An old adage goes, "A burnt child dreads the fire, " conveying the idea that individuals who have suffered harm from a particular source tend to become more cautious about it. One might expect a company of Infosys's stature to heed this wisdom. However, their recent actions, especially in regard to preventing insider trading, have displayed anything but caution.

Infosys is no stranger to allegations and subsequent convictions of its employees under the regulations of prohibition of insider trading, dating back as far as 2006. Yet, their latest incident of failing to adhere to regulatory guidelines is possibly an SOS before the ship hits another iceberg. The company invited a stern “administrative warning” from the Securities and Exchange Board of India (SEBI) for failing to record the details of FY 2020-21 in its Structured Digital Database (SDD) – the repository for Unpublished Price Sensitive Information (UPSI), within the stipulated time period. While Infosys argued that the delay in entering the data was due to the logistical challenges posed by COVID, which had scattered the company’s workforce, SEBI categorically rejected this explanation and warned the Company Secretary to exercise greater care to avoid such incidents in the future.

However, while this news circulates, it has become apparent that while SDD is a relatively new but fundamental cornerstone in the machinery for prohibiting insider trading, particularly for business entities that are listed or plan to be listed soon. Thus, to prevent such organizations from being on SEBI’s radar and navigate the intricacies of these legal obligations, we have undertaken the task of deciphering these nuances. Presented here is a comprehensive breakdown intended to be accessible to all.

SDD Who?

In 2018, SEBI, through the Prohibition of Insider Trading (Amendment) Regulations, introduced the concept of SDD. This addition was founded on the principle that whenever information begins to evolve into material, price-sensitive information (UPSI) capable of exerting a significant impact on a company's security prices upon disclosure, it is imperative to document the sharing of such data to ensure accountability. SDD serves as a repository, to maintain a record of the individuals with whom UPSI has been shared. This regulatory directive came into effect on April 1, 2019.

Responsibility for Maintaining SDD

As per Regulation 3(5) of the Prohibition of Insider Trading (PIT) Regulations, the responsibility for maintaining the SDD for any UPSI lies squarely with the board of directors of the respective organization.

Furthermore, Regulation 9A of the PIT Regulations casts a duty on the managing director, chief executive officer, or other analogous person to establish sufficient and efficient internal control systems to ensure strict adherence to the stipulated regulations.

In accordance with Regulation 2(1)(c) of the PIT Regulations, the Compliance Officer assumes various responsibilities, including ensuring compliance with policies and procedures, maintaining records, overseeing adherence to regulations governing the safeguarding of unpublished price-sensitive information, monitoring trades, and ensuring the Code of Conduct is upheld. The Compliance Officer is also tasked with certifying and confirming the adherence status to SDD maintenance within the listed entity when submitting the quarterly compliance report on SDD to the stock exchanges.

Therefore, while access to SDD may be available to different individuals, the ultimate responsibility for preserving the integrity of SDD squarely rests with the Compliance Officer.

Point to note - SDD must be retained for at least eight (8) years after the conclusion of the pertinent transactions. Additionally, if any communication is received from the SEBI regarding an inquiry or regulatory actions, the relevant data within the SDD should be preserved until the conclusion of these proceedings, extending beyond the previously mentioned 8-year period.

Requirements to Follow When Maintaining SDD

The Database must not be outsourced and must be protected with sufficient internal controls and measures, including time stamping and audit trails, to prevent any unauthorized alterations.

Once information is recorded in the SDD, it becomes immutable and must remain unchanged to maintain its integrity. Any attempt to modify or change the recorded entries is strictly prohibited. In case any amendment is necessary, a distinct entry can be added, referring to the original one, containing complete and accurate corrected details along with a rationale for the correction.

SDD for Intermediaries/Fiduciaries

The obligations under PIT Regulations are two-fold, i.e., they apply both to the listed entities and to its fiduciaries who might have access to the UPSI about the listed entities (in the capacity of being connected persons).

According to Regulation 3(5), it is incumbent upon the board of directors or the heads of organizations to ensure that individuals handling UPSI make entries in the Structured Digital Database (SDD) each time UPSI is shared.

Similarly, fiduciaries or intermediaries must maintain an internal database capturing information similar to what is required to be recorded by the organization's board of directors or heads regarding the distribution of UPSI.

For example, if a listed company (X) has engaged a Merchant Banker (Y) for fundraising, and an individual (A) from the listed company shares UPSI with another individual (B) from the Merchant Banker, the Database of company (X) should include details about the nature of the shared UPSI, as well as information about individuals (A), (Y), and (B). Simultaneously, the Merchant Banker (Y) should maintain an internal database that records the nature of the UPSI received and shared, along with details of Company X, individual (A), and individual (B).

SDD applies to - Stock Brokers, Sub – Brokers, Transfer Agents, Bankers to an Issue, Trustees of Trust Deeds, Registrars to an Issue, Merchant Bankers, Underwriters, Portfolio Managers, Investment Advisers, Auditors, Accountancy Firms, Law Firms, Analysts, Insolvency Professionals Entities, Consultants, Banks, Registered Valuers, Practicing Company Secretary Firms, Cost Audit Firms, Internal Auditors, Printer, Designer, etc.

Consequences of Not Maintaining SDD

As of August 4, 2022, SEBI has mandated that the Compliance Officer of a listed entity must file a Compliance Certificate as a Standard Operating Process, which certifies the maintenance of the SDD within their respective organizations.

In the event a listed entity is found to be non-compliant with the SEBI Act, specifically under Section 15A(b) for failure to furnish or file information returns, records within the stipulated time frame, or for providing false, incomplete, or incorrect information, the penalties are as follows:

a. Minimum penalty - INR 1 Lac

b. Continuing default – INR 1 Lac/day

c. Maximum penalty – INR 1 Crore

Further, by a circular dated November 4, 2022, NSE and BSE have announced that they will display a company as "Non-compliant with SDD" on the Exchange website of the listed entity from the trading day till the respective exchanges have satisfactorily verified that the company has completely complied.

Recap

1. The trigger point for recording in the SDD is the sharing of UPSI, whether it occurs internally or externally.
2. Intermediaries or fiduciaries are also obligated to maintain their own SDD.
3. The Database must be securely kept in-house and managed with robust internal controls and verification mechanisms, including timestamping and audit trails, to ensure its integrity remains uncompromised.
4. Once information is put into the SDD, entries become immutable and shoold remain unaltered. In cases where an entry requires modification, a distinct entry should be created, referencing the earlier one. This distinct entry should provide complete corrected details along with the rationale for the correction.
5. This form of database preservation is mandatory for a minimum of eight years following the conclusion of the relevant transactions.
6. In the event of receiving information from the Board regarding any investigative or enforcement proceedings, the relevant data in the SDD must be retained until the completion of such proceedings, in addition to the initial 8-year period.

Concluding Thoughts

Understanding and adhering to the intricacies of SDD management is a critical endeavor for businesses operating within the regulatory landscape. It reflects responsible corporate governance and safeguards against potential regulatory pitfalls, ensuring organizations steer clear of damaging consequences and uphold market integrity.

Disclaimer : No information contained in this website may be reproduced, transmitted, or copied (other than for the purposes of fair dealing, as defined in the Copyright Act, 1957) without the express written permission of Rainmaker Online Training Solutions Pvt. Ltd.