All About STRUCTURED DIGITAL DATABASE Certificate

Unpublished Price Sensitive Information

Regulation 2(1)(n) of Securities and Exchange Board of India (Prohibition of Insider Trading) Regulations, 2015 defines the expression ‘unpublished price sensitive information’ (UPSI for short) as any information, relating to a company or its securities, directly or indirectly, that is not generally available which upon becoming generally available, is likely to materially affect the price of the securities and shall, ordinarily including but not restricted to, information relating to the following-

Restrictions

Regulation 3 gives restrictions not to share UPSI or allow access unless for legitimate purposes.  Regulation 4 also restricts to deal in securities while holding UPSI.

Regulation 3(2) provides that UPSI can be shared in furtherance of legitimate purposes, performance of duties or discharge of legal obligations.   The board of directors of a listed company shall make a policy for determination of “legitimate purposes” as a part of “Codes of Fair Disclosure and Conduct.  The term “legitimate purpose” shall include sharing of unpublished price sensitive information in the ordinary course of business by an insider with partners, collaborators, lenders, customers, suppliers, merchant bankers, legal advisors, auditors, insolvency professionals or other advisors or consultants, provided that such sharing has not been carried out to evade or circumvent the prohibitions of these regulations.

Regulation 3(3) provides that unpublished price sensitive information may be communicated, provided, allowed access to or procured, in connection with a transaction that would-

Structured digital database

Regulation 3(5) of Securities and Exchange Board of India (Prohibition of Insider Trading) Regulations, 2015 provides that the board of directors shall ensure that a structured digital database is maintained containing the names of such persons or entities as the case may be with whom information is shared under this regulation along with the Permanent Account Number or any other identifier authorized by law where Permanent Account Number is not available. Such databases shall be maintained with adequate internal controls and checks such as time stamping and audit trails to ensure non-tampering of the database.   Maintenance of Structured Digital Database (“SDD” for short) has been mandatory since April 1, 2019.

The said Regulation was substituted vide Notification No. SEBI/LAD-NRO/GN/2020/23, dated 17.07.2020.  The newly substituted Regulation 3(5) provides for the maintenance of Structured Digital Data base by the Board of Directors or heads of the organization that is required to maintain unpublished price sensitive information. The entities  have been maintaining for the last 3 years, however, since quarter ending June 30, 2022 the entities are additionally required to submit a compliance certificate, based on the email received from the stock exchanges where its securities are listed, duly certified by the Compliance Officer. We have been given to understand that this submission will be mandated on a quarterly basis and the same will henceforth required to be submitted duly certified by a practising company secretary. The last date for submission for the immediately preceding quarter was August 9, 2022. Based on the client queries received in this regard, format of the compliance certificate provided by the stock exchange and the views from the representatives of SEBI and stock exchanges as expressed in seminars from time to time, we intend to highlight certain points of concerns for your kind consideration.

As on date, no SEBI circular or Exchange circular has been issued in this regard. 

This Structured Digital Database shall contain-

along with the Permanent Account Number or any other identifier authorized by law where Permanent Account Number is not available.

The main condition imposed on by the Regulation is that this work shall not be outsourced by the company.  The same shall be maintained internally with adequate internal controls and checks such as time stamping and audit trails to ensure non-tampering of the database.

Similarly, another structured digital database should be maintained internally by fiduciary or intermediary, capturing information, in accordance with Regulation 9A (2)(d) and as required under Schedule C.   Regulation 9A (2)(d) provides that the internal controls shall include  lists of all employees and other persons with whom unpublished price sensitive information is shared shall be maintained and confidentiality agreements shall be signed or notice shall be served to all such employees and persons.

Irrespective of  the fact that information is shared within or outside the Company, requisite  records  shall  be  updated  in  structured  digital  database  as  and  when  the  information  gets  transmitted.  If the directors fall under the list of designated persons or as an insider, then sharing of UPSI by them for legitimate purpose with the Bank/FIs would be considered as communication of UPSI. Accordingly, the same would be recorded in the SDD of the company.

Preservation period

The newly inserted Regulation 3(6) with effect from 17.07.2020 provides that the structured digital database is preserved for a period of not less than eight years after completion of the relevant transactions.   In the event of receipt of any information from the Board regarding any investigation or enforcement proceedings, the relevant information in the structured digital database shall be preserved till the completion of such proceedings.

Outsourcing

If  the  structured  digital  database  is  maintained  on  Amazon, Google or  cloud  server  hosted outside India,  will  be considered as outsourced and this is strictly prohibited and it would  be  contrary  to  the regulations  with  respect  to  maintenance  of  structured  digital database.

Contents of SDD compliance certificate

The following contents are to be taken place in SDD compliance certificate-

• Whether the company has a structured digital database?
• Whether the control exists as to who can access the SDD for read/write along with the names and PAN of such person?
• Whether all the UPSI have been captured in the Database? If not details of events that have not been captured and the reasons for the same.
• Whether the recipient were upfront informed that the nomination which they will be receiving shortly is UPSI and the entry has been captured in the database prior to forwarding the UPSI data.  If not details of events that have not been captured and the reason for the same?
• Whether the nature of UPSI has been captured along with date and time?
• Whether the name of persons who have shared the information has been captured along with PAN or any other identifier?
• Whether the database has been maintained internally?
• Whether audit trail is maintained?
• Whether time stamping is maintained?
• Whether the database is non tamperable? Any other measures to ensure non tamperability of the Database.

Follow up action

• Bombay Stock Exchange has organized two round of training session for all listed entities till April 2022.
• BSE also made dedicated power point on SDD to all listed entities.
• On 04.08.2022 BSE and NSE sent to all listed companies for filing of a certificate confirming compliance with the SDD requirements.
• The certificate for the quarter ending 30.06.2022 should be filed by 09.08.2022.
• From the next quarter the said certificate is to be obtained from the Practising Company Secretary.
• Again training sessions will be conducted if request is received from the Companies.