In recent years, the Securities and Exchange Board of India (SEBI) has intensified its regulatory focus on market intermediaries, including Registrars to an Issue and Share Transfer Agents (RTAs). This heightened scrutiny is evident from an increased frequency of inspections and the imposition of stringent penalties for non-compliance with SEBI regulations. For instance, SEBI has undertaken comprehensive inspections of RTAs, particularly focusing on adherence to norms such as the management of suspense accounts.
Amidst this environment of rigorous oversight, we are delighted to share a recent SEBI order adjudicated by its Adjudicating Officer, where the team at Regstreet Law Advisors successfully represented one of Indiaโs leading RTAs.
The case involved two key allegations concerning compliance with SEBIโs Cyber Security and Cyber Resilience Framework:
(a) Delay in addressing vulnerabilities identified during the Vulnerability Assessment and Penetration Testing (VAPT) process.
(b) Lapses in reviewing cybersecurity measures by the Technology Committee.
SEBI, after considering our detailed submissions, exonerated the RTA from one allegation and imposed the minimum penalty for the other under Section 15HB of the SEBI Act, 1992.
This representation was led by the Regstreet Law Advisors team, comprising Mr. Sumit Agrawal, Mr. Kavish Garach, and Ms. Anushka Fuke, Advocates. The order is publicly accessible on SEBIโs website, and a copy is attached for reference.
As the Indian securities market evolves, intermediaries are likely to face increased enforcement actions, especially with the impending establishment of the ๐๐๐ญ๐ ๐๐ซ๐จ๐ญ๐๐๐ญ๐ข๐จ๐ง ๐๐จ๐๐ซ๐ ๐จ๐ ๐๐ง๐๐ข๐ (DPBI) and the notification of rules under the Digital Personal Data Protection Act, 2023 (DPDP Act). Recognizing these upcoming challenges, Regstreet Law Advisors has been proactively conducting training sessions and helping clients prepare for the complexities of the new regulatory framework.