SEBI asks companies to strengthen controls on handling of UPSI

by CS Vinita Nair, (


SEBI framed SEBI (Prohibition of Insider Trading) Regulations, 2015 (the Regulations) to combat the wrong of trading in securities with the advantage of having asymmetrical access to unpublished information which when published would impact the price of securities in the market. Originally framed in 1993 and thereafter, replaced with revised regulations in 2015.

The Regulations mandates listed entities to frame Code of Conduct for Prohibition of Insider Trading and Code of Fair Disclosure. The Code of Conduct is for all employees and connected persons to adhere and comprises of requirement of pre-clearance of trade, disclosure of trade, prohibition to trade when the trading window is closed, restriction on contra trade and reporting of violations to SEBI and taking disciplinary action against those who violate the Code of Conduct. In order to ensure successful implementation of Code of Conduct, it is of utmost importance to sensitize the employees about the requirements of the Regulations and the Code of Conduct, what is expected out of them, what are the Do’s and Don’ts that such employees and connected persons are required to adhere to. Additionally, the Compliance officer is also expected to carry out timely reporting to Chairman of Audit Committee/ Board, maintain grey list, ensure the employees update the list of immediate relatives, ensure that action is taken against those who violate the Code.

SEBI order in case of Axis Bank

SEBI vide order dated December 27, 2017[1] issued directions to Axis Bank Ltd in respect of leakage of UPSI relating to financials through social networking thereby requiring Axis Bank Ltd to submit information regarding the processes controls that it has in place regarding handling of UPSI. This is relevant for all other listed entities as preparing of periodic financials is a regular phenomenon and is definitely an UPSI. SEBI attributed such leakage to the inadequacy of the processes / controls / systems that Axis bank as a listed company had put in place. SEBI stressed on the fact that while procurement or communication of UPSI  by  any  person  is identified as a violation of regulation 3 of PIT Regulations and section 12A(e) of the SEBI Act, it becomes incumbent upon every listed company to put in place.

SEBI ordered Axis Bank to strengthen its processes/ systems/ controls to ensure such instance is not repeated in future and to conduct an internal inquiry into the leakage of UPSI and take appropriate action against those responsible for the same, in accordance with law. The scope of enquiry prescribed included but not limited to determination of the possible role of following persons in relation to the aforesaid leakage of UPSI:

  1. Persons / members of committees involved in generation of the original data for the purpose of determination of  key figures pertaining to financial figures including GNPA, NNPA, NIM, Slippage, Write-off, CASA, etc.
  2. Persons involved  in  the  consolidation  of  the  figures  for  the  financial results.
  3. Persons involved in the preparation of board notes and presentations.
  4. Persons involved in dissemination of information  relating  to  financial  results in the public domain.
  5. Any other persons who had access to the information.

SEBI provided a timeline of 3 months from the date of order and asked to file a report to SEBI within 7 days from completion.

In the past, in case of Palred Technologies Limited[2], SEBI had charged a facebook ‘mutual friend’ whose trading pattern was found in deviation from the established trading pattern and when he could not reply to specific details sought by SEBI.

What’s in store for others

There is definitely a need for all other listed entities to revisit and ensure the sanctity of its own controls and processes in relation to handling of UPSI. The extent to which the employees have been sensitized will determine the effectiveness of the processes and controls. Needless to say, any such instance affects the credibility and reputation of the listed entity.

All the listed entities frame the two codes required under the Regulations, put up FAQs on the intranet and monitor the trading of the designated persons and other connected persons. But it is very essential to test the effectiveness, to re-visit, to sensitize the employees again and again, to make them aware of the repercussions of violating the Regulations or the Code.

Areas to sensitize

  1. Educating all insiders about the sensitivity of information and the need to restrict disclosures on “need to know” basis;
  2. Educating all such executives who deal with sensitive information to ensure strictest confidentiality;
  3. Ensuring that there is adherence to Company’s internal code/protocol while speaking to press/public forums;
  4. Ensuring that trading in securities of any other company, in respect of whom the company’s executives have UPSI, is barred;
  5. Ensuring that the investment team/investment committee/ research desk of the company has “chinese wall” protection from such team as may have UPSI in relation to clients;
  6. Ensuring that trading by all employees in company’s securities are disclosed, if such trades are in excess of the stipulated amount every quarter;
  7. Ensuring that DPs are aware of closure of trading window;
  8. Ensuring that DPs take prior approval for any trading while trading window is open;
  9. Ensuring that DPs are aware of contra trade restrictions;
  10. Ensuring that flow of information is clear from the respective HoDs to the compliance officers for maintenance of grey/ restricted list;
  11. Educating on the requirement to have differential closure of trading window depending on the nature of UPSI and manner in which information is to flow;
    • For eg. the M&A team must be aware about likelihood of any acquisition and deal dynamics even before it is put up before the Board or Committee for sanction. The trading window for such team cannot commence at same time when the window is closed for those preparing board notes, agenda etc. The closure for them will commence earlier and this will be required to be communicated by the respective HoD to the compliance officer.

What should the SOP cover?

A Standard Operating Procedure (SOP) may be separately framed to implement to Codes under the Regulations or this may be incorporated in the Code itself. Apart from the introduction and provisions of law, the SOP should cover following:

Parameter Points to be covered
Dealing in securities ·         The employees shall be informed about period when the employee including his/her Immediate Relatives shall not trade;

·         The employee shall be required to seek permission of respective HoD or Compliance Officer before sharing of an UPSI for legitimate purpose/ on a ‘need to know basis’ i.e. for performance of duty or discharge of legal obligations. While seeking permission, the need to know requirement shall be justified. Till receipt of sanction, the information shall not be shared.

·         The HoD/ Compliance Officer sanctioning such a requirement may mandate entering of NDA and any other compliance arising under the Code for such designated person.

Updating information ·         The listed entity shall provide a robust system to ensure timely updation of list of immediate relatives by designated persons, online application for pre-clearance, reporting of trade, submitting disclosure, seeking permission for sharing of UPSI for legitimate purposes in order to do away with the excuse of not being able to send information on time;


Period of Trading Window closure ·         It is not relevant whether the intimation of trading window closure is given to stock exchange or not. The closure is for the insiders and not outsiders. Therefore, the Code/ SOP should clearly specific tentative period when the trading window shall remain closed.

·         The Compliance Officer in consultation with executive director shall have the power to decide and close the trading window for any other period during which certain identified employees shall be prohibited from trading in securities of the Company or any other company of which such employees is expected to have access to UPSI.

·         The period of closure shall be informed to the employees by way of intranet and/or email. The email should mandate a read receipt.

Pre-clearance and Reporting of Trade undertaken ·         The employees shall be sensitized about the requirement to seek pre-clearance and also to report the trade undertaken pursuant to such trade.

·         When the trade is reported, immediately an email can be sent intimating about the contra trade restrictions.

·         Instances when a waiver will be granted should be adequately captured in the Code and also sensitized to employees.

·         The RTA should also be given the details of PAN of the designated employees to be able to pull out the beneficiary position of such DPs separately in order to track the change in holding of shares.

Responsibility of Compliance Officer ·         The Compliance Officer shall sensitize the employees on recent orders, informal guidance given by SEBI in simplified manner;

·         The Code shall provide the option to contact the Compliance Office in case of any doubt/ confirmation in relation to Regulations to ensure that employees don’t sleep walk into non-compliance.

·         Regular tracking of trades by employees, issuance of warning letters, periodic internal reporting, taking disciplinary action and informing SEBI of violation of Code by DPs.

Chinese Wall mechanism ·         The access to those departments that are expected to be in possession of UPSI should be restricted;

·         Within such departments, use of cell phones/ gadgets which could potentially aid in sharing UPSI should be avoided;

·         The documents/ records/ systems storing UPSI should be stored with password protection or other security feature that the entity adopts in general;

·         Strict instruction shall be given in relation to manner of handling of such records for legitimate purpose till the particular UPSI becomes a generally available information.



Unlike other SEBI Regulations, this Regulation is required to be complied by the listed entity as well as its employees and connected persons. Therefore, the onus is on the listed entity to sensitize, facilitate, monitor and report.




0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *