FeaturesBlogsGlobal NewsNISMGalleryFaqPricingAboutGet Mobile App
REGISTRAR AND TRANSFER AGENTS REGULATIONS

REGISTRAR AND TRANSFER AGENTS REGULATIONS

Registrar and Transfer Agents Regulations

  • Definition: Registrar and Transfer Agents (RTAs) are entities that provide services related to the transfer of securities and maintenance of records for listed companies.
  • Details: The SEBI (Registrars to an Issue and Share Transfer Agents) Regulations, 1993, govern the registration process, activities, and responsibilities of RTAs.

Advertisement

Key Concepts

  • SEBI (LODR) Regulations 2015: These regulations provide guidelines for listed entities with regards to their listing obligations and disclosure requirements.
  • SEBI (RTA) Regulations 1993: These regulations define the role and responsibilities of RTAs, including registrars to an issue and share transfer agents.
  • Application for Registration: An application for registration as an RTA must be made in the prescribed format, accompanied by a non-refundable fee, and evaluated based on factors such as available infrastructure, past experience, capital adequacy, and integrity of partners and promoters.
  • Capital Adequacy Requirements: The net worth requirement for a Category I RTA is Rs. 50 lakhs, and for a Category II RTA is Rs. 25 lakhs.
  • Obligations and Responsibilities: RTAs must abide by a code of conduct, maintain proper books of accounts and records, and appoint a compliance officer to ensure compliance with regulations.
  • Code of Conduct: The code of conduct for RTAs includes principles such as maintaining high standards of integrity, fulfilling obligations in a prompt and professional manner, and exercising due diligence and independent professional judgment.

Important Terms

  • Registrar to an Issue: An entity appointed by a body corporate to carry out activities related to an issue, such as collecting applications and maintaining records.
  • Share Transfer Agent: An entity that maintains records of holders of securities and deals with matters connected with the transfer and redemption of securities.
  • Category I and Category II Intermediaries: Categories of RTAs, with Category I allowing the applicant to act as a registrar to an issue and share transfer agent, and Category II allowing the applicant to act as either a registrar to an issue or share transfer agent.

Registrar and Transfer Agents Regulations (Part 2)

  • Introduction: The regulations outline the responsibilities and obligations of Registrars to an Issue and Share Transfer Agents, including the requirement to maintain internal control procedures, ensure adequate financial and operational capabilities, and provide freedom and powers to the compliance officer.
  • Key Responsibilities:
    • A Registrar to an Issue and Share Transfer Agent shall not make any exaggerated statements to clients about its qualifications or capabilities.
    • They must have satisfactory internal control procedures in place to prevent losses due to theft, fraud, or other dishonest acts.
    • They must provide adequate freedom and powers to the compliance officer to discharge their duties effectively.
    • They must develop an internal code of conduct to govern internal operations and maintain professional excellence, integrity, and confidentiality.
  • Corporate Governance and Risk Management:
    • Registrars to an Issue and Share Transfer Agent must ensure good corporate policies and governance are in place.
    • They must employ or appoint fit and proper persons to conduct business, with relevant professional training or experience.
    • They are responsible for the acts or omissions of their employees and agents in respect of the conduct of their business.
  • Inspection and Enforcement:
    • The regulator, SEBI, may inspect the operations of a Registrar to an Issue and Share Transfer Agent to ensure compliance with regulations.
    • SEBI may initiate proceedings against Registrars to an Issue and Share Transfer Agent who fail to comply with regulations, including suspension or cancellation of registration.
  • Exemptions and Regulatory Sandbox:
    • SEBI may grant exemptions from enforcement of regulations for promoting innovations in the securities market.
    • The Regulatory Sandbox allows for live testing of new products, processes, and services in a controlled environment.
  • Enhanced Monitoring Guidelines for Qualified Registrars to an Issue and Share Transfer Agents (QRTAs):
    • QRTAs must adopt and implement an internal policy framework and provide periodic reporting on key risk areas, data security measures, business continuity, and governance structures.
    • They must have a comprehensive policy framework in place, approved by the Board of Directors, covering aspects such as risk management, business continuity, and data access and protection.
  • Cyber Security and Cyber Resilience Framework:
    • QRTAs must maintain a robust cyber security and cyber resilience framework to protect the integrity of data and guard against breaches of privacy.
    • The framework should identify plausible sources of operational risk and mitigate the impact through the use of appropriate systems, policies, procedures, and controls.

Registrar and Transfer Agents Regulations (Part 3)

  • Definition: Registrar and Transfer Agents (RTAs) play a crucial role in providing essential facilities and performing systemically critical functions relating to the securities market.
  • Details: The Securities and Exchange Board of India (SEBI) has established a framework for RTAs to ensure cyber security and cyber resilience.

Advertisement

Key Concepts

  • Cyber Security: Refers to the measures, tools, and processes intended to prevent cyber-attacks and improve cyber resilience.
  • Cyber Resilience: An organization's ability to prepare and respond to a cyber-attack and continue operations during and recover from the attack.
  • CIA Triad: Stands for Confidentiality, Integrity, and Availability, which are the primary goals of cyber security.

Cyber Security and Cyber Resilience Framework

  • The framework is based on 5 cyber resiliency goals:
    • Anticipate: Maintain a state of informed preparedness from adversary attacks.
    • Withstand: Continue essential business functions at times of adversary attacks.
    • Contain: Localize containment of crisis and isolate trusted functions from untrusted ones.
    • Recover: Restore business functions to the maximum extent, subsequent to adversary attacks.
    • Evolve: Change business functions and supporting cyber capabilities to minimize adverse impacts.
  • The framework includes the following cybersecurity functions:
    • Governance
    • Identity
    • Protect
    • Detect
    • Respond
    • Recover

Measures to be Adopted by QRTAs

  • Appointment of Chief Information Security Officer (CISO): Responsible for assessing, identifying, and reducing cyber security risks.
  • Constitution of an Incident Response Team (IRT): Responsible for declaring a disaster and invoking the Business Continuity Plan (BCP).
  • Near Site (NS): Ensure zero data loss.
  • Disaster Recovery: Restore operations within 45 minutes either from the primary site or Disaster Recovery Site (DRS).
  • Technology Committee: Review the implementation of the cyber security and cyber resilience policy on a quarterly basis.
  • Reporting Procedure: Facilitate communication of unusual activities and events to CISO or senior management.
  • Employee Responsibilities: Define responsibilities of employees, outsourced staff, and vendors towards ensuring cyber security.
  • Cyber-Attack Reporting: Report cyber-attacks to SEBI within 6 hours and to Indian Computer Emergency Response Team (CERT-In).

Systems Audit Framework

  • Systems Audit: Audit of systems and processes related to front office, back office, fund accounting, and financial accounting.
  • RTAs: Required to have systems audit for master controls, investor servicing, and classification of registered entities.

Advertisement

Ultimate Beneficial Owner

  • Definition: The natural person or persons who ultimately own, control, or influence a client and/or persons on whose behalf a transaction is being conducted.
  • Identification: Necessary to prevent money laundering and ensure due diligence of Know Your Customer (KYC) norms.

RTA Inter-Operable Platform

  • Definition: A user-friendly interface for mutual fund transactions, service requests, and investment-related reports.
  • Cyber Security: Adopt the Cyber Security and Cyber Resilience Framework and comply with SEBI regulations.

REGISTRAR AND TRANSFER AGENTS REGULATIONS (Part 4)

  • Business Continuity Plan (BCP): Guidelines issued by SEBI for RTAs to ensure continuity of operations in case of disruptions.
  • Disaster Recovery (DR): Guidelines issued by SEBI for RTAs to recover from disasters and ensure business continuity.
  • SEBI Circular No.: SEBI/HO/IMD/IMD-II DOF3/P/CIR/2021/604: Circular issued by SEBI on RTA inter-operable platform for enhancing investors' experience in mutual fund transactions and service requests.

Key Concepts

  • Inter-operable Platform: A platform developed jointly by all RTAs to facilitate mutual fund transactions, initiate service requests, and access investment-related reports.
  • Qualified RTAs: Market intermediaries who service more than 2 crore folios, also referred to as Critical Infrastructure Institutions (CII).
  • Code of Conduct for RTAs: Guidelines that require RTAs to put in place a mechanism to resolve conflict of interest situations, cooperate with SEBI, and ensure corporate governance.
  • Beneficial Owners: Identification of beneficial owners of all investments, except those held by individual investors, is necessary to prevent money laundering and ensure due diligence of KYC norms.
  • Cyber Security and Cyber Resilience Framework: A framework prescribed by SEBI that includes identifying, assessing, and managing cyber security risk, and continuing operations during a cyber attack.

Advertisement

Sample Questions

  • The inter-operable platform facilitates mutual fund transactions, initiating service requests, and accessing investment-related reports.
  • Critical Infrastructure Institutions (CII) are qualified RTAs that service more than 2 crore folios.
  • The Code of Conduct for RTAs requires RTAs to put in place a mechanism to resolve conflict of interest situations, cooperate with SEBI, and ensure corporate governance.
  • Identification of Beneficial Owners is necessary to prevent money laundering and ensure due diligence of KYC norms.
  • Catch the cyber attacker and file a police complaint is not a part of the cyber security and cyber resilience framework prescribed by SEBI.
  • Business Continuity Plan (BCP) is maintained by QRTAs to ensure operations can resume after disruption.
  • Ultimate Beneficial Owner (UBO) identification by RTAs is required for all except individual investors.
  • Maintaining high standards of integrity is part of the RTA code of conduct.
Previous ChapterGo to PreviousNext Chapter Go to Next