boards shall review the compliance of the above guidelines periodically.

15 · 6. The said guidelines shall be in addition to the provisions, if any, contained in respective regulations/ circulars issued by the Board from time to time regarding dealing with conflict of interest, in respect of intermediaries.

16 · 1. IAs are advised to make note of the following:

26 · Reference: Circular SEBI/HO/DEPA-III/DEPA-III_SSU/P/CIR/2022/25 dated Feb 25,2022

16 · 2. Further, apart from the data made available free of cost, data which is chargeable should be appropriately identified as such in public domain.

18 · Know Your Client (KYC) Norms for the Securities market

19 · Simplification of requirements for grant of accreditation to investors

20 · Periodic reporting format for Investment Advisers 27

20 · 1. In terms of Regulation 15(12) of Securities and Exchange Board of India (Investment Advisers) Regulations, 2013 ("IA Regulations"), investment advisers are required to furnish to SEBI, information and reports as may be specified by SEBI from time to time.

20 · 2. At present, the IAASB has been seeking reports from IAs on an ad-hoc basis. It is decided to specify a standardized format for periodic reporting for IAs.

20 · 3. Based on the recommendations received from Industry Standards Forum ("ISF") for IAs, a standardized periodic reporting format for submission of information by IAs pertaining to their activities on periodic basis has been prepared. The periodic reporting format is enclosed as Annexure H .

20 · 4. IAs shall submit periodic report for half-yearly periods ending on September 30 and March 31 of every financial year.

20 · 5. IAASB is directed to make necessary arrangements for obtaining periodic reports from IAs in the format specified in Annexure H and shall issue a circular to IAs in this regard, within thirty days from the date of issuance of this circular.

20 · 6. IAs shall submit periodic report in the format specified in Annexure H from the half-yearly period ending on March 31, 2024. The timelines for submission of periodic reports by IAs shall be as under:

27 · Reference: Circular SEBI/HO/MIRSD/MIRSD-POD-2/P/CIR/2024/38 dated May 07, 2024

21 · Other reporting requirements

21 · 1. Complaint Data to be displayed by IAs on their website/ mobile application by 07 th of the succeeding month

21 · 2. Undertaking on compliance of the advisory for Financial Sector Organizations regarding Software as a Service (SaaS) based solutions to be submitted half yearly

21 · 3. To conduct annual audit and submit a report and adverse findings, if any

5 · Investment objective and guidelines:

12 · Investment Adviser engaged in other activities:

17 · Terms of fees and billing:

1 · Criteria for grant of recognition as RAASB and IAASB:

1 · 1. The recognition of a recognised stock exchange as RAASB and IAASB under regulation 14 of RA Regulations and IA Regulations respectively shall be based on the following eligibility criteria:

2 · Setting up of requisite systems by stock exchange recognised as RAASB/ IAASB:

2 · 1. The stock exchange recognised as RAASB/IAASB shall include in its Memorandum of Association, Articles of Association and bye-laws, requisite provisions to fulfil the role and responsibilities specified in para 3 below.

2 · 2. The stock exchange recognised as RAASB/IAASB shall maintain necessary infrastructure like adequate office space, equipment and manpower to effectively discharge the responsibilities of RAASB/ IAASB. Infrastructure may be shared with other group entities where required.

2 · 3. The stock exchange recognised as RAASB/IAASB shall put in place systems/ processes for maintaining database of RAs/IAs, sharing of information with SEBI and discharging the responsibilities of RAASB/ IAASB.

2 · 4. RAASB and IAASB shall constitute an internal committee to oversee the activities of administration and supervision of RAs and IAs. The committee shall periodically

3 · Responsibilities of SEBI and RAASB/ IAASB:

3 · 1. The core functions relating to registration, enforcement action and disciplinary or penal action shall remain with SEBI and SEBI shall continue to register IAs and RAs as per the mandate given under the Securities and Exchange Board of India Act, 1992. The following functions as specified in the table below shall be performed concurrently by SEBI and RAASB or IAASB, as the case may be.

13 · Referring to SEBI for enforcement action against RAs/IAs.

4 · Enlistment of RAs/IAs with RAASB/IAASB:

4 · 1. Amendments have been made to RA/IA Regulations to provide for 'enlistment' of RAs/IAs with RAASB/IAASB in place of the earlier provision of 'membership' of RAs/IAs with RAASB/IAASB. Under the amended regulations, an applicant seeking registration as RA./IA shall be required to 'enlist' with RAASB/IAASB.

4 · 2. Further, in order to provide ease of doing business and to ensure smooth operationalization of RAASB and IAASB framework and to prevent disruption for existing RAs and IAs registered with SEBI, the following has been provided for:

28 · BASL- BSE Administration and Supervision Limited ("BASL") which is currently recognized as IAASB

5 · Repeal and Savings with respect to erstwhile IAASB framework

5 · 1 Any action taken or purported to have been taken or any action that may be taken against any person in relation to the membership of IAASB recognised under regulation 14 of IA Regulations shall be deemed to have been done or taken or may be taken under the corresponding provisions of the amended IA regulations.

6 · Measures for promoting efficiency

6 · 1 To begin with, in order to ensure efficiency in the system and economies of scale, RAASB and IAASB shall be one and the same stock exchange.

6 · 2 In cases where a person has registration as both RA as well as IA, in the interest of efficiency, a single window clearance of various approvals shall be adopted. Details in this regard shall be specified by the recognised RAASB and IAASB.

7 · Submission of Periodic Reports

7 · 1 Pursuant to operationalization of RAASB/ IAASB framework, all registered RAs/ IAs shall submit periodic reports to RAASB/ IAASB in the manner specified by SEBI.

8 · Monitoring of RAASB/IAASB

8 · 1 SEBI shall monitor RAASB and IAASB through periodical reports and inspection regarding administration and supervision of RAs and IAs.

1 · 1. The policy shall cover activities or the nature of activities that can be outsourced, the authorities who can approve outsourcing of such activities, and the selection of third party to whom it can be outsourced. For example, an activity shall not be outsourced if it would impair the supervisory authority's right to assess, or its ability to supervise the business of the intermediary. The policy shall be based on an evaluation of risk concentrations, limits on the acceptable overall level of outsourced activities, risks arising from outsourcing multiple activities to the same entity, etc.

1 · 2. The Board shall mandate a regular review of outsourcing policy for such activities in the wake of changing business environment. It shall also have overall responsibility for ensuring that all ongoing outsourcing decisions taken by the intermediary and the activities undertaken by the third-party, are in keeping with its outsourcing policy.

2 · 1. An intermediary shall make an assessment of outsourcing risk which depends on several factors, including the scope and materiality of the outsourced activity, etc. The factors that could help in considering materiality in a risk management programme include-

2 · 1.1. The impact of failure of a third party to adequately perform the activity on the financial, reputational and operational performance of the intermediary and on the investors / clients;

2 · 1.2. Ability of the intermediary to cope up with the work, in case of non performance or failure by a third party by having suitable back-up arrangements;

2 · 1.3. Regulatory status of the third party, including its fitness and probity status;

2 · 1.4. Situations involving conflict of interest between the intermediary and the third party and the measures put in place by the intermediary to address such potential conflicts, etc.

2 · 2. While there shall not be any prohibition on a group entity / associate of the intermediary to act as the third party, systems shall be put in place to have an arm's length distance between the intermediary and the third party in terms of infrastructure, manpower, decision-making, record keeping, etc. for avoidance of potential conflict of interests. Necessary disclosures in this regard shall be made as part of the contractual agreement. It shall be kept in mind that the risk management practices expected to be adopted by an intermediary while outsourcing to a related party or an associate would be identical to those followed while outsourcing to an unrelated party.

2 · 3. The records relating to all activities outsourced shall be preserved centrally so that the same is readily accessible for review by the Board of the intermediary and / or its senior management, as and when needed. Such records shall be regularly updated and may also form part of the corporate governance review by the management of the intermediary.

2 · 4. Regular reviews by internal or external auditors of the outsourcing policies, risk management system and requirements of the regulator shall be mandated by the Board wherever felt necessary. The intermediary shall review the financial and operational capabilities of the third party in order to assess its ability to continue

3 · 1. The intermediary shall be fully liable and accountable for the activities that are being outsourced to the same extent as if the service were provided in-house.

3 · 2. Outsourcing arrangements shall not affect the rights of an investor or client against the intermediary in any manner. The intermediary shall be liable to the investors for the loss incurred by them due to the failure of the third party and also be responsible for redressal of the grievances received from investors arising out of activities rendered by the third party.

3 · 3. The facilities / premises / data that are involved in carrying out the outsourced activity by the service provider shall be deemed to be those of the registered intermediary. The intermediary itself and Regulator or the persons authorized by it shall have the right to access the same at any point of time.

3 · 4. Outsourcing arrangements shall not impair the ability of SEBI/SRO or auditors to exercise its regulatory responsibilities such as supervision/inspection of the intermediary.

4 · 1. It is important that the intermediary exercises due care, skill, and diligence in the selection of the third party to ensure that the third party has the ability and capacity to undertake the provision of the service effectively.

4 · 2. The due diligence undertaken by an intermediary shall include assessment of:

4 · 2.1. third party's resources and capabilities, including financial soundness, to perform the outsourcing work within the timelines fixed;

4 · 2.2. compatibility of the practices and systems of the third party with the intermediary's requirements and objectives;

4 · 2.3. market feedback of the prospective third party's business reputation and track record of their services rendered in the past;

4 · 2.4. level of concentration of the outsourced arrangements with a single third party; and

4 · 2.5. the environment of the foreign country where the third party is located.

5 · 1. Outsourcing arrangements shall be governed by a clearly defined and legally binding written contract between the intermediary and each of the third parties, the nature and detail of which shall be appropriate to the materiality of the outsourced activity in relation to the ongoing business of the intermediary.

5 · 2. Care shall be taken to ensure that the outsourcing contract:

5 · 2.1. clearly defines what activities are going to be outsourced, including appropriate service and performance levels;

5 · 2.2. provides for mutual rights, obligations and responsibilities of the intermediary and the third party, including indemnity by the parties;

5 · 2.3. provides for the liability of the third party to the intermediary for unsatisfactory performance/other breach of the contract

5 · 2.4. provides for the continuous monitoring and assessment by the

5 · 2.5. includes, where necessary, conditions of sub-contracting by the thirdparty, i.e. the contract shall enable intermediary to maintain a similar control over the risks when a third party outsources to further third parties as in the original direct outsourcing;

5 · 2.6. has unambiguous confidentiality clauses to ensure protection of proprietary and customer data during the tenure of the contract and also after the expiry of the contract;

5 · 2.7. specifies the responsibilities of the third party with respect to the IT security and contingency plans, insurance cover, business continuity and disaster recovery plans, force majeure clause, etc.;

5 · 2.8. provides for preservation of the documents and data by third party;

5 · 2.9. provides for the mechanisms to resolve disputes arising from implementation of the outsourcing contract;

5 · 2.10. provides for termination of the contract, termination rights, transfer of information and exit strategies;

5 · 2.11. addresses additional issues arising from country risks and potential obstacles in exercising oversight and management of the arrangements when intermediary outsources its activities to foreign third party. For example, the contract shall include choice-of-law provisions and agreement covenants and jurisdictional covenants that provide for adjudication of disputes between the parties under the laws of a specific jurisdiction;

5 · 2.12. neither prevents nor impedes the intermediary from meeting its respective regulatory obligations, nor the regulator from exercising its regulatory powers; and

5 · 2.13. provides for the intermediary and /or the regulator or the persons authorized by it to have the ability to inspect, access all books, records and information relevant to the outsourced activity with the third party.

6 · 1. Specific contingency plans shall be separately developed for each outsourcing arrangement, as is done in individual business lines.

6 · 2. An intermediary shall take appropriate steps to assess and address the potential consequence of a business disruption or other problems at the third party level. Notably, it shall consider contingency plans at the third party; co-ordination of contingency plans at both the intermediary and the third party; and contingency plans of the intermediary in the event of non-performance by the third party.

6 · 3. To ensure business continuity, robust information technology security is a necessity. A breakdown in the IT capacity may impair the ability of the intermediary to fulfill its obligations to other market participants/clients/regulators and could undermine the privacy interests of its customers, harm the intermediary's reputation, and may ultimately impact on its overall operational risk profile. Intermediaries shall, therefore, seek to ensure that third party maintains appropriate IT security and robust disaster recovery capabilities.

6 · 4. Periodic tests of the critical security procedures and systems and review of the backup facilities shall be undertaken by the intermediary to confirm the adequacy of the third party's systems.

7 · 1. An intermediary that engages in outsourcing is expected to take appropriate steps to protect its proprietary and confidential customer information and ensure that it is not misused or misappropriated.

7 · 2. The intermediary shall prevail upon the third party to ensure that the employees of the third party have limited access to the data handled and only on a "need to know" basis and the third party shall have adequate checks and balances to ensure the same.

7 · 3. In cases where the third party is providing similar services to multiple entities, the intermediary shall ensure that adequate care is taken by the third party to build safeguards for data security and confidentiality.

6 · Average Complaint resolution time