The Securities and Exchange Board of India (SEBI) has established regulations to create a robust framework. This is aimed at prohibiting insider trading in securities. SEBI’s (Prohibition of Insider Trading) Regulations, 2015, are designed to prevent insiders from communicating Unpublished Price Sensitive Information (UPSI).
UPSI refers to any information related, directly or indirectly, to a company or its securities that is not generally available. This, upon becoming available, is likely to materially affect the price of the securities. Information is considered generally available when it is accessible to the public on a non-discriminatory basis. Any individual who uses such sensitive, non-public information to trade shares of a company, for personal gain or on behalf of a third party, breaches SEBI’s regulations.
Maintenance of Structured Digital Database (SDD)
According to the SEBI (Prohibition of Insider Trading) Amendment Regulations, 2018 (effective from April 1, 2019), the board of directors must ensure the maintenance of a Structured Digital Database (SDD). This database should contain the names of persons or entities with whom information is shared under this regulation, along with their Permanent Account Number (PAN) or other authorized identifiers where PAN is unavailable. The SDD must include internal controls such as time stamping and audit trails to prevent tampering. Understanding SEBI’s SDD regulations is critical for ensuring compliance.
This article explores common areas of non-compliance regarding the maintenance of SDDs by listed entities dealing with UPSI. As Secretarial Auditors, we have observed several recurring issues that companies face in properly maintaining these databases.
Common Areas of Non-Compliance in SDD Maintenance
- Failure to Record UPSI Shared and Disclosed on the Same Day
Many companies neglect to make entries in the SDD when UPSI is discussed during board meetings. For instance, if the board decides to declare an interim dividend of Rs. 2 per share, this decision must be disclosed to the Stock Exchanges within 30 minutes, as per Regulation 30 of SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015. Despite this, companies often fail to record such UPSI in the SDD. This includes events like dividend declarations, changes in director designations, and appointments or resignations of directors. When questioned, companies often argue that since the information becomes public within 30 minutes, it ceases to be UPSI, thus negating the need for SDD entry. However, ideally, entries should be made in the SDD before disclosure to the Stock Exchanges.
Companies cite two primary reasons for this practice, although non-compliant:- Time Constraints: Compliance staff often find the requirement to disclose outcomes within 30 minutes of a board meeting taxing. They argue that recording the UPSI in the SDD first would delay the disclosure to stock exchanges, resulting in non-compliance with Regulation 30 of SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015.
- Short-lived UPSI Status: Companies claim that since the information remains UPSI for less than 30 minutes (from the conclusion of the board meeting until its disclosure), there is no need to enter it in the SDD.
- Ambiguities in “Policy on Materiality”
Although UPSI encompasses any information that is not generally available and could materially affect security prices, companies must have a “policy on materiality” to determine significant events. Some companies’ materiality policies are ambiguous, leading to incorrect classification of sensitive information as non-UPSI. This misclassification results in the failure to enter UPSI into the SDD. - Failure to Record UPSI Shared with External Parties
A significant oversight is the failure to record the details of UPSI shared with external parties such as statutory auditors and secretarial auditors. Audit firms receiving such information are also required to maintain an SDD within their organization to track the flow of UPSI across various teams. However, companies often neglect to make these entries, and audit firms, in turn, fail to maintain their SDD, citing that no UPSI has been shared. This gap leads to significant flaws in transparency and compliance.
Specific Mistakes in SDD Maintenance by Listed Entities
While the above points highlight issues related to data entry and tracking, here are some specific mistakes that listed entities commonly make when maintaining their SDDs:
- Non-entry of UPSI Shared with Auditors for Audit Purposes
Companies often overlook entering details of UPSI shared with auditors, which is essential for ensuring comprehensive tracking. - Non-entry of Information Shared with Printers/Publishers
Details shared with those responsible for printing accounts or annual reports containing confidential information are frequently omitted. Their names along with PAN are also not entered in the SDD. - Non-entry of Regulatory Notices and Orders
Show cause notices or penalty orders from regulatory authorities are sometimes not recorded in the SDD. - Non-entry of Director and Key Managerial Personnel Changes
Changes in directors or key managerial personnel, such as appointments or resignations, are not always entered in the SDD. - Non-entry of Credit Ratings
Details of credit ratings received from agencies before disclosure to stock exchanges are often missing and are not entered in the SDD. - Non-entry of Audit Reports with Adverse Qualifications
Audit reports containing adverse qualifications should be entered before being published to stock exchanges but are sometimes neglected. - Non-entry of Dividend Declarations
Despite the argument that such information is no longer UPSI once disclosed to stock exchanges, initial entries should still be made. Most companies fail to do the same. - Non-entry of Mergers, Acquisitions, and Related Contracts
Details of acquisitions, mergers, demergers, and amalgamations should be recorded before public disclosure and most companies fail to do the same. - Improper Identification and Recording of Designated Persons (DPs)
Companies sometimes fail to correctly identify and record new DPs who receive UPSI. - Inadequate SDD Maintenance
Some companies maintain their SDDs improperly, using non-compliant software or simple Excel sheets instead of robust systems.
These errors, commonly reported by Secretarial Auditors, illustrate some of the significant compliance challenges under SEBI’s regulations. This list, while inclusive, is not exhaustive. This indicates that there may be additional areas where listed entities could falter in maintaining their SDDs.
Suggestions for Improving SDD Framework
To enhance compliance with SEBI’s (Prohibition of Insider Trading) Regulations, 2015, and to maintain an effective Structured Digital Database (SDD), listed companies can consider the following measures:
- Implement Robust SDD Software
Invest in a compliant and secure digital solution specifically designed for maintaining SDDs. Avoid using simple tools like Excel sheets that are prone to errors and lack necessary security features. Best software for SDD compliance can significantly streamline this process. - Regular Training for Compliance Staff
Conduct regular training sessions for company secretaries, compliance officers, and relevant staff on the importance of SDD maintenance. This includes detailed procedures for making entries. - Clear Policies and Procedures
Develop and communicate clear policies and procedures regarding what constitutes UPSI and the steps for entering this information into the SDD. Ensure these policies are regularly reviewed and updated. - Internal Audits and Reviews
Schedule regular internal audits to review the SDD and ensure compliance with regulations. Use these audits to identify and rectify any gaps or inconsistencies. The role of internal audits in SDD compliance cannot be overstated. - Automated Reminders and Alerts
Implement automated systems that send reminders and alerts to relevant personnel about the need to update the SDD following significant events such as board meetings or receipt of regulatory notices. - Enhanced Coordination with External Parties
Ensure seamless communication and coordination with external parties like auditors, printers, and legal advisors. Make it a standard practice to document and record all instances of UPSI shared with these entities. - Detailed Record-Keeping
Maintain comprehensive records of all entries in the SDD, including timestamps, details of the person making the entry, and audit trails to prevent tampering and ensure accountability. - Regular Updates to Materiality Policies
Review and update the company’s “policy on materiality” to eliminate ambiguities and ensure accurate classification of UPSI.
Maintaining a Structured Digital Database (SDD) in compliance with SEBI’s regulations is crucial for listed companies to prevent insider trading and ensure transparency. Despite the challenges and common errors in SDD maintenance, companies can significantly improve their compliance framework by implementing robust systems, training staff, and maintaining clear, updated policies. Regular internal audits and automated reminders can further enhance the accuracy and reliability of the SDD. By addressing these areas, companies can not only avoid regulatory penalties but also foster a culture of integrity and trust in the marketplace. Understanding how to audit your SDD for compliance and implementing best practices for SDD maintenance are essential steps for listed companies.
