Guidelines to Stock Exchanges, Clearing Corporations and Depositories - SEBI - SEBI/HO/MRD/POD-3/P/CIR/2024/162

CIRCULAR SEBI/HO/MRD/POD-3/P/CIR/2024/162 November 22, 2024 To, All Recognized Stock Exchanges All Recognized Clearing Corporations All Depositories Sir/ Madam, Sub: Guidelines to Stock Exchanges, Clearing Corporations and Depositories Based on the recommendations of the Committee on Strengthening of Governance of Market Infrastructure Institutions (MIIs) i.e. Stock Exchanges, Clearing Corporations and Depositories and subsequent deliberations in the Industry Standards Forum (ISF) of MIIs on certain issues, the following guidelines are provided to MIIs: 1. Mechanism to enhance Accountability 1.1. Meetings of Public Interest Directors and their reporting 1.1.1. As per the Code of Conduct for Public Interest Directors (PIDs) specified under Securities Contracts (Regulation) (Stock Exchanges and Clearing Corporations) Regulations, 2018 (hereinafter referred as SECC Regulations, 2018 ) and Securities and Exchange Board of India (Depositories and Participants) Regulations, 2018 (hereinafter referred as D P Regulations, 2018 ), PIDs of the MII shall meet separately, at least once in every six months, to exchange views on critical issues concerning the MII. 1.1.2. All PIDs shall mandatorily attend such meetings. 1.1.3. The objectives of such meetings shall, inter alia , include the following: 1.1.3.1. To review the status of compliance with all applicable regulations, circulars, guidelines, letters issued by SEBI from time to time; 1.1.3.2. To review the functioning of Vertical-1 i.e. Critical Operations and Vertical-2 i.e. Regulatory, Compliance, Risk Management and Investor Grievances ; 1.1.3.3. To review the adequacy of resources (both financial and human) for functions under Verticals 1 and 2; 1.1.3.4. To identify important issues which may involve conflict of interest for the MII or may have significant impact on the functioning of the MII or may not be in the interest of securities market; and 1.1.3.5. To review the corrective steps taken by the MII on observations of SEBI inspections particularly on issues of governance standards, technology, cyber security, system audit and cyber security audit observations. 1.1.4. In order to achieve the above objectives, PIDs may discuss with the concerned Vertical Heads or Key Management Personnel (KMPs) or any other personnel, as may be felt appropriate by the PIDs. 1.1.5. PIDs as member of various committees (including statutory committees) shall provide a report to other PIDs on the working of their committees. 1.1.6. A report on the outcome of such meetings shall be submitted by the PIDs to SEBI and to the Governing Board of the MII within 30 days of such meeting. 1.1.7. Accordingly, paragraph 2.2.3.4 of Chapter 6 of Master Circular for Stock Exchanges and Clearing Corporations dated October 16, 2023 , paragraph 4.66.2.4 of Section 4 of Master Circular for Depositories dated October 06, 2023 and paragraph 15.3.3(IV) of Chapter 15 for Master Circular dated August 04, 2023 for Commodity Derivatives Segment will stand rescinded with effect from the date of implementation of this circular. 1.2. Quarterly reporting by Compliance Officer (CO) 1.2.1. Regulation 30(3) of SECC Regulations, 2018 Regulation 81(3) of D P Regulations 2018 , inter alia , specifies that the Compliance Officer (CO) shall submit to SEBI a report of any non-compliance of any Acts, rules, regulations, circulars or directions issued thereunder and for the redressal of investors' grievances, on a quarterly basis. 1.2.2. The CO shall submit the quarterly report to SEBI, within 45 days from the end of the quarter (i.e. June, September, December and March). The format of the report for stock exchanges and clearing corporations is placed at Annexure-A1 and for depositories is placed at Annexure-A2 . 1.3. Half yearly reporting by Chief Risk Officer (CRiO) 1.3.1. Regulation 30A(2) of SECC Regulations, 2018 and Regulation 81A(2) of D P Regulations, 2018 , inter alia , specifies that the Chief Risk Officer (CRiO) shall be responsible for the overall risk management of the MII and submit a report to SEBI on half-yearly basis. 1.3.2. The CRiO shall submit the half yearly report to SEBI within 90 days from the end of half year (i.e. September and March). The content and format of the report is placed at Annexure-B . 1.4. Disclosure of Board Meeting Agenda and Minutes 1.4.1. Regulation 33(7) of the SECC Regulations, 2018 and Regulation 31(7) of the D P Regulations, 2018 , inter alia, specifies that the MIIs shall disclose on their website the agenda and minutes of its governing board meetings pertaining to regulatory, compliance, risk management and investor grievance areas. 1.4.2. The MIIs may, however, subject to adherence to disclosure requirements as specified under SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 not publicly disclose items which are of strategic/ confidential in nature and disclosure of which will put them in a disadvantageous business position. Such items should be classified as confidential along with reasons for such classification by their governing board. 1.4.3. The relevant agenda and minutes shall be disclosed within 7 working days from the date of approval of such minutes. 1.5. SOP for disciplinary actions against KMPs 1.5.1. All MIIs shall devise internal Standard Operating Procedures ( SOPs ) for undertaking disciplinary actions against KMPs for any non-compliance with regulatory provisions and internal guidelines. The policy shall be approved by Nomination and Remuneration Committee (NRC) and the Governing Board of the MII. 1.5.2. The SOP shall include list of actions that may be initiated against a KMP for breach of any provision, including advisory, warning, impact on annual increment or promotion, invocation of malus-clawback provisions, suspension, termination, amongst other actions as may be suggested by the NRC. 1.5.3. The scenarios for invoking the malus-clawback provisions shall be clearly specified in the SOP. 1.5.4. In case of repeated non-compliances or considering the seriousness of non-compliance, stringent actions like termination or malus-clawback may be effected. 1.6. Whistle Blower Policy of MIIs 1.6.1. As per the extant regulatory provisions, the disclosure requirements and corporate governance norms as specified for listed companies shall mutatis mutandis apply to all MIIs. With respect to Whistle Blower policy, regulation 22 of SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 states as under Vigil mechanism. 22. (1) The listed entity shall formulate a vigil mechanism/ whistle blower policy for directors and employees to report genuine concerns. (2) The vigil mechanism shall provide for adequate safeguards against victimization of director(s) or employee(s) or any other person who avail the mechanism and also provide for direct access to the chairperson of the audit committee in appropriate or exceptional cases. 1.6.2. In order to further strengthen the whistle blower mechanism, the following has been decided: 1.6.2.1. MIIs shall resolve the whistle blower complaints within 60 days from the date of receipt of such complaints. 1.6.2.2. The Audit Committee shall 1.6.2.2.1. Receive and investigate the whistle blower complaints. 1.6.2.2.2. Take appropriate decision, including any further course of action, with respect to the whistle blower complaint. 1.6.2.2.3. Submit a report to the governing board of the MII containing the details of all whistle blower complaints received during a quarter and decisions, if any, taken with respect to such complaints in the next governing board meeting after the end of the quarter (i.e. June, September, December and March). In case, the Audit Committee is not able to take any decision on the matter, the same may be escalated to the Governing Board of the MII. 1.6.2.3. Appropriate checks and balances should be implemented by the MII to ensure that disincentives for misreporting, if any, do not dissuade genuine whistle blowers from reporting irregularities. 1.6.2.4. The Regulatory Oversight Committee shall annually review the whistle blower policy of the MII. 1.6.2.5. The MIIs shall disclose the whistle blower policy on their respective websites. 2. Enhancing Supervision and Monitoring Mechanism of MIIs 2.1. Mechanisms to monitor their Members or Participants 2.1.1. MIIs shall adopt advanced technologies such as Regulatory Technologies (RegTech) and Supervisory Technologies (SupTech) to further strengthen their regulatory and supervision mechanisms. 2.1.2. MIIs shall enable systems that require their members or participants (such as stock brokers, clearing members, depository participants, warehouse service providers) to make most of the submissions online and reduce reliance on physical information sharing. MIIs should be able to generate alerts and reports on such submissions to meet their regulatory and supervisory objectives. 2.1.3. MIIs shall disclose all material information pertaining to their members or participants on their website. Such information shall include aspects related to the following: 2.1.3.1. Details of number of investor complaints or grievances received against its members or participants, resolved and pending for the past 3 financial years (including the current financial year), to be updated on monthly basis; 2.1.3.2. Details of regulatory action taken against their members during the past 3 financial years; 2.1.3.3. Net worth (as on end of the previous financial year); 2.1.3.4. Other relevant information. 2.1.4. In case of any significant or material non-compliance of the regulatory requirements by any member or participant observed by an MII, the same shall be shared with other MIIs. 2.2. Internal policies for periodic monitoring of Back Office Vendors or Outsourced Agencies 2.2.1. In order to ensure compliance with various regulatory requirements by the back office vendors or outsourced agencies appointed by the MII and/or by their members or participants, the MIIs shall have policies for appointment and monitoring of such back office vendors or outsourced agencies. 2.2.2. Such policy shall clearly outline the risks that may arise from the back office vendors or outsourced agencies and steps to eliminate or reduce such risks. 2.2.3. Such policy shall define the minimum standards or thresholds in terms of quantitative and qualitative parameters that shall be met by the back office vendors or outsourced agencies (including technology vendors) for appointment. 3. Training or knowledge up-gradation of Directors on Governing Board of MII 3.1. SECC Regulations, 2018 and D P Regulations, 2018 require the MIIs to provide at least seven days of training in a year to all its directors. 3.2. MIIs, in coordination with reputed institutions like National Institute of Securities Markets (NISM) or experts/professionals, shall organize either online or offline learning modules related to ongoing development in capital markets and regulatory space, major developments in other developed economies in related areas, overview of development of various RegTech and SupTech, etc. 3.3. At the time of joining of a new director on the Governing Board, the MII shall provide familiarization programme to such directors with regard to their roles responsibilities and expectations from them. Further, MIIs shall also provide a list of applicable regulatory provisions including the code of conduct applicable to directors amongst other materials for ease of reference. 4. Policy on Data Sharing 4.1. As per SECC Regulations, 2018 and D P Regulations, 2018 , MII shall have an internal policy for sharing and monitoring of confidential and sensitive data. 4.2. The policy should adequately cover all methods of data sharing online and offline including e-mails and social media, with appropriate delegation of powers for sharing of data. 4.3. The policy shall contain mechanisms to monitor the data being shared on a regular basis through technology and conduct periodic audits, at least once in six months (ending with September and March), to ensure compliance with the data sharing policy. 4.4. The policy shall be reviewed for its effectiveness annually by Standing Committee on Technology (SCOT). 4.5. Non-compliances (including data breaches and leakages of confidential and sensitive data), if any, shall be reported within 15 days to governing board of the MII and SEBI by the Compliance Officer (CO) along with remedial steps taken or to be taken in this regard. 4.6. Data sharing should be done on a non-discriminatory basis. 5. Appointment or Reappointment of Directors on the Governing Board 5.1. In terms of the SECC Regulations, 2018 and D P Regulations, 2018 , MIIs are required to forward at least two names to SEBI after the approval of their governing board. In this regard, as an ease of doing business measure, it has been decided to simplify the process further to make it a two stage process: 5.1.1. Stage 1: The MIIs shall submit brief profiles of at least two prospective candidates. SEBI, based on the information available, shall prima facie shortlist and give NOC to one candidate. 5.1.2. Stage-2: The MIIs, shall collect all the other information and documents required under the extant regulations from the shortlisted candidate and submit the same to SEBI. SEBI shall then consider the complete application and grant its approval subject to compliance with regulatory requirements. 5.2. Further, it is clarified that in case of reappointment of an existing PID, MIIs need not send two names to SEBI. Accordingly, the words and extension of the term of existing PID is removed from Para 2.3.4 of Chapter 6 titled Administration of Stock Exchanges and Clearing Corporation under the SEBI Master Circular for Stock Exchanges and Clearing Corporations dated October 16, 2023 and from Para 4.66.3.4 under the SEBI Master Circular for Depositories dated October 06, 2023 . 5.3. All MIIs shall develop a skill evaluation metrics to assess the applications for appointment or reappointment of PIDs. The indicative parameters and weightage for such evaluation is placed at Annexure-C . MII s shall develop a similar skill evaluation metric for appointment or reappointment of NIDs. Further, MIIs shall take the help of an independent Human Resource (HR) Agency to independently collect/verify the information as required under points 1, 2 and 3 of Annexure-C. 5.4. The evaluation of PIDs, in case of their reappointment, shall also take into account the framework prescribed at paragraph 2.3 of Chapter 6 of Master Circular for Stock Exchanges and Clearing Corporations dated October 16, 2023 and paragraph 4.66.3 of Section 4 of Master Circular for Depositories dated October 6, 2023 . 6. Reporting lines of KMPs 6.1. SEBI through regulations and circulars require MIIs to have certain KMPs. They include Compliance Officer (CO) who heads the Compliance function, the Chief Risk Officer (CRiO) who is responsible for identification and mitigation of risks being faced by the MII, the Chief Technology Officer (CTO) who focuses on the organization's overall technology strategy, innovation, and technical infrastructure and the Chief Information Security Officer (CISO) who is responsible for safeguarding data and information through cybersecurity practices. 6.2. To ensure there is sufficient independence for the KMPs to freely provide their views to the governing board and/or statutory committees of MIIs and the functioning of the MII is not disrupted, the following reporting structures for KMPs shall be implemented by MIIs: 6.2.1. For CO: CO shall report to the MD. However, Regulatory Oversight Committee shall hold separate meeting with CO at least once a quarter without the presence of MD or any other executive. 6.2.2. For CRiO: CRiO shall report to the MD. However, Risk Management Committee shall hold separate meeting with CRiO at least once a quarter without the presence of MD or any other executive. 6.2.3. For CTO and CISO: CTO and CISO shall report to the MD. However, Standing Committee on Technology shall hold separate meeting with CTO and CISO at least once a quarter without the presence of MD or any other executive. 6.3. Currently, Nomination and Remuneration Committee (NRC) of the MII, while accessing the performance of KMPs, take reports or inputs from the functional heads or reporting authority, and observations received from SEBI, if any. In view of the above, it has been decided that for performance appraisal of CO, CRiO, CTO and CISO, in addition to the above requirements, NRC shall also take reports or inputs from relevant statutory committees. 7. Applicability: The provisions of this Circular shall come into force from 1 st April , 2025 . 8. The Stock Exchanges, Clearing Corporations and Depositories are directed to: 8.1. take necessary steps and put in place necessary systems for the implementation of the above; 8.2. make necessary amendments to the relevant bye-laws, rules and regulations, wherever applicable, for the implementation of the above; and 8.3. bring the provisions of this circular to the notice of market participants (including investors) and also disseminate the same on their website. 9. This circular is issued in exercise of the powers conferred under Section 11(1) of the Securities and Exchange Board of India Act 1992 read with Regulation 51 of the Securities Contracts (Regulation) (Stock Exchanges and Clearing Corporations) Regulations, 2018 , Section 26(3) of the Depositories Act, 1996 and Regulation 97 of Securities and Exchange Board of India (Depositories and Participants) Regulations, 2018 to protect the interests of investors in securities and to promote the development of, and to regulate the securities market. 10. This circular is available on SEBI website at www.sebi.gov.in . Yours faithfully, Hruda Ranjan Sahoo Deputy General Manager Tel No: 022 -26449586 Email: [email protected]