Insider trading is a fundamental threat to fair market conduct and effective corporate governance. It is an offence that compromises the reputation of the listed entities, the interests of its shareholders, the morale of its employees, the fair-trade practices in the stock market and public policy. As insider trading causes irremediable damage, it is the duty of both listed entities and regulatory bodies to check, track and penalize the practice.
Maintenance of a Structured Digital Database for storing Unpublished Price Sensitive Information of listed entities is a legal requirement introduced to constantly track the movement of insider data and thereby nip the practice of insider trading in the bud. This new legal requirement introduced by Securities and Exchange Board of India (Prohibition of Insider Trading) (Amendment) Regulations, 2018 mandates compliances for listed entities, their fiduciaries, compliance officers, insiders, directors and auditors. It introduces compliance requirement to internally maintained a structured digital database with audit trail and time stamping, its timely updating, annual audit and submission of compliance certificates in the regard.
This comprehensive compliance framework was established through a set of amendments and clarifications from SEBI, BSE and NSE.
|Timeline of establishment of framework for SDD|
|1||August, 2017||SEBI constituted a Committee on Fair Market Conduct under the Chairmanship of Shri T.K. Viswanathan, Ex-Secretary General, Lok Sabha and Ex-Law Secretary|
|2||August 09, 2018||Report of Committee on Fair Market Conduct for public comments||The requirement for structured digital database was proposed by the committee report.
|3||December 31, 2018
|Securities and Exchange Board of India (Prohibition of Insider Trading) (Amendment) Regulations, 2018
|The Board of Directors are mandated to establish a structured digital database of nature of unpublished price sensitive information and details of persons/entities in possession of the same.
|4||April 1, 2019
|Commencement of 2018 amendment||The requirement to maintain SDDs comes into effect.|
|5||5th July 2019
|SEBI Guidance Note||It is clarified that SDD shall be maintained by listed entities, intermediaries and fiduciaries|
|6||April 29, 2021||Comprehensive FAQs on SEBI (PIT) Regulations, 2015||It was clarified that irrespective of the fact that information is shared within or outside the Company, requisite records shall be updated in structured digital database as and when the information gets transmitted.|
|7||July 17, 2020
|Securities and Exchange Board of India (Prohibition of Insider Trading)(Amendment) Regulations, 2020||It is mandated that the database shall not be outsourced and shall be maintained internally with adequate internal controls and checks such as time stamping and audit trails to ensure non-tampering of the database.
The BoD shall ensure that the structured digital database is preserved for a period of not less than eight years
|8||8th October 2020||SEBI Guidance Note||It is clarified that both the listed entity and their intermediaries/fiduciaries shall maintain separate SDD’s.
The SDD shall contain both details of UPSI and that of every employee entity with access to such information.
|9||29 April, 2021||SEBI Guidance Note||It is clarified that the SDD shall use the internal software and server of the entity itself, it shall not use software or server of any other vendor, domestic or overseas.|
|10||August 4, 2022||Bombay Stock Exchange (BSE’) and National Stock Exchange (`NSE’) sent mails to listed entities||Compliance officers of listed entities are directed to certify compliance with maintenance of Structured Digital Database. The last date for giving this certification by Compliance Officer is August 9, 2022.
Extensions have been requested by stakeholders including ICSI
Compliances relating to Structured Digital Database
Every listed entity and its intermediaries and fiduciaries including Professional firms such as auditors, accountancy firms, law firms, analysts, insolvency professional entities, consultants, banks etc., assisting or advising listed companies shall separately comply with the legal framework related to SDD. The following are the compliances related to maintenance of SDD:
- Head of organization shall draft a code conduct to prevent insider trading as per the format provided in Schedule C of Securities and Exchange Board of India (Prohibition of Insider Trading) Regulations, 2015
- As per the code on conduct, the board of directors or such other analogous authority shall in consultation with the compliance officer, identify:
- All the unpublished price sensitive information
- The designated person’s who have access to such information in the basis of their role and function in the organization.
- Every external entity that has access to such UPSI including intermediaries and fiduciaries including Professional firms such as auditors, accountancy firms, law firms, analysts, insolvency professional entities, consultants, banks etc., assisting or advising listed companies.
- Inform these person’s that they are receiving UPSI
- Ensure that all such person’s and entities have signed confidentiality agreements.
- Designated persons shall be required to disclose the following:
- Names and Permanent Account Number or any other identifier authorized by law and Phone, mobile and cell numbers of the following persons to the company on an annual basis and as and when the information changes:
- Immediate relatives
- Persons with whom such designated person(s) shares a material financial relationship
- The names of educational institutions from which designated persons have graduated and names of their past employers shall also be disclosed on a one-time basis.
- Create and maintain an internal Structured Digital Database for the entity.
- The SDD shall not be out sourced. The data in SDD shall not be accessible to or stored in the server of any other entity, domestic or foreign.
- Ensure that all the details regarding the UPSI and the details provided by designated person’s are uploaded in the SDD and the information is kept updated.
- The details of UPSI to be uploaded:
- Date and time of Sharing
- Nature of UPSI shared
- Mode of Sharing
- Purpose of sharing UPSI.
- Recipient individual or entity
- Ensure that the SDD is maintained with adequate internal controls and checks such as time stamping and audit trails to ensure non-tampering of the database. The data shall be non-tamper able. It can be editable but a time stamping shall be maintained
- The Audit Committee of a listed company or other analogous body for intermediary or fiduciary shall review compliance with the provisions of these regulations at least once in a financial year and shall verify that the systems for internal control are adequate and are operating effectively.
- Compliance officers of listed entities shall certify compliance with maintenance of Structured Digital Database and submit the same to BSE and NSE
- The structured digital database shall be preserved for a period of not less than eight years after completion of the relevant transactions and in the event of receipt of any information from SEBI regarding any investigation or enforcement proceedings, the relevant information in the structured digital database shall be preserved till the completion of such proceeding.
Information to be included in the SDD
|Date of Entry:||UPSI Disclosure Number:|
|Shared by||Name of person sharing UPSI|
|Nature of UPSI||[Insert Details]|
|Shared with: (Drop down options)
Collaborators/Auditors/ Lenders including Prospective Lenders/ /Customers/ Suppliers/ Merchant Bankers/ Legal Advisors/Credit Rating Agencies/ Insolvency professionals/ Service providers/ Consultant etc.
|Name of Entity:|
|Name of Person:|
|*Type of Sharing: (Drop down options) One Time
|Date of Sharing:||*Period of Sharing: (In case of
|*Mode of Sharing:|
|*Confidentiality Agreement: (Yes/No)||*Date of Agreement:|
|*Description of Agreement:|
|*Confidentiality Intimation date:|
|*Purpose of Sharing:|
SDD related compliances and accountability
As per the regulation, the management of the organization shall maintain SDD as per legal requirements. The audit committee shall ensure compliance of SDD with legal requirements. Compliance officers of listed entities shall certify compliance with maintenance of Structured Digital Database.
In addition to these legal obligations, organizations shall designate employees to keep the SDD updated. It shall be good compliance to designate a Nodal Officer for each department and made responsible to ensure that:
- Sharing of UPSI with any person by his department is happening for legitimate purposes only on a need to know basis.
- Ensuring ensuring that due notice has been given to recipients of UPSI to maintain confidentiality of UPSI / Confidentiality Agreement being entered – simultaneously while sharing UPSI.
- All UPSI generated by their department / shared by their department / which they are allowed access to (which may not be pertaining to their department), is captured in the SDD.
- All further material developments pertaining to UPSI is captured under SDD.
- If any UPSI gets abandoned, then end date is updated by them in the SDD.
The maintenance of a structured digital database for UPSI ensures that the listed entity and their fiduciaries tracks the movement of UPSI, the person’s with access to UPSI, their significant relationships and confidentiality agreements signed by them. The annual audit ensures that the management of listed entities supervises over the maintenance of database and timely submission of compliance certificates enables stock exchanges to supervise the same. This requirement is a habit changer that encourages self regulation, transparency and accountability with regard to protection of insider information.
(For purchasing software that can be used to maintain Structured Digital Database, contact Legality Simplified via firstname.lastname@example.org or https://legalitysimplified.com/contact-us/)
Alby Stephan. K, Legal executive at Legality Simplified