Regulatory updates

SEBI notifies the date of applicability of PIT regulations for trading in mutual fund units

On 25 July 2024 , the Securities and Exchange Board of India (SEBI) vide a notification (the notification) appointed 1 November 2024 On 25 July 2024 , the Securities and Exchange Board of India (SEBI) vide a notification (the notification) appointed 1 November 2024 as the due date for applicability of SEBI (Prohibition for Insider Trading) (Amendment) Regulations, 2022 (2022 PIT amendment regulations).

The 2022 PIT amendment regulations inter alia inserted Chapter II A in the SEBI (Prohibition for Insider Trading) Regulations, 2015, which stipulates restrictions on communication in relation to and trading by insiders in the units of mutual funds. The key regulations prescribed in the 2022 PIT amendment regulations are:

Insiders are prohibited from trading in mutual fund units while in possession of Unpublished Price Sensitive Information (UPSI)
Insiders cannot share UPSI except for legitimate purposes, duties or legal obligations. The board of directors of the Asset Management Company (AMC) are required to define what would be considered a ‘legitimate purpose’.
A digital database should be maintained that records all instances of UPSI communication, ensuring transparency and traceability.
AMCs are required to make specific disclosures as required by SEBI.
The CEO/MD of the AMC is required to put in place an effective system of internal controls which cover various aspects of PIT regulations.
Audit Committees of AMCs are required to ensure compliance with PIT regulations, which includes determining whether systems for internal control are adequate and operating effectively.
The AMC is required to develop whistle blower policies that enable employees to report instances of leak of UPSI.

To access the text of the notification, please click here

Action points for auditors

The 2022 PIT amendment regulations applies to all units of mutual funds, and will increase the compliances to be ensured by AMC. Auditors should discuss these developments with the AMCs they audit and help them assess whether they have their compliances in place, in terms of internal controls, systems, processes and policies.

SEBI requires AMCs to put in place an institutional mechanism for identification and deterrence of potential market abuse

Currently, the regulatory framework for AMCs includes rules relating to code of conduct for AMCs, fund managers and dealers and various other disclosures and reporting requirements. However, there is no specific regulatory provision that casts responsibility on the AMC or its senior management to put in place a system for deterrence, detection or reporting of market abuse or fraudulent transactions.

Accordingly, based on a consultation with stakeholders¹³ Click here to access - Consultation paper on Institutional Mechanism for Asset Management Companies for deterrence of possible market abuse and fraudulent transactions. , SEBI issued the SEBI (Mutual Funds) (Second Amendment) Regulations, 2024 (MF amendment regulations) on 1 August 2024 and a circular on 5 August 2024 (the circular), which require AMCs to put in place an institutional mechanism for identification and deterrence of potential market abuse including front-running and fraudulent transactions in securities (institutional mechanism). Such an institutional mechanism should be able to identify, monitor and address specific types of misconduct, including front running, insider trading, misuse of sensitive information, etc.

The key requirements of the MF amendment regulations and the circular are

Accountability: The Chief Executive Officer (CEO) or the Managing Director (MD) or a person of equivalent rank and the Chief Compliance Officer (CCO) of the AMC would be responsible for implementation of such an institutional mechanism.
Enhanced surveillance mechanism: Systems and procedures should be developed and implemented to generate and process timely alerts on possible instances of misconduct¹⁴ . Such systems may include process system driven alerts in conjunction with soft alerts such as lifestyle checks, recording of communication (such as recorded emails, chats), CCTV footage etc. . Suspicious alerts would be adequately investigated and processed by referring to certain data points¹⁵ For processing of alerts, AMCs are required to consider and review all recorded communications including chats, emails, access logs of dealing room and CCTV footage (if available). AMCs should also maintain monitor entry logs to the AMC’s premises. including trade related information from stock exchanges and depositories.
Suitable action would be taken in case of instances of potential market abuse by employees or brokers/dealers, including suspension or termination of such persons/entities.
Internal control procedures: AMCs should formulate board approved written policies and procedures for conducting examination and taking action in case of potential market abuse. Such procedures and systems should be reviewed and updated on a periodic basis.
Reporting and escalation processes: AMCs should have an escalation process to keep the following entities informed:

Board of directors and trustees- Regarding instances of potential market abuse and results of examination conducted by AMCs.
SEBI Report all examined alerts to SEBI with action taken in Compliance Test Report (CTR) and Half-yearly Trustee Report (HYTR) in a prescribed format.

Whistle blower policy: AMCs should have a documented whistle-blower policy in lines with the SEBI (Mutual Funds) Regulations, 1996¹⁶ Such a policy should (a) provide for a confidential channel for employees, directors, trustees, and other stakeholders to raise concerns about suspected fraudulent, unfair or unethical practices, violations of regulatory or legal requirements or governance vulnerability, and(b) establish procedures to ensure adequate protection of the whistle blowers.

SEBI in its circular mentioned that AMFI will come up with relevant guidelines and communicate the same to AMCs.

Such a policy should (a) provide for a confidential channel for employees, directors, trustees, and other stakeholders to raise concerns about suspected fraudulent, unfair or unethical practices, violations of regulatory or legal requirements or governance vulnerability, and(b) establish procedures to ensure adequate protection of the whistle blowers.

AMFI’s recommended standards for institutional mechanism In view of the MF amendment regulations and the circular, the AMFI in consultation with SEBI issued a circular which proposed ‘Standards on Institutional Mechanism’ (the standards) that AMCs are required to implement to identify and deter market abuse practices. The AMFI has clarified that these standards are minimum requirements to be complied with by AMCs. The table below has provided some of the key standards recommended by AMFI and the actions required by AMCs to implement these standards

Requirement of the standard	Actions by AMCs
AMCs should implement Standard Operating Procedures (SOPs) for effective functioning of the institutional mechanism¹⁷This includes alert generation, processing, examination and review of alerts and of an escalation process	Draft and implement relevant SOPs
AMC’s systems and processes should generate alerts at least on a weekly basis (as prescribed in the standards) Suspicious alerts should be examined in accordance with the standards After completion of examination, board of directors and trustees should be informed of such alerts and results of examination.	Developing adequate systems and processes for generating alerts as per the standards.
Entry logs to be maintained of office/floor on which investment team is located along with other departments.	Mandatory entry logs to be ensured.
For all suspicious alerts, AMCs should review: All recorded communications (chats and emails) of specified employees¹⁸Specified employees include Chief Investment Officers (CIOs), fund managers, dealers and any other personnel as identified by the Board of AMCs or Trustees Access logs of dealing rooms Entry logs of AMC premises CCTV footages	Ensure systems are designed to record all communication, there is adequate CCTV coverage in the office.Mandatory biometric access to dealing rooms is required.
Where suspicious alerts indicate instances of market abuse by a broker, AMCs should take suitable action against the broker. AMCs to provide quarterly report to trustees and SEBI.	Enabling clauses in broker empanelment forms or agreements to be inserted.
With regard to employees: AMCs should review personal transactions of specified employees (linked or suspected to be linked to a suspicious alert) and their immediate relatives¹⁹As defined in the SEBI (Prohibition of Insider Trading) Regulations, 2015, Fund managers/dealers should be subject to mandatory leave of at least 10 business days in a financial/calendar year (with at least five business days leave at a stretch). This requirement may be implemented from next financial/calendar year. Specified employees linked to market abuse will be relieved. Adequate documentation to be maintained by the Human Resources department.	Employee’s guidelines/ contract/agreements with employees to be updated with enabling clauses²⁰Specific clauses to be mentioned in the updated employee guidelines and/or contracts has been stipulated in the standards. and other terms.
A whistle blower policy should be established and implemented as per mutual fund regulations.	The whistleblower policy should be accessible to all stakeholders.
The audit committee or risk management committee should review compliance with the standards on an annual basis.	Appropriate processes to be documented.

Effective date: The standards should be implemented by AMCs in a phased approach based on the asset class and the Asset Under Management (AUM) of the AMC, as given below:

Asset class	MF AUM >= INR10,000crore	MF AUM < INR10,000 crore
All trades in equity and equity related instruments (i.e. excluding overseas equity securities only)	To be implemented by 2 November 2024	To be implemented by 2 February 2025
All trades of passive schemes and arbitrage schemes and all overseas securities trades across all schemes.	To be implemented by 2 May 2025	To be implemented by 2 May 2025
All trades in debt securities and all other securities (such as commodities, REITs, InvITs, etc.)	To be implemented by 2 August 2025	To be implemented by 2 August 2025

Action points for auditors

Auditors in practice should discuss these requirements with AMCs. Since this is an important process to be adopted and would impact the operations of the AMC and the mutual fund, auditors should consider how this regulation would impact their audit procedures with regard to internal controls over financial reporting and reporting under Section 143(3)(f) and 143(3)(h) of the Companies Act, 2013. Auditors would also need to assess non-compliances with the standards in accordance with the reporting as per SA 250, Consideration of Laws and Regulations in an Audit of Financial Statements.

Board nomination rights for unitholders of InvITs and REITs

Currently, the Master circular for Infrastructure Investment Trusts (InvITs) and Real Estate Investment Trusts (REITs) (together referred to as the master circulars) permit eligible unitholders of InvITs and REITs to nominate one unitholder nominee director. However, where such a unitholder is a shareholder in or lender to the investment manager of such InvIT or REIT (manager), and in lieu of that is entitled to nominate one or more directors on the board of the manager, then it is restricted from exercising its right to nominate a unitholder nominee director (as the unitholder of the InvIT or REIT).

With an aim to promote ease of doing business, SEBI vide circulars dated 6 August 2024 has clarified that the restriction to nominate a unitholder nominee director would not be applicable if the unitholder has the right to appoint a nominee director in terms of Regulation 15(1)(e) of the SEBI (Debenture Trustees) Regulations, 1993²¹ Regulation 15(1)(e) states that it would be the duty of every debenture trustee to appoint a nominee director on the Board of the company in the event of:
i. two consecutive defaults in payment of interest to the debenture holders; or
ii. default in creation of security for debentures; or
iii. default in redemption of debentures.
.

The key requirements of the MF amendment regulations and the circular are

To access the text of the circular issued for InvITs, please click here

To access the text of the circular issued for REITs, please click here

SEBI reviews extension of tenure and borrowing limits for certain AIFs

With the objective of investor protection and risk reduction in Alternative Investment Funds (AIFs), and considering the need for ease of doing business and operational flexibility, on 5 August 2024 SEBI issued the SEBI (AIF) (Fourth Amendment) Regulations, 2024 (AIF amendments). Subsequently on 19 August 2024, SEBI has issued detailed guidelines (the guidelines) on the matters pertaining to the AIF amendments, these clarifications are given below:

Cap on extension of timeline for Large Value Funds (LVF)

Currently, Regulation 13 of the SEBI (AIF) Regulations, 2012 (AIF regulations) inter alia permit closed ended AIFs²² Category I and Category II AIFs are closed ended. Category III AIFs have an option- they may be open ended or close ended to extend their tenure up to two years (after completion of their original tenure) subject to approvals of two-thirds of unitholders by value of their investment (approval of unitholders). Prior to the AIF amendments, LVFs (which are closed ended funds) were permitted to extend their tenure beyond two years (with no cap to such extension) to provide LVFs with appropriate time to liquidate investments.

SEBI recently enabled a framework to allow AIFs to deal with unliquidated investments by entering into a dissolution period. This flexibility is over and above the flexibility to extend the tenure of the schemes. Accordingly, since LVFs had appropriate time to liquidate their investments, it was felt appropriate to cap the extension of tenure of LVFs up to five years subject to approval of unitholders.

The following clarifications have been provided for the existing LVF schemes:

Realignment of original tenure: Existing LVF schemes have the flexibility to revise their original tenure subject to consent of investors. An undertaking to that effect should be submitted to SEBI by 18 November 2024.
Transition to revision: Existing LVF schemes should align with the period of extension permitted under the AIF amendments within three months. The revised extension period should be disclosed in the Private Placement Memorandum (PPM)²³ This would be the requirement, even when a definite extension period was not mentioned in the PPM . This revised period should be communicated to SEBI in the LVF’s quarterly report to SEBI for quarter ending 31 December 2024.

Restrictions on borrowings

Currently Regulations 16 and 17 of the AIF regulations inter alia permit Category I and Category II AIFs to borrow funds for meeting temporary funding requirements and specifically for Category II AIFs to meet day to day operational requirements.

There was an ambiguity in the market regarding the purpose for which AIFs could borrow funds. SEBI, vide the AIF amendments has clarified the following:

Category I and II AIFs should not borrow funds directly or indirectly or engage in leverage for making investments to avoid asset-liability mismatch
However, Category I and II AIFs may borrow funds for meeting the temporary shortfall in amount called from investors for making investments and to meet day-to-day operational requirements, subject to the following conditions:

The AIF’s intention to borrow in order to meet temporary shortfall amount should be disclosed in the PPM
Such borrowing should be done only in case of emergency, as a last recourse when there has been a delay by the investor in payment of the drawdown amount
The amount borrowed should not exceed 20 per cent of the proposed investment or 10 per cent of the investable funds of the scheme or the commitment pending to be drawn down from investors other than the investor who failed to make such payment.
Cost of such borrowing should be charged only to investor(s) who failed to provide the drawdown
The flexibility of borrowing to meet shortfall in drawdown amounts should not be used as a means to provide different drawdown timelines to investors
Details with respect to amount borrowed, terms of borrowing and repayment to all the investors of the AIF/scheme, should be disclosed by the manager of the scheme on a periodic basis.
AIFs should maintain 30 days cooling off period between two periods of borrowing.²⁴ 30 days would be computed from the date of repayment of previous borrowing

Effective date: These amendments are applicable from 7 August 2024

To access the text of the AIF amendments, please click here

To access the text of the guidelines, please click here

Action points for auditors

While auditing AIFs, and their borrowings, auditors should note the conditions as prescribed in the AIF amendments subject to which AIFs can borrow.

SEBI prescribes the modalities for migration of venture capital funds

In July 2024, SEBI, vide the SEBI (AIF) (Third Amendment) Regulations, 2024 had permitted Venture Capital Funds (VCFs) registered under the SEBI (Venture Capital Funds) Regulations, 1996 (VCF regulations) to migrate under the AIF regulations within a prescribed timeline.

In August 2024, SEBI has issued a circular which stipulates the modalities to be complied with by VCFs that intend to migrate from the VCF regulations to the AIF regulations.

Effective date: : This circular is effective immediately (i.e. 19 August 2024).

To access the text of the circular, please click here

SEBI issues Consolidated Cyber Security and Cyber Resilience Framework (CSCRF) for Regulated Entities (REs)

In August 2024, SEBI issued the CSCRF for all REs²⁵ REs include the following: Stock exchanges, depositories, clearing corporations, stock brokers, Asset Management Companies (AMCs)/Mutual Funds, KYC Registration Agencies (KRAs), Qualified Registrars to an issue/Share Transfer Agents, AIFs, Custodians, Depository Participants, Designated Depository Participants, Investment Advisors/Research Analysts, Merchant Bankers, Venture Capital Funds, Portfolio Managers, Debenture Trustees. . The CSCRF aims to provide standards and guidelines for strengthening cyber resilience and maintaining robust cybersecurity. The framework provides a standardised approach to implement various cybersecurity and cyber resilience methodologies. The framework would supersede existing cybersecurity circulars, guidelines, advisories or letters issued by SEBI. The key objective of CSCRF is to

The CSCRF also sets out standard formats for reporting by REs

The key consideration for CSCRF is as below:

Cybersecurity Policy: A comprehensive cybersecurity policy should be established by entities that defines the roles and responsibilities of various stakeholders. The cybersecurity framework of the entity should provide the scope and objectives of cybersecurity including governance and oversight mechanisms, risk management processes , the awareness and training programs, information protection processes and procedures, incident response and recovery plans and the audit and review procedures.
Cybersecurity mechanism: CSCRF mandates that all REs are required to establish appropriate security monitoring mechanisms through Security Operation Centre (SOC). The onboarding of SOC can be done through RE’s own or group SOC or market SOC or any other third-party managed SOC for continuous monitoring of security events and timely detection of anomalous activities.
Cybersecurity Reporting: The entities should report any cyber incidents and breaches to the SEBI-CERT within 24 hours of detection. The report should include the details of the incident, the impact and severity, the actions taken, and the remedial measures. The entities should also submit periodic reports on the status of their cybersecurity and cyber resilience to the SEBI-CERT as per the prescribed format and frequency.
Cybersecurity Audit: The entities should conduct an independent external audit of their cybersecurity on a half-yearly (for certain REs) and yearly (for certain REs) by an auditor empaneled by SEBI. The audit should cover the adequacy and effectiveness of the cybersecurity policy, architecture, operations, and reporting. Further such audit report should be submitted to the SEBI-CERT within one month of completion.

Effective date: The circular has defined the below timelines for demonstrating compliance to the CSCRF requirements

Applicability	Timeline
For the entities which already have regulator prescribed cybersecurity and resilience structures	1 January 2025
For other REs where CSCRF is being issued for the first time	1 April 2025

To access the text of the CSCRF circular, please click here

Action points for auditors

Auditors would need to evaluate the impact of these requirements when reporting on the internal controls over financial reporting including general IT controls of the regulated entity

SEBI restricts certain intermediaries from dealing with other entities

On 26 August 2024, SEBI issued the SEBI (Intermediaries) (Amendment) Regulations, 2024 (the amendment), thereby restricting persons regulated by SEBI or their agents from having association with persons who directly or indirectly provide advise or recommendation or a security or make an express or implied claim on the performance of a security unless permitted by SEBI (except through a specified digital platform). The amendment has been further explained vide the illustration below:

Effective date: The amendments are effective from the date they are published on the official gazette (i.e. 29 August 2024).

To access the text of the amendments, please click here

Regulatory updates

Our Insights

Tools and Enablers

Resources

India updates

International updates

Recap on key updates

Publications

Matter for auditors’ attention

Discussion/Consultation papers and Publications issued by regulators

Events and Webinars

Sectoral Insights

Reach out to us