Page 1 of 220 MASTER CIRCULAR SEBI/HO/MIRSD/POD-1/P/CIR/2023/70 May 17, 2023 To, All registered Registrars to an Issue and Share Transfer Agents (RTAs) Dear Sir / Madam, Subject: Master Circular for Registrars to an Issue and Share Transfer Agents I. Securities and Exchange Board of India (SEBI/the Board), from time to time, has been issuing various circulars/directions to Registrars to an Issue and Share Transfer Agents (RTA). In order to enable the users to have access to the applicable circulars at one place, this Master Circular in respect of RTA is being issued. II. The SEBI circulars which are operational and to the extent relevant for RTAs are compiled in this Master Circular and are mentioned in the appendix. The circulars mentioned in Appendix shall stand rescinded from the date of issuance of this Master Circular. III. Notwithstanding such rescission, a. anything done or any action taken or purported to have been done or taken including registration or approval granted, fees collected, registration or approval, suspended or cancelled, any adjudication, enquiry or investigation commenced or show-cause notice issued under the rescinded circulars, prior to such rescission, shall be deemed to have been done or taken under the corresponding provisions of this Master Circular; b. any application made to the Board under the rescinded circulars, prior to such rescission, and pending before it shall be deemed to have been made under the corresponding provisions of this Master Circular;

Page 2 of 220 c. the previous operation of the rescinded circulars or anything duly done or suffered thereunder, any right, privilege, obligation or liability acquired, accrued or incurred under the rescinded circulars, any penalty, incurred in respect of any violation committed against the rescinded circulars, or any investigation, legal proceeding or remedy in respect of any such right, privilege, obligation, liability, penalty as aforesaid, shall remain unaffected as if the rescinded circulars have never been rescinded; IV. This circular is issued in exercise of the powers conferred under Section 11 (1) of the Securities and Exchange Board of India Act, 1992. V. A copy of this circular is available at the web page “Master Circulars” on the website www.sebi.gov.in. VI. This circular is issued in exercise of the powers conferred by Section 11 (1) of Securities and Exchange Board of India Act, 1992 to protect the interest of investors in securities and to promote the development of, and to regulate, the securities market. VII. This circular is available on SEBI website at www.sebi.gov.in. Yours faithfully, Aradhana Verma General Manager Tel. No: +91-22-26449633 aradhanad@sebi.gov.in

Page 3 of 220 TABLE OF CONTENTS S. No. Subject Page No. I. REGISTRATION RELATED MATTERS 1 Procedures for granting registration 6 2 Online Registration Mechanism for RTA 6 3 General Instructions to Registrars To an Issue (RTI) / Share Transfer Agents (STA) 7 4 Application procedure for registration/renewal as Registrar to an Issue and/or Share Transfer Agent 12 5 Prior approval for change in control 13 6 Transfer of business to other legal entity 16 II. GENERAL OBLIGATIONS/RESPONSIBILITIES AND REPORTING REQUIREMENTS 7 Submission of Net worth Certificate 17 8 Regulatory Compliance and Periodic Reporting 17 9 Appointment of Compliance Officer 18 10 Enhanced disclosures in case of listed debt securities 19 11 Qualified RTAs and their enhanced monitoring 19 12 Strengthening the Guidelines and Raising Industry standards for RTA, Issuer Companies and Banker to an Issue 23 III. DEMAT/REMAT RELATED MATTERS 13 Issuance of Securities in dematerialized form in case of Investor Service Requests 24 14 Reconciliation of the Admitted, Issued and Listed Capital 27 15 Guidelines on processing requests for dematerialization 27 16 Database for Distinctive Number of Shares 28 IV. TRANSFER RELATED MATTERS 17 Tendering of physical shares in open offers, buybacks and delisting of securities of listed entities 30 18 Collection of stamp duty on issue, transfer and sale of units of AIFs 30 V. INVESTOR’S SERVICE REQUEST 19 Common and Simplified Norms for processing investor's service request by RTAs and norms for furnishing PAN, KYC details and Nomination 31 20 Procedure and Standardization of formats of documents for transmission of securities 34 21 Entities permitted to undertake e-KYC Aadhaar Authentication service of UIDAI in Securities Market 37 22 Simplification of procedure and standardization of formats of documents for issuance of duplicate securities certificates 37 VI. INFORMATION TECHNOLOGY & CYBER SECURITY 23 Cyber Security and Cyber Resilience framework for Registrars to an Issue / Share Transfer Agents 40

Page 4 of 220 S. No. Subject Page No. 24 Advisory for Financial Sector Organizations regarding Software as a Service (SaaS) based solutions 40 VII. INVESTOR GRIEVANCE REDRESSAL,SCORES 25 Investor grievance through the SEBI Complaints Redress system (SCORES) Platform 41 26 Standard Operating Procedures for dispute resolution under the Stock Exchange arbitration mechanism for disputes between a Listed Company and/or Registrars to an Issue and Share Transfer Agents and its Shareholder(s)/Investor(s) 41 VIII. INVESTOR CHARTER 27 Publishing Investor Charter and Disclosure of Complaints by Registrar and Share Transfer Agents 46 IX. OTHER GUIDELINES 28 Designated e-mail ID for regulatory communication with SEBI 47 29 Mandatory Requirement of Permanent Account Number 47 30 Prevention of circulation of unauthenticated news by SEBI Registered Market Intermediaries through various modes of communication 48 31 Guidelines on Outsourcing of Activities by Intermediaries 48 32 General Guidelines for dealing with conflicts of interest 49 33 Framework for Regulatory Sandbox 51 34 RTA inter-operable Platform for enhancing investors’ experience in Mutual Fund transactions / service requests 51 35 Approach to securities market data access and terms of usage of data provided by data sources in Indian securities market 52 36 Digital mode of payment 53 37 Reporting requirement under Foreign Account Tax Compliance Act (FATCA) 53 38 Guidelines on Anti-Money Laundering (AML) Standards and Combating the Financing of Terrorism (CFT) /Obligations of Securities Market Intermediaries under the Prevention of Money Laundering Act, 2002 and Rules framed there under 54 X. ROLE OF RTAs WITH RESPECT TO PRIMARY MARKET 39 Obligations of RTA with respect to Rights Issue 55 40 Investment by Foreign Portfolio Investors (FPI) through primary market issuances 55 41 Streamlining the process of IPOs with UPI in ASBA and redressal of investor grievances 55 42 Issue and listing of Non-Convertible Securities (NCS), Securitised Debt Instruments (SDI), Security Receipts (SR), Municipal Debt Securities and Commercial Paper (CP) 57 43 Reduction of timelines for listing of units of Real Estate Investment Trust (REIT) and Infrastructure Investment Trust (InvIT) 58

Page 5 of 220 S. No. Subject Page No. 44 Responsibilities of the Registrar with respect to introduction of Unified Payments Interface (UPI) mechanism for Infrastructure Investment Trusts 59 45 Role of Registrar with respect to Public Issues 59 46 Streamlining the Process of Public Issues and redressal of Investor grievances 60 47 Responsibilities of RTA with respect to open offers, buybacks, and delisting offers 61 XI. REPORTING REQUIREMENTS (FORMATS) 62 XII. ANNEXURES 87 XIII. Appendix - List of Circulars / Notifications 214

Page 6 of 220 SECTION I - REGISTRATION RELATED MATTERS

1. Procedures for granting registration1 1.1. The Board may consider grant of certificate to an applicant, notwithstanding that another entity in the same group has been previously granted registration by the Board, if the following conditions are fulfilled: 1.1.1. The entities are incorporated as separate legal entities. 1.1.2. The entities have independent Board of Directors. Independent Board of Directors for this purpose means that common directors should not be in majority in both the Boards. 1.1.3. There is absolute arm’s length relationship with reference to their operations. 1.1.4. The key personnel and infrastructure are independently available for each entity. 1.1.5. Each entity has independent regulatory controls and supervisory mechanism. Explanation: For this purpose, two entities are considered to be in the same group if: (i) the same person, by himself or in combination with relatives, directly or indirectly exercises control over both the entities or, (ii) they are under the same management within the meaning of section 370(1B) of the Companies Act, 1956 or, (iii) where one entity directly or indirectly exercises control over the other entity. [‘Control’ for this purpose shall have the same meaning as assigned to it under clause (e) of sub-regulation (1) of regulation 2 of the Securities and Exchange Board of India (Substantial Acquisition of Shares and Takeovers) Regulations, 2011 (SAST Regulations)].
2. Online Registration Mechanism for RTA2 2.1. An RTA shall submit application for registration/surrender/cancellation, submission of periodical reports, requests for change of name/address/ other details, etc. only in online mode on the SEBI Intermediary Portal (https://siportal.sebi.gov.in). Link for SEBI Intermediary Portal is also available on SEBI website - www.sebi.gov.in. 2.2. RTA will be separately required to submit relevant documents viz. declarations/ undertakings required as a part of application forms prescribed in relevant regulations, in physical form, only for records without impacting the online processing of applications for registration.

1 RRTI Circular No 1. (2002-2003) dated September 25, 2002 2 SEBI/HO/MIRSD/MIRSD1/CIR/P/2017/38 dated May 02, 2017.

Page 7 of 220 2.3. In case of any queries and clarifications with regard to the SEBI Intermediary Portal, RTA may contact on 022-26449364 or may write at portalhelp@sebi.gov.in. 3. General Instructions to Registrars To an Issue / Share Transfer Agents 3 With the passing of the Securities and Exchange Board of India Act, 1992 (the Act) and notification of the Securities and Exchange Board of India (Registrars to an Issue and Share Transfer Agents) Regulations, 1993, (“the Regulations”) no person shall act either as a Registrar to an Issue (RTI) and/or Share Transfer Agent (STA) unless he is registered with SEBI under Section 12 of the Act. 3.1. Registration 3.1.1. The Registration granted pursuant to Chapter II of the Regulations will be for the principal as well as for all the branch offices in India of the RTI, declared in its application for registration. 3.1.2. The Registration number contained in the certificate of registration should be quoted in all the correspondence with SEBI, Government authorities, Stock Exchanges and its clients. 3.2. General 3.2.1. With a view to ensuring that all Rules, Regulations, Guidelines, Notifications etc. issued by SEBI, the Government of India, and other regulatory organizations are compiled with, the RTI shall designate a senior officer as Compliance Officer, who shall coordinate with regulatory authorities in various matters and provide necessary guidance as also ensure compliance internally. The Compliance Officer shall also ensure that observations made/ deficiencies pointed out by SEBI in the functioning of the Registrars do not recur. 3.2.2. Correspondence relating to registration and clarifications on Guidelines/Circulars Issued by SEBI shall be made only by the Principal Office of the RTI and not by the branch offices. 3.2.3. Necessary Code of Conduct for the officers and employees of the Registrars should be framed to prevent insider trading, in the light of Securities and Exchange Board of India (Prohibition of Insider Trading) Regulations, 2015. 3.2.4. Memorandum of Understanding (Valid Agreement)

3 RRTI Circular No. 1 dated November 05, 1993 and SEBI RRTI Circular No. 1 (94-95) dated October 11, 1994

Page 8 of 220 In terms of Regulation 9A(1)(b), before taking up any assignment to act as RTI, every RTI must invariably enter into a valid agreement with the company making the Issue (Issuer) clearly setting out their mutual rights, liabilities and obligations relating to the issue and more specifically, the inter-se responsibilities for redressal of investor grievances after the closure of the Issue. The RTA may adopt the draft and incorporate such clauses as may be considered necessary for defining rights and obligations vis- a-vis the issuer. While doing so, it must, be ensured that neither party should reserve for itself any rights, which would have the effect of diminishing in any way its liabilities and obligations under the Companies Act, 2013 and the Regulations. 3.3. Bulk Mailing of Registered letters, Articles etc.: All share/debenture certificates refund orders, Interest/dividend warrants etc. are required to be sent by Registered Post. 3.4. Processing of Applications 3.4.1.The Registrars should take proper care and evolve a suitable system whereby multiple applications can be weeded out and eliminated. 3.4.2.Instances of multiple applications should be brought to the notice of the Companies (Issuers) as also the lead managers for necessary action.

3.5. Agreement to be entered into with Issuer / body corporate. 3.5.1. In terms of regulation 9A (1) (b) of the Regulations, all RTI/STA are required to enter into a legally valid agreement with the Issuers / Body corporate. SEBI has evolved models of Agreement to be entered into between RTI and Issuer (Annexure 1) and STA and Body corporate (Annexure 2). The models have been formulated with a view to bring about standardization in the legal relationship between the RTI and Issuer and STA and body corporate. While the RTI / STA and the Issuer / body corporate may suitably modify the agreement depending upon the circumstances of each case, they should, as far as possible, observe the spirit behind the various clauses contained in the model agreements. While doing so, it must also be ensured that neither party should reserve for itself any rights which would have the effect of diminishing in any way its liabilities and obligations under the Companies Act, 2013 and the Regulations.

3.5.2. Where the RTI/STA is a company the agreement should be executed by persons authorized to execute documents in accordance with the Articles of Associations of the company; in case of partnership firms the agreement should be executed by all the partners or the Managing partner acting under the authority of the other partners; and in the case of a proprietary concern, by the proprietor himself.

Page 9 of 220 3.5.3. The agreement must be stamped according to the Local Stamp Laws for the time being in force at the place of execution. 3.5.4. In the case of a large issue, the Issuer may decide to appoint / associate more than one RTI. In such a case the agreement shall be executed by all the RTIs and the Issuer and the Lead Manager shall be a confirming party. The scope of work and responsibilities of each Registrar shall be clearly spelt out in the agreement. 3.5.5. The agreement entered into by a RTI with an Issuer shall be valid at least until the expiry of one year from the date of closing of the Issue and in the case of an agreement entered into by a STA with a body corporate, it shall be valid for a minimum period of one-year renewable if the circumstances so require. 3.5.6. A certified copy of the executed agreement between the RTI and the issuer shall be immediately forwarded to the Lead Managers to the Issue (Pre-issue and Post￾Issue). 3.6. Records to be maintained by RTI/ STA 3.6.1. In pursuance of the powers conferred upon SEBI by regulation 14(2)(h) and regulation 14(3)(C) of the Regulations, it is hereby stipulated that in addition to the books, records and documents stipulated in regulation 14(1), 14(2) and 14(3) the following records and documents shall also be maintained by the RTI/STA in hard copy / magnetic media. Records and Documents to be maintained by RTI i. Original agreement entered into with the Issuer for handling the issue, a print copy of the Prospectus / offer document. ii. Reconciliation of applications received with bank certificate, showing No. of applications, No. of shares applied, amount, particulars of payment along with bank certificates. iii. Full particulars of all applications received / deposited. iv. Details of all stock invests received / deposited and particulars of encashment. v. Full details of despatch of allotment advices, shares / debenture certificates / letters of allotment refund orders, duplicate refund orders, revalidated refund orders. vi. Records of pre-printed issue stationery like allotment advice, share / debenture certificates, letters of allotment, refund orders, duplicate, refund orders, etc., showing details of such stationery received from Issuer, consumed for printing, wastage, destroyed, and handed over to Issuer

Page 10 of 220 Company. vii. Copies of basis of allotment approved by Stock Exchange. viii. Record of returned mail showing details of contents of the letter, details of securities / refund orders, warrants despatched, date of despatch, date of return and reasons for being returned. ix. Complaints register containing details of the date of receipt of the complaint, particulars of complainant, nature of complaint, date of disposal and how disposed of. Complaints received from SEBI shall also be recorded in the complains register in addition to complaints received directly. Records and documents to be maintained by STA (i) Records of allotment made containing all relevant details received from the RTI /Body Corporate where Issue has been handled in house; details of securities subject to lock-in-period in respect of each Body corporate. (ii) Date wise records of securities received for endorsement, transfer, splitting, consolidation, transmission, etc. (iii) Movement register containing date and details of records sent out of the office of the STA to body corporate or any other person for any reason whatsoever and date of receipt back by the STA. (iv) Board Resolution approving the transfers along with the transfer register containing all particulars of transferor and transferee, their folio Nos., No. of shares transferred, Number and date of Board meeting approving the transfers with signature and seal of Company Secretary / Director. (v) Details of despatch of transferred certificates, certificates received for endorsement, splitting, consolidation, transmission, etc. (vi) The records at (ii) to (v) above to be interlinked so as to ascertain the movement of documents and time taken in transfer, etc., and despatch of scrips to investors. (vii) Member register and transfer register in hard copy and in magnetic media. (viii) Specimen signature cards and transfer deeds. (ix) Records of returned mail showing details of contents of the letter, details of securities / refund orders, warrants despatched, date of despatch, date of return and reasons for being returned. (x) Complaints register containing details of the date of receipt of the complaint, particulars of complainant, nature of complaint, date of disposal and how disposed of. Complaints received from SEBI shall also be recorded in the complaints register in addition to complaints received directly. These records and documents are required to be maintained by the RTI/STA for a minimum period of 8 years in terms of regulation 15 of the Regulations. These records and documents should be kept in the custody of an authorized / responsible officer of the RTI / STA.

Page 11 of 220 3.6.2. Mandatory obligations of RTI / STA i. In addition to other responsibilities accepted and agreed to by a RTI with the Issuer, the RTI shall only carry out and be responsible for the following activities in connection with an Issue : (i) Despatch of allotment advice/letters of allotment. It is clarified that the RTI shall not handover these to the company or any other person for dispatch. The mode of despatch shall be as mentioned in the offer document. ii. The following work shall be undertaken by STA only and they shall be responsible for the work in addition to other responsibilities agreed to and accepted with the body corporate on whose behalf it is carrying on share transfer work: (i) Transmission, consolidation, sub-division of securities. (ii) Despatch of transferred securities and securities received for transmission / consolidation / sub-division, etc., directly to the investors. 3.6.3. Other directions to RTIs / STAs i. Keeping the investors interest in mind, RTI / STA shall not accept work disproportionate to its capacity. RTI / STA shall not unload the entire / substantial portion of its activities to outside agencies except in case of exigencies beyond its control. ii. RTI / STA shall handle its activities only from the offices declared to SEBI and approved by it. The addresses of such offices shall only be informed to the investors and printed in issue stationery, etc. If a RTI / STA has a full￾fledged Investor Relations Centre (IRC) and has obtained SEBI’s approval for the same, the address of the IRC may be stated, but only in addition to the approval of the same, the address of the IRC may be sated, but only in addition to the approved offices. The RTI / STA shall neither close its offices nor carry on activities from other places, without the prior written permission of SEBI. This will override the earlier instructions given in this regard. iii. RTIs shall not handover applications and other documents/ records pertaining to an Issue to the Issuer or to any other persons for any purpose whatsoever until completion of despatch of allotment letters / share / debenture certificates / refund orders. The issuer / persons authorized by it may have access to the applications / records in the office of RTI only. iv. Under Regulation 15 of the Regulations, RTI / STA are required to maintain the records and documents stipulated in regulation 14 for a minimum period of 8 years. These records / documents to be maintained include the records

Page 12 of 220 pertaining to any issue handled by the RTI / Share transfer work carried out by the STA. Therefore, it is expected that the RTI / STA shall redress the investors complaints for a minimum period of 3 years, irrespective of the termination of the Agreement entered into with the Issuer / Body corporate. It may be pointed out that the complaints are to be redressed within 1 month as stipulated in regulation 9A (1)(e) of the Regulations. v. Certain RTI / STA hold up their services due to delay / despatch in payments by the issuer / body corporate causing great inconvenience to investors. In case of any substantial delay / despatch the matter should be immediately brought to the notice of SEBI / Stock Exchanges. In any case, it is desired that services to investors should not be affected. vi. It has been noted that RTI / STA do not keep complete records of receipt, utilisation, wastage and returns to the issuer companies / body corporate, of the pre-printed stationery like share / debenture certificates, refund orders, interest, dividend warrants, etc. In the interest of the investors and in their own interest RTI / STA should maintain proper records and keep these securities items in control to prevent any misuse. vii. The STAs are advised that they shall issue acknowledgement to the investors for having received their requests for transmission, consolidation /sub-division, etc., within 7 days of the date of receipt of such requests. viii. The RTI / STA are required to maintain proper records of mail returned undelivered. 4. Application procedure for registration/renewal as RTA4 An applicant is required to furnish the application in Form A as specified in Annexure-3 to SEBI for registration/renewal. Accordingly, all the existing/prospective RTA are advised to note the followings: - 4.1. All entities, desirous to be registered as RTA are required to furnish all the information as specified in 'Performa 1-12' and 'Additional Information Sheet' (https://www.sebi.gov.in/sebi_data/commondocs/nov￾2020/RTA%20Annexure%202_p.pdf), available on SEBI website (www.sebi.gov.in) at the time of submitting registration application in 'Form A'- Annexure-3. 4.2. All registered RTA, desirous of renewal of their registration are required to furnish all the information as specified in 'Information Sheet for renewal application' (https://www.sebi.gov.in/otherentry/nov-2002/information-sheet-for-renewal-to-be￾furnished-for-renewal-application_20352.html), available on SEBI website (www.sebi.gov.in), at the time of submitting registration application in 'Form A'.

4 PMD/RRTI/NB/ 22463/2002 dated November 20, 2002

Page 13 of 220 4.3. The information submitted to SEBI at the time of registration/renewal application, shall be full and complete in all respects, otherwise it may delay processing of the registration/renewal application. 5. Prior approval for change in control5 Procedure for seeking prior approval for change in control through single window 5.1. To streamline the process of providing approval to the proposed change in control of RTA, it has been decided that: 5.1.1. The Intermediary shall make an online application to SEBI for prior approval through the SEBI Intermediary Portal (‘SI Portal’) (https://siportal.sebi.gov.in). 5.1.2. The online application in SI portal shall be accompanied by the following information/declaration/undertaking about itself, the acquirer(s)/the person(s) who shall have the control and the directors/partners of the acquirer(s)/ the person(s) who shall have the control: a) Current and proposed shareholding pattern of the applicant b) Whether any application was made in the past to SEBI seeking registration in any capacity but was not granted? If yes, details thereof. c) Whether any action has been initiated / taken under Securities Contracts (Regulation) Act, 1956 (SCRA)/ the Act or rules and regulations made thereunder? If yes, the status thereof along with the corrective action taken to avoid such violations in the future. The acquirer/ the person who shall have the control shall also confirm that it shall honour all past liabilities / obligations of the applicant, if any. d) Whether any investor complaint is pending? If yes, steps taken and confirmation that the acquirer/ the person who shall have the control shall resolve the same. e) Details of litigation(s), if any. f) Confirmation that all the fees due to SEBI have been paid. g) Declaration cum undertaking of the applicant and the acquirer/ the person who shall have the control (in a format enclosed at (Annexure-4), duly stamped and signed by their authorized signatories that: i. there will not be any change in the Board of Directors of incumbent, till the time prior approval is granted; ii. pursuant to grant of prior approval by SEBI, the incumbent shall inform all the existing investors/ clients about the proposed change prior to effecting the same, in order to enable them to take informed decision regarding their continuance or otherwise with the new management; and

5SEBI/HO/MIRSD/DOR/CIR/P/2021/42 dated March 25, 2021 and SEBI/HO/MIRSD/ MIRSD-PoD￾2/P/CIR/2022/163 dated November 28, 2022

Page 14 of 220 iii.the ‘fit and proper person’ criteria as specified in Schedule II of Securities and Exchange Board of India (Intermediaries) Regulations, 2008 are complied with (Intermediaries Regulations). h) In case the incumbent is a registered stock broker, clearing member, depository participant, in addition to the above, it shall obtain approval /NOC from all the stock exchanges/clearing corporations/depositories, where the incumbent is a member/depository participant and submit self-attested copy of the same to SEBI. 5.1.3. The prior approval granted by SEBI shall be valid for a period of six months from the date of such approval within which the applicant shall file application for fresh registration pursuant to change in control. 5.2. To streamline the process of providing approval to the proposed change in control of an intermediary in matters which involve scheme(s) of arrangement which needs sanction of the National Company Law Tribunal (“NCLT”) in terms of the provisions of the Companies Act, 2013, the following has been decided: 5.2.1. The application seeking approval for the proposed change in control of the intermediary shall be filed with SEBI prior to filing the application with NCLT. 5.2.2. Upon being satisfied with compliance of the applicable regulatory requirements, an in-principle approval will be granted by SEBI; 5.2.3. The validity of such in-principle approval shall be three months from the date issuance, within which the relevant application shall be made to NCLT. 5.2.4. Within 15 days from the date of order of NCLT, the intermediary shall submit an online application in terms of paragraph 5.1 along with the following documents to SEBI for final approval: a. Copy of the NCLT Order approving the scheme; b. Copy of the approved scheme; c. Statement explaining modifications, if any, in the approved scheme vis-à￾vis the draft scheme and the reasons for the same; and d. Details of compliance with the conditions/ observations, if any, mentioned in the in-principle approval provided by SEBI. Transfer of shareholdings among immediate relatives and transmission of shareholdings and their effect on change in control 5.3. Transfer /transmission of shareholding in case of unlisted body corporate RTA: In following scenarios, change in shareholding of the RTA will not be construed as change in control:

Page 15 of 220 a) Transfer of shareholding among immediate relatives shall not result into change in control. Immediate relative shall be construed as defined under Regulation 2(l) of the SAST Regulations which inter-alia includes any spouse of that person, or any parent, brother, sister or child of the person or of the spouse; b) Transfer of shareholding by way of transmission to immediate relative or not, shall not result into change in control. 5.4. Transfer /transmission of shareholding in case of a proprietary firm type RTA: In case of an RTA being a proprietary concern, the transfer or bequeathing of the business/capital by way of transmission to another person is a change in the legal formation or ownership and hence by the definition of change in control, such transmission or transfer shall be considered as change in control. The legal heir / transferee in such cases is required to obtain prior approval and thereafter fresh registration shall be obtained in the name legal heir/transferee. 5.5. Transfer /transmission of ownership interest in case of partnership firm type RTA: Change in partners and their ownership interest of the partnership firm type RTA shall be dealt in following manner: a) Transfer of ownership interest in case of partnership firm: In case a SEBI registered entity is registered as a partnership firm with more than two partners, then inter-se transfer amongst the partners shall not be construed to be change in control. Where the partnership firm consists of two partners only, the same would stand as dissolved upon the death of one of the partners. However, if a new partner is inducted in the firm, then the same would be considered as a change in control, requiring fresh registration and prior approval of SEBI. b) Transmission of ownership interest in case of partnership firm: Where the partnership deed contains a clause that in case of death of a partner, the legal heir(s) of deceased partner be admitted, then the legal heir(s) may become the partner (s) of the partnership firm. In such scenario the partnership firm is reconstituted. Bequeathing of partnership right to legal heir(s) by way of transmission shall not be considered as change in control. 5.6. Incoming entities/ shareholders becoming part of controlling interest in the RTA pursuant to transfer of shares from immediate relative / transmission of shares (immediate relative or not), need to satisfy the fit and proper person criteria stipulated in Schedule II of the Intermediaries Regulations.

Page 16 of 220 6. Transfer of business to other legal entity6 6.1. The transferee shall obtain fresh registration from SEBI in the same capacity before the transfer of business if it is not registered with SEBI in the same capacity. SEBI shall issue new registration number to transferee different from transferor’s registration number in the following scenario: “Business is transferred through regulatory process (pursuant to merger/ amalgamation / corporate restructuring by way of order of primary regulator /govt. / NCLT, etc.) or non-regulatory process (as per private agreement /MOU pursuant to commercial dealing / private arrangement) irrespective of transferor continues to exist or ceases to exist after the said transfer. 6.2. In case of change in control pursuant to both regulatory process and non-regulatory process, prior approval and fresh registration shall be obtained. While granting fresh registration to same legal entity pursuant to change in control, same registration number shall be retained. 6.3. If the transferor ceases to exist, its certificate of registration shall be surrendered. 6.4. In case of complete transfer of business by transferor, it shall surrender its certificate of registration. 6.5. In case of partial transfer of business by transferor, it can continue to hold certificate of registration.

6 SEBI/HO/MIRSD/DOR/CIR/P/2021/46 dated March 26, 2021

Page 17 of 220 SECTION –II – GENERAL OBLIGATIONS/RESPONSIBILITIES AND REPORTING REQUIREMENTS 7. Submission of the Net Worth Certificate7 7.1. In terms of sub Clause (iii) of Clauses (a) & (b) of Regulation 14 (1) of the Regulations, every RTI/STA whether a body corporate or not, is required to keep and maintain, in respect of the three preceding financial years, statement of capital adequacy requirement for each quarter. 7.2. Under Regulation 7, every RTI/STA is required to fulfil the net-worth criteria, prescribed therein. Hence in order to monitor on regular basis and to ensure compliance of the capital adequacy and the net-worth norms by the RTI/STA, as specified under Regulation 7(1) of the Regulations which is required to be fulfilled and maintained, both at the time of the grant of renewal of the certificate of registration and at all times during the period of registration, all RTIs/STAs shall submit, as soon as possible, but not later than three months from the close of each financial year, a certified true copy of their net-worth certificate. 7.3. All RTIs/STA/s shall ensure compliance of the instructions contained herein and the non-compliance of this would amount to a violation of the Code of Conduct as specified in Schedule III of the Regulations. 8. Regulatory Compliance and Periodic Reporting8 8.1. Pursuant to the powers vested in SEBI under regulation 14(5) of the Regulations, it is advised that reports relating to regulatory compliance and investor grievances redressal shall be furnished to SEBI in the format provided at the link9 . The reports are to be sent by the Compliance Officer of the RTI/STA on half yearly basis within three months of the expiry of the half year. If no work has been handled a nil report should be furnished within the stipulated period. Where registration / renewal of registration has been obtained by the RTI / STA from Regional Office of SEBI, the reports shall be submitted to the respective Regional Office. The reports should be duly certified by the whole-time Director / Company Secretary / Managing Partner / Sole Proprietor/ Compliance Officer with date.

7 RRTI CIRCULAR NO.3 (98-99) PMID/DSV/CIR/5500/99 dated January 18, 1999 and CIR/MIRSD/7/2012 dated July 05, 2012 8 RRTI Circular No. 1(94-95) dated October 11, 1994; MIRSD/DPS-2/RTA/Cir-17/2008 dated May 06, 2008; CIR/MIRSD/5/2011 dated June 17, 2011 and CIR/MIRSD/7/2012 dated July 05, 2012 9 https://www.sebi.gov.in/sebi_data/attachdocs/RTA_HalfYrlyReporting_Format.xls

Page 18 of 220 8.2. The Boards of the RTI and STA shall, review the report and record their observations on (i) the deficiencies and non-compliances, and (ii) corrective measures initiated to avoid such instances in future. 8.3. RTI/STA shall submit the half-yearly reports to SEBI in electronic form only to e-mail id rta@sebi.gov.in in pdf and excel format. The pdf/excel files shall have the title “Half￾yearly report submitted by aaa for the half-year ended xxx yyyy” where ‘aaa’ represents the name of the RTA, ‘xxx’ represents the month at the end of the half-year and ‘yyyy’ represents the year. Also, the attached pdf/excel files containing the report shall bear the name of the RTI/STA, the periodicity of the report as well as the month at the end of the half-year and the corresponding year. For example, if a RTI/STA ABC Limited submits the report for the half-year ended September 2022, the e-mail sent to rta@sebi.gov.in shall bear the title “Half-yearly Report submitted by ABC Limited for the half-year ended September 2022” and the attached pdf/excel file shall bear the name “ABCLimitedhalf-yearlySeptember2022”. 8.4. All RTI/STAs shall report the following change(s) to SEBI in the half-yearly reports submitted to SEBI: 8.4.1. Amalgamation, demerger, consolidation or any other kind of corporate restructuring falling within the scope of section 232 of the Companies Act, 2013 or the corresponding provision of any other law for the time being in force; 8.4.2. Change in Director, including managing director/ whole-time director; 8.4.3. In case of a partnership firm any change in partners not amounting to dissolution of the firm; 8.4.4. Change in shareholding not resulting in change in control. If there is no change during the relevant half-year, it shall be indicated in the report. 9. Appointment of Compliance Officer10 9.1. All RTI and /or STA holding a Certificate of Registration granted to them in accordance with the Regulations shall appoint a compliance officer who would ensure that all Rules, Regulations, Guideline, Notifications, Circulars etc. issued by SEBI, the Government of India, and other Regulatory Organizations are complied with internally. Any discrepancies / deviations shall be reported independently by the Compliance Officer to SEBI immediately. 9.2. The compliance Officer shall: 9.2.1. ensure that observations made/deficiencies pointed out by SEBI in the functioning of the RTA do not recur.

10 SEBI RRTI CIRCULAR NO. 1 ( 96-97) dated February 5, 1997

Page 19 of 220 9.2.2. ensure that the half-yearly reports to be submitted by RTA are true and the same shall be duly certified by him. 9.2.3. report on a monthly basis the status of pending transfers as well as of Investor Complaints to the Board of Directors/Compliance Officer of the Client Companies / Mutual Funds and the reasons for the delay thereof. 9.3. The name of the Compliance Officer so appointed should be intimated to SEBI with details like telephone number, fax number and address on which he/she would be available. 10. Enhanced disclosures in case of listed debt securities11 10.1. RTA/Issuers shall forward the details of debenture holders to the Debenture Trustees at the time of allotment and thereafter by the seventh working day of every next month in order to enable DTs to keep their records updated and to communicate effectively with the debenture holders, especially in situations where events of default are triggered. 11. Qualified RTAs and their enhanced monitoring 12 11.1.Categorization of an RTA as QRTA An RTA shall be categorized as a QRTA if at any time during a financial year, the combined number of physical and demat folios being serviced by the RTA for listed companies exceeds 2 crore. In case of an RTA being categorized as a QRTA, an intimation to this effect shall be sent by the RTA within 5 working days to SEBI. 11.2.Period for which an RTA shall be recognized as QRTA An RTA shall be considered as a QRTA from the date of categorisation as a QRTA as per para 11.1 above and shall be considered as such for the next 3 financial years, irrespective of subsequent fall in number of folios and shall be liable to comply with all requirements specified from time to time. 11.3.Initial relaxation Considering the various systems and procedures to be put in place by a new QRTA, a period of 60 days from the date of its categorisation as a QRTA as per para 11.1

11SEBI/ HO/ MIRSD/ DOS3/CIR/P/2019/68 dated May 27, 2019 12 SEBI/HO/MIRSD/DoP/CIR/P/2018/119 dated August 10, 2018 and SEBI/HO/MIRSD/MIRSD-PoD￾1/P/CIR/2023/36 dated March 10, 2023

Page 20 of 220 above shall be provided to the new QRTA for complying with the enhanced requirements mandated for QRTAs. 11.4. QRTAs are advised to formulate and implement a comprehensive policy framework, approved by the Board of Directors(BoD) of the QRTAs, which shall include the following aspects: 11.4.1. Risk Management Policy: a. The QRTAs are advised to establish a clear, thorough and a well￾documented risk management policy, which shall include the following￾b. An integrated and comprehensive view of risks to the QRTAs including those emanating from vendors, third parties to whom activities are outsourced, clients, etc.; c. List of all relevant risks, including Operational risk, Fraud risk, Technology risk, Cyber Security risk, and general business risks including Credit risk, Market risk, Legal risk, Reputation risk etc. as the BoD of QRTAs deems fit; and systems, policies and procedures to identify, assess, monitor and manage the risks that arise in or are borne by the QRTAs, including audit and reporting of the same to the BoD; d. Responsibilities and accountability for risk decisions and decision making process in crises and emergencies. 11.4.2. Business Continuity Plan: QRTAs shall maintain Business Continuity Plan with a Center (BCP) situated at location other than primary processing location (off-site), which is capable to take over operations without disruption in case of any service failure at primary processing site. QRTAs shall have written policy, protocols, processes and controls for BCP. QRTAs shall ensure business continuity and no adverse impact on investor servicing resultant of any data loss. The effectiveness of BCP to be tested periodically, and the gap between two tests (mock drills, etc.) shall not be more than twelve months. 11.4.3. Manner of Keeping records: Where records are kept electronically by the QRTAs, they shall ensure that the integrity of the automatic data processing systems is maintained at all times. QRTAs shall also maintain accurate up to date records for investor servicing and take all precautions necessary to ensure that the records are not lost, destroyed or tampered with; and in the event of loss or destruction, ensure that sufficient back

Page 21 of 220 up of records is available at all times at a different place. 11.4.4. Wind-Down Plan: Every QRTA shall devise and maintain a wind-down plan. A 'wind-down plan' means a process or plan of action employed, for transfer of the entire operations of the QRTA to an alternative RTA/ QRTA registered with SEBI, that would take over the operations of the QRTA in scenarios such as erosion of net-worth of the QRTA or its insolvency or its inability to provide critical RTA operations or services. 11.4.5. Data Access and Data Protection Policy: QRTAs shall extend all such co-operation to the investors, issuers, custodians of securities, depositories and other QRTAs as is necessary for effective and smooth investor servicing. Towards this purpose, QRTAs shall lay down appropriate protocols, processes and controls for its activities and also for entities who wish to connect with the database of the QRTAs electronically QRTAs shall also have written agreements, confidentiality contracts, security protocols and such other relevant procedures for data integrity while facilitating electronic access. 11.4.6. Ensuring Integrity of Operations: QRTAs shall maintain adequate human resources, systems and processes for smooth functioning. QRTAs to also ensure that its database, servers, data storage media shall reside in India. QRTAs shall lay down the minimum standards, protocol and procedures for smooth running of operations, to protect the investor data and maintain information security. Further, the QRTAs shall have a detailed operations manual explaining all aspects of its functioning, including the interface and method of transmission of information between the depository, issuers, and others. The QRTAs shall have a mechanism in place to have periodic replication of data with the concerned Mutual Funds / Issuer Companies/ Real Estate Investment Trusts(REITs)/ Infrastructure Investment Trusts (InVITs). 11.4.7. Scalable Infrastructure: The BoD of QRTAs shall approve a policy framework for up-gradation of infrastructure and technology from time to time to ensure smooth functioning and

Page 22 of 220 scalability for delivering services to investors at all times. QRTAs shall at all times, maintain adequate technical capacity to process twice the peak transaction load encountered during past six months. 11.4.8. Board of Directors(BoD)/ Committees of BoD of QRTAs: The BoD of QRTAs shall seek reports on incidents having an impact on investor protection including data security breaches that can affect investor data, etc. QRTAs shall have Committees of the Board of Directors including Audit Committee, Nomination and Remuneration Committee and IT Strategy Committee. The Audit Committee shall assist the BoD in fulfilling its corporate governance and overseeing responsibilities in relation to an entity's financial reporting, internal control system, and risk management system including the risk parameters. The Audit Committee shall also review the internal audit reports, compliance to SEBI Regulations, circulars and the reasonableness of the price being charged for investor services. The Nomination and Remuneration Committee shall in accordance with the rules laid down, recommend to the BoD a policy, relating to the appointment, tenure and remuneration for the directors, key managerial personnel and other employees. The IT Strategy Committee shall provide insight and advice to the BoD of QRTAs in various areas that may include developments in IT and alignments with the same from investor services perspective, scalability of operations, etc. 11.4.9. Investor Services and Service Standards: a. QRTAs, servicing Mutual Funds investors, must have Investor Service Center in at least 100 cities based on investor population pertaining to the Mutual Funds clients they service. As regards servicing of corporate, REIT, InvIT investors, QRTA shall maintain adequate investor service centers based on investor population. This shall be reviewed from time to time by SEBI. b. QRTAs shall have online capabilities for investor queries, complaints and their redressal. The complaints redressal mechanism should be investor friendly and convenient. The same should have capabilities of being retrieved easily by the complainant online through complaint reference number, e-mail id, mobile no. etc. c. QRTAs, handling corporate registry functions, shall develop facility for providing services for managing Shareholders General Meetings including shareholders voting / poll process and web streaming of all Annual General

Page 23 of 220 Meetings (AGMs) of all their listed client companies. QRTAs shall also look forward to providing other value added services and when required by SEBI. d. QRTAs must publish on its website, the service standards (eg: turnaround time for services rendered). e. QRTAs should also carry out stakeholder/ investor satisfaction surveys annually, and the same should also be published on the website before March 31, every year. 11.4.10.Insurance against Risks: All QRTAs shall take adequate insurance for omissions and commissions, frauds by employee/s to protect the interests of the investors. The compliance report of the enhanced reporting norms shall be submitted to SEBI duly reviewed by the BoD of QRTAs, within 60 days of expiry of each calendar quarter. The format of the report is placed at Annexure 5. 12. Strengthening the Guidelines and Raising Industry standards for RTA, Issuer Companies and Banker to an Issue:13 12.1. RTAs shall strictly comply with guidelines (Annexure-6). Issuer companies shall strictly monitor the activities of their RTAs and ensure compliance with these guidelines. It is clarified that where STA activities are carried out in-house by issuer companies, the issuer companies shall ensure that their in-house share transfer activities comply with the relevant norms as applicable to them. 12.2. The records /documents described in Annexure-6 shall be maintained for period not less than eight years after completion of the relevant transactions by RTAs on behalf of Issuer Companies.

13 SEBI/HO/MIRSD/DOP1/CIR/P/2018/73 dated April 20, 2018

Page 24 of 220 SECTION III – DEMAT / REMAT RELATED MATTERS 13. Issuance of Securities in dematerialized form in case of Investor Service Requests: 14 13.1.Listed companies shall issue securities in dematerialized form only (while processing the following service requests: 13.1.1. Issue of duplicate securities certificate; 13.1.2. Claim from Unclaimed Suspense Account; 13.1.3. Renewal / Exchange of securities certificate; 13.1.4. Endorsement; 13.1.5. Sub-division / Splitting of securities certificate; 13.1.6. Consolidation of securities certificates/folios; 13.1.7. Transmission; 13.1.8. Transposition; 13.2.The securities holder/claimant shall submit duly filled up Form ISR-4 15 (to be hosted on the website of the Issuer Companies and the RTAs) along with the documents/ details specified therein. For item nos. 13.1.3 to 13.1.8 in paragraph 13.1 above, the RTA/Issuer Companies shall obtain the original securities certificate(s) for processing of service requests. 13.3.The RTA/Issuer Companies shall verify and process the service requests and thereafter issue a 'Letter of confirmation' in lieu of physical securities certificate(s), to the securities holder/claimant within 30 days of its receipt of such request after removing objections, if any. 13.3.1. The 'Letter of Confirmation' shall be valid for a period of 120 days from the date of its issuance, within which the securities holder/claimant shall make a request to the Depository Participant for dematerializing the said securities. 13.3.2. The RTA / Issuer Companies shall issue a reminder after the end of 45 days and 90 days from the date of issuance of Letter of Confirmation, informing the securities holder/claimant to submit the demat request as above, in case no such request has been received by the RTA / Issuer Company.

14 SEBI/HO/MIRSD/MIRSD RTAMB/P/CIR/2022/8 dated January 25, 2022; 15 https://www.sebi.gov.in/sebi_data/commondocs/jan-2022/Form%20ISR-4-circular_p.docx

Page 25 of 220 13.3.3. In case the securities holder/claimant fails to submit the demat request within the aforesaid period, RTA / Issuer Companies shall credit the securities to the Suspense Escrow Demat Account of the Company. 13.4. The common norms as stipulated in Para 19 shall be applicable for all service requests listed above. 13.5. The operational guidelines for issuance of securities in dematerialized form in case of investor service requests are as under: 13.5.1. After verifying and processing the request, the RTA / Issuer Companies shall intimate the securities holder/claimant about its execution / issuance of new certificate as may be applicable, by way of issuing Letter of Confirmation (Format at Annexure-7) in lieu of Share certificate/s provided by such securities holder/claimant. 13.5.2. The letter shall, inter-alia, contain details of folio and demat account number (if available) of the securities holder/claimant. 13.5.3. The letter shall be sent by the RTA / Issuer Companies through Registered /Speed Post to the securities holder/claimant. Additionally, the RTA/lssuer Companies may send such letter through e-mail with e-sign and / or digital signature. 13.5.4. Within 120 days of issue of the letter, the securities holder/claimant shall submit the demat request, along with the original letter or a copy of the email with e-sign and / or digital signature, as the case may be, to the Depository Participant. 13.5.5. The RTA / Issuer Companies shall issue a reminder after the end of 45 days and 90 days from the date of issuance of Letter of Confirmation, informing the securities holder/claimant to submit the demat request as above, in case no such request has been received by the RTA / Issuer Company. 13.5.6. In case of the securities which are required to be locked in, the RTA while approving / confirming the demat request, shall incorporate / intimate the Depository about the lock-in and its period. 13.5.7. In case of non-receipt of demat request from the securities holder/claimant within 120 days of the date of Letter of Confirmation, the shares will be credited to Suspense Escrow Demat Account of the Company. 13.5.8. The RTA shall retain the physical securities as per the existing procedure and deface the certificate with a stamp "Letter of Confirmation Issued" on the face/ reverse of the certificate, subsequent to processing of service request.

Page 26 of 220 13.5.9. The format of the Letter of Confirmation is given at Annexure 7. 13.6. Guidelines with respect to procedural aspects of Suspense Escrow Demat Account16 13.6.1. Opening of Suspense Escrow Demat Account  Companies are required to open a separate demat account with the nomenclature "Suspense Escrow Demat Account" for the purpose of issuance of Securities in dematerialized form in case of investor service requests. 13.6.2. Process to credit shares to Suspense Escrow Demat Account  In cases where the securities holder/claimant fails to submit the demat request to the Depository Participant within the period of 120 days from the date of issuance of letter of confirmation, RTA shall move the said securities to a physical folio "Suspense Escrow Account" and issue a consolidated letter of confirmation to the Company for the said securities in the Suspense Escrow Account on a monthly basis.  Thereafter, the listed entity shall dematerialize these securities in "Suspense Escrow Demat Account " with one of the Depository Participants within 7 days of receipt of such Letter of Confirmation from RTA.  The listed entity shall maintain details of security holding of each individual securities’ holder(s) whose securities are credited to such Suspense Escrow Demat Account.  Suspense Escrow Demat Account shall be held by the listed entity purely on behalf of the securities holders who are entitled to the securities and the securities held in such account shall not be transferred in any manner whatsoever except for the purpose of moving the securities from Suspense Escrow Demat Account to the security holder's/ claimant's demat account as and when the security holder/ claimant approaches the listed entity. 13.6.3. Process for claiming securities from Suspense Escrow Demat Account  Securities which have been moved to Suspense Escrow Demat Account may be claimed by the security holder/ claimant on submission of following documents to RTA:

16 SEBI Letter SEBI/HO/MIRSD/PoD-1/OW/P/2022/64923 dated December 30, 2022

Page 27 of 220  Duly filled in and signed Form ISR - 4.  Client master list (“CML”) of the demat account for crediting the securities to the security holder's / claimant's account provided the details in the CML should match with the details recorded with the RTA / issuer company. 14. Reconciliation of the Admitted, Issued and Listed Capital17 14.1.All the RTAs are hereby directed, that: 14.1.1. They shall maintain records of all the shares dematerialised, rematerialised and details of all securities declared to be eligible for dematerialisation in the depositories and ensure that dematerialisation of shares shall be confirmed/ created only after an in-principle approval of the stock exchange/s where the shares are listed and the admission of the said share with the depositories have been granted. 14.1.2. They shall have proper systems and procedures in place to verify that the securities tendered for dematerialisation have not been dematerialised earlier. 14.1.3. They shall ascertain, reconcile daily and confirm to the depositories that the total number of shares held in NSDL, CDSL and in the physical form tallies with the admitted, issued and listed capital of the issuer company; and 14.1.4. They shall confirm that the dematerialisation requests have been processed within 15 days and shall also state the reasons for shares pending confirmation for more than 15 days from the date of request. 15. Guidelines on processing requests for dematerialization 18 15.1.In the case of inter-depository transfers of securities, the RTAs would communicate their confirmation of transfer from one depository to the other depository within two hours, failing which it shall be deemed to have been confirmed. The RTA should not reject any inter depository transfer except on the ground that a depository did not have adequate balance of securities in its account or if there was mismatch of transfer requests from the depositories. 15.2.Every company shall appoint the same RTA for both the depositories.

17 D&CC/FITTC/CIR – 17/2002 dated December 31, 2002 18 SEBI RRTI Circular no. 1(99-2000) PMD/SU/11560/99 dated May 20, 1999; SMDRP/Policy/Cir-28/99 dated August 23, 1999 and D&CC/FITTC/CIR-15/2002 dated December 27, 2002

Page 28 of 220 15.3.All the work related to share registry in terms of both physical and electronic should be maintained at a single point i.e. either in-house by the company or by a SEBI registered RTA. 15.4.The RTA shall accept partial dematerialisation requests and will not reject or send back the complete lot of dematerialisation request to the DPs in cases where only a part of the request was to be rejected. 15.5.In cases where a DP has already sent information about dematerialisation electronically to an RTA but physical shares have not received, the RTA will accept the demat request and carry out dematerialization on the indemnity given by the DP and proof of dispatch of document given by DP. 15.6.It is ensured that the dematerialization request is processed within 15 days from the date of such request. The request shall not be rejected on flimsy grounds or without specifying reason for rejection or without proper documents supporting your reason for rejection. A violation of this directive would invite suitable action. 16. Database for Distinctive Number of Shares:- 19 16.1.In order to ensure centralised record of all securities, including both physical and dematerialised shares, issued by the company and its reconciliation thereof, the Depositories shall create and maintain a database of distinctive numbers (DN) of equity shares of listed companies with details of DN in respect of all physical shares and overall DN range for dematerialised shares. 16.2.The DN database shall make available, information in respect of issued capital, such as DN Range, number of equity shares issued, name of stock exchange where the shares are listed, date of in-principle listing / final trading approval / dealing permission, shares held in physical or demat form, date of allotment, shares dematerialized under temporary (frozen) ISIN (International Securities Identification Number) or Permanent (active) ISIN etc., at one place. 16.3.Issuers/RTAs shall use the interface provided by the Depositories for the following – 16.3.1. To update DN information in respect of all physical share capital and overall DN range for dematerialised share capital for all listed companies.20 16.3.2. Updating the fields viz. Distinctive Numbers (From), Distinctive Numbers (To), Number of Equity Shares, Name of Stock Exchange, Physical / Demat, and Date of allotment and date of issue (date of credit to BO account), on a continuous basis

19 SEBI Circular CIR/MRD/DP/ 10 /2015 dated June 05, 2015 20 SEBI/HO/MRD/DOP2DSA2/CIR/P/2019/87 dated August 01, 2019

Page 29 of 220 for subsequent changes including changes in case of further issue, fresh issuance / new listing and other change / alteration in capital (such as buy-back of shares, forfeiture of shares, capital reduction, etc.). 16.3.3. Capturing / updating the DN information on a continuous basis while processing, dematerialisation / rematerialisation requests confirmation, executing corporate action, etc. 16.4.Issuers/RTAs shall take all necessary steps to update the DN database. If there is mismatch in the DN information with the data provided / updated by the Stock Exchanges in the DN database, the Issuer/RTA shall take steps to match the records and update the same. 16.5.Failure by the Issuers/RTAs to ensure reconciliation of the records as required shall attract appropriate actions under the extant laws.

Page 30 of 220 SECTION IV – TRANSFER RELATED MATTERS 17. Tendering of physical shares in open offers, buybacks and delisting of securities of listed entities21 17.1. The proviso to regulation 40(1) of the Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) Regulations, 2015 (‘LODR Regulations’) states that “..except in case of transmission or transposition of securities, requests for effecting transfer of securities shall not be processed unless the securities are held in the dematerialized form with a depository.” 17.2. Nevertheless, shareholders holding securities in physical form are allowed to tender shares in open offers, buy-backs through tender offer route and exit offers in case of voluntary or compulsory delisting. However, such tendering shall be as per the provisions of respective regulations. 18. Collection of stamp duty on issue, transfer and sale of units of AIFs:- 22 18.1.Government vide Gazette notification S.O.116(E) dated January 08, 2020 notified the “RTAs” registered under the Regulations as a “depository” for the limited purposes of acting as a “collecting agent” under the Indian Stamp Act, 1899 and the Rules made thereunder, only in case of instruments of transaction otherwise than through a recognised stock exchange or depository 18.2.In this regard, RTAs shall comply with the applicable provisions of the Indian Stamp Act, 1899 and the Rules made thereunder regarding collection of stamp duty on sale, transfer and issue of units of AIFs.

21 SEBI/HO/CFD/CMD1/CIR/P/2020/144 dated July 31, 2020 22 SEBI/HO/IMD/DF6/CIR/P/2020/113 dated June 30, 2020

Page 31 of 220 SECTION V –INVESTOR’S SERVICE REQUEST 19. Common and Simplified Norms for processing investor's service request by RTAs and norms for furnishing PAN, KYC details and Nomination23 19.1. Mandatory furnishing of PAN, KYC details and Nomination by holders of physical securities. It shall be mandatory for all holders of physical securities in listed companies to furnish PAN, Nomination, Contact details, Bank A/c details and Specimen signature for their corresponding folio numbers. The detailed requirements are as per Annexure – 8. 19.2. Freezing of Folios without PAN, KYC details and Nomination. 19.2.1. The folios wherein any one of the cited document/details as in para 19.1 above are not available on or after October 01, 2023, shall be frozen by the RTA. 19.2.2. The security holder(s) whose folio(s) have been frozen shall be eligible: (a) to lodge grievance or avail any service request from the RTA only after furnishing the complete documents / details as mentioned in para 19.1. (b) for any payment including dividend, interest or redemption payment in respect of such frozen folios, only through electronic mode with effect from April 01, 2024. An intimation shall be sent by the Listed Company to the security holder that such payment is due and shall be made electronically only upon complying with the requirements stated in para 19.1. 19.2.3. Frozen folios shall be referred by the RTA / listed company to the administering authority under the Benami Transactions (Prohibitions) Act, 1988 and/or Prevention of Money Laundering Act, 2002, if they continue to remain frozen as on December 31, 2025. 19.2.4. The RTA shall revert the frozen folios to normal status upon receipt of all the documents/details as in para – 19.1 above.

23 SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2023/37 dated March 16, 2023

Page 32 of 220 19.3. Attestation of documents Self-attested copies of documents will be accepted by the RTA for processing of service requests, unless otherwise prescribed in the Companies Act, 2013 or the Rules issued thereunder or in SEBI Regulations or Circulars issued thereunder. 19.4. Mode for providing documents/details by investors for various service requests The security holder/claimant may provide the documents/details to the RTAs for various service requests by way of ‘In Person Verification’ (IPV) or Post or electronic mode with e￾sign; unless otherwise prescribed in the Companies Act, 2013 or the Rules issued thereunder or in SEBI Regulations or Circulars issued thereunder. The details of various modes are as per Annexure – 9. 19.5. Standardized, simplified and common norms for processing investor service requests. The details with regard to simplified and common norms along with operational guidelines for processing various service requests e.g. mismatch in signature, mismatch in name, change in name, updation of bank details and contact details are provided at Annexure￾10. 19.6. Forms for availing various Investor services Investors holding securities in physical mode interface with the RTAs, inter-alia, for registering/updating the KYC details and for the processing of various service requests. The service requests along with requisite forms are provided at Annexure-11. 19.7. Indemnity For any service request except transmission and request for issuance for duplicate security certificates, indemnity shall not be required unless the same is specifically provided in the Companies Act, 2013 or the Rules issued thereunder or in SEBI Regulations or Circulars issued thereunder. 19.8. KYC details across all folios of the holder, maintained by the RTA 19.8.1. RTAs shall update the PAN and KYC details across all the folios of the holder managed by it and details which are already available with the RTA are to be

Page 33 of 220 overwritten, upon specific authorization for the same from the holder, as provided in Form ISR-1. 19.8.2. RTA shall update the folio(s) of the holder with the information on 1) present address, 2) bank details, 3) E-mail address and 4) mobile number from the details available in the Client Master List (CML) duly signed by the Depository Participant with stamp, if the holder / claimant provides the CML along with duly completed and signed Form ISR-1. 19.8.3. Details which are not available for the physical folio in RTA database as provided in CML along with Form ISR-1 as per 11.2 above, shall be updated from the CML. 19.9. Timelines for registering of / updation of / change in PAN, KYC and nomination RTAs shall process any of the aforesaid requests from the holder, within timelines as mentioned in Annexure-24 or as may be prescribed by the Board from time to time. With regard to nomination, the cancellation or variation in nomination shall take effect from the date on which the duly completed and signed intimation is received by the company / RTA in terms of Rule 19 (10) of the Companies (Share Capital and Debenture) Rules, 2014, as amended from time to time. 19.10.Display of contact details of RTAs RTAs shall provide their complete contact details (viz. postal address, phone numbers and e-mail address etc.) on their respective websites. The same shall also be provided on the websites of the listed companies and the stock exchanges on which such company is listed. RTA shall arrange to update the same forthwith, as and when there is a change. 19.11.All objections by RTA in one instance While processing service requests and related complaints, the RTAs shall raise all objections, if any, in one instance only. The additional information may be sought only in case of any deficiency / discrepancy in the documents / details furnished by the security holder.

Page 34 of 220 19.12.Electronic interface for processing queries and complaints In addition to responding to queries and complaints through hard copies, the RTA shall also process the same received through e-mails, provided that it is received from the e-mail address of the security holder which is already registered with the RTA. The security holder may attach scanned copies of self-attested documents in support of his/her query or complaint. Further, if the RTA is providing an online – portal, then the security holder may submit his/her query or complaint through this portal, using appropriate credentials for login and password. The security holder may upload scanned copies of self-attested documents in support of his/her query or complaint. The RTA shall also use the electronic/on-line mode for communicating with the holder/claimant for expeditious processing of queries/complaints of the security holder. 19.13.Intimation to security holders Listed companies, RTAs and Stock Exchanges shall disseminate the requirements to be complied with by holders of physical securities of all listed companies on their respective websites. Listed companies shall also directly intimate its security holders about folios which are incomplete with regard to details required under para 19.1 of this circular on an annual basis within 6 months from the end of the financial year. 19.14.Listed Companies/RTAs shall submit a report to SEBI by May 31, 2023, on the steps taken by them towards sensitizing their security holders regarding mandatory furnishing of PAN, KYC and nomination details as detailed in para 19.1 of this circular. 20. Procedure and Standardisation of formats of documents for transmission of securities24 20.1.A ready reckoner listing out the documents required for transmission of securities, in case of demise of the sole holder, is provided in Annexure- 14. 20.2.The Operational Guidelines for processing investor’s service request for the purpose of transmission of securities are provided in Annexure- 15.

24 SEBI/HO/MIRSD/MIRSD_RTAMB/P/CIR/2022/65 dated May 18, 2022

Page 35 of 220 20.3.The format of the form to be filed by nominee/claimant/legal heir while requesting transmission of securities is provided in Annexure- 16. 20.4.The revised documentation requirements in case of transmission of securities are specified below: 20.4.1. Where the securities are held in a single name with a nomination, nominee shall be informed about the procedure to be followed for the claim on the receipt of the intimation of death of the security holder. 20.4.2. Where the securities are held in single name with a nomination, the following documents shall be submitted: a) duly signed transmission request form by the nominee; b) original death certificate or copy of death certificate attested by the nominee subject to verification with the original or copy of death certificate duly attested by a notary public or by a gazetted officer; c) self-attested copy of the Permanent Account Number card of the nominee, issued by the Income Tax Department. 20.4.3. Where the securities are held in single name without nomination, the following documents shall be submitted: a) duly signed transmission request form by the legal heir(s)/claimant(s); b) original death certificate or copy of death certificate attested by the legal heir(s)/claimant(s) subject to verification with the original or copy of death certificate duly attested by a notary public or by a gazetted officer; c) self-attested copy of the Permanent Account Number card of the legal heir(s)/claimant(s), issued by the Income Tax Department; d) a notarized affidavit, in the format provided Annexure-17 from all legal heir(s) made on non-judicial stamp paper of appropriate value, to the effect of identification and claim of legal ownership to the securities. However, in case the legal heir(s)/claimant(s) are named in any of the documents for transmission of securities as mentioned in serial number 8 in Annexure 14, an affidavit from such legal heir(s)/claimant(s) alone shall be sufficient;

Page 36 of 220 e) a copy of other requisite documents for transmission of securities as may be applicable as per Annexure-14, attested by the legal heir(s)/claimant(s) subject to verification with the original or duly attested by a notary public or by a gazetted officer: 20.4.4. In cases where a copy of Will is submitted as may be applicable in terms of Indian Succession Act,1925 (39 of 1925) the same shall be accompanied with a notarized indemnity bond from the claimant (appropriate beneficiary of the Will) to whom the securities are transmitted, in the format provided in Annexure-18. 20.4.5. In cases where a copy of Legal Heirship Certificate or its equivalent certificate issued by a competent Government Authority is submitted, the same shall be accompanied with: a) a notarized indemnity bond from the legal heir(s) /claimant(s) to whom the securities are transmitted, in the format provided in Annexure-18. b) No Objection from all non-claimants (remaining legal heirs), stating that they have relinquished their rights to the claim for transmission of securities, duly attested by a notary public or by a gazetted officer, in the format provided in Annexure-19. 20.4.6. For value of securities up to rupees five lakhs per listed entity in case of securities held in physical mode, and up to rupees fifteen lakhs per beneficial owner in case of securities held in dematerialized mode, as on date of application by the claimant, and where the documents mentioned in serial number 9 as per Annexure-14, are not available, the legal heir(s) /claimant(s) may submit the following documents: a) a notarized indemnity bond made on non-judicial stamp paper of appropriate value in the format provided in Annexure- 18, indemnifying the STA/ listed entity: b) no objection certificate from all legal heir(s) stating that they do not object to such transmission in the format provided in Annexure- 19 or copy of family settlement deed executed by all the legal heirs, duly attested by a notary public or by a gazetted officer; and The listed entity may, at its discretion, enhance the value of securities from the threshold limit of rupees five lakhs, in case of securities held in physical mode. 20.5.For transmission of securities to the surviving joint holder(s), RTAs shall comply with clause 23 of Table F in Schedule 1 read with Section 56(2) & 56(4)(c) of the

Page 37 of 220 Companies Act, 2013, and transmit securities in favour of surviving Joint holder(s), in the event of demise of one or more joint holder(s), provided that there is nothing contrary in the Articles of Association of the company. 20.6.The common norms as stipulated in Para 19 shall be applicable for transmission service requests. 20.7.In case the securities were held by the deceased holder in a single name and in physical mode, then after verifying and processing the documents submitted for transmission of securities, the RTAs/ Issuer companies shall intimate the claimant(s) about its execution as may be applicable, within 30 days of the receipt of such request, by way of issuing a Letter of Confirmation in the format provided in Annxure-7. 21. Entities permitted to undertake e-KYC Aadhaar Authentication service of UIDAI in Securities Market25 21.1. The following entities to be registered as KYC user agency (“KUA”) shall undertake Aadhaar Authentication service of UIDAI subject to compliance of the conditions as laid down in this regard: 21.1.1. Bombay Stock Exchange Limited 21.1.2. National Stock Exchange of India Limited 21.1.3. National Securities Depository Limited 21.1.4. Central Depository Services (India) Limited 21.1.5. CDSL Ventures Limited 21.1.6. NSDL Database Management Limited 21.1.7. NSE Data and Analytics Limited 21.1.8. CAMS Investor Services Private Limited 21.1.9. Computer Age Management Services Private Limited 21.2. These entities shall allow SEBI registered RTA / mutual fund distributors to undertake Aadhaar Authentication in respect of their clients for the purpose of KYC. The SEBI registered RTA / mutual fund distributors, who want to undertake Aadhaar authentication services through KUAs, shall enter into an agreement with KUA and get themselves registered with UIDAI as sub-KUAs. The agreement in this regard shall be as prescribed by UIDAI. Further, the KUAs and their Sub-KuAs shall follow the process as detailed in SEBI circular dated Nov 05, 2019 and as may be prescribed by UIDAI from time to time.

25 SEBI/HO/MIRSD/DOP/CIR/P/2020/80 dated May 12, 2020 and SEBI/HO/MIRSD/DOP/CIR/P/2020/167 dated September 08, 2020

Page 38 of 220 22. Simplification of procedure and standardization of formats of documents for issuance of duplicate securities certificates 26 22.1. The procedure and documentation requirements for issuance of duplicate securities are mentioned below: - 22.1.1. Submission by the security holder of copy of FIR including e-FIR/Police complaint/Court injunction order/copy of plaint (where the suit filed has been accepted by the Court and Suit No. has been given), necessarily having details of the securities, folio number, distinctive number range and certificate numbers. 22.1.2. Issuance of advertisement regarding loss of securities in a widely circulated newspaper 22.1.3. Submission of Affidavit and Indemnity bond as per the format prescribed by the Board. i. There shall be no requirement of submission of surety for issuance of duplicate securities 22.1.4. There shall be no requirement to comply with Para 22.1.1 and 22.1.2 of this Master Circular, if the value of securities as on the date of submission of application, along with complete documentation as prescribed by the Board does not exceed ` 5 Lakhs. 22.1.5. The applicant shall quantify the value of the securities on the basis of the closing price of such securities at any one of the recognized stock exchanges a day prior to the date of such submission in the application. 22.1.6. An overseas securities holder, in lieu of documents mentioned in Para 22.1.1 of this Master Circular, shall be permitted to provide self-declaration of the security certificates lost/misplaced/stolen which shall be duly notarized/ apostilled /attested by the Indian Consulate / Embassy in their country of residence, along with self-attested copies of valid passport and overseas address proof. 22.1.7. In case of non-availability of Certificate Nos./Distinctive Nos./ Folio nos., the RTA (upon written request by the security holder) shall provide the same, to the security holder only where the signature and the address of the security holder matches with the RTA / listed company’s records. In case the signature and/or the address do not match, the security holder shall first comply with the KYC procedure and

26 SEBI/HO/MIRSD/MIRSD_RTAMB/P/CIR/2022/70 dated May 25, 2022 SEBI/HO/MIRSD/MIRSD RTAMB/P/CIR/2022/8 dated January 25, 2022

Page 39 of 220 then only the details of the securities shall be provided to the security holder by the RTA/listed company. 22.2. Fake / forged / stolen certificates or certificates where duplicate certificate is issued, must be seized and defaced by the RTA / listed company and disposed of in the manner, authorized by the Board of the Company. 22.3. Defaced certificates shall be kept in custody of the Company/ RTA and disposed of in the manner as authorized by the Board of the Company 22.4. Duplicate securities shall be issued in dematerialized mode only. 22.5. Operational Guidelines for processing investor’s service request for the purpose of issuance of duplicate securities have been placed at Annexure-20. 22.6. Formats of various documents required to be submitted by security holder while requesting for issuance of duplicate securities have been provided below: a) Form A –Affidavit for issuance of duplicate securities(pdf) b) Form B-Indemnity for issuance of duplicate securities(pdf) c) Form C –Format of Letter of Confirmation(pdf) d) Investor Service Request Form –4 (ISR 4)(pdf)

Page 40 of 220 SECTION VI – INFORMATION TECHNOLOGY & CYBER SECURITY 23. Cyber Security and Cyber Resilience framework for RTAs27 23.1. The provisions related to cyber security and cyber resilience framework are applicable only for RTAs servicing more than 2 crore folios (hereinafter referred to as “Qualified RTAs” or “QRTAs”). The framework placed at Annexure-21, would be required to be complied by the QRTAs with regard to cyber security and cyber resilience. 23.2. The QRTAs are mandated to conduct comprehensive cyber audit at least twice in a financial year. All QRTAs shall submit a declaration from the MD/ CEO certifying compliance by the QRTAs with all SEBI Circulars and advisories related to Cyber security from time to time, along with the Cyber audit reports. 24. Advisory for Financial Sector Organizations regarding Software as a Service (SaaS) based solutions28 24.1.Indian Computer Emergency Response Team (CERT-in) issued an advisory for Financial Sector organizations to improve their cyber Security Posture by availing Software as a Service (SaaS) based solution for managing their Governance, Risk & Compliance (GRC) functions. The advisory was forwarded to SEBI for bringing the same to the notice of financial sector organization. The advisory can be viewed at Annexure- 22. 24.2.RTAs are advised to ensure complete protection and seamless control over the critical systems at your organizations by continuous monitoring through direct control and supervision protocol mechanisms while keeping the critical data within the legal boundary of India. 24.3.The compliance of the advisory shall be reported by RTAs to SEBI with an undertaking, “Compliance of the SEBI circular for Advisory for Financial Sector Organizations regarding Software as a Service (SaaS) based solutions has been made.”

27 SEBI/HO/MIRSD/CIR/P/2017/0000000100 dated September 08, 2017; and SEBI/HO/MIRSD/DOP/CIR/P/2019/110 dated October 15, 2019; ; SEBI/HO/MIRSD/TPD/P/CIR/2022/96 dated May 27, 2022: ;SEBI/HO/MIRSD_RTAMB/P/CIR/2022/73 dated July 06, 2022 28 SEBI/HO/MIRSD2/DOR/CIR/P/2020/221 dated November 03, 2020

Page 41 of 220 SECTION VII – INVESTOR GRIEVANCE REDRESSAL, SCORES 25. Investor grievance through the SEBI Complaints Redress system (SCORES) Platform29 25.1. All registered RTAs are advised to designate an e-mail ID of the grievance redressal division/ compliance officer exclusively for the purpose of registering complaints by investors. 25.2. The RTIs / STAs are also advised to display the email ID and other relevant details prominently on their websites and in the various materials/pamphlets/advertisement campaign initiated by them for creating investor awareness. 25.3. A daily alert on pending complaints will be forwarded at the e-mail ID registered with SEBI for regulatory communications. 25.4. As an additional measure and for information of all investors who deal/ invest/ transact in the market, information as provided in Annexure-23 shall be prominently displayed by RTAs in their offices. 25.5. RTAs are also advised to refer master circular issued by SEBI on the redressal of investor grievances through the SEBI Complaints Redress System (SCORES) platform at the following link: https://www.sebi.gov.in/legal/master-circulars/nov-2022/master-circular-on-the￾redressal-of-investor-grievances-through-the-sebi-complaints-redress-system￾scores-platform_64742.html 26. Standard Operating Procedures (SOP) for dispute resolution under the Stock Exchange arbitration mechanism for disputes between a Listed Company and/or RTAs and its Shareholder(s)/Investor(s)30 26.1.Regulation 40 of LODR Regulations, bye-laws, listing agreement & regulations of the stock exchanges provide for dispute resolution under the stock exchange arbitration mechanism for disputes between a listed company and its shareholder(s)/ investor(s).

29 MIRSD/DPS III//Cir-01/07 dated January 22, 2007; CIR/MIRSD/17/2011 dated August 24, 2011; ; CIR/MIRSD/3/2014 dated August 28, 2014 and SEBI/HO/OIAE/IGRD/P/CIR/2022/0150 dated November 07, 2022 30 SEBI/HO/CFD/SSEP/CIR/P/2022/48 dated April 08, 2022 and SEBI/HO/MIRSD/MIRSD_RTAMB/P/CIR/2022/76 dated May 30, 2022

Page 42 of 220 26.2.In this respect, Standard Operating Procedures (SOP) for the resolution of all disputes pertaining to or emanating from investor services such as transfer/transmission of shares, demat/remat, issue of duplicate shares, transposition of holders, etc. and investor entitlements like corporate benefits, dividend, bonus shares, rights entitlements, credit of securities in public issue, interest /coupon payments on securities, etc. is as follows: Applicability 26.3.The provisions of SOP shall be applicable to Listed Companies / RTAs offering services on behalf of listed companies. In case of claims or disputes arising between the shareholder(s)/ investor(s) of listed companies and the RTAs, the RTAs shall be subjected to the stock exchange arbitration mechanism. In all such instances, the listed company shall necessarily be added as a party. 26.4.The Arbitration Mechanism shall be initiated post exhausting all actions for resolution of complaints including those received through SCORES Portal. The Arbitration reference shall be filed with the Stock Exchange where the initial complaint has been addressed. Maintenance of a Panel of Arbitrators and Code of Conduct for Arbitrators 26.5.The maintenance of Panel of Arbitrators and the Code of Conduct for Arbitrators shall be in line with the current norms being followed by the Stock Exchanges for arbitration mechanism. Arbitration 26.6.The limitation period for filing an arbitration application shall be as prescribed under the law of limitation, i.e., The Limitation Act, 1963. 26.7. In case of arbitration matters involving a claim of up to ₹ 25 lakhs, a sole arbitrator shall be appointed and, if the value of the claim is more than ₹ 25 lakhs, a panel of three arbitrators shall be appointed. 26.8.The process of appointment of arbitrator(s) shall be completed by the stock exchange within 30 days from the date of receipt of complete application from the applicant. 26.9.Disputes pertaining to or emanating from investor service requests such as transfer/transmission of shares, demat/remat, issue of duplicate shares, transposition of holders, investor entitlements like corporate benefits, dividend, bonus shares, rights entitlements, credit of securities in public issue, interest /coupon payments on

Page 43 of 220 securities and delay in processing/wrongful rejection of aforesaid investor service requests may be considered for arbitration. Appellate Arbitration 26.10. Any party aggrieved by an arbitral award may file an appeal before the appellate panel of arbitrators of the stock exchange against such award within one month from the date of receipt of arbitral award by the aggrieved party. 26.11. The appellate panel shall consist of three arbitrators who shall be different from the one(s) who passed the arbitral award appealed against. 26.12. The process of appointment of appellate panel of arbitrator(s) shall be completed by the stock exchange within 30 days from the date of receipt of complete application for appellate arbitration. Arbitration Fees 26.13. The fees per arbitrator shall be ₹ 18,000/- plus stamp duty, service charge etc. as applicable per case. The fees plus stamp duty, service charge etc. as applicable shall be collected from RTAs/ Listed companies and shareholder(s)/ investor(s) separately by the Exchange, for defraying the cost of arbitration. 26.14. If the value of claim is less than or equal to ₹ 10 lakhs, then the cost of arbitration with respect to the shareholder(s)/investor(s) shall be borne by the Exchange. 26.15. Further on passing of the arbitral award, the fees and stamp charges paid by the party in whose favor the award has been passed would be refunded and the fees and stamp charges of the party against whom the award has been passed would be utilized towards payment of the arbitrator fees. 26.16. For appellate arbitration, fees of ₹ 54,000/- plus stamp duty, service charge etc. as applicable shall be paid by the appellant only. The Appellate fees shall be non￾refundable. 26.17. In case, an appellant filing an appeal is a shareholder/an investor having a claim of more than ` 10 lakhs, the appellant shall pay a fee not exceeding ₹ 30,000/- plus stamp duty, service charge etc. as applicable and in case of a claim upto ₹ 10 lakhs, the appellant shall pay a fee not exceeding ₹ 10,000/- plus stamp duty, service charge etc. as applicable. Further expenses thus arising shall be borne by the Stock Exchanges and the Investor Protection Fund of Stock Exchanges equally.

Page 44 of 220 Place of Arbitration 26.18. The arbitration and appellate arbitration shall be conducted at the regional centre of the stock exchange nearest to the shareholder(s)/investor(s). The application under Section 34 of the Arbitration and Conciliation Act, 1996, if any, against the decision of the appellate panel of arbitrators shall be filed in the competent Court nearest to such regional centre. Hearings 26.19. No hearing shall be required to be given to the parties involved in the dispute if the value of the claim or dispute is upto ₹ 25,000/-. In such a case, the arbitrator(s) shall proceed to decide the matter on the basis of documents submitted by the parties concerned. 26.20. If the value of claim or dispute is more than ₹ 25,000/-, the arbitrator(s) shall offer to hear the parties to the dispute unless parties concerned waive their right for such hearing in writing. 26.21.After appointment of the arbitrator(s) in the matter, the Exchange in consultation with the arbitrator(s) shall determine the date and time of the hearing and a notice of the same shall be given by the Exchange to the parties concerned at least ten days in advance. The parties concerned may opt for physical hearings which are conducted in the Stock Exchange Premises or hearing through Video Conference. The hearings through Video Conference may be conducted by the Stock Exchanges after taking consent from the parties concerned. 26.22. The arbitrator(s) may conduct one or more hearings, with a view to complete the case within the prescribed timelines. Passing of Award 26.23.Arbitral Award 26.23.1. The arbitration proceedings shall be concluded by way of issue of an arbitral award within four months from the date of appointment of arbitrator(s). 26.23.2. The stock exchanges may extend the time for issue of arbitral award by not more than two months on a case to case basis after recording the reasons for the same.

Page 45 of 220 26.24.Appeal against Arbitral Award 26.24.1. The appeal against an arbitral award shall be disposed of by way of issue of an appellate arbitral award within three months from the date of appointment of appellate panel. 26.24.2. The stock exchanges may extend the time for issue of appellate arbitral award by not more than two months on a case to case basis after recording the reasons for the same. 26.24.3. A party aggrieved by the appellate arbitral award may file an application to the court of competent jurisdiction in accordance with Section 34 of the Arbitration and Conciliation Act, 1996. 26.25. In case the parties wish to settle/withdraw the dispute, the arbitrator(s)/ appellate panel may pass an award on consent terms. 26.26.Where the award is against the Listed Company/RTA, the Listed Company/RTA shall update the status of compliance with the arbitration award promptly to the exchange. 26.27. The stock exchanges shall put in place a framework for imposition of penalty on Listed Companies in cases where Listed Companies/RTAs do not honor the arbitral award. Record and Disclosures 26.28. The stock exchanges shall preserve the documents related to arbitration for five years from the date of arbitral award, appellate arbitral award or Order of the Court, as the case may be; and register of destruction of records relating to above, permanently. 26.29. The stock exchanges shall disclose on its website, details of disposal of arbitration proceedings and details of arbitrator-wise disposal of arbitration proceedings as per the formats prescribed by SEBI for already available arbitration mechanism.

Page 46 of 220 SECTION VIII- INVESTOR’S CHARTER 27. Publishing Investor Charter and Disclosure of Complaints by RTAs on their websites31 27.1. In order to facilitate investor awareness about various activities where an investor has to deal with RTAs for availing Investor Service Requests, SEBI has developed an Investor Charter for RTAs, inter-alia, detailing the services provided to Investors, Rights of Investors, various activities of RTAs with timelines, Dos and Don’ts for Investors and Grievance Redressal Mechanism. 27.2. In this regard, all the registered RTAs shall take necessary steps to bring the Investor Charter, as provided at ‘Annexure –24’ to the notice of existing and new shareholders by way of a) disseminating the Investor Charter on their websites/through e-mail; b) displaying the Investor charter at prominent places in offices etc. 27.3. The Registrar Association of India (RAIN) shall also disseminate the Investor Charter on its website. 27.4. Additionally, in order to bring about transparency in the Investor Grievance Redressal Mechanism, it has been decided that all the registered RTAs shall disclose on their respective websites, the data on complaints received against them or against issues dealt by them and redressal thereof, latest by 7th of succeeding month, as per the format enclosed at ‘Annexure-25’ to this circular.

31 SEBI/HO/MIRSD/MIRSD_RTAMB/P/CIR/2021/670 dated November 26, 2021

Page 47 of 220 SECTION IX – OTHER GUIDELINES 28. Designated e-mail ID for regulatory communication with SEBI32 28.1. RTAs are required to create a designated email id for regulatory communications. This email id shall be an exclusive email id only for the above purpose and should not be a person centric email id. 28.2. The Designated e-mail ID shall be communicated to SEBI at intermediary@sebi.gov.in as per the format prescribed at Annexure-26 given below. 29. Mandatory Requirement of Permanent Account Number33 29.1. In order to strengthen the Know Your Client (KYC) norms and identify every participant in the securities market with their respective PAN thereby ensuring sound audit trail of all the transactions, it has been decided that PAN would be the sole identification number for all participants transacting in the securities market, irrespective of the amount of transaction. 29.2. The RTAs are advised in this regard as under: 29.2.1. To put in the necessary systems in place so that all the individual databases of their clients and clients’ transactions are linked to the PAN details of the client with which analysis can be made. 29.2.2. To build the necessary infrastructure for enabling accessibility and query based on PAN thereby enabling retrieval of all the details of the clients that is available including transactions done by them. 29.2.3. To collect copies of PAN cards issued to their existing as well as new clients by the Income Tax Department and maintain the same in their record after verifying with the original. 29.2.4. To cross-check the aforesaid details collected from their clients with the details on the website of the Income Tax Department - http://incometaxindiaefiling.gov.in/challan/enterpanforchallan.jsp. 29.3. PAN may not be insisted in the case of Central Government, State Government, and the officials appointed by the courts e.g. Official liquidator, Court receiver etc. (under the category of Government) for transacting in securities market. 29.4. However, the aforementioned clarification would be subject to the RTAs verifying the veracity of the claim of the specified organizations, by collecting sufficient documentary evidence in support of their claim for such an exemption.

32 MIRSD/ DPSIII/ Cir-21/ 08 dated July 07, 2008 33 MRD/DoP/Cir- 05/2007 dated April 27, 2007 and MRD/DoP/Cir-20/2008 dated June 30, 2008

Page 48 of 220 30. Prevention of circulation of unauthenticated news by SEBI Registered Market Intermediaries through various modes of communication34 RTAs are directed that: a) Proper internal code of conduct and controls should be put in place. b) Employees/temporary staff/voluntary workers etc. employed/working in the Offices of RTAs do not encourage or circulate rumours or unverified information obtained from client, industry, any trade or any other sources without verification. c) Access to Blogs/Chat forums/Messenger sites etc. should either be restricted under supervision or access should not be allowed. d) Logs for any usage of such Blogs/Chat forums/Messenger sites (called by any nomenclature) shall be treated as records and the same should be maintained as specified by the respective Regulations which govern the concerned RTA. e) Employees should be directed that any market related news received by them either in their official mail/personal mail/blog or in any other manner, should be forwarded only after the same has been seen and approved by the concerned RTA’s Compliance Officer. If an employee fails to do so, he/she shall be deemed to have violated the various provisions contained in SEBI Act/Rules/Regulations etc. and shall be liable for action. The Compliance Officer shall also be held liable for breach of duty in this regard. 31. Guidelines on Outsourcing of Activities by Intermediaries35 31.1.SEBI Regulations for various intermediaries require that they shall render at all times high standards of service and exercise due diligence and ensure proper care in their operations. 31.2.It has been observed that often the intermediaries resort to outsourcing with a view to reduce costs, and at times, for strategic reasons. 31.3.Outsourcing may be defined as the use of one or more than one third party – either within or outside the group - by a registered RTA to perform the activities associated with services which the RTA offers. 31.4.Principles for Outsourcing The risks associated with outsourcing may be operational risk, reputational risk, legal risk, country risk, strategic risk, exit-strategy risk, counter party risk, concentration and systemic risk. In order to address the concerns arising from the outsourcing of

34 Cir/ ISD/1/2011 dated March 23, 2011; and Circular Cir/ISD/2/2011 dated March 24, 2011 35 CIR/MIRSD/24/2011 dated December 15, 2011

Page 49 of 220 activities by intermediaries based on the principles advocated by the International Organisation of Securities Commissions (IOSCO) and the experience of Indian markets, SEBI had prepared a concept paper on outsourcing of activities related to services offered by intermediaries. The principles for outsourcing by intermediaries have been provided at Annexure￾27. These principles shall be followed by all RTAs registered with SEBI. 31.5.Activities that shall not be Outsourced The RTAs desirous of outsourcing their activities shall not, however, outsource their core business activities and compliance functions. A few examples of core business activities may be – execution of orders and monitoring of trading activities of clients in case of stock brokers; dematerialisation of securities in case of depository participants; investment related activities in case of Mutual Funds and Portfolio Managers. Regarding Know Your Client (KYC) requirements, the RTAs shall comply with the provisions of SEBI {KYC (Know Your Client) Registration Agency} Regulations, 2011 and Guidelines issued thereunder from time to time. 31.6.Other Obligations i. Reporting to Financial Intelligence Unit (FIU) - The RTAs shall be responsible for reporting of any suspicious transactions / reports to FIU or any other competent authority in respect of activities carried out by the third parties. ii. Need for Self-Assessment of existing Outsourcing Arrangements – In view of the changing business activities and complexities of various financial products, RTAs shall conduct a self-assessment of their existing outsourcing arrangements within a time bound plan, not later than six months from the date of issuance of this circular and bring them in line with the requirements of the guidelines/principles. 32. General Guidelines for dealing with conflicts of interest36 32.1.RTAs are presently governed by the provisions for avoidance of conflict of interest as mandated in the respective regulations read with relevant circulars issued from time to time by SEBI. On the lines of Principle 8 of the IOSCO Objectives and Principles of Securities Regulations, it has been decided to put in place comprehensive guidelines to collectively cover such entities and their associated persons, for elimination of their conflict of interest, as detailed hereunder.

36 SEBI Circular CIR/MIRSD/5/2013 dated August 27, 2013

Page 50 of 220 32.2.Such entities shall adhere to these guidelines for avoiding or dealing with or managing conflict of interest. They shall be responsible for educating their associated persons for compliance of these guidelines. 32.3.For the purpose of these guidelines "intermediaries" and "associated persons" have the same meaning as defined in Securities and Exchange Board of India (Certification of Associated Persons in the Securities Markets) Regulations, 2007. 32.4.Such entities and their associated persons shall, i. lay down, with active involvement of senior management, policies and internal procedures to identify and avoid or to deal or manage actual or potential conflict of interest, develop an internal code of conduct governing operations and formulate standards of appropriate conduct in the performance of their activities, and ensure to communicate such policies, procedures and code to all concerned; ii. at all times maintain high standards of integrity in the conduct of their business; iii. ensure fair treatment of their clients and not discriminate amongst them; iv. ensure that their personal interest does not, at any time conflict with their duty to their clients and client’s interest always takes primacy in their advice, investment decisions and transactions; v. make appropriate disclosure to the clients of possible source or potential areas of conflict of interest which would impair their ability to render fair, objective and unbiased services; vi. endeavor to reduce opportunities for conflict through prescriptive measures such as through information barriers to block or hinder the flow of information from one department/ unit to another, etc.; vii. place appropriate restrictions on transactions in securities while handling a mandate of issuer or client in respect of such security so as to avoid any conflict; viii. not deal in securities while in possession of material non published information; ix. not to communicate the material non published information while dealing in securities on behalf of others; x. not in any way contribute to manipulate the demand for or supply of securities in the market or to influence prices of securities; xi. not have an incentive structure that encourages sale of products not suiting the risk profile of their clients; xii. not share information received from clients or pertaining to them, obtained as a result of their dealings, for their personal interest; 32.5.The Boards of such entities shall put in place systems for implementation of aforementioned provisions and provide necessary guidance enabling identification, elimination or management of conflict of interest situations. The Boards shall review the compliance of aforementioned provisions periodically.

Page 51 of 220 32.6.The said guidelines shall be in addition to the provisions, if any, contained in respective regulations/ circulars issued by the Board from time to time regarding dealing with conflict of interest, in respect of such entities. 33. Framework for Regulatory Sandbox37 33.1. The Objective of Regulatory Sandbox is to grant certain facilities and flexibilities to the entities regulated by SEBI so that they can experiment with FinTech solutions in a live environment and on limited set of real users for a limited time frame. 33.2. The updated guidelines pertaining to the functioning of the Regulatory Sandbox are provided at Annexure 28. 34. RTA inter-operable Platform for enhancing investors’ experience in Mutual Fund transactions / service requests38 34.1. RTAs of Mutual Funds shall implement standardized practices, system interoperability amongst themselves to jointly develop a common industry wide platform that will deliver an integrated, harmonized, elevated experience to the investors across the industry. AMCs and Depositories shall facilitate the RTAs for development of the proposed platform. 34.2. The aforesaid platform shall, inter alia in phases, enable a user-friendly interface for investors for execution of mutual fund transactions viz. purchase, redemption, switch etc., initiation and tracking of service requests viz. change of email id / contact number / bank account details etc., initiation and tracking of queries and complaints, access investment related reports viz. mutual fund holdings (both in demat and standard Statement of Account), transactions reports (including historic transactions), capital gains/loss report, details of unclaimed dividend/redemption etc. Through this platform, investors will be able to access these services for all Mutual Funds in an integrated manner. In this regard, AMCs, RTAs and Depositories shall take necessary measures to provide data via APIs on a real time basis to the proposed platform. Additionally, RTAs and Depositories shall also share their respective data feeds between themselves for generation of investment related reports. 34.3. The platform may also over time, provide services to the distributors, registered investment advisors, AMCs, Stock Exchange platforms and digital platforms for transacting in mutual funds to further augment ease of investing and servicing of investors through the above stakeholders in consultation with SEBI.

37 SEBI/HO/ITD/ITD/CIR/P/2021/575 dated June 14, 2021 and SEBI/HO/MIRSD/MIRSD_IT/P/CIR/2021/0000000658 dated November 16, 2021 38 SEBI/HO/IMD/IMD-II DOF3/P/CIR/2021/604 dated July 26, 2021

Page 52 of 220 34.4. AMCs, RTAs and Depositories shall review and agree to harmonize the processes across the industry to provide a single-window, integrated, simplified investment and service experience for the investors. 34.5. AMCs, RTAs, and Depositories shall adopt the data definitions and standards as provided / recommended by SEBI for data exchange amongst various participants. 34.6. The Platform should be scalable with robust cyber security protocols and supported through an API-based architecture. In this regard, the platform shall adopt the Cyber Security and Cyber Resilience framework specified by SEBI from time to time to “MIIs” (Market Infrastructure Institutions such as Stock Exchanges, Depositories and Clearing Corporations) and “Qualified RTAs” (QRTAs). Further, on request basis, APIs could be exposed to other industry stakeholders such as distributors, registered investment advisors, Stock Exchange platforms and digital platforms etc. with due approval of the concerned Mutual Fund on mutually agreed terms. 34.7. The RTAs are jointly and severally responsible for compliance with all the applicable regulations including system audit and cyber security audit. Further, RTAs shall ensure that the platform complies with the guidelines for Business Continuity Plan (BCP) and Disaster Recovery (DR) specified by SEBI from time to time to “MIIs”. 34.8. All the stakeholders are advised to collaborate and work together towards the development and implementation of the proposed investor-friendly platform. 34.9. AMCs, RTAs, Depositories, AMFI and key stakeholders are advised to create awareness about this initiative amongst the investors. 35. Approach to securities market data access and terms of usage of data provided by data sources in Indian securities market39 RTAs are advised to make note of the following: “As far as the data provided by various data sources in Indian securities markets pursuant to regulatory mandates for reporting and disclosure in public domain are concerned, such data should be made available to users, ‘free of charge’ both for ‘viewing’ the data as also for downloading the format as specified by regulatory mandate for reporting, as well as their usage for the value addition purposes.” Further, apart from the data made available free of cost, data which is chargeable should be appropriately identified as such in public domain.

39 SEBI/HO/DEPA-III/DEPA-III_SSU/P/CIR/2022/25 dated February 25, 2022

Page 53 of 220 36. Digital mode of payment40 SEBI has notified the SEBI (Payment of Fees and Mode of Payment) (Amendment) Regulations, 2017 on March 06, 2017 to enable digital mode of payment (RTGS/ NEFT/IMPS etc.) of fees/penalties/remittance/other payments etc. In order to identify and account such direct credit in the SEBI account, it has been decided that RTA shall provide the information as mentioned in the below table to SEBI once the payment is made. Dat e Departm ent of SEBI Name of the Intermedi ary/ Other entities Type of Intermedi ary SEBI Registrati on Number (if any) PA N Amou nt (in Rs.) Purpos e of payme nt (includi ng the period for which payme nt was made e.g. quarterl y, annuall y) Bank name and Accou nt numbe r from which payme nt is remitte d UT R No. The above information should be emailed to the respective department(s)as well as to Treasury & Accounts division at tad@sebi.gov.in. 37. Reporting requirement under Foreign Accounts Tax Compliance Act (FATCA)41 37.1.India joined the Multilateral Competent Authority Agreement (MCAA) on Automatic Exchange of Financial Account Information on June 3, 2015. In terms of the MCAA, all countries which are a signatory to the MCAA, are obliged to exchange a wide range of financial information after collecting the same from financial institutions in their country/jurisdiction.

40 SEBI/HO/GSD/T&A/CIR/P/2017/42 dated May 16, 2017 41 SEBI Circular CIR/MIRSD/2/2015 dated August 26, 2015 and SEBI Circular CIR/MIRSD/3/2015 dated September 10, 2015

Page 54 of 220 37.2.Further, on July 9, 2015, the Governments of India and United States of America (USA) have signed an agreement to improve international tax compliance and to implement the Foreign Account Tax Compliance Act (FATCA) in India. The USA has enacted FATCA in 2010 to obtain information on accounts held by U.S. taxpayers in other countries. As per the aforesaid agreement, foreign financial institutions (FFls) in India will be required to report tax information about U.S. account holders/taxpayers directly to the Indian Government which will, in turn, relay that information to the U.S. Internal Revenue Service (IRS). 37.3.For implementation of the MCAA and agreement with USA, the Government of India has made necessary legislative changes to Section 285BA of the Income-tax Act, 1961. Further, the Government of India has notified Rules 114F to 114H (herein after referred as "the Rules") under the Income Tax Rules, 1962 and form No. 61B for furnishing of statement of reportable account as specified in the Rules. The Rule is available at https://incometaxindia.gov.in/Documents/exchange-of￾information/LETTER-F-NO-500-137-2011%20_1_.pdf 37.4.Also a “Guidance Note on implementation of Reporting Requirements under Rules 114F to 114H of the Income Tax Rules” as issued by the Department of Revenue, Ministry of Finance vide F.No.500/137/2011-FTTR-III dated August 31, 2015 is available at http://www.incometaxindia.gov.in/communications/notification/guidance_notes_on_i mplementation_31_08_2015.pdf. 37.5.RTAs are advised to take necessary steps to ensure compliance with the requirements specified in the aforesaid Rules after carrying out necessary due diligence. 38. Guidelines on Anti-Money Laundering (AML) Standards and Combating the Financing of Terrorism (CFT) /Obligations of Securities Market Intermediaries under the Prevention of Money Laundering Act, 2002 and Rules framed there under RTAs are advised to refer to SEBI’s master circular issued on February 03, 2023 with respect to ‘Guidelines on Anti-Money Laundering (AML) Standards and Combating the Financing of Terrorism (CFT) /Obligations of Securities Market Intermediaries under the Prevention of Money Laundering Act, 2002 and Rules framed there under’ available at the following link: https://www.sebi.gov.in/legal/master-circulars/feb-2023/guidelines-on-anti-money￾laundering-aml-standards-and-combating-the-financing-of-terrorism-cft-obligations-of￾securities-market-intermediaries-under-the-prevention-of-money-laundering-act-2002-a- _67833.html

Page 55 of 220 SECTION X – ROLE OF RTAs WITH RESPECT TO PRIMARY MARKETS 39. Obligations of RTA with respect to Rights Issue42 The detailed procedures on the Rights Issue process are given at Annexure-29 for due compliance. 40. Investment by Foreign Portfolio Investors (FPI) through primary market issuances43 40.1.Regulation 21(7) of SEBI (Foreign Portfolio Investors) Regulations, 2014 ('FPI Regulations') mandates that the purchase of equity shares of each company by a single foreign portfolio investor or an investor group shall be below ten percent of the total issued capital of the company. 40.2.Further, Regulation 23(3) of FPI Regulations requires that in case the same set of ultimate beneficial owner(s) invest through multiple entities, such entities shall be treated as part of same investor group and the investment limits of all such entities shall be clubbed at the investment limit as applicable to a single foreign portfolio investor. 40.3.To ensure compliance of the above, at the time of finalization of basis of allotment during primary market issuances, RTAs shall: 43.1.1.Use PAN issued by Income Tax Department of India for checking compliance for a single foreign portfolio investor; and 43.1.2.Obtain validation from Depositories for the foreign portfolio investors who have invested in the particular primary market issuance to ensure there is no breach of investment limit. Within the timelines for issue procedure, as prescribed by SEBI from time to time. 41. Streamlining the process of IPOs with UPI in ASBA and redressal of investor grievances44 SEBI vide circular SEBI/HO/CFD/DIL2/CIR/P/2018/138 dated November 01, 2018 introduced the use of Unified Payment Interface as an additional payment mechanism with Application Supported by Blocked Amount (ASBA) for Retail Individual Investors along with timelines for listing within six days of closure of issue (T+6).

42 SEBI/HO/CFD/DIL2/CIR/P/2020/13 dated January 22, 2020 and SEBI/HO/CFD/SSEP/CIR/P/2022/66 dated May 19, 2022 43 IMD/FPIC/CIR/P/2018/114 dated July 13, 2018 44 Circular No. SEBI/HO/CFD/DIL2/CIR/P/2021/2480/1/M dated March 16, 2021

Page 56 of 220 While the above was operational in Phase 1, in Phase II w.e.f July 01, 2019 vide SEBI circular SEBI/HO/CFD/DIL2/CIR/P/2019/76 dated June 28,2019, UPI was mandated for applications by Retail Individual Investors submitted through Intermediaries. Subsequently, SEBI vide circular SEBI/HO/CFD/DCR2/CIR/P/2019/133 dated November 08, 2019 extended the timeline for implementation of Phase II. The said circular had prescribed the detailed timelines of T+6 listing, compliance, reconciliation process and reporting standards to be followed by Intermediaries. The intermediaries in the IPO ecosystem have agreed to the standard operating procedure as well as the level of security for all messaging protocols from different nodes. This has addressed a lot of investor issues. Gaining on the experience of the market with the current UPI system, the following issues have been identified based on the consultation with market participants which need to be addressed. a) Delay in receipt of mandate by investors for blocking of funds due to systemic issues at Intermediaries/SCSBs. b) Failure to unblock funds for cancelled/withdrawn/deleted cases in the Stock Exchanges platform. c) Failure to unblock the funds in cases of partial allotment by the next working day from the finalization of basis of allotment (BOA). d) Failure to unblock the funds in cases of non-allotment by BOA+1. e) SCSB blocking multiple amounts for the same UPI application. f) SCSB blocking more amount in the investors account than the application amount. Therefore, need has been felt to put in place measures to have a uniform policy and to further streamline the reconciliation process among intermediaries/SCSBs. This circular also provides a mechanism of compensation to investors. Responsibilities of RTA RTA shall submit the details of cancelled/withdrawn/deleted applications to SCSB’s on daily basis within 60 minutes of bid closure time from the Issue opening date till Issue closing date (T) by obtaining the same from Stock Exchanges.

Page 57 of 220 42. Issue and listing of Non-Convertible Securities (NCS), Securitised Debt Instruments (SDI), Security Receipts (SR), Municipal Debt Securities and Commercial Paper (CP)45 Vide notification no. SEBI/LAD-NRO/GN/2021/39 dated August 09, 2021, SEBI (Issue and Listing of Non-Convertible Securities) Regulations, 2021 were notified, pursuant to merger and repeal of the SEBI (Issue and Listing of Debt Securities) Regulations, 2008 and SEBI (Issue and Listing of Non-Convertible Redeemable Preference Shares) Regulations, 2013. Role of RTA in respect of application process in case of public issues of securities and timelines for listing The RTA, based on information of bidding and blocking received from the stock exchange, shall undertake reconciliation of the bid data and block confirmation corresponding to the bids by all investor category applications (with and without the use of UPI) and prepare the basis of allotment. Upon approval of the basis of allotment, the RTA shall share the ‘debit’ file with sponsor bank (through stock exchange) and SCSBs, as applicable, for credit of funds in the public issue account and unblocking of excess funds in the investor’s account. Other responsibilities  The RTA shall have an online or system driven interface with the stock exchange platform to get updated information/ data/ files pertaining to issue.  The RTA shall collect aggregate applications details from the stock exchanges platform to decide the eligible applications and process the allotment as per applicable SEBI Regulations.  An application without valid application amount shall be treated as invalid application by the RTA.  The RTA shall credit securities to all valid allottees.  The RTA shall ensure refund of application amount or excess application amount in the bank account of the applicant as stated in its demat account.  Role of RTA in respect of timelines is explained in Annexure-30. Role of RTA with respect to Electronic Book Provider platform Process flow of settlement, where funds pay-in is to be made to escrow bank account of issuer:

45 SEBI/HO/DDHS/P/CIR/2021/613 dated August 10, 2021

Page 58 of 220  Successful bidders, in an issue, will make pay-in of funds towards the allocation made to them, in the escrow bank account within the timelines, as provided by the issuer in the PM/ IM. The funds pay-in by the successful bidders will be made only from the bank account(s), which have been provided/ updated in the EBP system. Further, pay-in received from any other bank account will lead to cancellation of bid and consequent debarment of the investor from accessing EBP platform for 30 days.  Escrow bank, pursuant to receipt of funds will provide a confirmation to the RTA, associated with the issue, about receipt of funds along with details including name of bank account holder, bank account number and the quantum of funds received.  RTA, will then reconcile the information received from escrow bank with the details as provided by EBP and after reconciliation RTA shall intimate to the issuer about receipt of funds. Subsequently, issuer will initiate the process of corporate action through the RTA to Depository.  RTA, after passing on the instructions for corporate action to the depositories, will issue instruction to the escrow bank to release money to the issuers bank account. RTA shall:  undertake reconciliation between information received from the escrow Bank and EBP. Further, after reconciliation, shall intimate the issuer about the receipt of funds and shortfall, if any, and the reasons thereof;  issue instructions to the escrow bank account for the release of funds, after passing on the instructions for corporate action to the depositories; and  intimate to the EBP, upon closure of the issue, the status of the issue i.e. successful or withdrawn, details of defaulting investors etc. 43. Reduction of timelines for listing of units of Real Estate Investment Trust (REIT) and Infrastructure Investment Trust (InvIT)46 As a part of the continuing endeavour to streamline the process of public issue of units of Real Estate Investment Trust (REIT) and Infrastructure Investment Trust (InvIT), it has been decided to reduce the time taken for allotment and listing after the closure of issue to six working days as against the present requirement of within twelve working days. The indicative timelines from issue closure till listing are explained in Annexure-31.

46 SEBI/HO/DDHS/DDHS_Div3/P/CIR/2022/54 dated April 28, 2022 and SEBI/HO/DDHS/DDHS_Div3/P/CIR/2022/55 dated April 28, 2022

Page 59 of 220 44. Responsibilities of the RTA with respect to introduction of Unified Payments Interface (UPI) mechanism for Infrastructure Investment Trusts47 44.1. The RTA shall have an online or system driven interface with the Stock Exchange platform to get updated information/ data/ files pertaining to issue. 44.2. The RTA shall collect aggregate applications details from the stock exchanges platform to decide the eligible applications and process the allotment as per applicable SEBI Regulations. 44.3. An application without valid application amount shall be treated as invalid application by the RTA. 44.4. The RTA shall credit units to all valid allottees. 44.5. The RTA shall ensure refund of application amount or excess application amount in the bank account of the applicant as stated in its demat account. 45. Role of RTA with respect to Public Issues Under CIR/CFD/DIL/3/2010 dated April 22, 2010 45.1. In the event of mistake in capturing the application number by either the syndicate member or collecting bank leading to rejection of application, the RTA may identify based on the bid form, the entity responsible for the error. Under CIR/CFD/POLICYCELL/11/2015 dated November 10, 201548 45.2. In addition to the Self Certified Syndicate Banks (SCSBs), Syndicate Members and Registered Brokers of Stock Exchanges, the RTAs and Depository Participants (DPs) registered with SEBI are now permitted to accept application forms (both physical as well as online) in public issues. 45.3. The RTAs and DPs shall provide their contact details, where the application forms shall be collected by them, to the recognized stock exchanges regularly which shall be disclosed by the stock exchanges. 45.4. Indicative timelines Schedule for various activities can be explained in Annexure-32. Under SEBI/HO/CFD/DIL/CIR/P/2016/26 dated January 21, 2016 45.5. Syndicate members, registered brokers of stock exchanges, depository participants (DPs) and RTAs registered with SEBI, may also forward the physical application forms received by them on day-to-day basis during the bidding period to designated

47 SEBI/HO/DDHS/DDHS_Div3/P/CIR/2022/085 dated June 24, 2022 48 SEBI/HO/CFD/DCR2/CIR/P/2019/133 dated November 08, 2019

Page 60 of 220 branches of the respective self-certified syndicate banks (SCSBs) for blocking of funds. Such applications should be with value not more than 2 lakh and shall be forwarded along with the schedule specified in SEBI Circular dated November 10, 2015. 45.6. Stock exchanges may share the electronic bid file for applications with value not more than 2 lakh with RTA to the issue on daily basis who in turn may share the same with each SCSB. SCSBs may carry out the blocking of funds on a daily basis during the bidding period for such physical application forms received. Revised electronic bid file / final bid file shall be shared by the stock exchanges with RTA to the issue. SCSBs to ensure blocking of funds is based on final electronic bid file received from RTA to the issue. 46. Streamlining the Process of Public Issues and redressal of Investor grievances49 Following are the responsibilities of the RTA:  RTA shall submit the details of cancelled/ withdrawn/ deleted applications to SCSBs on daily basis within 60 minutes of bid closure time from the Issue opening date till Issue closing date (T) by obtaining the same from Stock Exchanges. SCSBs shall unblock such applications by the closing hours of the bank day and submit the confirmation to Lead Managers and RTA on daily basis.  All SCSBs are required to submit to the Lead Managers and RTA a certificate ‘for completion of unblock of funds on the next working day from the finalization of basis of allotment by RTA’ by the end of closing hours of Bank Day on Basis of Allotment+ 1 day (BOA+1). Upon receipt of this certificate, RTIs shall maintain a record of it and the consolidated compliance of all SCSBs be provided to Post Issue Lead Manager on BOA+1. Post Issue Lead Manager shall provide the same to SEBI as and when it is sought.  The RTA shall provide the allotment/ revoke files to the Sponsor Bank by 8:00 PM on T+3, i.e., the day when the Basis of Allotment (BOA) has to be finalized.  With respect to delayed unblock, Sponsor Banks shall execute the online mandate revoke file for Non Allottees / Partial Allottees on BOA+1. Subsequently, any pending applications for unblock shall be submitted to RTA, not later than 5 PM on BOA+1. Subsequently, RTI shall submit the bank-wise pending UPI applications for unblock to SCSB’s along with the allotment file, not later than 06:30 PM on BOA+1.

49 SEBI/HO/CFD/DIL2/CIR/P/2021/2480/1/M dated March 16, 2021 and SEBI/HO/CFD/DIL2/P/CIR/2021/570 dated June 02, 2021; SEBI/HO/CFD/DIL2/CIR/P/2022/51 dated April 20, 2022

Page 61 of 220 The allotment file shall include all applications pertaining to full allotment/partial￾allotment/non-allotment/cancelled/withdrawn/deleted applications etc. 47. Responsibilities of RTA with respect to open offers, buybacks and delisting offers In case of offer under Buy Back Regulations, the company is required to announce a Record Date for the purpose of determining the entitlement and the names of the security holders who are eligible to participate in the proposed Buy-Back. Based on this information, eligible shareholders can tender shares in the Buy-Back using the Acquisition Window of the Stock Exchanges through selling brokers. However, reconciliation for acceptances shall be conducted by the Merchant banker and the Registrar to the offer after closing of the Offer and the final list shall be provided to the Stock Exchanges to facilitate settlement.50 Issuer / RTA handling respective tender offer shall provide details in respect of shareholder’s entitlement for tender offer process to CCs.51

50 CIR/CFD/POLICYCELL/1/2015 dated April 13, 2015 51 SEBI/HO/CFD/DCR-III/CIR/P/2021/615 dated August 13, 2021

Page 62 of 220 Section XI- Reporting Requirements Reporting requirements for all the RTAs

1. Half-yearly report in terms of Regulation 14 of SEBI (Registrars to an Issue & Share Transfer Agents) Regulations, 1993 (to be submitted to SEBI at rta@sebi.gov.in) REPORT OF RTI / STA FOR THE HALF YEAR ENDED MARCH/SEPTEMBER, 20.. NAME: REGISTRATION NO: DATE OF REGISTRATION (in dd/mm/yy): SECTION I: ACTIVITIES RTI Activities- Issues handled Type of issue No. of issues handled during the half year ended … Cumulative no. of issues handled up to the half year ended … No. of applications received in issues handled during the half year ended … IPO FPO Rights Issue Takeover Buyback Delisting Others (please specify) Total

Page 63 of 220 STA activities Number of client companies No. of folios held at the end of half year Activities other than RTI/STA Sr. No. Activity Type Description of the activity Name of Compliance Officer Email ID SECTION II - REDRESSAL OF INVESTOR GRIEVANCES For the half year ended March/ September, 20.. Status of Investor Grievances Name of the company No. of complaints pending at the end of the previous half year No. of complaints received during the half year No. of complaints resolved during the half year No of complaints pending at the end of the half year Details of the grievances pending for more than 30 days (where no reply has been sent to investors within 30 days) Name of the company No. of complaints pending for more than 30 days Nature of the complaint(s)* Status of the complaint Name of Compliance Officer Email ID

Page 64 of 220

• Nature of complaint(s): a. Delay in dematerialization of securities h. Delay in receipt/ Non-receipt of dividend b. Delay in rematerialization of securities i. Delay in processing of other service requests viz., change of address, change of signature, etc c. Non-receipt of physical shares for rejected demat j. Non-allotment of shares in IPO d. Delay in transfer of physical shares k. Delay in receipt/ Non-receipt of refund e. Delay in transmission of shares or deletion of name l. Non-receipt of CAFs in Rights Issue f. Delay in transposition of shares m. Others, please specify g. Delay in issuance of duplicate share certificates SECTION - III: COMPLIANCE COMPLIANCE CERTIFICATE FOR THE HALF YEAR ENDED MARCH/ SEPTEMBER, 20.. A. No conflict of interest with other activities The activities other than RTI/STA activities performed by the RTI / STA are not in conflict with RTI / STA activities and appropriate systems and policies have been put in place to protect the interests of investors. B. Change in status or constitution Reporting of 'changes in status or constitution' of RTI / STA: C. Other Information (i) Details of arrest/ conviction of key officials of RTI/STA (ii) Details of prosecution cases or criminal complaints filed by investors against the RTI/STA (iii) Details of any fraudulent activity by the employees associated with RTI/STA activities and action taken by the RTI/STA (iv) Details of any disciplinary action taken/ penalty imposed by SEBI/ other regulatory authority and corrective steps taken to avoid such deficiencies in the future. (v) Details of conviction of the RTI/ STA, or any of its director, partner, proprietor or principal officer for any offence involving moral turpitude or being found guilty of any economic offence. (vi) Action taken by the RTI/STA on the above issues

Page 65 of 220 D. Compliance with registration requirements (i) Net worth as on March 31st is Rs ……… (Please enclose auditor's certificate as on March 31st . This certificate is required to be submitted only once in a year) (ii) Any major change in infrastructure since the last report/ registration/ renewal (iii) Changes in Key personnel during the half year ended………. Name(s) of the key personnel Appointm ent / Cessatio n Date of appoint ment / cessatio n Qualifica tion Experie nce Functio nal areas of work Certified that the requirements specified for SEBI registration as RTI/STA are fulfilled. E. NISM Certification Number of associated persons employed or engaged with the RTI/ STA for the purpose of performing any of the activities as enumerated under clauses (a) to (g) of Notification dated September 4, 2009 issued under Regulation 3 of the Securities and Exchange Board of India (Certification of Associated Persons in the Securities Markets) Regulations, 2007, who have obtained necessary NISM Certificate/ Continuing Professional Education (in terms of NISM communiques dated April 27, 2012), along with following details. Category of associated person No. of persons who are required to comply with NISM Certification/ CPE No. of persons who have obtained NISM Certificate/ CPE Principal Grandfathered person Others Action plan for those who are yet to comply with the above requirement: F. Issue-related work Certified that we have given instructions for crediting of shares or refunding/ unblocking of funds/ payment of consideration within the time line prescribed by SEBI. Further certified that the Board has reviewed the present system to monitor compliance of the above and the system is satisfactory. In case of non-compliance, details are given as follows: Name of issue Type of issue Nature of activity Range of delay (min and max no. of days)

Page 66 of 220 G. Common share registry Details of non-compliance with the common share registry requirement in accordance with Regulation 53A of SEBI (Depositories and Participants) Regulations, 1996 and para 15 of this circular, along with steps taken, if any by the RTI/ STA. Name of the issuer company Steps taken by the RTI/STA H. Share transfer activities Certified that we have processed share related activities like dematerialisation, rematerialisation, transfer, issuance of duplicate certificate, etc. within the time line prescribed by SEBI. Further certified that the Board has reviewed the present system to monitor compliance of the above and the system is satisfactory. In case of non-compliance, details are given as follows: Name of company Type of request No. of requests received during the half year No. of requests processed during the half year, beyond the prescribed time line Range of delay (min and max no. of days) I. Details of deficiencies and non-compliances during the half year (in addition to those mentioned, if any, in points E, F, G and H above) J. Details of the review of the report by the Board of Directors Date of Review (dd/mm/yyyy) Observation of the BoD on i) the deficiencies and non-compliances (mentioned in points E, F, G, H and I above) ii) corrective measures initiated to avoid such instances in future Certified that we have complied with all applicable acts, rules, regulations, circulars, guidelines, etc. issued from time to time except the deficiencies and non￾compliances specifically reported at clauses E, F, G, H and I above. Name of Compliance Officer Email ID

Page 67 of 220 2. Investor Complaints Report to SEBI on a Monthly basis on or before 7th of the following month (to be submitted to SEBI at rta@sebi.gov.in) Name of the RTA: Registration No.: Address: Investor Complaints Report Month – wise data for the current financial year SN Month Carried forward from previous month Received Resolved Pending 1 2 3 4 5 6 1 April, 20XX 2 May, 20XX 3 June, 20XX 4 and so on…… till the month previous to the reporting month Grand Total Trend of annual (Calendar Year) disposal of complaints (for 5 years on rolling basis) S. No. Year Carried forward from previous year Received Resolved Pending 1 20XX-XX 2 20XX-XX 3 20XX-XX 4 20XX-XX 5 20XX-XX Grand Total

Page 68 of 220 3. Investor Complaints Report to be published on the Website of RTA on a monthly basis on or before 7th of the following month Data for the month ending SN Received from Carried forward from previous month Received during the month Total Pending# Resolved* Pending at the end of the month** Average Resolution time^ (in days) Pending for less than 3 months Pending for more than 3 months 1 2 3 4 5 6 7 8 1 Directly from Investors 2 SEBI (SCORES) 3 Stock Exchanges (if relevant) 4 Other Sources (if any) 5 Grand Total *Should include complaints of previous months resolved in the current month, if any. **Should include total complaints pending as on the last day of the month, if any. ^Average resolution time is the sum total of time taken to resolve each complaint in the current month divided by total number of complaints resolved in the current month.

Page 69 of 220 Reporting requirements only for QRTAs 4. Cyber Security and Cyber Resilience Framework Audit to be on a half yearly basis and submitted to SEBI – HY ending 31 March due by 30 June and HY ending 30 Sept due by 31 Dec (to be submitted to SEBI at rta@sebi.gov.in) Name of the RTA: Registration No.: Address: S. No. Description Compliance Status (Yes/No) Audit Remarks 1 Cyber attacks and threats attempt to compromise the Confidentiality, Integrity and Availability (CIA)of the computer systems, networks and databases(Confidentiality refers to limiting access of systems and information to authorized users, Integrity is theassurancethat the information is reliable and accurate, and Availability refers to guarantee of reliableaccess to the systemsandinformation byauthorized users).Cyber securityframework includesmeasures, tools and processes that are intended to prevent cyber attacks and improve cyber resilience. Cyber Resilience is an organisation’s ability to prepare and respond to a cyber attack and to continue operation during, and recover from, a cyber attack. Governance 2 As part of the operational risk management framework to manage risk to systems, networks and databases from cyber attacks and threats, QRTAs should formulate a comprehensive cyber security and cyber resilience policy document encompassing the framework mentioned hereunder. The policy

Page 70 of 220 S. No. Description Compliance Status (Yes/No) Audit Remarks document should be approved by the Boardof QRTAs, and in case of deviations from the suggested framework, reasons for such deviations should also be provided in the policy document. The policy document should be reviewed by the Board of QRTAsatleast annually with the view to strengthen and improve its cyber security and cyber resilience framework. 3 The cybersecurity and cyber resilience policy should include the following process to identify, assess, and manage cyber security risk associated with processes, information, networks and systems; a. ‘Identify’ critical IT assets and risks associated with such assets, b. ‘Protect’ assets by deploying suitable controls, tools and measures, c.‘Detect’ incidents, anomalies and attacks through appropriate monitoring tools/processes, d. ‘Respond’ by taking immediate steps after identification of the incident, anomaly or attack, e. ‘Recover’ from incident through incident management, disaster recovery and businesscontinuity framework. 4 The Cyber security policy should encompass the principles prescribed by National Critical Information Infrastructure Protection Centre (NCIIPC) of National Technical Research Organisation (NTRO), Government of India,in the report titled ‘Guidelines for Protection of National Critical Information Infrastructure’ and subsequent revisions, if any, from time to time. 5 QRTAs should also incorporate best practices from standards such as ISO 27001, ISO 27002, COBIT 5, etc., or their subsequent revisions, if any, from time to time. 6 QRTAs should designate a senior official as Chief Information Security Officer (CISO) whose function would be to assess, identify and reduce cyber security risks, respond to incidents, establish

Page 71 of 220 S. No. Description Compliance Status (Yes/No) Audit Remarks appropriate standards and controls, and direct the establishment and implementation of processes and procedures as per the cyber security and resilience policy approved by the Board of the QRTAs. 7 The Board of the QRTAsshall constitute a Technology Committeecomprising experts proficient in technology. This Technology Committeeshouldon a quarterly basis review the implementation of the cyber security and cyber resilience policy approved by their Board, and such review should include review of their current IT and cyber security and cyber resilience capabilities, set goals for a target level of cyber resilience, and establish a plan to improve and strengthen cyber security and cyber resilience. The review shall be placed before the Board of the QRTAs for appropriate action. 8 QRTAs should establish a reporting procedure to facilitate communication of unusual activities and events to CISO or to the senior management in a timely manner. 9 The aforementioned committee and the senior management of the QRTAs, including the CISO, should periodically review instances of cyber attacks, if any, domestically and globally, and take steps to strengthen cyber security and cyber resilience framework. 10 QRTAs should define responsibilities of its employees, outsourced staff, and employees of vendors, members or participants and other entities, whomay have access or use systems/ networks of QRTA's, towards ensuring the goal of cyber security. Identify 11 QRTAsshall identify and classify critical assets based on their sensitivity and criticality for business operations, services and data management. The critical assets should include business critical systems, internet

Page 72 of 220 S. No. Description Compliance Status (Yes/No) Audit Remarks facing applications /systems, systems that contain sensitive data, sensitive personal data, sensitive financial data, Personally Identifiable Information (PII) data, etc. All the ancillary systems used for accessing/communicating with critical systems either for operations or maintenance should also be classified as critical system. The Board of the QRTAs shall approve the list of critical systems. To this end, QRTAs should maintain up-to-date inventory of its hardware and systems, software and information assets (internal and external), details of its network resources, connections to its network and data flows. 12 QRTAs should accordingly identify cyber risks (threats and vulnerabilities) that it may face, alongwith the likelihood of such threats and impact on the business and thereby, deploy controls commensurate to the criticality. 13 QRTAs shouldalso encourage its third-party providers, if any, to have similar standards of Information Security. Protection Access Controls 14 No person by virtue of rank or position should have any intrinsic right to access confidential data, applications, system resources or facilities. 15 Any access to QRTA'ssystems, applications, networks, databases, etc., should be for a defined purpose and for a defined period. QRTAs should grant access to IT systems, applications, databases and networks on a need-to-use basis and based on the principle of least privilege. Such access should be for the period when the access is required and should be authorized using strong authentication mechanisms.

Page 73 of 220 S. No. Description Compliance Status (Yes/No) Audit Remarks 16 QRTAs should implement strong password controls for users’ access to systems, applications, networks and databases. Password controls should include a change of password upon first log-on, minimum password length and history, password complexity as well as maximum validity period. The user credential data should be stored using strong and latest hashing algorithms. 17 QRTAs should ensure that records of user access are uniquely identified and logged for audit and review purposes. Such logs should be maintained and stored in encrypted form for a time period not less than two (2) years. 18 QRTAs should deploy additional controls and security measures to supervise staff with elevated system access entitlements (such as admin or privileged users). Such controls and measures should inter-alia include restricting the number of privileged users, periodic review of privileged users’ activities, disallow privileged users from accessing systems logs in which their activities are being captured, strong controls over remote access by privileged users, etc. 19 Account access lock policies after failure attempts should be implemented for all accounts. 20 Employees and outsourced staff such as employees of vendors or service providers, who may be given authorised access to the QRTA'scritical systems, networks and other computer resources, should be subject to stringent supervision, monitoring and access restrictions 21 Two-factor authentication at log-in should be implemented for all users that connect using online/internet facility. 22 QRTAs should formulate an Internet access policy to monitor and regulate the use of internet and internet based services such as social media sites, cloud-based internet storage sites, etc.

Page 74 of 220 S. No. Description Compliance Status (Yes/No) Audit Remarks 23 Proper ‘end of life’ mechanism should be adopted to deactivate access privileges of users who are leavingthe organization or whoseaccess privileges have been withdrawn. Physical security 24 Physical access to the critical systems should be restricted to minimum. Physical access of outsourced staff/visitors should be properly supervised by ensuring at the minimum that outsourced staff/visitors are accompanied at all times by authorised employees. 25 Physical access to the critical systems should be revoked immediately if the same is no longer required. 26 QRTAs should ensure that the perimeter of the critical equipments room are physically secured and monitored by employing physical, human and procedural controls such as the use of security guards, CCTVs, card access systems, mantraps, bollards, etc. where appropriate. Network Security Management 27 QRTAs should establish baseline standards to facilitate consistent application of security configurations to operating systems, databases, network devices and enterprise mobile devices within the IT environment. The QRTAs should conduct regular enforcement checks to ensure that the baseline standards are applied uniformly. 28 QRTAs should install network security devices, such as firewalls as well as intrusion detection and prevention systems, to protect theirIT infrastructure from security exposures originating from internal and external sources. 29 Anti-virus software should be installed on servers and othercomputer systems. Updation of anti-virus definition files and automatic anti-virus scanning should be done on a regular basis.

Page 75 of 220 S. No. Description Compliance Status (Yes/No) Audit Remarks Security of Data 30 Data-in motion and Data-at-rest should be in encrypted form by using strong encryption methods such as Advanced Encryption Standard (AES), RSA, SHA-2, etc. 31 QRTAs should implement measures to prevent unauthorised access or copying or transmission of data / information held in contractual or fiduciary capacity. It should be ensured that confidentiality of information is not compromised during the process of exchanging and transferring information with external parties. 32 The information security policy should also cover use of devices such as mobile phone, faxes, photocopiers, scanners, etc. that can be used for capturing and transmission of data. 33 QRTAs should allow only authorized data storage devices through appropriate validation processes. Hardening of Hardware and Software 34 Only a hardened and vetted hardware / software should be deployed by the QRTAs. During the hardening process, QRTAs should inter-alia ensure that default passwords are replaced with strong passwords and all unnecessary services are removed or disabled in equipments / software. 35 All open ports which are not in use or can potentially be used for exploitation of data should be blocked. Other open ports should be monitored and appropriate measures should be taken to secure the ports. Application Security and Testing 36 QRTAs should ensure that regression testing is undertaken before new or modified system is implemented. The scope of tests should cover business logic, security controls and system performance under various stress-load scenarios and recovery conditions.

Page 76 of 220 S. No. Description Compliance Status (Yes/No) Audit Remarks Patch Management 37 QRTAs should establish and ensure that the patch management procedures include the identification, categorisation and prioritisation of security patches. An implementation timeframe for each category of security patches should be established to implement security patches in a timely manner. 38 QRTAs should perform rigorous testing of security patches before deployment into the production environment so as to ensure that the application of patches do not impact other systems. Disposal of systems and storage devices 39 QRTAs should frame suitable policy for disposals of the storage media and systems. The data / information on such devices and systems should be removed by using methods viz. wiping / cleaning / overwrite, degauss and physical destruction, as applicable. Vulnerability Assessment and Penetration Testing 40 QRTAs shall carry out periodic vulnerability assessment and penetration tests (VAPT) which inter-alia include critical assets and infrastructure components like Servers, Networking systems, Security devices, load balancers, other IT systems etc. pertaining to the activities done as a QRTAs in order to detect security vulnerabilities in the IT environment and in-depth evaluation of the security posture of the system through simulations of actual attacks on its systems and networks. QRTAs shall conduct VAPT at least once in a financial year. However, for the QRTAs, whose systems have been identified as “protected system” by NCIIPC under the Information Technology (IT) Act, 2000, VAPT shall be conducted at least twice in a financial year. Further, all QRTAs are required to engage only CERT-In empaneled organizations for conducting VAPT. The

Page 77 of 220 S. No. Description Compliance Status (Yes/No) Audit Remarks final report on said VAPT shall be submitted to SEBI after approval from Technology Committeeof respective QRTAs, within 1 month of completion of VAPT activity. 41 Any gaps/vulnerabilities detected shall be remedied on immediate basis and compliance of closure of findings identified during VAPT shall be submitted to SEBI within 3 months post the submission of final VAPT report. 42 In addition, QRTAs shall perform vulnerability scanning and conduct penetration testing prior to the commissioning of a new system which is a critical system or part of an existing critical system. Monitoring and Detection 43 QRTAs should establish appropriate security monitoring systems and processes to facilitate continuous monitoring of security events and timely detection of unauthorised or malicious activities, unauthorised changes, unauthorised access and unauthorized copying or transmission of data/information held in contractual or fiduciary capacity, by internal and external parties. The security logs of systems, applications and network devices should also be monitored for anomalies. 44 Further, to ensure high resilience, high availability and timely detection of attacks on systems and networks, QRTAs should implement suitable mechanism to monitor capacity utilization of its critical systems and networks. 45 Suitable alerts should be generated in the event of detection of unauthorized or abnormal system activities, transmission errors or unusual online transactions. Response and Recovery 46 Alerts generated from monitoring and detection systems should be suitably investigated, including

Page 78 of 220 S. No. Description Compliance Status (Yes/No) Audit Remarks impact and forensic analysis of such alerts, in order to determine activities that are to be performed to prevent expansion of such incident of cyber attack or breach, mitigate its effect and eradicate the incident. 47 The response and recovery plan of the QRTAs should aim at timely restoration of systems affected by incidents of cyber attacks or breaches. QRTAs should have the same Recovery TimeObjective(RTO) and Recovery Point Objective (RPO) as specified by SEBI for Market Infrastructure Institutions videSEBI circular CIR/MRD/DMS/17/20 dated June 22, 2012as amended from time to time. 48 The response plan should define responsibilities and actions to be performed by its employees and support/outsourced staff in the event of cyber attacks or breach of cyber security mechanism. 49 Any incident of loss or destruction of data or systems should be thoroughly analyzed and lessons learned from such incidents should be incorporated to strengthen thesecurity mechanism and improve recovery planning and processes. 50 QRTAs should also conduct suitable periodic drills to test the adequacy and effectiveness of response and recovery plan. Sharing of Information 51 Quarterlyreportscontaining information on cyber attacks and threats experienced by QRTAsand measures taken to mitigate vulnerabilities, threats and attacks including information on bugs/vulnerabilities/threats that may be useful for other QRTAs should be submitted to SEBI in soft copy to rta@sebi.gov.in 52 Such details as are felt useful for sharing with other QRTAsin masked and anonymous manner shall be shared using mechanism to be specified by SEBI from time to time.

Page 79 of 220 S. No. Description Compliance Status (Yes/No) Audit Remarks Training 53 QRTAs should conduct periodictraining programs to enhance awareness level among the employees and outsourced staff, vendors, etc. on IT/Cyber security policy and standards. Special focus should be given to build awareness levels and skills of staff from non￾technical disciplines. 54 The training program should be reviewed and updated to ensure that the contents of the program remain current and relevant. Periodic Audit 55 QRTAs shall arrangetohave its systems audited on an annual basis by an independent CISA/CISM qualified or equivalent auditorto check compliance with the above areasand shall submit the report to SEBIalong with the comments of the Board of QRTAswithin three months of the end of the financial year. 5. VAPT to be conducted at least once in a financial year. Report to be submitted to SEBI within one month of completion of VAPT activity (to be submitted to SEBI at rta@sebi.gov.in) 6. Cyber Security and Cyber Security Resilience Framework Incident Reporting to SEBI on a quarterly basis within 15 days of the end of the quarter (to be submitted to SEBI at rta@sebi.gov.in) Incident Reporting Form

1. Letter / Report Subject -

Page 80 of 220 Name of the RTA - SEBI Registration no. - Type of RTA - 2. Reporting Periodicity Year-  Quarter 1 (Apr-Jun)  Quarter 2 (Jul-Sep)  Quarter 3 (Oct-Dec)  Quarter 4 (Jan-Mar) 3. Designated Officer (Reporting Officer details) - Name: Organization: Title: Phone / Fax No: Mobile: Email: Address: Cyber-attack / breach observed in Quarter: ( If yes, please fill Annexure I) ( If no, please submit the NIL report) Date & Time Brief information on the Cyber-attack / breached observed

Page 81 of 220 Annexure I

1. Physical location of affected computer / network and name of ISP -

2. Date and time incident occurred - Date: Time:

3. Information of affected system - IP Address: Computer / Host Name: Operating System (incl. Ver. / release No.): Last Patched/ Updated: Hardware Vendor/ Model:

4. Type of incident -  Phishing  Network scanning /Probing Breakin/Root Compromise  Virus/Malicious Code  Website Defacement  System Misuse  Spam  Bot/Botnet  Email Spoofing  Denial of Service(DoS)  Distributed Denial of Service(DDoS)  User Account Compromise  Website Intrusion  Social Engineering  Technical Vulnerability  IP Spoofing  Ransomware  Other

5. Description of incident -

Page 82 of 220 6. Unusual behavior/symptoms (Tick the symptoms) -  System crashes  New user accounts/ Accounting discrepancies  Failed or successful social engineering attempts  Unexplained, poor system performance  Unaccounted for changes in the DNS tables, router rules, or firewall rules  Unexplained elevation or use of privileges Operation of a program or sniffer device to capture network traffic;  An indicated last time of usage of a user account that does not correspond to the actual last time of usage for that user  A system alarm or similar indication from an intrusion detection tool  Altered home pages, which are usually the intentional target for visibility, or other pages on the Web server  Anomalies  Suspicious probes  Suspicious browsing New files  Changes in file lengths or dates  Attempts to write to system  Data modification or deletion  Denial of service  Door knob rattling  Unusual time of usage  Unusual usage patterns  Unusual log file entries  Presence of new setuid or setgid files Changes in system directories and files  Presence of cracking utilities  Activity during non-working hours or holidays  Other (Please specify) 7. Details of unusual behavior/symptoms - 8. Has this problem been experienced earlier? If yes, details -

Page 83 of 220 9. Agencies notified - Law Enforcement Private Agency Affected Product Vendor Other 10. IP Address of apparent or suspected source - Source IP address: Other information available: 11. How many host(s) are affected - 1 to 10 10 to 100 More than 100 12. Details of actions taken for mitigation and any preventive measure applied -

Page 84 of 220 7. Enhanced Reporting to SEBI on a quarterly basis within 60 days of the end of the quarter (to be submitted to SEBI at rta@sebi.gov.in) A. Name of QRTA: B. Registration No: C. Date of Report Submission (in dd/mm/yy): D. Enhanced Reporting Requirement for QRTAs for Quarter Ended on ......... Sr. No. Enhanced Reporting Norms DescriptionRemarks 1 Risk Management Policy a) Whether Risk Management policy is adopted and implemented b) Whetherresponsibilities and accountabilities have been charted out 2 Business Continuity Plan Audit/Testing a) Does the QRTA have Business Continuity Plan (BCP)? b) Name of the Primary and the BCP locations c) When was the BCP tested through mock drill? d) Whether the QRTA is complying with the requirement of testing I mock drill every 12 months? e) Has corrective action been initiated on learning arising out of BCP testing? 3 Manner of keeping records a) Whether records are lost, destroyed or tampered with; b) In the event of loss or destruction, whether sufficient back￾up of records is available at all times at a different place. 4 Wind-down Plan a) Does the QRTA have in place a Wind-down Plan (WOP) ? 5 Data Access and Data Protection Policy a) Whether protocols, processes and controls in place for entities who wish to connect with QRTA data base electronically b) Whether QRTA has entered into confidentiality contracts, legal contracts, written agreements, security protocols, etc., while facilitating electronic access to other entities to its data?

Page 85 of 220 6 Ensuring Integrity of Operations a) Whether minimum standards, protocol and procedures are in place for smooth running of operations, to protect the investor data and maintain information security b) Whether detailed operations manual explaining all aspects of its functioning has been prepared c) Whether mechanism is in place to have periodic replication of data with the concerned Mutual Funds I Issuer Companies I lnviTI REIT? d) Does QRTA have its database, servers, data storage media, at all times, related to Indian investors I clients, present in India 7 Scalable Infrastructure a) Peak transaction volume handled by the QRTA on any business day b) Peak new folios created by QRTA on any business day c) Was the adequacy of the capacity to handle twice the above volume reviewed and maintained by the QRTA. If no, what corrective actions taken 8 Board Committees of QRTA a) Audit Committee b) Nomination and Remuneration Committee c) IT Strategy Committee d) Whether any incidents having an impact on investor protection including data security breaches reported to the BoD of QRTA 9 Investor Services a) Number of Customer Services Centers operated by QRTA servicing Mutual Funds investors, Corporate and other investors, if any. b) Whether the QRTA has online capabilities to resolve investor queries and complaints c) If the QRTA is handling corporate registry, does it have facility for providing services for managing shareholder meetings including poll process and web streaming of AGMs of listed companies d) Whether QRTA can provide other facilities such as questions by investors during AGMs through online access as and when required by SEBI. e) Whether service standards published on website f) Date of investor satisfaction survey carried out g) Whether investor satisfaction survey outcomes published on website. 10 Insurance against Risks a) Whether adequate insurance against omissions and commissions, frauds by employee/s is in place E. Details of the review of the report by the Board of Directors

Page 86 of 220 Date of Review (dd/mm/yyyy) F. Observations of the BoD on i) The deficiencies and non-compliances: ii) Corrective measures initiated to avoid such instances in future:

Page 87 of 220 Section XII- Annexures ANNEXURE- 1 DRAFT OF AGREEMENT BETWEEN THE REGISTRAR TO AN ISSUE AND THE ISSUER COMPANY THIS AGREEMENT MADE AT ______ON _______BETWEEN (Name of RTI), a company within the meaning of the Companies Act, 2013 and having its Registered Office at __________I a partnership firm carrying on business in the firm and style of -::-c--:-:-:,-------,,-------,--------1-----:-- --:---,-- a sole proprietorship concern of which Shri! Smt is the sole proprietor and having its office at (delete whichever is not applicable) (hereinafter referred to as "Registrar") and _ a company within the meaning of the Companies Act, 2013 and having its registered office at (hereinafter referred to as the "company"). WHEREAS (1) The company is proposing to issue ........ (particulars of the Issue like type and No. of securities, value, date of opening of issue, etc., to the public hereinafter referred to as "the said Issue"). (2) The Registrar is a SEBI registered Registrar to an Issue having Registration No....... and the company has approached the Registrar to act as Registrar to the said Issue (the activities pertaining to the Registrar to an Issue are hereinafter referred to as "the assignment"), and the Registrar has accepted the assignment. (3) In terms of regulation 9A(1)(b) of the SEBI (Registrars to an Issue and Share Transfer Agents) Regulations, 1993, the Registrar is required to enter into a valid agreement with the Issuer company inter alia to define the allocation of duties and responsibilities between the Registrar and the Issuer and in pursuance of the same the Registrar and the Issuer have entered into an Agreement being these presents. NOW, THEREFORE, the company and the Registrar do hereby agree as follows : (1) The Company hereby appoints the Registrar as Registrars to the said issue and the Registrar accepts such appointment. (2) The Registrar hereby undertakes to perform and fulfill such functions, duties and obligations and to provide such services as are mentioned herein. (3) The Registrar declares and undertakes that : (a) It has obtained certificate of registration from SEBI and that the certificate is valid from … (Date) to … (date). It shall also ensure that the

Page 88 of 220 Certificate of registration shall remain in force by taking prompt steps for renewal. (b) It has not violated any of the conditions subject to which registration has been granted and that no disciplinary or other proceedings have been commenced by SEBI and that it is not debarred / suspended from carrying on its activities. (c) It shall perform its duties with highest standards of integrity and fairness and shall act in an ethical manner in all its dealings with the Issuer, investors, etc., and it will not take up any activities which is likely to be in conflict with its own interest, interests of the Issuer and investors or contrary to the directions issued by SEBI. (d) It shall carry out its duties / responsibilities and complete all the formalities within the specified time limits as per the relevant Statutes, SEBI Guidelines and Stock Exchange Regulations. (4) The Company hereby confirms that it has satisfied itself about the capability of the Registrar to handle the assignment. (5) The Company hereby declares that it has complied with or agrees to comply with all statutory formalities under the Companies Act, Guidelines for disclosure and investor protection issued by SEBI and other relevant statutes to enable it to make the said issue. The company also agrees that it will co-ordinate with the Registrar and that it will not give any instructions which are in violation of any of the Statutes/ Guidelines of SEBI. (6) The Company and the Registrar agree to their respective functions, duties and obligations pertaining to the assignment in respect of each activity as specified in Schedule – I hereunder written. (The activities listed in Schedule I are indicative and not exhaustive). The Company and the Registrar may include further activities agreed upon but all the activities pertaining to the assignment shall be listed and agreed upon. However, the following activities shall form part of the Registrar’s functions and responsibility during the currency of the agreement: (a) Despatch of letters of allotment/share certificates/refund orders/cancelled stock invests. (b) Issue of duplicate refund order (after obtaining suitable Indemnity Bond). (c) Revalidation of refund orders. (7) The Company agrees that the Registrar will not hand over any application or other documents / records pertaining to the Issue to the company or to any other person until the completion of despatch of allotment letters, refund orders, share / debenture certificates, etc. The company agrees that it will have access to the applications / documents pertaining to the Issue at the office of the Registrar only. The Registrar will handle the issue work from its office / s at …, which has been declared to SEBI and approved by it for carrying on its activities. The address of its above said office shall be printed in all relevant stationery pertaining to the said issue.

Page 89 of 220 (9) The issue stationery including certificates, letters of allotment, allotment advice, refund orders shall be kept ready and handed over to the Registrar by the company within 15 days from the date of closure of Issue and the company shall be responsible for any delay on this account. The company will arrange to obtain prior approval for issue stationery from the stock exchange and refund bankers. (10) The company shall make available in advance to the Registrar requisite funds for postage, mailing charges for dispatching of allotment letters / allotment advice, share certificates and stock instruments, etc. (11) The Registrar will extend all help to the public representative deputed by SEBI. The Employees Quota shall be allotted to the persons given in the list by the company duly signed by the Managing Director / Company Secretary certifying that they are bona fide employees of the company. In the case of oversubscription allotment will be done in the presence of a SEBI representative and the Registrar will extend all facilities to complete allotment process smoothly and speedily. The company shall also extend necessary help to the Registrar in such matter. (12) The company agrees to hand over to the Registrar impression of the common seal at the time of clearing the art works of pre-printed share certificates. (13) The company agrees that formats of all reports, statements, share or debenture certificates and other documents shall be in conformity with the standard designs approved by the stock exchange. (14) The registrar and the company agree that the fees and charges payable to the Registrar for handling the assignment shall be as specified in Schedule II hereunder written. (PLEASE INSERT FURTHER CLAUSES REGARDING PAYMENT TERMS). (15) The company agrees to take special contingency insurance policy to cover risk rising out of fraud, forgery, errors of commission / omissions, etc. (16) Should there be major change in the date of opening of Issue from that indicated above or in the event of complete collapse or dislocation of business in the financial market of the country due to war, insurrection or any other serious sustained, political or industrial disturbance or in any event caused by force majeure, the Registrar shall have option to withdraw from the issue before the date of opening of the issue and / or renegotiating the contract with the company. However, RTI shall continue to be responsible for the work till termination of the contract. (17) The Registrar shall redress complaints of the investors within one month of receipt of the complaint during the currency of the agreement and continue to do so during the period it is required to maintain records under the SEBI (Registrars to an Issue and Share Transfer Agents) Regulations, 1993 and the company shall extend necessary co-operation to the Registrar for its

Page 90 of 220 complying with the said Regulations. (18) The Registrar(s) responsibility under the agreement will be restricted to the duties of the Registrar as agreed to herein and the Registrar will not be in any way construed to be an agent of the company in its any other business in any manner whatsoever. (19) It is the company which is primarily responsible for Registrars’ work and Registrar shall act with the due diligence, care and skill while discharging the work assigned to it by the company. However, the Registrar shall indemnify the company and its successors from and against all suits, claims, actions and demand which may be made or commenced against the company by any holder of the securities issued or other third party as a consequence of any failure or deficiency on the part of the Registrar in performing or fulfilling, providing any of its functions, duties, obligations and services hereunder, however, the Registrar shall not be liable for any indirect or consequential loss caused to the company due to error or omission committed by them in good faith. (20) The company will bear expenses for legal advice / action which have to be taken for no lapse on the part of the Registrar but for any eventuality which may arise in connection with the issue work. (21) Any notice, communication or documents may be given by personal delivery, registered post, telex or by fax. The notice, communication or document shall be deemed to have been served upon the party to whom it is given if given by personal delivery when so delivered, if given by post on expiration of three days after the notice, etc., shall have been delivered to the post office for onward despatch, and if given by fax or telex upon transmission thereof. Provided that any notice, etc., given by telex or fax shall be confirmed in writing. (PLEASE INSERT CLAUSES REGARDING OTHER TERMS MUTUALLY AGREED UPON) (22) The Registrar and the company agree that non-compliance of any of the covenants contained therein by either party shall be reported to SEBI within 7 days by the other party. (23) Please insert clauses relating to arbitration in case of any disputes. (24) This agreement shall be valid until the expiry of one year from the date of closing of the said issue. In witness whereof of the parties hereunto have set their hands on the day and year hereinabove written. Signature of Company Signature of Registrar SCHEDULE I Any other activity may also be included) COMPANY / REGISTRAR

Page 91 of 220 . PRE-ISSUE WORK

1. Finalisation of bankers to issue, list of branches, controlling and collecting branches.
2. Design of application form, bank schedule, pre-printed stationery.
3. Preparing and issuing detailed instructions on procedure to be followed by collecting and controlling branches.
4. Arranging, despatch of application schedule for listing of applications to collecting and controlling branches.
5. Placing of orders for and procuring pre-printed stationery. II. ISSUE WORK
6. Collection of daily figure from bankers to the issue.
7. Expediting despatch of applications, final certificate to the controlling branches.
8. Collection of applicationalong with final certificate and schedule pages from controlling branches of bankers to the issue.
9. Informing Stock Exchange / SEBI and providing necessary certificates to Lead Manager on closure of issue.
10. Preparing underwriter statement in the event of under subscription and seeking extension from stock exchange for processing.
11. Scrutiny of application received from bankers to issue.
12. Numbering of applications and banks schedule and batching them for control purposes.
13. Transcribing information from documents to magnetic media for computer processing.
14. Reconciliation of number of applications, securities applied and money received with final certificate received from bank.
15. Identify and reject technical faults and multiple application with reference to ……
16. Preparation of inverse number.
17. Prepare statement for deciding basis of allotment by the company in consultation with the stock exchange.
18. Finalising basis of allotment after approval of the Stock Exchange.
19. Seeking extension of time from SEBI / Ministry of Finance (Stock Exchange Divn.) if allotment cannot be made within stipulated time.
20. Allotment of shares on the formula devised by Stock Exchange.
21. Obtaining certificate from auditors that the allotment has been made as per the basis of allotment.
22. Preparation of reverse list, list of allottees and non-allottees as per the basis of allotment approved by the stock exchange.
23. Preparation of allotment register-cum-return statement, register of members, index register.
24. Preparation of lists of brokers to whom brokerage is to be paid.
25. Printing covering letters for despatching share certificates, for refunding application money / stock invest, printing of allotment letter – cum – refund order.
26. Printing postal journal for despatching share certificate or allotment letters and refund orders by

Page 92 of 220 registered post. 22. Printing distribution schedule for submission to Stock Exchange. 23. Preparing share certificate on the computer. 24. Preparing register of member and specimen signature cards. 25. Arranging share certificate in batches for signing by authorized signatories. 26. Trimming share certificate and affixing common seal of the company. 27. Attaching share certificate to covering letter. 28. Mailing of documents by registered post. 29. Binding of application forms, application schedule and computer outputs. 30. Payment of consolidated stamp duty on allotment letters / share or debenture certificates or procuring and affixing stamp of appropriate value. 31. Issuing call notices for allotment money to allottees. 32. Issue of duplicate refund order. 33. Revalidation of refund orders ANNEXURE- 2 DRAFT OF AGREEMENT BETWEEN THE SHARE TRANSFER AGENT AND THE COMPANY THIS MEMORANDUM OF UNDERSTANDING MADE ON ______AT______BETWEEN (name of STA), a Company within the meaning of Companies Act, 2013 and having its Registered Office at ./ a partnership firm carrying on business in the firm name and style of at /________a sole proprietorship concern of which Shri I Smt is the sole proprietor and having its office at _______(delete whichever is not applicable) (hereinafter referred to as "Transfer Agent" ) and a company within the meaning of Companies Act, 2013 and having its registered office at ______(hereinafter referred to as the company). WHEREAS (1) The company has_______No. of shareholders /folios and has to render services relating to transfer, transmission, etc., in accordance with its Article of Association. (2) The Transfer Agent is a SEBI registered Share Transfer Agent having registration No.____and the company has approached the Transfer Agent to act as Share Transfer Agent and the Transfer Agent has accepted the assignment (3) In terms of regulation 9A(1)(b) of the SEBI (Registrars to an Issue and Share Transfer Agents) Regulations, 1993, the Transfer Agent is required to enter into a valid agreement with the body corporate on whose behalf the Transfer Agent has to act as Share Transfer Agent and in pursuance of the same the Transfer Agent and the company have entered into an agreement

Page 93 of 220 being these presents. NOW, THEREFORE, THE COMPANY AND THE TRANSFER AGENT DO HEREBY AGREE AS FOLLOWS:

1. The company hereby appoints the Transfer Agent as Share Transfer Agent and the Transfer Agent accepts such appointment.
2. The Transfer Agent thereby undertakes to perform and fulfill such functions, duties and obligations and to provide such services as are mentioned herein.
3. The Company will ensure that all records /reports/ documents are handed over to Transfer Agency after its appointment. The responsibility of the Transfer Agency will commence on receipt of records/reports/documents.
4. The company will inform shareholders/ debenture holders/ investors by way of Press notice/ Letters/ other media about the appointment and change in STA, if any, one month before handing over the assignment / change in appointment of Transfer Agency.
5. The Transfer Agent declares and undertakes that: a. It has obtained certificate of registration from SEBI and that the certificate is valid from…..(date) to…..(date). It shall also ensure that the certificate of registration shall remain in force by taking prompt steps for its renewal. b. It has not violated any of the conditions subject to which registration has been granted and that no disciplinary or other proceedings have been commenced by SEBI and that it is not debarred / suspended from carrying on its activities. c. It shall perform its duties with highest standards of integrity and fairness and shall act in an ethical manner in all its dealings with clients, investors, etc., and that it will not take up any activities which is likely to be in conflict with its own interest, interest of the company and investors and/or contrary to the directions issued by SEBI. d. It shall carry out its duties/responsibilities and complete all the formalities within the specified time limits as per the relevant Statutes, SEBI Guidelines and Stock Exchange Regulations. e. In case of change in status/constitution that it will obtain permission from SEBI.
6. The company before hereby confirms that it has satisfied itself about the capability including the infrastructure especially the computer hardware and requisite software, i.e., share accounting packages of the Transfer Agent to handle the assignment.
7. The company hereby declares that it has complied with or agrees to comply with all statutory formalities under the Companies Act, Guidelines for Disclosure and Investor Protection issued by SEBI, listing agreement of Stock Exchanges and other relevant statues pertaining to Share Transfer

Page 94 of 220 activities. 8. The company and the Transfer Agent agree to their functions, duties and obligations in respect of each activity relevant to the Share Transfer as specified in the Schedule I hereto. However, the following activities shall form part of the Transfer agent’s functions and responsibility during the currency of this agreement. i. Receipt of request for transfer, transmission, endorsement as fully paid-up, allotment/ call money, split, consolidation, change of address, issue of duplicate certificates in lieu of misplaced/ lost certificates. ii. Processing of requests for transfer, endorsement as fully paid- up, receipt of allotment / call money and other correspondence received in connection with transfer activities. iii. After verification of transfer deeds, preparation of transfer proposals for approval of the transfer committee of the company, endorsement on the certificates. iv. Despatch of transferred certificates to the transferees within the mandatory period as laid down in the Companies Act/ Listing Agreement. 9. The Transfer Agent will handle the transfer work from its office / s at……… which has been declared to SEBI and approved by it for carrying on its activities. The address of its office shall be printed in all relevant stationery pertaining to the said transfers, etc. 10. All the input materials that are to be supplied by the company / agreed to be supplied by the company will be delivered by the company at its cost at the office of the Transfer Agent stated above in clause 7 and all finished tabulations, statement, unused stationery bearing the name and the letterhead of the company and all original documents supplied by the company to the Transfer Agents are to be delivered by the Transfer Agent at company’s cost to such address as may be specified. 11.The Transfer Agent’s responsibility under this arrangement will be restricted to the duties of the Transfer Agent as agreed to herein and the Transfer Agent will not be in any way construed to be an agent of the company in its other business in any manner whatsoever. 12.The Transfer Agent shall not during the term of this agreement or thereafter, either directly, or indirectly, for any reason whatsoever, divulge, disclose or make public any information whatsoever which may come to their knowledge during or as a result of their appointment as Transfer Agent of the company and whether concerning the business, property, contracts, methods, transactions, dealings, affairs or members of the company or otherwise, save in accordance with the performance of their duties hereunder or as required by law.

Page 95 of 220 13.Transfer Agent shall use its best efforts to perform the duties assigned to it in terms of this agreement with the utmost care and efficiency. Transfer Agent shall ensure that adequate control are established to ensure the accuracy of the reports furnished by it. Transfer Agent shall, however, not be responsible or liable for any direct or consequential omission / commission committed by the Transfer Agent in good faith or in absence of its negligence or breach of the terms of this agreement or due to reasons beyond the Transfer Agent’s reasonable control. 14.Company is primarily responsible for the work of share transfer work assigned to STA. The STA should execute the work efficiently and with due diligence and care, however, the Transfer Agent shall indemnify the company and its successors from and against all suits, claims, actions and demand which may be made or commence against the company by any holder of the securities issued or other third party as a consequence of any failure or deficiency on the part of the Transfer Agent in performing or fulfilling, providing any of the functions, duties, obligations and services consequential loss caused to the company due to error or omission committed by it in good faith and unless such damages are caused by the negligence, willful misconduct, failure to act or recklessness of the Transfer Agent. 15.Any notice, communication or documents may be given by personal delivery, registered post, telex or by fax. The notice, communication or document shall be deemed to have been served upon the party to whom it is given if given by personal delivery when so delivered, if given by post on expiration of three days after the notice, etc. shall have been delivered to the post office for onward despatch, if given by fax or telex upon transmission thereof. Provided that any notice, etc., given by telex or fax, shall be confirmed in writing. 16.The Transfer Agent and the company agree that in case of non-compliance of any of the covenants contained in these presents a report thereof shall be made to SEBI within 7 days. 17.The Transfer Agent shall redress complaints of the investors within one month of receipt of the complaint during the currency of the agreement. This, however, shall not exempt the Transfer Agent from redressing the complaint of the investors within one month during the period it is required to maintain the records under the SEBI (Registrars to an Issue and Share Transfer Agents) Regulations, 1993 and the company shall do all such things and extend necessary co￾operation for the Transfer Agent complying with this Regulation. 18.The company agrees that formats of all reports, statements, share or debenture certificates and other documents shall be in conformity with the standard designs approved by the Stock Exchange. 19.The company and the Transfer Agent agree that the fees and charges payable to the Transfer Agent shall be as specified in schedule II hereunder written. (PLEASE INSERT CLAUSES REGARDING PAYMENT TERMS)

Page 96 of 220 20.The company shall take special contingency insurance policy to cover risk out of fraud, forgery, errors of commission/ omission, etc. 21.Should there be major change in scope of work from that indicated above or in the event of complete collapse or dislocation of business in the financial market of our country due to war, insurrection or any other serious sustained political or industrial disturbance or in the event of force majeure, the Transfer Agent shall have option to withdraw its appointment or renegotiate the contract. However, the Transfer Agent shall be liable for the activities done till termination of the contract. 22. The company will provide all required stationery items, envelopes and postage expenses well in advance to enable Transfer Agent to process all transfers, transposition, transmission and other share transfer related activities. The company shall ensure that after the approval of transfer requests by transfer committee, the funds for despatch will be made available to Transfer Agents to complete despatch of transferred certificates within the stipulated time as prescribed in Companies Act/ Listing Agreement. 23.If the transactions covered under this agreement are liable to any sales tax or other levy the company shall reimburse to the Transfer Agent their liability for payment of such tax / levy including interest and other sum if any payable in respect thereof. 24.The company will bear expenses for legal advice/ action which may have to be taken for no lapse on the part of the Transfer Agent but for any eventuality which may arise in connection with the issue work. 25.The company and Transfer Agent shall maintain following documents and records pertaining to Transfer activities by way of hard copies and if required may be stored by way of tape drives in computers: a) Check-list, inward register, transfer register, buyer / sellers register with net effect as on date of approval of transfer proposals, transfer deeds, specimen signature cards / signature captured on signature scanner, despatch register/ postal journal, objection memos, mandates, Power of Attorney/ Board Resolution, RBI Approval in case of NRI Jumbo Transfer Deeds in case of FIIs, Register of Members, Annual Returns/Return of Allotment, Interest/Dividend Register. b) Correspondence with the company, investors, SEBI, Stock Exchange and other statutes and other relevant documents pertaining to transfer activities. c) Records pertaining to investors complaints, Board Resolution passed by the company authorising the Transfer Agent to endorse the certificates and other documents on behalf of the company. d) Magnetic Tapes containing all the data pertaining to shareholders and related transfer activities. These records shall be maintained for a minimum period of 8 years as provided in Regulation 15

Page 97 of 220 of SEBI (Registrar to an Issue and Share Transfer Agents) Regulations, 1993 and the same should be made available for inspection as and when decided by Statutes including SEBI. 26. Other conditions as mutually agreed between the Company and the Transfer Agent. 27. Please insert clauses relating to arbitration in case of any disputes. 28. This Agreement shall be valid for a period of … Years from … (Date). (The validity period shall be minimum one year). In witness whereof the parties thereunto have set their hands on the day and year hereinabove written. Signature of Company Signature of Transfer Agent SCHEDULE I 1.SPECIFIC ACTIVITIES a. STA will receive and attend promptly correspondence received from shareholders/ debenture holders / company / stock exchanges / SEBI / other bodies and will segregate the inward mail as transfer requests, request for endorsements as fully paid-up, receipt of call money, request for change of address, transmission, transposition, deletion of name, other letters from investors. It will inward the mail pertaining to request for transfer/transmission transposition/other request/complaints by maintaining inward register on a day to day basis and also affix stamp containing inward number and date of receipt on all transfer deeds/letter pertaining to above requests/complaints. b. The company shall also maintain inward register to record the date of receipt of transfer requests/request for endorsement as fully paid up/correspondence from investors, SEBI/Stock Exchanges and relevant statutes. Company shall hand over all transfer requests/request for endorsement as fully paid up/other correspondence well in time under a covering letter to Transfer Agent. The receipt of above documents should be acknowledged by Transfer Agents. c. Transfer Agents shall process all transfer/transmission/transposition/change of address/other requests/complaints and generate checklist, verify the same and correction of such data. d. While scrutinizing transfer deeds, transfer agent shall verify date of presentation, transferors' particulars, certificates enclosed, transferors' signature with specimen signature record, verify the value of stamps, thumb impressions needs to be attested by Magistrate/bank managers or notarized as the case may be and check whether all the columns including address of transferees provided in Transfer Deeds are duly filled up, etc.

Page 98 of 220 e. Transfer Agent shall generate transfer numbers for each valid transfer and the same may be filled up in the column provided in the transfer deed and also folio numbers (in case of new transferees only). It shall allocate the existing folio number in such cases where the transferee is already holding shares of the company. f. After verification of valid transfers, transfer agents shall prepare transfer registers in duplicate and submit the transfer register well in advance to the transfer committee of the company for approval. g. The company agrees to conduct share transfer committee meetings at the frequency mutually agreed and specified in the agreement which will enable the transfer agent to complete the transfer of securities within the stipulated time under the Companies Act / Listing Agreement. h. After receipt of approval of transfer proposals by the transfer committee, transfer agent shall endorse on the back of the certificates authenticating the transfer of shares in the name of transferees. In case of endorsement by Transfer Agent, Companies shall authorize Transfer Agents to do so by passing a resolution in its Board Meeting. i. In case of endorsement of share certificates, company/Transfer Agent shall ensure that the authentication is done by an authorized signatory. j. Transfer Agent shall despatch the transferred share certificates under a covering letter. Transfer Agent shall maintain postal journal/despatch register for the despatch of transferred certificates. The documents may indicate the date of despatch and name of the post office where the despatch has been made. k.Transfer Agent shall preserve all the transfer deeds in safe custody, take steps to cancel the stamps affixed on the back of transfer deeds and also cancel all blank transfer deeds signed by transferors but not used for effecting transfer. l.Enter the transfer details on both seller side and buyer side in the register of members, preparation of new ledger sheets for the register of members in case of new share/debenture holders. m. Cutting the specimen signature of the new share/debenture holders, pasting and maintaining specimen signature cards up to date. Specimen signature cards of shares and / debenture holders with nil holding will be removed and stored separately. Transfer Agents may capture the signatures with the help of signature scanner and store in the computers. n. Transfer Agent shall maintain movement register to record the date of receipt of transfer requests/request for endorsement as fully paid up/ other correspondence received directly from the company. Similarly, transfer agents shall record the date of submission of transfer

Page 99 of 220 proposals to the transfer committee of the company for approval, date of receipt of the transfer proposal after approval, date of submission of certificates to the company for endorsement and date of receipt of certificates after endorsement and date of despatch to transferee. II. GENERAL

1. Attending to correspondence regarding change of address, consolidation/split of certificates, non receipt of share/debenture certificates, dividend/interest warrants and other letters received from company/SEBI/Stock Exchange, etc.
2. Printing of new share/debenture certificates in lieu of misplaced, lost mutilated certificates. Transfer Agent shall issue new certificates against request for consolidation or split.
3. Transfer Agent shall update all records and generate all reports and returns required for the AGM/Extraordinary General Meeting, despatch annual reports, circulars and notices, etc. to share/debenture holders.
4. Transfer Agents shall process and print dividend warrants / interest warrants/call notices to share/debenture holders.
5. In case of rights issues, companies shall inform transfer agents and other bodies about the record date and give sufficient time to transfer agent to affect all transfers, update all records. Transfer Agents shall despatch composite application forms well in time or hand over all the required records to Registrar to Rights Issue so as to enable the Registrar to complete issue in time.
6. Transfer Agents shall maintain Register of Members. It will be kept up-to-date by incorporating changes therein during the year.
7. Any other reports, statements as mutually agreed between company and the transfer agent. SCHEDULE II Schedule of Fees

Page 100 of 220 Annexure-3 FORM A SECURITIES AND EXCHANGE BOARD OF INDIA (REGISTRARS TO AN ISSUE AND SHARE TRANSFER AGENTS) REGULATIONS, 1993 (Regulation 3)] [APPLICATION FOR REGISTRATION AS REGISTRARS TO ISSUE OR SHARE TRANSFER AGENTS OR BOTH] NAME OF THE APPLICANT (Whether proprietary concern / firm / association of persons /body of persons / body corporate)

---

The words “in technological aspects” omitted by the Securities and Exchange Board of India (Regulatory Sandbox) (Amendment) Regulations, 2021, w.e.f. 03-08-2021. Substituted for the words “Regulation 3/Regulation 8A” by the Securities and Exchange Board of India (Change In Conditions Of Registration Of Certain Intermediaries) (Amendment) Regulations, 2016 w.e.f. 08-12-2016. Prior to this, the words “Regulation 3/Regulation 8A” were substituted for the words and number ‘Regulation 3’, by the SEBI (Registrars to an Issue and Share Transfer Agents) (Amendment) Regulations, 2011, w.e.f. 5-7-2011. Substituted for the words “Application for Initial/ Permanent Registration as Registrars to Issue or Share Transfer Agents or both” by the Securities and Exchange Board of India (Change In Conditions Of Registration Of Certain Intermediaries) (Amendment) Regulations, 2016 w.e.f. 08- 12-2016. Prior to this the words “Application for Initial/ Permanent Registration as Registrars to Issue or Share Transfer Agents or both” were substituted for the words ‘APPLICATION FOR REGISTRATION AS REGISTRARS TO ISSUE OR SHARE TRANSFER AGENTS OR BOTH’, ibid.

Page 101 of 220 NAME OF THE PRINCIPAL OFFICER AND DESIGNATION __________________________ TELEPHONE NO. __________________________ CATEGORY FOR WHICH CERTIFICATE APPLIED FOR UNDER REGULATION 3 (AS APPLICABLE) INSTRUCTION:

1. APPLICANT MUST SUBMIT A COMPLETED APPLICATION FORM TOGETHER WITH SUPPORTING DOCUMENTS TO THE SECURITIES AND EXCHANGE BOARD OF INDIA.
2. ALL COLUMNS OF THE APPLICATION SHOULD BE FILLED IN. IN CASE A COLUMN IS NOT RELEVANT OR NOT APPLICABLE, THIS SHOULD BE SPECIFIED.
3. INFORMATION, WHICH NEEDS TO BE SUPPLIED IN MORE DETAILS, MAY BE WRITTEN ON SEPARATE SHEETS, WHICH SHOULD BE ATTACHED TO THE APPLICATION FORM.
4. ORIGINAL COPY OF FORM DULY SIGNED SHOULD BE SUBMITTED. PART – I GENERAL INFORMATION
5. APPLICANTS DETAILS 1.1. Name of the Applicant _____________________________ 1.2. Category applied for ______________________________ 1.3. Address of Applicant ______________________________ Pin Code _____________ Telephone No. _____________ Telex No. _____________ Fax No. __________________ 1.4. Address of the applicant for Correspondence: Pin Code _____________Telephone No. ____________

Page 102 of 220 Telex No. _____________Fax No. __________________ 1.5 Address of Branch Offices (in India & Abroad) of the applicant, if any: (a) _________________________________________ (b) _________________________________________ (c) _________________________________________ (d) _________________________________________ 1.6 Whether any other application under Securities and Exchange Board of India Act, 1992 has been made for grant of Certificate, if so, details thereof: 2. ORGANISATION STRUCTURE: 2.1 Objective of the organisation. (attach the extracts from relevant documents like, Partnership deed, Charter, Memorandum of Association, and Articles of Association in support of objectives of the organisation.) 2.2 Date and Place of Incorporation / Establishment of the organisation of the applicant. Day Month Year Place 2.3 Status of the applicant (specify whether proprietary, partnership, association of persons, body of individuals, limited company - public/private, others. If listed, name of the stock exchange and latest share price: high & low). 2.4 Organisation Chart stating the functional responsibility at various levels. 2.5 Particulars of all Proprietors / Partners / Mangers / Officers / Directors: - [Name, Qualification, Experience, Date of Appointment, Other directorship (Name & Date of Appointment), Previous positions held.] 2.6 Number of employees (General and for specific Intermediaries activity) 2.7 Name and activities of associate companies / concerns carrying out on activities of a registrar to issue or share transfer agent. Name Address/ Phone nos. Type of activity Status

Page 103 of 220 2.8 In case the applicant is a body corporate, please give list of major shareholders (holding 5% or more voting rights) and percentage of their shareholdings. 3. DETAILS OF INFRASTRUCTURAL FACILITIES 3.1 Office Space (mention the extent of area available) 3.2 Office Equipment (mention the details of electronic office equipment, typewriters, telecommunications equipment etc.) 3.3 Whether Data Processing capacity facility is available (a) In house or (b) outside, please give details. 3.4 Computer facility: (a) Hardware Configuration (b) Software Environment 4. BUSINESS PLAN (FOR THREE YEARS) (a) History, Major achievements and present activity (b) Projected Profitability (Next three years) (Physical targets, Modus Operandi to achieve targets, Resultant Income) 5. FINANCIAL INFORMATION 5.1 Capital structure ( In lakhs) Current Year Subsequent second Subsequent third year (estimated) year (estimated) year (estimated) (a) Paid up Capital (b) Free reserves (excluding revaluation reserves) (c) Total (a) + (b) (d) Loans (Details) (e) Note: ─In case of partnership or proprietary concerns, please indicate capital minus drawings. 5.2 Deployment of Resources ( In lakhs) Current Year Subsequent second Subsequent third (estimated) year (estimated) year (estimated) (a) Fixed Assets (b) Plant & Machinery and office equipment (c) Investment (Details Should be given separately)

Page 104 of 220 (d) Others 5.3 Net Profit for the last three financial years ( In lakhs) First Year Second Year Third year 5.4 Estimated profit from various sources. ( In lakhs) Current Year Subsequent second Subsequent third (estimated) year (estimated) year (estimated) 5.5 In the case of body corporate, please enclose three years of audited annual accounts and where unaudited reports are submitted, give reasons. 5.6 Name and Address of Principal Bankers 5.7 Name and Address of the Auditors (Internal, External & Tax auditor, if any). (As applicable) 6 OTHER INFORMATION 6.1 Details of all pending disputes: Nature of dispute Name of the party Names & Places of Court . Tribunal where disputes . are pending 1.2. Indictment of involvement in any offence relating to moral turpitude / economic offences in the last three years. 1.3. Any significant awards or recognition, collective grievances against the services rendered by the company. 1.4. Any other information considered relevant to the nature of services rendered by the company. 1.5. Name of two references. (For applicants other than institutions & corporate bodies) Part II BUSINESS INFORMATION 7.1. Describe present activities and proposed activity in case of new organisation.

Page 105 of 220 7.2 Existing / proposed facilities for redressed of Investor Grievances. (Furnish number and type of complaints received, follow-up with the companies, average time taken in resolving the complaints and overall system of handling complaints.) 7.3 Enclose a copy of typical contract entered with a person making the issue or share transfer agent. 7.4 Details of facilities for processing of application, collection and dispatch of documents, refund orders, allotment letters, space for safe custody of refund orders, certificates, reconciliation with the collecting banks. EXPERIENCE 8.1 Experience in handling the activities during the last three years. (Name of the corporate body, particulars of issues handled, size of issues etc.) for: (a) Registrars to Issue (b) Share Transfer Agents 8.2 Experience in other financial services (period, area, and commencement of activity). DECLARATION

---

THIS DECLARATION MUST BE SIGNED BY PRINCIPAL OFFICER / SOLE PROPRIETOR, AS APPLICABLE. I / We hereby apply for GRANT OF CERTIFICATE OF REGISTRATION by the Board, I/ We warrant that I/We will carry out my /our duties in accordance with the Act, Rules and Regulations. I/We warrant that I/We have truthfully and fully answered the questions above and provided all the information which might reasonably be considered relevant for the purposes of my/our grant of Certificate for registration and I/We will promptly notify the Board of any changes in the information during the period that my / our registration is being considered and if my/our registration is accepted, thereafter. I/We understand that misleading or attempting to mislead the Board shall render the applicant liable to disciplinary proceedings. I/We certify that the above information and information supplied in the application form is true, complete and correct.

Page 106 of 220 For and on behalf of

(Name of Applicant) PLACE Date Annexure-4 Declaration-Cum-Undertaking We M/s. (Name of the intermediary/the acquirer/person who shall have the control), hereby declare and undertake the following with respect to the application for prior approval for change in control of (name of the intermediary along with the SEBI registration no.): 1.The applicant/intermediary (Name) and its principal officer, the directors or managing partners, the compliance officer and the key management persons and the promoters or persons holding controlling interest or persons exercising control over the applicant, directly or indirectly (in case of an unlisted applicant or intermediary, any person holding twenty percent or more voting rights, irrespective of whether they hold controlling interest or exercise control, shall be required to fulfill the ‘fit and proper person’ criteria) are fit and proper person in terms of Schedule II of SEBI (Intermediaries) Regulations, 2008. 2. We bear integrity, honesty, ethical behaviour, reputation, fairness and character. 3. We do not incur following disqualifications mentioned in Clause 3(b) of Schedule II of SEBI (Intermediaries) Regulations, 2008 i.e. (i) No criminal complaint or information under section 154 of the Code of Criminal Procedure, 1973 (2 of 1974) has been filed against us by the Board and which is pending. (ii) No charge sheet has been filed against us by any enforcement agency in matters concerning economic offences and is pending. (iii) No order of restraint, prohibition or debarment has been passed against us by the Board or any other regulatory authority or enforcement agency in any matter concerning securities laws or financial markets and such order is in force. (iv) No recovery proceedings have been initiated by the Board against us and are pending. (v)No order of conviction has been passed against us by a court for any offence involving moral turpitude. (vi)No winding up proceedings have been initiated or an order for winding up has been passed against us. (vii) We have not been declared insolvent. (viii)We have not been found to be of unsound mind by a court of competent jurisdiction and no

Page 107 of 220 such finding is in force. (ix)We have not been categorized as a wilful defaulter. (x)We have not been declared a fugitive economic offender. 4. We have not been declared as not ‘fit and proper person’ by an order of the Board. 5. No notice to show cause has been issued for proceedings under SEBI(Intermediaries) Regulations, 2008 or under section 11(4) or section 11B of the SEBI Act during last one year against us. 6. It is hereby declared that we and each of our promoters, directors, principal officer, compliance officer and key managerial persons are not associated with vanishing companies. 7. We hereby undertake that there will not be any change in the Board of Directors of incumbent, till the time prior approval is granted. 8. We hereby undertake that pursuant to grant of prior approval by SEBI, the incumbent shall inform all the existing investors/ clients about the proposed change prior to effecting the same, in order to enable them to take informed decision regarding their continuance or otherwise with the new management. The said information is true to our knowledge. (stamped and signed by the Authorised Signatories) Annexure- 5 A. Name of QRTA: B. Registration No: C. Date of Report Submission (in dd/mm/yy): D. Enhanced Reporting Requirement for QRTAs for Quarter Ended on ......... Sr. No. Enhanced Reporting Norms DescriptionRemarks 1 Risk Management Policy a) Whether Risk Management policy is adopted and implemented b) Whether responsibilities and accountabilities have been charted out

Page 108 of 220 2 Business Continuity Plan Audit/Testing a) Does the QRTA have Business Continuity Plan (BCP)? b) Name of the Primary and the BCP locations c) When was the BCP tested through mock drill? d) Whether the QRTA is complying with the requirement of testing I mock drill every 12 months? e) Has corrective action been initiated on learning arising out of BCP testing? 3 Manner of keeping records a) Whether records are lost, destroyed or tampered with; b) In the event of loss or destruction, whether sufficient back-up of records is available at all times at a different place. 4 Wind-down Plan a) Does the QRTA have in place a Wind-down Plan (WOP) ? 5 Data Access and Data Protection Policy a) Whether protocols, processes and controls in place for entities who wish to connect with QRTA data base electronically b) Whether QRTA has entered into confidentiality contracts, legal contracts, written agreements, security protocols, etc., while facilitating electronic access to other entities to its data? 6 Ensuring Integrity of Operations a) Whether minimum standards, protocol and procedures are in place for smooth running of operations, to protect the investor data and maintain information security b) Whether detailed operations manual explaining all aspects of its functioning has been prepared c) Whether mechanism is in place to have periodic replication of data with the concerned Mutual Funds I Issuer Companies I lnviTI REIT? d) Does QRTA have its database, servers, data storage media, at all times, related to Indian investors I clients, present in India 7 Scalable Infrastructure a) Peak transaction volume handled by the QRTA on any business day b) Peak new folios created by QRTA on any business day c) Was the adequacy of the capacity to handle twice the above volume reviewed and maintained by the QRTA. If no, what corrective actions taken

Page 109 of 220 8 Board Committees of QRTA a) Audit Committee b) Nomination and Remuneration Committee c) IT Strategy Committee d) Whether any incidents having an impact on investor protection including data security breaches reported to the BoD of QRTA 9 Investor Services a) Number of Customer Services Centers operated by QRTA servicing Mutual Funds investors, Corporate and other investors, if any. b) Whether the QRTA has online capabilities to resolve investor queries and complaints c) If the QRTA is handling corporate registry, does it have facility for providing services for managing shareholder meetings including poll process and web streaming of AGMs of listed companies d) Whether QRTA can provide other facilities such as questions by investors during AGMs through online access as and when required by SEBI. e) Whether service standards published on website f) Date of investor satisfaction survey carried out g) Whether investor satisfaction survey outcomes published on website. 10 Insurance against Risks a) Whether adequate insurance against omissions and commissions, frauds by employee/s is in place E. Details of the review of the report by the Board of Directors Date of Review (dd/mm/yyyy) F. Observations of the BoD on i) The deficiencies and non-compliances: ii) Corrective measures initiated to avoid such instances in future:

Page 110 of 220 Annexure-6 I. Provisions with regard to Payment of Dividend/Interest/Redemption :

1. The Issuer Company, RTA and the dividend/interest/redemption processing Bank shall ensure that the Dividend/Interest/redemption Master file (i.e. file containing detailed list of beneficiaries entitled for dividend/interest/redemption distribution by whatever name called on the record date) shall include Company Name, Folio No., DPID/Client ID, Name of the first securities holder, Dividend/interest/redemption payment date, Dividend/interest/redemption amount, Payee details, Bank name, Bank account, Bank branch of the holder of securities, MICR number, Dividend/Interest/Redemption Warrant number, details of payment made through electronic channels such as RTGS/NEFT. The said file shall be shared with the Banker through a secured process/procedure as per Banker's prescribed secured mechanism. Copy of the Dividend/Interest/Redemption Master data file containing details for each dividend/interest/redemption paid shall be maintained by the bank and the same shall be reconciled by the RTA and the Issuer Company.
2. In cases where bank account details of the securities holder is not available with RTA or there is change in bank account details, RTA shall obtain account details along with cancelled cheque to update the securities holder's data. The original cancelled cheque shall bear the name of the securities holder failing which securities holder shall submit copy of bank passbook /statement attested by the bank. RTA shall then update the bank details in its records after due verification. The unpaid dividend shall be paid via electronic bank transfer. In cases where either the bank details such as MICR (Magnetic Ink Character Recognition), IFSC (Indian Financial System Code), etc. that are required for making electronic payment are not available or the electronic payment instructions have failed or have been rejected by the bank, the issuer companies or their RTA may ask the banker to make payment though physical instrument such as banker's cheque or demand draft to such securities holder incorporating his bank account details.
3. The dividend/interest/redemption processing Bank shall ensure that any dividend/interest/redemption instrument (such as demand drafts, dividend/interest/redemption warrants etc.) lying unpaid beyond the validity period of the instrument shall be cancelled and the dividend/interest/redemption amount transferred earlier by issuer in the said account shall be credited back immediately to the relevant bank account of the Issuer Company. Banks should also provide the unpaid instrument details when reconciliation data is shared with Issuer Company I RTAs.

Page 111 of 220 4. Revalidation/Re-issue requests to the dividend/interest/redemption processing bank by the RTA should contain at least Name of the Company, DPID/Ciient ID/Folio No. (as applicable), Original Instrument Number, MICR No., Security holder's name, Payee's name, Payee's bank account Number, Bank name, reason for revalidation etc. RTA shall maintain records of the revalidation/re-issue requests. 5. The Issuer Company, RTA and the dividend/interest/redemption processing Bank shall ensure that the Banks provide reconciliation of the Paid and Unpaid details (including bank Transaction Reference Number, payee name etc.) of the Dividend/interest/redemption paid fortnightly during the initial validity of the instrument and after the expiry of validity period of the instrument, quarterly till transfer of funds to Investor Education and Protection Fund (hereinafter referred to as IEPF). Dividend/interest/redemption reconciliation data sent by banks to RTA/Issuer Companies shall contain details of all DDs/new instruments issued/ electronic instructions sent in lieu of original dividend/interest/redemption payment. Details of old as well as new dividend instruments shall be provided. RTA shall also do the reconciliation and inform the Bankers/Issuer Companies in case of any discrepancies. The reconciliation files sent by the Banker shall be maintained by all the three entities, RTA, the Issuer Company, and the dividend/interest/redemption payment processing Banker as its record for a period of eight years. 6. Details of the rejection of electronic remittance, dividend/interest/redemption instruments undelivered, dividend/interest/redemption instruments expired and subsequent payment of dividend/interest/redemption made through new instruments including the status of payment of the same shall be linked to dividend/interest/redemption payment record of each of the specific folios by RTA and audit trail shall be kept in the system of the RTA. II. Provisions with regard to Transfer/Transmission/Correction of Errors etc. :

1. RTAs and Issuer Companies shall ensure that a folio once allotted to a person should never be re-allotted to any other person under any circumstances. Ceased folios numbers i.e. folios having nil balance should not be re-allotted to any other person.
2. RTAs and Issuer Companies shall ensure that history of all transactions in a folio (w.r.t securities held or dividend/interest/redemption issued in that folio, certificates issued or any other change) are linked to a particular folio for easy retrieval.

Page 112 of 220 3. RTAs shall follow the "Maker-Checker" concept in all of its activities to ensure that accuracy of data and a mechanism to check unauthorised transaction and record shall be maintained. 4. RTAs and Issuer Companies shall ensure that all updation in the folio records shall be enabled only through front end modules. No back-end entry/updation /correction should be permitted. RTAs and Issuer Companies shall ensure that "System Log" having complete details for any change (viz. nature of change, user access history, user identification, date/time of change etc.) must be maintained. 5. For any correction of errors, RTAs must take prior approval from the Company similar to cases of transfers, transmissions etc. 6. RTAs shall provide to the Issuer Company a soft copy of Members data (having details inter alia Name, Address, Folio No, Number of Shares, Distinctive numbers, Certificate numbers, etc.) under due certification at the end of each quarter of a financial year. This data should also contain transaction in the physical folio during the period. The copy of these databases shall be maintained by Issuer Companies and the RTAs independently as permanent record. 7. RTAs shall provide to the Issuer Company a copy of the Register of debenture holders under due certification at the end of each quarter of a financial year. The register should contain information relating to name, father's /husband's name; address and occupation, if any, of each debenture holder; date of allotment; date of registration with the Registrar of Companies; the debentures held by each holder distinguishing each debenture by its number except where such debentures are held with a depository; distinctive number and certificate number of debentures; the amount paid or agreed to be considered as paid on those debentures; date of payment; date on which the name of each person was entered in the register as a debenture holder; date on which any person ceased to be a debenture holder; date of transfer of debentures; serial number of instrument of transfer; transferor's name and folio number; transferee's name and folio number, transfer number, number of debentures transferred and their distinctive numbers; date of transfer; and instructions, if any, for payment of interest. The copy of that Register of debenture holder shall be maintained by Issuer Companies and the RTAs independently as permanent record. 8. Any returns filed with Registrar of Companies (ROC) or any other documents relating to company's securities processed and compiled by the

Page 113 of 220 RTAs will also be maintained by the RTAs and a copy of the return shall be forwarded to the Issuer Company. The Issuer Companies will also independently preserve these data as filed with the ROC at their end. 9. RTAs and Issuer Companies shall frame a written policy and shall maintain strict control on stationery including blank certificates, dividend/interest/redemption warrants and shall periodically check by physical verification. The reconciliation report shall be maintained by the RTAs and concerned Issuer Company. 10.In addition to maintaining details of securities certificates issued or re-issued data in respective folios, RTAs shall maintain a certificate printing register/records containing, inter alia, details such as Date of Printing/issue, Folio No, Name in which printed, Certificate No, Distinctive Nos, Old Certificate No (in case is reprinting), Reason of printing etc. 11.If the security holder is holding physical securities, RTAs, Issuer Companies and Depositories shall ensure that the Bonus securities against these folios shall mandatorily be issued in physical mode only. In other words, Bonus securities cannot be allotted in demat form with respect to folios where physical securities certificates are maintained. 12.The Issuer Company and RTAs shall exercise enhanced due diligence in following cases: i. Where dividend/interest/redemption remains unpaid for three years & above ii. PAN/bank account details not available in the folio. iii. Unclaimed suspense account constituted pursuant to SEBI (Listing Obligations and Disclosure Requirements) Regulations. iv. IEPF suspense account set up pursuant to Companies Act 2013. v. Any other stringent criteria as decided by the Issuer Company and the RTAs. RTAs shall maintain a list of such account folios and share with the Issuer Company at the end of every quarter of a financial year. 13. RTAs shall have system based alerts for processing of all transactions in such account folios referred above in para 12. In case any request for transactions is received from such folios, the Issuer Company and RTAs shall exercise enhanced due diligence. For the purpose of exercising enhanced due diligence, Issuer Companies and/or RTAs shall call for documents related to

Page 114 of 220 proof of identity/address, PAN and bank details, and such other additional procedures that would enable the Issuer Company/RTA to reasonably satisfy itself about the genuineness of the request. 14. RTAs shall maintain a register containing details of records and documents destroyed. The register shall inter alia contain the following particulars: description of the records and documents destroyed, name of authority authorising the destruction, date of authorization of destruction, destroyed in whose presence (with signature) and date of destruction. The authenticity of the register shallbe verified during internal audit. The register shall be maintained till perpetuity. Ill. Compulsory internal audit of RTAs

1. All RTAs are required to carry out internal audit on annual basis by independent qualified Chartered Accountants or Company Secretaries or Cost and Management Accountants and Certified Information Systems Auditor (CISA) who don't have any conflict of interest.
2. Eligibility of auditors for conducting the Internal Audit of the RTA a. The audit firm shall have a minimum experience of three years in the financial sector. b. An auditor shall be appointed for a maximum term of five years, with a cooling-off period of two years.
3. The audit shall cover all aspects of RTA operations including investor grievance redressal mechanism and compliance with the requirements stipulated in the SEBI Act, Rules and Regulations made thereunder, and guidelines/circulars issued by SEBI from time to time. The scope of the audit shall cover all issues concerning the functioning of RTAs.
4. The report shall state the methodology adopted, deficiencies observed, and consideration of response of the management on the deficiencies.
5. The report shall include a summary of operations and of the audit, covering the size of operations, number of transactions audited and the number of instances where violations I deviations were observed while making observations on the compliance of any regulatory requirement.
6. The report shall comment on the adequacy of systems adopted by the RTAs for compliance with the requirements of regulations and guidelines issued by SEBI and investor grievance redressal.
7. The RTA shall submit a copy of report of the internal audit to Issuer Company within three months from the end of the financial year. Copy of the same shall also be preserved by the RTA.

Page 115 of 220 8. The Governing Council (i.e. Board of Directors, Board of Partners, proprietor etc. as applicable) of the RTA shall consider the report of the internalauditor and take steps to rectify the deficiencies, if any. The RTA shall send the Action Taken Report to Issuer Company within next one month and a copy thereof shall be maintained by the RTA. 9. The Action Taken report shall be submitted in the following format: Serial No Audit period & name of Issuer Company Observations of the Auditor Comments of the Board of the RTA Corrective actions taken 10.The audit observations along with the corrective steps taken by the RTA shall be placed before the Board of Directors of the Issuer Company. 11.The Issuer Companies shall satisfy themselves regarding the adequacy of the corrective measures taken by the concerned RTA. If not satisfied with the corrective measures, Issuer Company may ask RTA to take more stringent corrective measures.

Page 116 of 220 ANNEXURE-7 RTA / ISSUER COMPANY NAME AND ADDRESS Name: Date: Address: Dear Sir/Madam, LETTER OF CONFIRMATION Sub: Issuance of Securities in dematerialized form in case of Investor Service Requests Name of the Company: We refer to the request received from you for issuance of securities in your name. We would like to inform you that the request has been approved as detailed below: Name of first holder & PAN Joint holder 1 & PAN Joint holder 2 & PAN Number of shares Folio Number Certificate numbers Distinctive numbers Lock-In Yes or No. If yes, lock-in from // till //___ (DD/MM/YYYY) As you may be aware, SEBI vide Gazette Notification no. SEBI/LAD-NRO/GN/2022/66 dated January 24, 2022, has mandated that the shares that are issued pursuant to investor service request shall henceforth be issued in demat mode only and hence the security certificates (wherever applicable) are retained at our end. Accordingly, within 120 days of this letter, please request your Depository Participant (DP) to demat these shares using the Dematerialization Request Form (DRF). Please fill the DRF with the details mentioned in this letter, sign it and present this letter in original

Page 117 of 220 to your DP along with the DRF for enabling your DP to raise a Demat Request Number (DRN). In case you do not have a demat account, kindly open one with any DP. Please note that you can open Basic Service Demat Account at minimal / nil charges. Please note that this letter is valid only for a period of 120 days from the date of its issue within which you have to raise demat request with the DP as above. Any request for processing demat after the expiry of aforesaid 120 days will not be entertained and as per the operating guidelines issued by SEBI, the subject shares shall be transferred to a Suspense Escrow Demat Account of the company. Thanking you, Yours faithfully, For ABCD Limited (RTA) Authorised Signatory Annexure- 8 Mandatory furnishing of PAN, KYC details and Nomination by holders of physical securities It shall be mandatory for all holders of physical securities in listed companies to furnish the following documents/details to the RTA:

1. PAN: 1.1.PAN is mandatory for all transactions in securities market as per SEBI Circular MRD/DoP/Cir- 05/2007 dated April 27, 2007 and it is also one of the document for proof of identity. Accordingly, it is mandatory for all security holders and claimants of physical securities to furnish PAN. 1.2.Further, it shall be mandatory to quote and provide a self-attested copy of the PAN by the security holder/claimant to avail any service request. 1.3.Accordingly, the security holder shall register the PAN through form ISR – 1. 1.4.RTA shall mandatorily verify PAN details through the facility as may be provided by the Income Tax Department (ITD)/ITD authorized service providers for PAN verification viz. NSDL e-Governance Infrastructure Limited, UTI Infrastructure Technology and Services Limited etc. In this regard, SEBI registered RTAs have been

Page 118 of 220 authorized as an eligible entity by the ITD to verify PANs through its ‘Online PAN Bulk Verification’ (PBV) facility. 1.5.Additionally, the ‘Exemptions/clarifications to PAN’, as provided in clause D to ‘Instructions/Check List for Filing KYC Forms’ in Annexure – 1 to SEBI circular No. MIRSD/SE/Cir-21/2011 dated October 05, 2011 on Uniform Know Your Client (KYC) Requirements for the Securities Market, shall also applicable for holder(s) / claimant(s) of securities held in physical mode. 1.6.Compulsory linking of PAN and Aadhaar by all holders of physical securities in listed companies a) The Central Board of Direct Taxes (CBDT), vide Circular No. 7 of 2022 (Notification F.No.370142/14/2022-TPL) dated March 30, 2022, has extended the date for linking PAN with Aadhaar number to March 31, 2023. b) In this regard, SEBI has issued a Press Release dated March 08, 2023 advising all investors to ensure linking of their PAN with Aadhaar number prior to March 31, 2023, for continual and smooth transactions in securities market and to avoid consequences of non-compliance with the said CBDT circular, as such accounts would be considered non-KYC compliant, and there could be restrictions on securities and other transactions until the PAN and Aadhaar are linked. c) Accordingly, from April 01, 2023 or any other date as may be specified by the CBDT, RTAs shall accept only operative PAN (i.e., linked with Aadhaar number). In this regard, the RTAs may use its ‘Online PAN Bulk Verification’ (PBV) facility. d) The folios in which PANs are not linked with Aadhaar numbers as on the notified cut-off date of March, 31, 2023 or any other date as may be specified by the CBDT, shall also be frozen, as detailed in paragraph 19.2 of the Circular.

Page 119 of 220 e) The requirement of existing investors to link their PAN with their Aadhaar number is not applicable for Non-Resident Indians (NRI), Overseas Citizens of India (OCI) unless the same is specifically mandated by Central Board of Direct Taxes (CBDT), Ministry of Finance / any other Competent Government authority. 2. Nomination / Declaration to Opt-out of Nomination: ‘Nomination’ or ‘declaration to opt-out’ shall be furnished for all eligible folios in the following formats: 2.1.For ‘Nomination’: Nomination through Form SH-13 or cancellation or variation in nomination through Form SH-14 as provided in the Rule 19 of Companies (Shares capital and debenture) Rules, 2014. OR For ‘Declaration to Opt-out’: The security holder can opt out of nomination through Form ISR – 3 after cancelling his existing nomination, if any, through Form SH-14. 2.2.The RTA, the listed company and the Stock Exchanges shall make available the soft copy of Form SH13, Form SH-14 and ISR – 3 on their website. The form should be in a downloadable and fillable format. 3. Contact details All holders of physical securities in listed companies shall register the postal address with PIN for their corresponding folio numbers. It shall be mandatory for the security holders to provide mobile number. Moreover, the RTAs/listed companies will encourage the security holders to register e-mail ID also to avail the online services. The security holder can register/update the contact details through form ISR – 1. 4. Bank account details (Bank and Branch name, bank account number, IFS code) All holders of physical securities in listed companies shall register the bank account details for their corresponding folio numbers. Upon processing of request for registration/updation of bank details through Form ISR – 1, the RTA shall, suo-moto, generate request to the

Page 120 of 220 company’s bankers to pay electronically, all the moneys of / payments to the holder that were previously unclaimed / unsuccessful. 5. Specimen signature All holders of physical securities in listed companies shall register the specimen signature for their corresponding folio numbers. To register/update the specimen signature, the security holder may refer to para – 1.2 of Annexure – 10. 6. RTAs shall not process any service requests or complaints received from the security holder(s) / claimant(s), till PAN, KYC and nomination documents/details as stated above are received. 7. However, the RTA shall furnish required information as sought by investors with respect to procedure related to investor service requests. Annexure- 9 Mode for providing documents/details by investors for service requests The RTA shall enable the holder/claimant to provide the documents/details by any one of the following mode; unless otherwise prescribed in the Companies Act, 2013 or the Rules issued thereunder or in SEBI Regulations or Circulars issued thereunder:

1. Through ‘In Person Verification’ (IPV): The authorized person of the RTA shall verify the original documents furnished by the investor and retain copy (ies) with IPV stamping with date and initials.
2. Through Post: Hard copies of self-attested documents.
3. Through electronic mode with e-sign: The holder(s)/ claimant(s) may furnish the documents to RTAs electronically including by way of email or through service portal of the RTA provided the documents furnished shall have e-sign* of the holder(s)/ claimant(s). *E-Sign is an integrated service which facilitates issuing a Digital Signature Certificate and performing signing of requested data by e-Sign user. The holder/claimant may approach any of the empanelled e-Sign Service Providers, details of which are available on the

Page 121 of 220 website of Controller of Certifying Authorities (CCA), Ministry of Communications and Information Technology (https://cca.gov.in/) for the purpose of obtaining an e-sign. Acknowledgement by the RTA

1. In case the documents are submitted through in person verification, the RTA shall provide acknowledgement with IPV stamping with date and initials.
2. In any other mode, the RTA shall acknowledge the receipt of the documents by intimating the security holder through post or by sending e-mail on the e-mail ID as registered with the RTA. Annexure- 10 Standardized, simplified and common norms alongwith operating guidelines for processing investor service requests
3. Mismatch in signature 1.1.Minor mismatch in signature a) In case of minor mismatch in the signature of the security holder as available in the folio of the RTA and the present signature, the RTA, while processing the service request, shall intimate the security holder about the minor mismatch in signature, providing a timeline of 15 days for raising any objection through all the following modes: i. By speed post – on the address available in RTA’s records, and ii. By sending e-mail – on the registered e-mail id as available in the RTA’s records, and iii. By SMS – on the registered mobile number as available in the RTA’s records. b) If the letter is delivered and in the absence of any objection, the service request shall be processed. The timeline for the RTA to process the service request shall commence after the notice period of 15 days.

Page 122 of 220 c) If the letter sent through speed post is returned undelivered but there is confirmation by the security holder for no-objection via return e-mail registered with the RTA, the service request shall be processed. The timeline for the RTA to process the service request shall commence from the day of receipt of no￾objection. d) If the letter is returned undelivered and there is no confirmation by the security holder for no-objection or if there is an objection, the RTA shall follow the procedure as prescribed for major mismatch in signature as laid down at para 1.2 (b) of this Annexure. 1.2.Major mismatch in signature or updation/non-availability of specimen signature a) In case of major mismatch in the signature of the security holder as available in the folio of the RTA and the present signature, or in case of updation/non￾availability of the specimen signature with the RTA, the RTA, while processing the service request, shall intimate the security holder about such mismatch/updation in signature, through all the following modes: i. By speed post – on the address available in RTA’s records, and ii. By sending e-mail – on the registered e-mail id as available in the RTA’s records, and iii. By SMS – on the registered mobile number as available in the RTA’s records. b) In such cases, the security holder can register/update the specimen signature through form ISR–1 and shall complete either of the two processes: Option A i. Security holder shall provide the following documents: (a) Original cancelled cheque with name of the security holder printed on it; or (b) Self-attested copy of Bank Passbook/Bank Statement; ii. Banker’s attestation of the signature of the same bank account as mentioned in (i) above as per Form ISR - 2. OR

Page 123 of 220 Option B The investor may get his or her signature changed or updated by visiting the office of the RTA in person. In such a case, the investor shall sign before the authorized personnel of the RTA, along with PAN card and any one additional document mentioned at Serial Nos. 1-4 of Annexure – 12, in original for verification by the RTA, and submit self-attested copies of the same. c) The RTA, on receipt of the documents mentioned at para 1.2 (b) above, shall update all the folios of all the listed issuers available with it pertaining to the concerned security holder(s) upon specific authorization for the same from the holder, as provided in Form ISR-1. d) Separate copies of Banker’s attestation / in-person signature, shall not be required by the RTA for the folios in respect of different listed issuers maintained with it provided the security holder gives specific authorization to this effect, as provided in Form ISR-1. 2. Mismatch/Change in name 2.1.Minor mismatch in name 2.1.1. For minor mismatch in name between any two set of documents presented by the security holder / claimant for any service request, the RTA shall additionally obtain self-attested copy of any one of the documents as detailed in Annexure – 12 of this Circular, explaining the difference in names. 2.1.2. The existing norms of the Depositories, to process demat request where there is a minor mismatch on account of initials not being spelt out fully, or put after or prior to surname, provided the signature in the Demat Request Form (DRF) matches with the signature card with the RTA, shall continue to be in force.

Page 124 of 220 2.2.Change of Name / Major Mismatch in Name 2.2.1. In the event of Change of Name / Major Mismatch in Name of the Security Holder, the Security holder/claimant may be allowed to change his / her name, subject to the submission of following documents at the time of change of name of the security holder/claimant: (a) In case of change in name on account of marriage - Marriage Certificate or copy of valid Passport showing husband’s name or publication of name change in official gazette, and any document evidencing the old name as per Annexure-12. (b) In case of change in name on account of reasons other than marriage - Publication of name change in official gazette, and any document evidencing the old name as per Annexure 12. 3. Updation of Bank details 3.1.In cases where Bank account details of the security holder are not available with RTA or there is a change in such details, RTA shall obtain Bank account details along with any one of the following documents to update the security holder’s Bank details: a) Original cancelled cheque bearing the name of the security holder; OR b) Bank passbook/ statement attested by the Bank; 3.2.The RTA shall proceed with the updation of bank details based on the documents provided by the first holder only, in case of joint holding. 4. Documents for Proof of Address 4.1.The RTA shall obtain any one of the documents mentioned in Annexure – 13, from the security holder / claimant, if the address is not available in the folio or for processing the request for its change.

Page 125 of 220 Annexure- 11 Forms for availing various Investor services Investors holding securities in physical mode interface with the RTAs, inter-alia, for registering/updating the KYC details and for the processing of various service requests. RTA shall process all investor service requests by accepting the duly filled up request form and the listed companies and RTAs shall make the soft copy of the forms available on their websites. The forms should be in downloadable and fillable format. The service requests alongwith requisite forms are tabulated below: Registering / Updating the KYC details: S. No. Particulars Form

1. PAN ISR – 1
2. Nominee details SH – 13, SH – 14, ISR – 3, (As applicable)
3. Contact details (postal address, Mobile number & E-mail) ISR – 1
4. Bank details ISR – 1
5. Signature ISR – 1, ISR – 2 (As applicable) Processing of various service requests S. No. Particulars Form
6. Issue of Duplicate securities certificate ISR – 4
7. Replacement / Renewal / Exchange of securities certificate ISR – 4
8. Consolidation of securities certificate ISR – 4
9. Sub-division / Splitting of securities certificate ISR – 4

Page 126 of 220 5. Consolidation of folios ISR – 4 S. No. Particulars Form 6. Endorsement ISR – 4 7. Change in the name of the holder ISR – 4 8. Change in status from Minor to Major and Resident to NRI and vice versa NA 9. Claim from Unclaimed Suspense Account & Suspense Escrow Demat Account ISR – 4 10. Transposition ISR – 4 11. Transmission ISR – 5 Annexure 12 Documents for Proof of Identity

1. Unique Identification Number (UID) (Aadhaar)
2. Valid Passport
3. Driving license in Smart Card form, Book form or copy of digital form
4. Identity card / document with applicant’s Photo, issued by any of the following: Central / State Government and its Departments, Statutory / Regulatory Authorities, Public Sector Undertakings, Scheduled Commercial Banks, Public Financial Institutions duly attested by their employer with date and organization stamp.
5. PAN card with photograph
6. Marriage certificate
7. Divorce decree

Page 127 of 220 Annexure- 13 Documents for Proof of Address

1. Unique Identification Number (UID) (Aadhaar)
2. Valid Passport / Registered Lease or Sale Agreement of Residence / Driving License.
3. Flat Maintenance bill accompanied with additional self-attested copy of Identity Proof of the holder/claimant.
4. Utility bills like Telephone Bill (only land line) / Electricity bill / Gas bill - Not more than 3 months old.
5. Identity card / document with address, issued by any of the following: Central / State Government and its Departments, Statutory / Regulatory Authorities, Public Sector Undertakings, Scheduled Commercial Banks, Public Financial Institutions duly attested by their employer with date and organization stamp.
6. For FII / sub account: Power of Attorney given by FII / sub-account to the Custodians (which are duly notarized and / or apostilled or consularised) that gives the registered address should be taken.
7. Proof of address in the name of the spouse accompanied with self-attested copy of Identity Proof of the spouse.
8. Client Master List (CML) of the Demat Account of the holder / claimant, provided by the Depository Participant.

Page 128 of 220 Annexure-14 READY RECKONER: DOCUMENTS REQUIRED FOR TRANSMISSION OF SECURITIES Sr. No. Documents required for transmission Sole holder deceased & nomination registered Sole holder deceased & nomination not registered

1. Transmission Request Form Annexure 16 Annexure 16
2. Original death certificate or Copy of death certificate attested by a notary public/gazette officer or copy of the death certificate attested by the nominee/claimant, subject to verification with original by the RTA/Listed Issuer ✓ ✓
3. Self-attested copy of Permanent Account Number Card of the nominee/claimant issued by the Income Tax Department ✓ ✓
4. Copy of Birth Certificate (in case the Claimant is a minor) ✓ ✓
5. KYC* of the Claimant Guardian (in case of nominee /claimant being a minor / of unsound mind). ✓ ✓ 6 Original Security certificate(s) ✓ ✓ *If not KYC compliant
6. Notarized affidavit from all legal heir(s) made on non-judicial stamp paper of appropriate value on identity and claim of ownership, as per the format provided in Annexure-17. NA ✓
7. In case the legal heir(s)/claimant(s) are named in the Succession Certificate or Probate of Will or Will or Letter of Administration or Legal Heirship Certificate (or its equivalent certificate), NA ✓

Page 129 of 220 instead of the document mentioned in point 7 above, an Affidavit from such legal heir(s)/claimant(s), duly Notarised and as per the format provided in Annexure- 17 shall be sufficient. 9 . Copy of any of the following documents: (a) Succession certificate; or (b) Probate of Will; or (c) Will, along with a notarized indemnity bond from the legal heir(s)/claimant(s) to whom the securities are transmitted, as per the format specified provided in Annexure-18; or (d) Letter of Administration; or (e) Court Decree; or (f) Legal Heirship Certificate or its equivalent, along with (i) a notarized indemnity bond from the legal heir o(s)/claimant(s) to whom the securities are transmitted, as per the format provided in Annexure- 18; and (ii) No Objection from all the non￾claimants, as per the format provided in Annexure- 19. The document should be Attested by the legal heir(s)/claimant(s) subject to verification with the original or duly attested by a notary public or by a Gazetted officer. NA ✓ 10. For cases where the value of securities is up to rupees five lakhs per listed entity in case of securities held in physical mode and up to rupees fifteen lakhs per beneficial owner in case of securities held in dematerialized mode, instead of and where the documents mentioned in point 9 above are not NA ✓

Page 130 of 220 available, the following documents may be submitted; (i) no objection certificate from all legal heirs(s), in as per the format provided in Annexure-19, or copy of family settlement deed executed by all the legal heirs, duly attested by a notary public or by a gazetted officer; and (ii) notarized indemnity bond made on non-judicial stamp paper of appropriate value, indemnifying the Share Transfer Agent/listed entity, in as per the format provided in Annexure-18. Annexure-15 Operational Guidelines for processing investor’s service request for the purpose of Transmission of securities

1. The operational guidelines for processing of investor service requests for the purpose of transmission of securities are as under: a. The RTA/Issuer Companies shall use the format for: (i) Transmission Request Form (“TRF”) – (Annexure 16), (ii) Affidavit made on non-judicial stamp paper, to the effect of identification and claim of legal ownership to the securities (“Affidavit”) – (Annexure 17), (iii) Indemnity Bond made on appropriate non-judicial stamp paper of appropriate value (“Indemnity Bond”) – (Annexure 18), and (iv) No objection certificate from all legal heirs who do not object to such transmission (“NOC”) – (Annexure 19). b. After verifying and processing the request, the RTA / Issuer Companies shall intimate the claimant(s) about its execution as may be applicable, by way of issuing a Letter of Confirmation (Format at Annexure 7). c. The RTA shall retain the physical securities as per the existing procedure and deface the certificate with a stamp “Letter of Confirmation Issued” on the face / reverse of the certificate, subsequent to processing of service request. d. The Letter of Confirmation shall, inter-alia, contain details of folio and demat account number (if available) of the claimant(s).

Page 131 of 220 e. The Letter of Confirmation shall be sent by the RTA / Issuer Companies through Registered / Speed Post to the claimant(s) and a digitally signed copy of the Letter of Confirmation shall be sent by the RTA/Issuer Companies to the claimant(s) through e-mail. f. Within 120 days of issue of the Letter of Confirmation, the claimant(s) shall submit the demat request, along with the original Letter of Confirmation or the digitally signed copy of the Letter of Confirmation, to the Depository Participant (“DP”). g. DP shall generate the demat request on the basis of the Letter of Confirmation and forward the same to the Issuer Company / RTA for processing the demat request. h. In case of the securities which are required to be locked in, the RTA while approving / confirming the demat request, shall incorporate / intimate the Depository about the lock-in and its period. i. The RTA / Issuer Companies shall issue a reminder after the end of 45 days and 90 days from the date of issuance of the Letter of Confirmation, informing the claimant(s) to submit the demat request as above, in case no such request has been received by the RTA / Issuer Company. j. In case of non-receipt of demat request from the claimant(s) within 120 days of the date of issue of the Letter of Confirmation, the securities shall be credited to Suspense Escrow Demat Account of the Issuer Company.

Page 132 of 220 Annexure-16 Request for Transmission of Securities by Nominee or Legal Heir (For Transmission of securities on death of the Sole holder) To: The Listed Issuer/RTA, (Address) _ (Name of the Listed Issuer/RTA) Name of the Claimant(s) Mr./Ms. Name of the Guardian in case the claimant is a minor → Date of Birth of the minor* Mr./Ms. Relationship with Minor: Father Mother Court Appointed Guardian* [Multiple PAN may be entered] PAN (Claimant(s)/Guardian): | | | | | | | | | | | KYC Acknowledgment attached KYC form attached Tax Status: Resident Individual Resident Minor (through Guardian) NRI PIO Others (please specify) Please attach relevant proof I/We, the claimant(s) named hereinabove, hereby inform you about the demise of the below mentioned Securities Holder(s) and request you to transmit the securities held by the deceased holder(s) in my/our favour in my/our capacity as – Nominee Legal Heir Successor to the Estate of the deceased Administrator of the Estate of the deceased Name of the deceased holder(s) Date of demise*

1. DD / MM / YYYY
2. DD / MM / YYYY
3. DD / MM / YYYY **Please attach certified copy of Death Certificate. Securities(s) & Folio(s) in respect of which Transmission of securities is being requested Name of the Company Folio No. No. of Securities % of Claim@

Page 133 of 220 @As per Nomination OR as per the Will/Probate/Succession Certificate/Letter of Administration/ Legal Heirship Certificate (or its equivalent certificate)/ Court Decree, if applicable. Contact details of the Claimant (s) [Provision for multiple entries may be made] Mobile No.+91| | | | | | | | | | Tel. No. STD - Email Address Address (Please note that address will be updated as per address on KYC form / KYC Registration Agency records) Address Line 1 Address Line 2 City: State PIN | | | | | | Bank Account Details of the Claimant Bank Name Account No. |11-digit IFSC | | | | | | | | | | | A/c. Type (✓) SB Current NRO NRE FCNR | 9-digit MICR No.| | | | | | | | | Name of bank branch City PIN | | | | | | Please attach & tick✓ Cancelled cheque with claimant’s name printed OR Claimant’s Bank Statement/Passbook (duly attested by the Bank Manager)

Page 134 of 220 I also request you to pay the UNCLAIMED amounts, if any, in respect of the deceased securities holder(s) by direct credit to the bank account mentioned above. Additional KYC information (Please tick✓ whichever is applicable) Occupation Private Sector Service Public Sector Service Government Service Business Professi onal Agriculturist Retired Home Maker Student Forex Dealer Others (Please specify) The Claimant is a Politically Exposed Person Related to a Politically Exposed Person Neither (Not applicable) Gross Annual Income (₹) Below 1 Lac 1-5 Lacs 5-10 Lacs 10-25 Lacs 25 Lacs-1crore >1 crore FATCA and CRS information Country of Birth Place of Birth Nationality Are you a tax resident of any country other than India? Yes No If Yes, please mention all the countries in which you are resident for tax purposes and the associated Taxpayer Identification Number and its identification type in the column below Country Tax-Payer Identification Number Identification Type Nomination@ (Please ✓ one of the options below) I/We DO NOT wish to make a nomination. (Please tick ✓ if you do not wish to nominate anyone) I/We wish to make a nomination and hereby nominate the person/s more particularly described in the attached Nomination Form to receive the Units held my/our folio in the event of my / our death. @ Guardian of a minor is not allowed to make a nomination on behalf of the minor Declaration and Signature of the Claimant(s) I/We have attached herewith all the relevant / required documents as indicated in the attached Ready Reckoner as per Annexure 14.

Page 135 of 220 I/We confirm that the information provided above is true and correct to the best of my knowledge and belief. I/We undertake to keep ________________________________________________________ (Name of the Company) / its RTA informed about any changes/modification to the above information in future and also undertake to provide any other additional information as may be required by the RTAs. I/We hereby authorize ________________________________________________________ (Name of the Company) and its RTA to provide/ share any of the information provided by me/us including my holdings in the (Name of the Company) to any governmental or statutory or judicial authorities/agencies as required by law without any obligation of informing me/us of the same. Place___________________________ Date Signature of Claimant(S) Documents Attached  Copy of Death Certificate of the deceased holder Copy of Birth Certificate (in case the Claimant is a minor)  Copy of PAN Card of Claimant / Guardian KYC Acknowledgment OR KYC form of Claimant  Cancelled cheque with claimant’s name printed OR Claimant’s Bank Statement/Passbook Nomination Form duly completed  Annexure 17 - Individual Affidavits given by each Legal Heir  Annexure 18 - Bond of Indemnity furnished by Legal Heirs  Annexure 19 - NOC from other Legal Heirs

Page 136 of 220 Annexure-17 Individual Affidavits to be given by ALL the Legal Heirs OR Legal Heirs named in Succession Certificate*/ Probate of Will*/ Will*/ Letter of Administration*/ Legal Heirship Certificate*/Court Decree* (For Transmission of securities on death of Sole Holder where NO NOMINATION has been registered) Each Deponent (legal heir) shall sign separate Affidavits. (To be executed on a non-judicial stamp of appropriate value and Notarized) I, __________________________________________________________

Son / daughter / spouse / ………… of __________________________________________________________ residing at

---

___________________ do hereby solemnly affirm and state on oath as follows. That Mr. /Mrs _________________________________________@ (“the deceased holder”) held the following securities in his / her name as single holder: Company Name Folio No. No. of securities held 1) 2) 3)  That the aforesaid deceased holder died intestate leaving behind him/her, the following persons as the only surviving heirs as per the Succession Certificate/ Legal Heirship Certificate/Court Decree dated _______________ / according to the Law of Intestate Succession by which he/she was governed at the time of his/her death and without registering any nominee. * OR  That the aforesaid deceased holder died leaving behind the following persons as the legatees as per the Will/ Probated Will/ Letter of Administration dated ________ and without registering any nominee. * A copy of the Succession Certificate*/ Probate of Will*/ Will*/ Letter of Administration*/ Legal Heirship Certificate*/ Court Decree* is attached herewith.

Page 137 of 220 Name of the Legal Heir(s) Address and contact details Age Relation with the Deceased 1) 2) 3) That among the aforesaid legal heirs, Master/ Kum._________________________________aged _____ years is a minor and is being represented by Mr./Ms. ________$ being his / her father / mother / legal guardian. Signature of the Deponent: X VERIFICATION I hereby solemnly affirm and state that what is stated herein above is true and correct and nothing has been concealed therein and that we I am competent to contract and entitled to rights and benefits of the abovementioned securities of the deceased.

Solemnly affirmed at Signature of the Deponent: X____________________________ Signed before me Place: __________________________ Date : ___________________________ X -------------------------------------------------- Signature of Notary with Official Seal of Notary& Regn. No.

• strikeout whichever is not applicable

= Name of the legal heir @ = Name of the deceased unit holder

$ = Name of the Guardian

Page 138 of 220 Annexure-18 Note: To be executed in the presence of a Public Notary / Gazetted Officer Bond of Indemnity to be furnished jointly by all Legal Heir(s) including the Claimant(s) (To be submitted on Non-judicial Stamp Paper of appropriate value) [For Transmission of Securities on death of Sole Securities’ Holder, where no nomination has been registered] I/We do hereby solemnly affirm and state on oath as follows: That Mr. /Ms. Name of the deceased holder________ was holding the following securities: Name of the Company Certificate No. Distinctive No. Folio No. No. of securities held 1 2 3 4 That the aforesaid deceased holder died intestate on ________________, without registering any nominee, leaving behind him/her the following persons as the only surviving legal heirs, according to the laws of intestate succession applicable to him/her by which he/she was governed at the time of his/her death. Name of the Legal Heir(s) Address and contact details Age Relationship with the Deceased 1 2 3 4 OR That the aforesaid deceased holder died on ________________, without registering any nominee, leaving behind him/her the following persons as the only surviving legal heirs, according to the laws of testamentary succession.

Page 139 of 220 Name of the Legal Heir(s) Address and contact details Age Relationship with the Deceased 1 2 3 Therefore, I/We, the Legal Heir(s) and deponent(s) herein has/have, approached _____________________________ (Name of the Company/RTA) with a request to transfer the aforesaid securities in the name of the undersigned Mr. /Ms. [Name(s) of the claimant(s)]_____________________________________________

, on my/our behalf, without insisting on production of a Succession Certificate/ Probate of Will / Letter of Administration or any Court order, for which we execute an indemnity as is herein contained and on relying on the information herein given by us, believing the same to be true. In consideration therefore of my/our request to transfer/transmit the above said securities to the name of the undersigned Mr. /Ms. [Name(s) of the claimant(s)] # , I/We hereby jointly and severely agree and undertake to indemnify and keep indemnified, saved, defended, harmless, [Name of the Company/ Issuer and any RTA] and its successors and assigns for all time hereafter against all losses, costs, claims, actions, demands, risks, charges, expenses, damages, etc., whatsoever which they may suffer and/or incur by reason of transferring the said securities as herein above mentioned, at my/our request to the undersigned Mr./Ms. [Name(s) of the claimant(s) ]________________________________________________

, without insisting on production of a Succession Certificate / Probate of Will / Letter of Administration or any Court order. IN WITNESS WHEREOF the said 1) Mr. /Ms. _______ (Name and signature of the witness)

---

And 2) Mr. /Ms. ______________ Name and signature of the witness ______ # , have hereunto set their respective hands and seals this day of _____________________________. Signed and delivered by the said legal heir/s. Name the Legal Heirs Signature of the Legal Heirs 1 X 2 X

Page 140 of 220 3 X (*) = Name of the deceased unit holder (#) = Name of the claimant/s Signed before me at: __________________________

on: ___________________________ Signature of Notary Official stamp & seal of the Notary & Regn. No.:

Page 141 of 220 Annexure-19 Note: To be executed in the presence of a Public Notary / Gazetted Officer [To be submitted in non-judicial stamp paper of appropriate value] No-Objection Certificate from the Legal Heir(s) Format of NOC from other Legal Heir(s) for Transmission of Securities in favour of the Claimant(s) wherein the Sole Holder is deceased and NO NOMINATION has been registered DECLARATION I/We, the legal heir(s) of late Mr. / Ms (name of the deceased holder) declare as follows – (i) That the above named deceased holder was holding the following securities in his / her name as single holder: Name of the Company Folio No. No. of securities held 1) 2) 3) (ii) That the deceased had died intestate on D D / M M / Y .and without registering any nominee. (iii)That the following Claimant(s) has/have applied for the transmission of the aforesaid securities: Name of the Claimant(s) Address and contact details Age Relationship with the deceased 1) 2) 3) (iv) That I / We are the legal heir(s) of the deceased holder, apart from the Claimant(s)who has/ have applied for transmission of the aforesaid securities and our details are as follows:

Page 142 of 220 Name of the Legal Heir(s) Address and contact details Age Relationship with the deceased 1) 2) 3) (v) I / we hereby declare that, I / we do not desire to make any claim in respect of the title to the aforesaid securities held by the deceased and I / we hereby wilfully relinquish & renounce all my /our rights in respect of the aforesaid securities and shall have no legal claim upon said securities in future. (vi) Accordingly, I / we declare that I / we have NO OBJECTION WHATSOEVER in (Name of the Company) transmitting the aforesaid securities in favour of the Claimant(s) Mr. / Ms. . (vii) I / we hereby state that whatever is stated herein above are true to the best of my/our knowledge and nothing has been concealed therein. Name(s) and Signature(s) of Legal Heir(s) who are Non – Claimant(s): 1) 2) 3) VERIFICATION We hereby solemnly affirm and state that what is stated herein above is true to our knowledge and nothing has been concealed therein and that we are competent to contract and entitled to rights and benefits of the above mentioned securities. Solemnly affirmed at ________________________________

Deponent(s) (1) ____________(2) __________________(3) _________________

Page 143 of 220 Annexure-20 Operational Guidelines for processing investor’s service request for the purpose of issuance of duplicate securities. The operational guidelines for processing of investor service requests for the purpose of issuance of duplicate securities are as under: a. The RTA/Issuer Companies shall use the format for:

1. Form A- Affidavit made on non-judicial stamp paper, for issuance of duplicate securities (pdf)
2. Form B - Indemnity Bond made on appropriate non-judicial stamp paper of appropriate value (pdf)
3. Form C – Format of Letter of Confirmation (pdf)
4. Investor Service Request Form – 4 (ISR 4) (pdf) b. After verifying and processing the documents submitted for issuance of duplicate securities, the RTA / Issuer Companies shall intimate the claimant(s) about its execution as may be applicable, within 30 days of the receipt of such request, by way of issuing a Letter of Confirmation (Form C). c. For issuance of duplicate securities, the RTA shall retain the physical securities as per the existing procedure and deface the certificate with a stamp “Letter of Confirmation Issued” on the face / reverse of the certificate, subsequent to processing of service request. d. The Letter of Confirmation shall, inter-alia, contain details of folio and demat account number (if available) of the claimant(s). e. The Letter of Confirmation shall be sent by the RTA / Issuer Companies through Registered / Speed Post to the claimant(s). Additionally, the RTA/Issuer Companies may send such letter through e-mail with e-sign and / or digital signature.

Page 144 of 220 f. Within 120 days of issue of the Letter of Confirmation, the claimant(s) shall submit the demat request, along with the original Letter of Confirmation or the digitally signed copy of the Letter of Confirmation, to the Depository Participant (“DP”). g. DP shall generate the demat request on the basis of the Letter of Confirmation and forward the same to the Issuer Company / RTA for processing the demat request. h. In case of the securities which are required to be locked in, the RTA while approving / confirming the demat request, shall incorporate / intimate the Depository about the lock-in and its period. i. The RTA / Issuer Companies shall issue a reminder after the end of 45 days and 90 days from the date of issuance of the Letter of Confirmation, informing the claimant(s) to submit the demat request as above, in case no such request has been received by the RTA / Issuer Company. j. In case of non-receipt of demat request from the claimant(s) within 120 days of the date of issue of the Letter of Confirmation, the securities shall be credited to Suspense Escrow Demat Account of the Issuer Company.

Page 145 of 220 Annexure-21

1. Cyber-attacks and threats attempt to compromise the Confidentiality, Integrity and Availability (CIA) of the computer systems, networks and databases (Confidentiality refers to limiting access of systems and information to authorized users, Integrity is the assurance that the information is reliable and accurate, and Availability refers to guarantee of reliable access to the systems and information by authorized users). Cyber security framework includes measures, tools and processes that are intended to prevent cyber-attacks and improve cyber resilience. Cyber Resilience is an organisation’s ability to prepare and respond to a cyber-attack and to continue operation during, and recover from, a cyber-attack. Governance
2. As part of the operational risk management framework to manage risk to systems, networks and databases from cyber-attacks and threats, QRTAs should formulate a comprehensive cyber security and cyber resilience policy document encompassing the framework mentioned hereunder. The policy document should be approved by the Board of QRTAs, and in case of deviations from the suggested framework, reasons for such deviations should also be provided in the policy document. The policy document should be reviewed by the Board of QRTAs at least annually with the view to strengthen and improve its cyber security and cyber resilience framework.
3. The cyber security and cyber resilience policy should include the following process to identify, assess, and manage cyber security risk associated with processes, information, networks and systems; 3.1.1. ‘Identify’ critical IT assets and risks associated with such assets, 3.1.2. ‘Protect’ assets by deploying suitable controls, tools and measures, 3.1.3. ‘Detect’ incidents, anomalies and attacks through appropriate monitoring tools/processes, 3.1.4. ‘Respond’ by taking immediate steps after identification of the incident, anomaly or attack, 3.1.5. ‘Recover’ from incident through incident management, disaster recovery and business continuity framework.

Page 146 of 220 4. The Cyber security policy should encompass the principles prescribed by National Critical Information Infrastructure Protection Centre (NCIIPC) of National Technical Research Organisation (NTRO), Government of India, in the report titled ‘Guidelines for Protection of National Critical Information Infrastructure’ and subsequent revisions, if any, from time to time. 5. QRTAs should also incorporate best practices from standards such as ISO 27001, ISO 27002, COBIT 5, etc., or their subsequent revisions, if any, from time to time. 6. QRTAs should designate a senior official as Chief Information Security Officer (CISO) whose function would be to assess, identify and reduce cyber security risks, respond to incidents, establish appropriate standards and controls, and direct the establishment and implementation of processes and procedures as per the cyber security and resilience policy approved by the Board of the QRTAs. 7. The Board of the QRTAs shall constitute a Technology Committee comprising experts proficient in technology. This Technology Committee should on a quarterly basis review the implementation of the cyber security and cyber resilience policy approved by their Board, and such review should include review of their current IT and cyber security and cyber resilience capabilities, set goals for a target level of cyber resilience, and establish a plan to improve and strengthen cyber security and cyber resilience. The review shall be placed before the Board of the QRTAs for appropriate action. 8. QRTAs should establish a reporting procedure to facilitate communication of unusual activities and events to CISO or to the senior management in a timely manner. 9. The aforementioned committee and the senior management of the QRTAs, including the CISO, should periodically review instances of cyber attacks, if any, domestically and globally, and take steps to strengthen cyber security and cyber resilience framework.

Page 147 of 220 10.QRTAs should define responsibilities of its employees, outsourced staff, and employees of vendors, members or participants and other entities, who may have access or use systems / networks of QRTA's, towards ensuring the goal of cyber security. Identify 11.QRTAs shall identify and classify critical assets based on their sensitivity and criticality for business operations, services and data management. The critical assets should include business critical systems, internet facing applications /systems, systems that contain sensitive data, sensitive personal data, sensitive financial data, Personally Identifiable Information (PII) data, etc. All the ancillary systems used for accessing/communicating with critical systems either for operations or maintenance should also be classified as critical system. The Board of the QRTAs shall approve the list of critical systems. To this end, QRTAs should maintain up-to-date inventory of its hardware and systems, software and information assets (internal and external), details of its network resources, connections to its network and data flows. 12.QRTAs should accordingly identify cyber risks (threats and vulnerabilities) that it may face, along with the likelihood of such threats and impact on the business and thereby, deploy controls commensurate to the criticality. 13.QRTAs should also encourage its third-party providers, if any, to have similar standards of Information Security. Protection Access Controls 14.No person by virtue of rank or position should have any intrinsic right to access confidential data, applications, system resources or facilities.

Page 148 of 220 15.Any access to QRTA's systems, applications, networks, databases, etc., should be for a defined purpose and for a defined period. QRTAs should grant access to IT systems, applications, databases and networks on a need-to-use basis and based on the principle of least privilege. Such access should be for the period when the access is required and should be authorized using strong authentication mechanisms. 16.QRTAs should implement strong password controls for users’ access to systems, applications, networks and databases. Password controls should include a change of password upon first log-on, minimum password length and history, password complexity as well as maximum validity period. The user credential data should be stored using strong and latest hashing algorithms. 17.QRTAs should ensure that records of user access are uniquely identified and logged for audit and review purposes. Such logs should be maintained and stored in encrypted form for a time period not less than two (2) years. 18.QRTAs should deploy additional controls and security measures to supervise staff with elevated system access entitlements (such as admin or privileged users). Such controls and measures should inter-alia include restricting the number of privileged users, periodic review of privileged users’ activities, disallow privileged users from accessing systems logs in which their activities are being captured, strong controls over remote access by privileged users, etc. 19.Account access lock policies after failure attempts should be implemented for all accounts. 20.Employees and outsourced staff such as employees of vendors or service providers, who may be given authorised access to the QRTA's critical systems, networks and other computer resources, should be subject to stringent supervision, monitoring and access restrictions. 21.Two-factor authentication at log-in should be implemented for all users that connect using online/internet facility.

Page 149 of 220 22.QRTAs should formulate an Internet access policy to monitor and regulate the use of internet and internet based services such as social media sites, cloud-based internet storage sites, etc. 23.Proper ‘end of life’ mechanism should be adopted to deactivate access privileges of users who are leaving the organization or whose access privileges have been withdrawn. Physical security 24.Physical access to the critical systems should be restricted to minimum. Physical access of outsourced staff/visitors should be properly supervised by ensuring at the minimum that outsourced staff/visitors are accompanied at all times by authorised employees. 25.Physical access to the critical systems should be revoked immediately if the same is no longer required. 26.QRTAs should ensure that the perimeter of the critical equipments room are physically secured and monitored by employing physical, human and procedural controls such as the use of security guards, CCTVs, card access systems, mantraps, bollards, etc. where appropriate. Network Security Management 27.QRTAs should establish baseline standards to facilitate consistent application of security configurations to operating systems, databases, network devices and enterprise mobile devices within the IT environment. The QRTAs should conduct regular enforcement checks to ensure that the baseline standards are applied uniformly. 28.QRTAs should install network security devices, such as firewalls as well as intrusion detection and prevention systems, to protect their IT infrastructure from security exposures originating from internal and external sources.

Page 150 of 220 29.Anti-virus software should be installed on servers and other computer systems. Updation of anti-virus definition files and automatic anti-virus scanning should be done on a regular basis. Security of Data 30.Data-in motion and Data-at-rest should be in encrypted form by using strong encryption methods such as Advanced Encryption Standard (AES), RSA, SHA-2, etc. 31.QRTAs should implement measures to prevent unauthorised access or copying or transmission of data / information held in contractual or fiduciary capacity. It should be ensured that confidentiality of information is not compromised during the process of exchanging and transferring information with external parties. 32.The information security policy should also cover use of devices such as mobile phone, faxes, photocopiers, scanners, etc. that can be used for capturing and transmission of data. 33.QRTAs should allow only authorized data storage devices through appropriate validation processes. Hardening of Hardware and Software 34.Only a hardened and vetted hardware / software should be deployed by the QRTAs. During the hardening process, QRTAs should inter-alia ensure that default passwords are replaced with strong passwords and all unnecessary services are removed or disabled in equipments / software. 35.All open ports which are not in use or can potentially be used for exploitation of data should be blocked. Other open ports should be monitored and appropriate measures should be taken to secure the ports.

Page 151 of 220 Application Security and Testing 36.QRTAs should ensure that regression testing is undertaken before new or modified system is implemented. The scope of tests should cover business logic, security controls and system performance under various stress-load scenarios and recovery conditions. Patch Management 37.QRTAs should establish and ensure that the patch management procedures include the identification, categorisation and prioritisation of security patches. An implementation timeframe for each category of security patches should be established to implement security patches in a timely manner. 38.QRTAs should perform rigorous testing of security patches before deployment into the production environment so as to ensure that the application of patches do not impact other systems. Disposal of systems and storage devices 39.QRTAs should frame suitable policy for disposals of the storage media and systems. The data / information on such devices and systems should be removed by using methods viz. wiping / cleaning / overwrite, degauss and physical destruction, as applicable. Vulnerability Assessment and Penetration Testing (VAPT) 40.QRTAs shall carry out periodic vulnerability assessment and penetration tests (VAPT) which inter-alia include critical assets and infrastructure components like Servers, Networking systems, Security devices, load balancers, other IT systems etc. pertaining to the activities done as a QRTAs in order to detect security vulnerabilities in the IT environment and in-depth evaluation of the security posture of the system through simulations of actual attacks on its systems and networks.

Page 152 of 220 QRTAs shall conduct VAPT at least once in a financial year. However, for the QRTAs, whose systems have been identified as “protected system” by NCIIPC under the Information Technology (IT) Act, 2000, VAPT shall be conducted at least twice in a financial year. Further, all QRTAs are required to engage only CERT-In empaneled organizations for conducting VAPT. The final report on said VAPT shall be submitted to SEBI after approval from Technology Committee of respective QRTAs, within 1 month of completion of VAPT activity. 41.Any gaps/vulnerabilities detected shall be remedied on immediate basis and compliance of closure of findings identified during VAPT shall be submitted to SEBI within 3 months post the submission of final VAPT report. 42.In addition, QRTAs shall perform vulnerability scanning and conduct penetration testing prior to the commissioning of a new system which is a critical system or part of an existing critical system. Monitoring and Detection 43.QRTAs should establish appropriate security monitoring systems and processes to facilitate continuous monitoring of security events and timely detection of unauthorised or malicious activities, unauthorised changes, unauthorised access and unauthorized copying or transmission of data / information held in contractual or fiduciary capacity, by internal and external parties. The security logs of systems, applications and network devices should also be monitored for anomalies. 44.Further, to ensure high resilience, high availability and timely detection of attacks on systems and networks, QRTAs should implement suitable mechanism to monitor capacity utilization of its critical systems and networks. 45.Suitable alerts should be generated in the event of detection of unauthorized or abnormal system activities, transmission errors or unusual online transactions.

Page 153 of 220 Response and Recovery 46.Alerts generated from monitoring and detection systems should be suitably investigated, including impact and forensic analysis of such alerts, in order to determine activities that are to be performed to prevent expansion of such incident of cyber-attack or breach, mitigate its effect and eradicate the incident. 47.The response and recovery plan of the QRTAs should aim at timely restoration of systems affected by incidents of cyber-attacks or breaches. QRTAs should have the same Recovery Time Objective (RTO) and Recovery Point Objective (RPO) as specified by SEBI for Market Infrastructure Institutions vide SEBI circular CIR/MRD/DMS/17/20 dated June 22, 2012 as amended from time to time. 48.The response plan should define responsibilities and actions to be performed by its employees and support / outsourced staff in the event of cyberattacks or breach of cyber security mechanism. 49.Any incident of loss or destruction of data or systems should be thoroughly analyzed and lessons learned from such incidents should be incorporated to strengthen the security mechanism and improve recovery planning and processes. 50.QRTAs should also conduct suitable periodic drills to test the adequacy and effectiveness of response and recovery plan. Sharing of information 51.All Cyber-attacks, threats, cyber-incidents and breaches experienced by QRTAs shall be reported to SEBI within 6 hours of noticing / detecting such incidents or being brought to notice about such incidents. The incident shall also be reported to Indian Computer Emergency Response team (CERT-In) in accordance with the guidelines / directions issued by CERT-In from time to time. Additionally, the QRTAs, whose systems have been identified as “Protected system” by National Critical Information Infrastructure Protection Centre (NCIIPC) shall also report the incident to NCIIPC.

Page 154 of 220 The quarterly reports containing information on cyber-attacks, threats, cyber￾incidents and breaches experienced by QRTAs and measures taken to mitigate vulnerabilities, threats and attacks including information on bugs/ vulnerabilities/threats that may be useful for other QRTAs shall be submitted to SEBI within 15 days from the quarter ended June, September, December and March of every year. The above information shall be shared through the dedicated e-mail id: rta@sebi.gov.in. A format for submitting the reports is attached as Annexure-21A. 52.Such details as are felt useful for sharing with other QRTAs in masked and anonymous manner shall be shared using mechanism to be specified by SEBI from time to time. Training 53.QRTAs should conduct periodic training programs to enhance awareness level among the employees and outsourced staff, vendors, etc. on IT / Cyber security policy and standards. Special focus should be given to build awareness levels and skills of staff from non-technical disciplines. 54.The training program should be reviewed and updated to ensure that the contents of the program remain current and relevant. Periodic Audit 55.QRTAs shall arrange to have its systems audited on an annual basis by an independent CISA/CISM qualified or equivalent auditor to check compliance with the above areas and shall submit the report to SEBI along with the comments of the Board of QRTAs within three months of the end of the financial year.

Page 155 of 220 Annexure- 21 A Incident Reporting Form

1. Letter / Report Subject - Name of the RTA - SEBI Registration no. - Type of RTA -
2. Reporting Periodicity Year-  Quarter 1 (Apr-Jun)  Quarter 2 (Jul-Sep)  Quarter 3 (Oct-Dec)  Quarter 4 (Jan-Mar)
3. Designated Officer (Reporting Officer details) - Name: Organization: Title: Phone / Fax No: Mobile: Email: Address: Cyber-attack / breach observed in Quarter: ( If yes, please fill Annexure 21 B) ( If no, please submit the NIL report) Date & Time Brief information on the Cyber-attack / breached observed

Page 156 of 220 Annexure 21 B

1. Physical location of affected computer / network and name of ISP -

2. Date and time incident occurred - Date: Time:

3. Information of affected system - IP Address: Computer / Host Name: Operating System (incl. Ver. / release No.): Last Patched/ Updated: Hardware Vendor/ Model:

4. Type of incident -  Phishing  Network scanning /Probing Breakin/Root Compromise  Virus/Malicious Code  Website Defacement  System Misuse  Spam  Bot/Botnet  Email Spoofing  Denial of Service(DoS)  Distributed Denial of Service(DDoS)  User Account Compromise  Website Intrusion  Social Engineering  Technical Vulnerability  IP Spoofing  Ransomware  Other

5. Description of incident -

Page 157 of 220 6. Unusual behavior/symptoms (Tick the symptoms) -  System crashes  New user accounts/ Accounting discrepancies  Failed or successful social engineering attempts  Unexplained, poor system performance  Unaccounted for changes in the DNS tables, router rules, or firewall rules  Unexplained elevation or use of privileges Operation of a program or sniffer device to capture network traffic;  An indicated last time of usage of a user account that does not correspond to the actual last time of usage for that user  A system alarm or similar indication from an intrusion detection tool  Altered home pages, which are usually the intentional target for visibility, or other pages on the Web server  Anomalies  Suspicious probes  Suspicious browsing New files  Changes in file lengths or dates  Attempts to write to system  Data modification or deletion  Denial of service  Door knob rattling  Unusual time of usage  Unusual usage patterns  Unusual log file entries  Presence of new setuid or setgid files Changes in system directories and files  Presence of cracking utilities  Activity during non-working hours or holidays  Other (Please specify) 7. Details of unusual behavior/symptoms -

Page 158 of 220 8. Has this problem been experienced earlier? If yes, details - 9. Agencies notified - Law Enforcement Private Agency Affected Product Vendor Other 10. IP Address of apparent or suspected source - Source IP address: Other information available: 11. How many host(s) are affected - 1 to 10 10 to 100 More than 100 12. Details of actions taken for mitigation and any preventive measure applied -

Page 159 of 220 Annexure- 22 CERT-Fin Advisory- 201155100308 TLP:AMBER Advisory for Financial Sector Organisations- RBI and SEBI Overview It has been learnt that some of the financial sector institutions are availing or thinking of availing Software as a Service (SaaS) based solution for managing their Governance, Risk & compliance (GRC) functions so as to improve their cyber security posture. Many a time the risk & compliance data of the institution moves cross border beyond the legal and jurisdictional boundary of India due to the nature of shared cloud SaaS. While SaaS may provide ease of doing business and quick turnaround, it also brings significant risk to the overall health of India's financial sector with respect to data safety and security. Description If the following data sets fall in the hands of an adversary/cyber attacker, it may lead to unprecedented increase in the attack surface area and weakening of Indian financial sector infrastructure's overall resilience. • Credit Risk Data • liquidity Risk Data • Market Risk Data • System & Sub-System Information • Internal & Partner IP Schema • Network Topography & Design • Audit/Internal Audit Data

Page 160 of 220 • System Configuration Data • System Vulnerability Information • Risk Exception Information • Supplier Information & it's dependencies related Data Solution The Financial Sector organisations may be advised to protect such critical data using layered defence approach and seamless protection against external or insider threat The organisations may also be advised to ensure complete protection & seamless control over their critical system by continuous monitoring through direct control and supervision protocol mechanisms while keeping such critical data within the legal boundary of India. The organisations may also be requested to report back to their respective regulatory authority regarding compliance to this advisory. It is requested that you may kindly keep CERT-In informed of the actions taken and periodically provide the updated compliance to this advisory. (It may be noted that TLP Amber means: limited disclosure, restricted to participants' organizations. When should be used: Sources may use TLP:AMBER when information requires support to be effectively acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the organizations involved. How may it be shared: Recipients may only share TLP:AMBER information with members of their own organization, and with clients or customers who need to know the information to protect themselves or prevent further harm. Sources are at liberty to specify additional intended limits of the sharing: these must be adhered to.)

Page 161 of 220 Annexure-23 Dear Investor, In case of any grievance / complaint against the RTA: Please contact Compliance Officer of the RTA (Name and Address) / email-id (xxx.@email.com) and Phone No. - 91- XXXXXXXXXX. You may also approach CEO / Partner / Proprietor (Name) / email- id (xxx.@email.com) and Phone No. - 91-XXXXXXXXXX. If not satisfied with the response of the RTA you can lodge your grievances with SEBI at http://scores.gov.in or you may also write to any of the offices of SEBI. For any queries, feedback or assistance, please contact SEBI Office on Toll Free Helpline at 1800 22 7575 / 1800 266 7575. Annexure- 24

INVESTOR CHARTER- REGISTRARS TO AN ISSUE AND SHARE TRANSFER AGENTS (RTAs) VISION To be a trusted, transparent and prompt service provider to the investors, conforming to the highest standards of compliance, confidentiality and professionalism in conduct, to meet the obligation towards investors in Indian capital markets. MISSION • To maintain high standard of integrity in the conduct of business by fulfilling obligations in a prompt, ethical and professional manner. • To comply with all regulatory requirements in a time bound manner • To facilitate prompt service to investors by and through streamlining the process and harnessing technology • To facilitate easy approach, communication and interface with investors so as to resolve their queries I grievances

Page 162 of 220 Services provided by RTA to investors • Providing details of allotment and clarification on allotment. • Processing change in /up-dation of the KYC details of the investors for physical holdings like change of address/bank account details/ e-mail address /telephone/mobile/ nomination and PAN). • Processing and updating investor holding/title change requests viz name deletion, transmission, transposition, issue of duplicate shares, dematerialization and rematerialisation of securities. • Processing of other requests, viz., recording of declaration w.r.t. exemption I lower tax rates for TDS on dividend/interest, revalidation and reissue of dividend and interest instruments. • Execution and intimation of other corporate actions viz., ESOPs, Dividend payment, Stock split, Bonus issue and Merger/Demerger activities. • Communication of Rights issue entitlements. • Communication of Buyback, exit offer, takeover made by the company/ acquirer, and the procedure to be followed by investor in respect of these issues • Mandatory execution of transfer of shares and dividends to IEPF and transfer of undelivered share certificates to Suspense account. • Process grievance received through mails and Letters and those through SCORES also. Timelines pertaining to various services provided by RTA Sr No Nature of Service Expected Timelines (number of days) A Investor Service Request: 1 Processing of transmission request 21 2 Processing of issue of duplicate security certificate request 30 3 Processing of dematerialization request 15 4 Processing of remat request 30 5 Processing of Transposition request 15 6 I. Processing of request for change in I up￾dation of a. Name 30 b. Signature 30

Page 163 of 220 c. Nomination 30 d. Contact details (Address, E-mail address and Mobile number) 15 e. Bank account details 15 II. Processing of request for Up-dation of PAN 15 7 Processing of Re-validation of dividend I interest I redemption instruments and sending the remittance request files to the bank I Company 15 B Grievance Redressal 1 Providing response to the inquiries of the investors and Redressal of Grievance 30 c Other Operational activities 1 Allotment of securities (IPO) 6 2 Intimation regarding distribution of corporate benefits (dividend, bonus,stock Split) a. E-mail communication b. Physical communication 15 30 Rights of investors • Receive all the benefits/ material information declared by the Company. • Actively participate in the AGM I EGM of the company & E-voting events so as to be a part of the decision making of the Company's business resolutions. • In case of any grievances, approach RTA, Depository, Company, Stock Exchange or SEBI for resolution within prescribed timelines. Do Don’t

1. Encash dividend/Interest regularly to avoid transfer of unclaimed amount/ underlying securities to IEPF.
2. Follow up diligently and promptly if you have not receive allotment intimation/ certificate I dividend I interest etc.
3. Do not keep your folios without PAN.
4. Do not keep your folios without nomination.
5. Do not deal with unauthorized persons for any investor service requests such as change in I up- dation of address,

Page 164 of 220 3. Ensure that your PAN is registered with the RTA for all your folios. 4. Ensure nomination is registered for all your securities to smoothen the transmission. 5. Ensure that all KYC details viz full postal address with PIN, mobile number, e-mail address etc. are updated to facilitate the RTA for sending communication. 6. Ensure that correct and complete Bank details are recorded with RTA to facilitate prompt electronic credit of dividend I interest I redemption amounts and eliminate possibility of unclaimed amounts I underlying securities being transferred to IEPF. 7. Promptly inform the RTA in writing and complete required formalities in case of loss of securities. 8. Ensure that the documents provided for availing any investor service request are complete in all respects and keep copies of documents sent to the RTA. 9. Monitor all corporate announcements pertaining to investments made e-mail address, mobile number and bank details. 4. Do not share security details, viz. folio number, certificate number, distinctive number(s), bank details, specimen signature, KYC documents, etc. with unknown person(s). Grievance Redressal - Modes and Escalation Mechanism

Page 165 of 220 To Listed company /RTA a) Investor shall check the website of listed company I RTA for the dedicated grievance e-mail 10 and other relevant details of the grievance redressal division I compliance officer for the purpose of registering grievances I complaints. b) Investor can dial on help numbers or point of service of RTA for any query or concern. c) For lodging the grievance, the investor can write to listed entity I RTA's dedicated e-mail address or through physical letter. d) While lodging a complaint it is necessary for investor to mention the following: o Nature of Complaint o Name of Issuer Company o Folio number o Full Name of shareholder o E-mail address and mobile number o Reference to any previous correspondence made in this regard o Provide the relevant documents and o also update KYC and details, if there are any changes e) Upon receipt of the complaint, RTA after due verification shall send intimation of redressal I resolution of complaint via e-mail I physical letter as applicable within 30 days from the date of receipt of complaint. To Stock Exchanges - Online registration of complaint/ grievance on stock exchanges: a) The nature of the complaint that can be lodged against listed company has been given on the websites of the Stock Exchange. Upon receipt of complaint, the stock exchange shall forward the same to the concerned company with a copy to the complainant. b) If the company fails to redress the complaint within 30 days, the exchange sends a reminder to the company and follows up with the company and its respective RTA.

Page 166 of 220 c) If the investor is not satisfied with the redressal I resolution of the complaint by the listed company I RTA, investor can lodge the complaint on the SEBI SCORES. Grievance Redressal Mechanism at SEBI • Complaints can be lodged with SEBI electronically through SEBI Complaints Redress System

• SCORES (a web based centralized grievance redressal system of SEBI at (https://scores.gov.in/scores/Welcome.html). Annexure- 25 Data of complaints against RTAs to be displayed on their websites￾Format for disclosing data of complaints on their website: Data for the month ending SN Received from Carried forward from previous month Received during the month Total Pending# Resolved* Pending at the end of the month** Average Resolution time/
  (in days) Pending for less than 3 months Pending for more than 3 months 1 2 3 4 5 6 7 8 1 Directly from Investors

Page 167 of 220 2 SEBI (SCORES) 3 Stock Exchanges (if relevant) 4 Other Sources (if any) 5 Grand Total *Should include complaints of previous months resolved in the current month, if any. *Should include total complaints pending as on the last day of the month, if any. “Average resolution time is the sum total of time taken to resolve each complaint in the current month divided by total number of complaints resolved in the current month. Month – wise data for the current financial year SN Month Carried forward from previous month Received Resolved Pending 1 2 3 4 5 6 1 April, 20XX 2 May, 20XX 3 June, 20XX 4 and so on…… till the month previous to the

Page 168 of 220 reporting month Grand Total Trend of annual (Financial Year) disposal of complaints (for 5 years on rolling basis)* SN Year Carried forward from previous year Received Resolved Pending 1 20XX-XX 2 20XX-XX 3 20XX￾20XX 4 20XX-XX 5 20XX-XX Grand Total *The data shall be emailed to rta@sebi.gov.in

Page 169 of 220 ANNEXURE-26 Format for sending the Designated e-mail ID for regulatory communication with SEBI

1. The file should be an excel file.
2. The name of the file and the subject of the email shall specify the type of intermediary and the name of the intermediary. For example – “Registrar to an issue – ABC co. Ltd.”
3. The file shall contain the following details: The file shall be emailed to intermediary@sebi.gov.in Name Address Category Registration No Designated email id Name of compliance officer

Page 170 of 220 Annexure-27 PRINCIPLES FOR OUTSOURCING FOR RTAS

1. An RTA seeking to outsource activities shall have in place a comprehensive policy to guide the assessment of whether and how those activities can be appropriately outsourced. The Board I partners (as the case may be) {hereinafter referred to as the "the Board"} of the RTA shall have the responsibility for the outsourcing policy and related overall responsibility for activities undertaken under that policy. 1.1 The policy shall cover activities or the nature of activities that can be outsourced, the authorities who can approve outsourcing of such activities, and the selection of third party to whom it can be outsourced. For example, an activity shall not be outsourced if it would impair the supervisory authority's right to assess, or its ability to supervise the business of the RTA. The policy shall be based on an evaluation of risk concentrations, limits on the acceptable overall level of outsourced activities, risks arising from outsourcing multiple activities to the same entity, etc. 1.2 The Board shall mandate a regular review of outsourcing policy for such activities in the wake of changing business environment. It shall also have overall responsibility for ensuring that all ongoing outsourcing decisions taken by the RTA and the activities undertaken by the third-party, are in keeping with its outsourcing policy. 2 The RTA shall establish a comprehensive outsourcing risk management programme to address the outsourced activities and the relationship with the third party. 2.1 An RTA shall make an assessment of outsourcing risk which depends on several factors, including the scope and materiality of the outsourced activity, etc. The factors that could help in considering materiality in a risk management programme include￾a. The impact of failure of a third party to adequately perform the activity on the financial, reputational and operational performance of the RTA and on the investors I clients; b. Ability of the RTA to cope up with the work, in case of non performance or failure by a third party by having suitable back-up arrangements; c. Regulatory status of the third party, including its fitness and probity status;

Page 171 of 220 d. Situations involving conflict of interest between the RTA and the third party and the measures put in place by the RTA to address such potential conflicts, etc. 2.2 While there shall not be any prohibition on a group entity I associate of the RTA to act as the third party, systems shall be put in place to have an arm's length distance between the RTA and the third party in terms of infrastructure, manpower, decision-making, record keeping, etc. for avoidance of potential conflict of interests. Necessary disclosures in this regard shall be made as part of the contractual agreement. It shall be kept in mind that the risk management practices expected to be adopted by an RTA while outsourcing to a related party or an associate would be identical to those followed while outsourcing to an unrelated party. 2.3 The records relating to all activities outsourced shall be preserved centrally so that the same is readily accessible for review by the Board of the RTA and I or its senior management, as and when needed. Such records shall be regularly updated and may also form part of the corporate governance review by the management of the RTA. 2.4 Regular reviews by internal or external auditors of the outsourcing policies, risk management system and requirements of the regulator shall be mandated by the Board wherever felt necessary. The RTA shall review the financial and operational capabilities of the third party in order to assess its ability to continue to meet its outsourcing obligations. 3 The RTA shall ensure that outsourcing arrangements neither diminish its ability to fulfill its obligations to customers and regulators, nor impede effective supervision by the regulators. 3.1 The RTA shall be fully liable and accountable for the activities that are being outsourced to the same extent as if the service were provided in-house. 3.2 Outsourcing arrangements shall not affect the rights of an investor or client against the RTA in any manner. The RTA shall be liable to the investors for the loss incurred by them due to the failure of the third party and also be responsible for redressal of the grievances received from investors arising out of activities rendered by the third party. 3.3 The facilities I premises I data that are involved in carrying out the outsourced activity by the service provider shall be deemed to be those of the registered RTA. The RTA itself and Regulator or the persons authorized by it shall have the right to access the same at any point of time. 3.4 Outsourcing arrangements shall not impair the ability of SEBI/SRO or auditors to exercise its regulatory responsibilities such as supervision/inspection of the RTA.

Page 172 of 220 4 The RTA shall conduct appropriate due diligence in selecting the third party and in monitoring of its performance. 4.11t is important that the RTA exercises due care, skill, and diligence in the selection of the third party to ensure that the third party has the ability and capacity to undertake the provision of the service effectively. 4.2 The due diligence undertaken by an RTA shall include assessment of: a. third party's resources and capabilities, including financial soundness, to perform the outsourcing work within the timelines fixed; b. compatibility of the practices and systems of the third party with the RTA's requirements and objectives; c. market feedback of the prospective third party's business reputation and track record of their services rendered in the past; d. level of concentration of the outsourced arrangements with a single third party; and e. the environment of the foreign country where the third party is located. 5 Outsourcing relationships shall be governed by written contracts I agreements I terms and conditions (as deemed appropriate) {hereinafter referred to as "contract"} that clearly describe all material aspects of the outsourcing arrangement, including the rights, responsibilities and expectations of the parties to the contract, client confidentiality issues, termination procedures, etc. 5.1Outsourcing arrangements shall be governed by a clearly defined and legally binding written contract between the RTA and each of the third parties, the nature and detail of which shall be appropriate to the materiality of the outsourced activity in relation to the ongoing business of the RTA. 5.2 Care shall be taken to ensure that the outsourcing contract: a. clearly defines what activities are going to be outsourced, including appropriate service and performance levels; b. provides for mutual rights, obligations and responsibilities of the RTA and the third party, including indemnity by the parties;

Page 173 of 220 c. provides for the liability of the third party to the RTA for unsatisfactory performance/other breach of the contract d. provides for the continuous monitoring and assessment by the RTA of the third party so that any necessary corrective measures can be taken up immediately, i.e., the contract shall enable the RTA to retain an appropriate level of control over the outsourcing and the right to intervene with appropriate measures to meet legal and regulatory obligations; e. includes, where necessary, conditions of sub-contracting by the third-party, i.e. the contract shall enable RTA to maintain a similar control over the risks when a third party outsources to further third parties as in the original direct outsourcing; f. has unambiguous confidentiality clauses to ensure protection of proprietary and customer data during the tenure of the contract and also after the expiry of the contract; g. specifies the responsibilities of the third party with respect to the IT security and contingency plans, insurance cover, business continuity and disaster recovery plans, force majeure clause, etc.; h. provides for preservation of the documents and data by third party; i. provides for the mechanisms to resolve disputes arising from implementation of the outsourcing contract; j. provides for termination of the contract, termination rights, transfer of information and exit strategies; k. addresses additional issues arising from country risks and potential obstacles in exercising oversight and management of the arrangements when RTA outsources its activities to foreign third party. For example, the contract shall include choice-of-law provisions and agreement covenants and jurisdictional covenants that provide for adjudication of disputes between the parties under the laws of a specific jurisdiction; I. neither prevents nor impedes the RTA from meeting its respective regulatory obligations, nor the regulator from exercising its regulatory powers; and m. provides for the RTA and /or the regulator or the persons authorized by it to have the ability to inspect, access all books, records and information relevant to the outsourced activity with the third party. 6 The RTA and its third parties shall establish and maintain contingency plans, including a plan for disaster recovery and periodic testing of backup facilities. 6.1 Specific contingency plans shall be separately developed for each outsourcing arrangement, as is done in individual business lines.

Page 174 of 220 6.2 An RTA shall take appropriate steps to assess and address the potential consequence of a business disruption or other problems at the third party level. Notably, it shall consider contingency plans at the third party; co-ordination of contingency plans at both the RTA and the third party; and contingency plans of the RTA in the event of non-performance by the third party. 6.3 To ensure business continuity, robust information technology security is a necessity. A breakdown in the IT capacity may impair the ability of the RTA to fulfill its obligations to other market participants/clients/regulators and could undermine the privacy interests of its customers, harm the RTA's reputation, and may ultimately impact on its overall operational risk profile. RTAs shall, therefore, seek to ensure that third party maintains appropriate IT security and robust disaster recovery capabilities. 6.4 Periodic tests of the critical security procedures and systems and review of the back- up facilities shall be undertaken by the RTA to confirm the adequacy of the third party's systems. 7 The RTA shall take appropriate steps to require that third parties protect confidential information of both the RTA and its customers from intentional or inadvertent disclosure to unauthorised persons. 7.1An RTA that engages in outsourcing is expected to take appropriate steps to protect its proprietary and confidential customer information and ensure that it is not misused or misappropriated. 7.2 The RTA shall prevail upon the third party to ensure that the employees of the third party have limited access to the data handled and only on a "need to know" basis and the third party shall have adequate checks and balances to ensure the same. 7.3 1n cases where the third party is providing similar services to multiple entities, the RTA shall ensure that adequate care is taken by the third party to build safeguards for data security and confidentiality. 8 Potential risks posed where the outsourced activities of multiple RTAs are concentrated with a limited number of third parties. In instances, where the third party acts as an outsourcing agent for multiple RTAs, it is the duty of the third party and the RTA to ensure that strong safeguards are put in place so that there is no co-mingling of information /documents, records and assets.

Page 175 of 220 Annexure-28 Standard Operating Procedure – Regulatory Sandbox Applicability

1. All entities registered with SEBI under section 12 of the SEBI Act 1992, shall be eligible for testing in the regulatory sandbox. The entity may apply either on its own or in partnership with any other entity. In either scenarios, the registered market participant shall be treated as the principal applicant, and shall be solely responsible for testing of the solution. Stages of Sandbox Testing
2. The details of the stages of sandbox testing are as below: 2.1. Stage–I: SEBI will approve the limited set of users as proposed by the applicant for testing in Stage-I. During the stage-I testing, applicant shall use limited and identified set of users with maximum cap on users based on the requirement of the applicant duly approved by SEBI on case to case basis. These users will be required to provide positive consent including their understanding of the risks of using the solution. 2.2. Stage–II: During the stage-II testing, applicant shall test with larger set of identified users with maximum cap on users based on the requirement of the applicant duly approved by SEBI on case to case basis. These users will be required to provide positive consent including their understanding of the risks of using the solution. Eligibility Criteria for the project
3. Stage-I Eligibility Criteria: The Stage-I eligibility criteria shall be as follows: 3.1. SEBI Registration: The applicant should be an entity registered with SEBI under section 12 of the SEBI Act 1992. The entity may apply either on its own or in partnership with any other entity. In either scenario, the registered market participant shall be treated as the principal applicant, and shall be solely responsible for all aspects of participation in the Regulatory Sandbox.

Page 176 of 220 3.2. A. Genuine need to test: The applicant should have a genuine need for live testing the solution on real users. The applicant should provide justification that testing in test environment with test data is not enough. B. Genuine need for relaxation: The applicant should provide justification that the solution cannot be deployed without relaxations in certain regulations being sought. 3.3. Compliance to the objective of the Regulatory Sandbox: The solution should be pertaining to the securities market and should be either new innovative solutions or a solution for performing existing services in better way by improving the existing processes or facilitating inclusion. 3.4. Benefits to users: The solution should offer identifiable benefits (direct or indirect) to the users and/or to the securities market as a whole. 3.5. Testing readiness of the solution: The applicant should have necessary resources to support testing in the sandbox and must demonstrate well developed testing plans with clear objectives, parameters and success criteria. 3.6. Safeguards to mitigate potential risks to the financial system: The solution should have proper risk management strategy to incorporate appropriate safeguards to mitigate and control potential risks to any market participants/users that may arise from the testing of the solution and shall propose appropriate safeguards to manage the risks and contain the consequences of failure. 4. An applicant is eligible for Stage-II after completing minimum 90 days in the Regulatory Sandbox testing. 5. Stage- II Eligibility Criteria: The Stage-II criteria shall be as follows: 5.1. Adequate Progress: The applicant should demonstrate that they have achieved adequate progress and are on track with their testing plan. 5.2. Compliance to the objective of the Regulatory Sandbox: The applicant should provide justification that they are complying with the objective of the Regulatory Sandbox. 5.3. Reviews of the Risks observed during Stage-I testing: The applicant should submit the details of the risks observed during stage-I testing along with the steps taken to mitigate those risks.

Page 177 of 220 5.4. Safeguards to mitigate potential risks: The applicant should provide the list of appropriate safeguards to manage the risks and contain the consequences of failure. 5.5. Users feedback: The applicant should present summary of the feedback received from the users participated during stage-I of the Regulatory Sandbox testing highlighting the adverse feedbacks and steps taken to address the same. 5.6. Deployment post-testing: The applicant should present the intention and ability to deploy the solution on a broader scale. To this effect the applicant should share a proposed sandbox exit strategy. Application and Approval Process 6. The applicant shall ensure that the specified eligibility criteria are satisfied while submitting the application as per Annexure-28A to SEBI. The application form shall be signed by the Chief Executive Officer (CEO) of the applicant or officer duly authorized by the CEO or compliance officer. The complete application must be submitted to: Chief General Manager, Market Intermediaries Regulation and Supervision Department -2 SEBI Bhavan II BKC, Plot No. C-7, G-Block, Bandra Kurla Complex, Bandra (E), Mumbai – 400051 Or By email at regulatorysandbox@sebi.gov.in 7. Thereafter, the application shall be forwarded to the relevant department of SEBI for processing. SEBI shall communicate with the applicant during the course of evaluating the sandbox application, and during the testing phase. The status of the applications shall be published on SEBI website. 8. At the “Application Stage”, SEBI shall review the application and inform of its potential suitability for a sandbox preferably in 30 working days from the submission of the complete application and further information as desired by SEBI. SEBI may issue guidance to the applicant according to the specific characteristics and risks associated with the proposed solution. SEBI may also consult its Committee on Financial and Regulatory Technologies (CFRT) or Regulatory Sandbox Sub-committee, if necessary, to evaluate the application. 9. At the “Evaluation Stage”, SEBI shall work with the applicant to determine the specific regulatory requirements and conditions (including test parameters and control boundaries) to be applied to the proposed solution in question. The applicant shall then assess if it is able to meet these requirements. If the applicant is able and willing to meet the proposed

Page 178 of 220 regulatory requirements and conditions, the applicant shall be accepted in Stage-I and granted permission to develop and test the proposed Innovative solution(s) in the sandbox. 10. Upon approval, the applicant shall apply for the limited certificate of registration of that particular category of intermediary for which the applicant seeks to test the innovative solution along with a token fees of `10,000. 11. SEBI shall review and approve the application and allot a registration number to the applicant with the validity of maximum of 12 months. 12. Once registration is allotted to the applicant, the application shall proceed towards the “Stage- I Testing Stage”. The applicant shall disclose to its users that the solution shall operate in a sandbox and the potential key risks associated with the solution. The applicant is also required to obtain the users’ positive consent that they have read and understood the risks before any transactions separately for both Stage-I and Stage-II. 13. During the Stage-I testing stage, the applicant shall take prior approval from SEBI to effect any material changes to the solution. 14. The applicant shall assign a contact person to coordinate with a designated officer of SEBI. 15. An applicant is eligible for Stage-II after completing minimum three (3) months in the Regulatory Sandbox testing. 16. If applicant wishes to apply for Stage-II, the applicant should submit the application as per Annexure-28B to SEBI. 17. The application shall be evaluated on the eligibility criteria mentioned for Stage-II. Applicants may be required to make a presentation to the Regulatory Sandbox sub￾committee either physical or through online mode. 18. If approved, applicant enters stage-II of Sandbox testing: Applicant shall be able to test on users with maximum cap on users based on the requirement of the applicant duly approved by SEBI. These users will be required to provide positive consent including their understanding of the risks of using the solution. 19. The applicant must submit monthly reports as mentioned in the Section: “SUBMISSION OF TEST RELATED INFORMATION AND REPORTS”. These monthly reports would be reviewed by SEBI. If the progress of the applicant is not satisfactory then, SEBI may revoke the approval to participate in the sandbox.

Page 179 of 220 20. The total duration of the sandbox testing stage (including Stage-I and Stage-II) shall be a maximum of twelve (12) months and extendable upon request of the applicant duly approved by SEBI. 21. In case an application is rejected at any stage, the applicant shall be informed accordingly. The reasons for rejection could include failure to meet the objective of the sandbox or any of the eligibility criteria. The applicant may re-apply for the sandbox when it is ready to meet the objective and eligibility criteria of the sandbox, subject to an appropriate cooling off period as decided by SEBI. Evaluation Criteria 22. The applicant may be evaluated using a scoring process by SEBI, inter alia, based on the parameters given below: 22.1. STAGE-I Evaluation Criteria: 22.1.1. Profile of the applicant 22.1.2. Genuine need to test 22.1.3. Genuine need for relaxation 22.1.4. Solution should be either new solution or improvement in the existing processes 22.1.5. Identified benefits to the users and/or the securities/commodities markets 22.1.6. Compilation of meaningful test scenarios and expected/desired outcomes 22.1.7. Risk measured/graded testing conditions and parameters so as to ensure safety and protection of the markets/users 22.1.8. Risk mitigation for high risk testing conditions and parameters 22.1.9. Appropriate disclosure requirements and protection to their users 22.1.10. Clearly defined grievance redressal mechanism and user rights 22.1.11. Adequate disclosure of the potential risks to participating users 22.1.12. Prior confirmation from users that they fully understand and accept the attendant risks 22.1.13. Intent and feasibility to deploy the proposed Innovative solution post testing 22.1.14. The withdrawal strategy (in the event the tests are not successful) including for participating users 22.1.15. Any other factors considered relevant by SEBI 22.2. STAGE- II Evaluation Criteria: 22.2.1. Applicant has achieved adequate progress in stage –I testing 22.2.2. Review of the risks observed during stage –I testing

Page 180 of 220 22.2.3. Review of the steps taken to mitigate the risks 22.2.4. Appropriate safeguards to manage the risks and contain the consequences of failure 22.2.5. User feedback during stage-I testing 22.2.6. Intent and feasibility to deploy the proposed Innovative solution post testing 22.2.7. The deployment and monitoring strategy post testing (in the event the tests are deemed successful) or the withdrawal strategy including for participating users (in the event the tests are not successful) Regulatory Exemptions 23. To encourage innovation with minimal regulatory burden, SEBI shall consider exemptions/ relaxations, if any, which could be either in the form of a comprehensive exemption from certain regulatory requirements or selective exemptions on a case-by-case basis, depending on the Innovative solution to be tested. 24. Within the overarching principles of market integrity and investor protection, no exemptions would be granted from the extant investor protection framework, Know-Your￾Customer (KYC) and Anti-Money Laundering (AML) rules. 25. Entities desirous of participating in sandbox shall make an application, including exemption / relaxation being sought from relevant provisions of the applicable regulatory framework. 26. The registration granted by SEBI to all entities registered with SEBI under Section 12 of the SEBI Act, 1992 is activity based. An entity which is registered with SEBI for a particular activity is authorized to carry out activity in that domain. In order to enable the cross domain testing of innovative solutions, an existing registered entity would be required to first obtain a limited certificate of registration for the category of intermediary for which it seeks to test the Innovative solution(s).This concept of limited registration shall facilitate the entities to operate in a Regulatory Sandbox without being subjected to the entire set of regulatory requirements to carry out that activity. 27. Accordingly, regulatory relaxations from various SEBI regulations may be provided after analyzing specific sandbox testing applications. A reference list is given at Annexure-28C with examples of the regulatory requirements that will be mandatory and those for which SEBI may consider granting relaxation during the sandbox testing. 28. SEBI has notified SEBI Regulatory Sandbox (Amendment) Regulations, 2020 so as to enable the grant of relaxation(s)/exemption(s), as may be deemed fit, while granting such limited certificate of registration.

Page 181 of 220 Submission of Test Related Information and Reports 29. The Sandbox applicant must submit project plan along with the Application Form for participation in Regulatory Sandbox. The project plan shall include timelines and milestones of major activities. 30. During the testing period (both Stage-I and Stage-II), SEBI may require the applicant to submit information/reports on monthly basis including: i) Key performance indicators, milestones and statistical information ii) Key issues arising as observed from fraud or operational incident reports iii) Actions or steps taken to address the key issues identified above iv) Any other information relevant to SEBI. 31. The sandbox applicants must submit a final report containing the following information to SEBI within 30 calendar days from the expiry of the Stage-II testing period: i) Key outcomes, key performance indicators against agreed measures for the success or failure of the test and findings of the test ii) A full account of all incident reports and resolution of user complaints, if any iii) Key learnings from the test 32. The monthly and final reports must be confirmed by the Chief Executive Officer (CEO) of the applicant or officer duly authorized by the CEO or the compliance officer. 33. The sandbox applicant must ensure that proper records of the conducted tests are maintained for review by SEBI. Further, the applicant shall also maintain such records for a period of three (3) years from the date of completion of testing/ exit from the sandbox. Obligations of the Applicant towards the User 34. The applicant shall ensure that before signing up, the user has read the full documentation provided by the applicant and confirm that he/she is aware of the risks of using the solution and if asked by SEBI, submit the user consent form in the format prescribed in Annexure-28D. 35. Right of the users participating in the sandbox:

Page 182 of 220 35.1. The applicant shall ensure that users participating in the sandbox have the same protection rights as the ones participating in the live market except for the specific provisions mentioned in the user consent form and relaxations granted under regulatory sandbox. 35.2. The applicant shall take liability / indemnity insurance of an adequate amount and period to safeguard the users participating in the sandbox. The adequacy of indemnity cover shall depend on determination of the maximum liability based on, among others, (i) maximum exposure to a single user (ii) the number of claims that could arise from a single event (potential for multiple claims); and (iii) number of claims that might be expected during the policy period. The policy cover shall begin with the start of testing stage and end three months after exit of the sandbox entity from the regulatory sandbox. 35.3. Users shall have the right to revoke the consent. 35.4. In case of exit by some users, the applicant may take additional users within the permissible cap of users. 36. The applicant should publish clearly defined grievance redressal mechanism to address any of the grievances of the users participating in the sandbox. 37. The users may also use SEBI Complaint Redressal System (SCORES) for registering their grievances/ complaints. Exiting and Withdrawing from the Sandbox 38. The applicant is required to submit exit strategy which would be applicable during successful testing and withdrawal strategy which would be applicable during unsuccessful testing as per below: 38.1. Exit Strategy: The applicant shall provide exit strategy which shall be applicable in the event of successful testing. This shall incorporate the post-testing strategy and deployment of the solution on a broader scale. The exit strategy shall include following: 38.1.1. Process of notification to the existing users of the completion of the sandbox testing and informing them on the necessary steps to be taken. 38.1.2. Proposed steps for deployment of the solution on a broader scale. 38.1.3. How the current position of the existing users shall be taken care while migrating to live environment.

Page 183 of 220 38.1.4. The applicant needs to mention what regulatory changes are expected to enable the applicant to launch their solution in the live market post completion of the sandbox testing. 38.2. Withdrawal Strategy: The applicant shall provide withdrawal strategy which shall be applicable in the event the tests are not successful or applicant wants to discontinue the sandbox testing or SEBI revokes the approval to participate in the sandbox as per the” Revocation of the Approval” clause of this document. The withdrawal strategy shall include following: 38.2.1. Process of notification to the existing users regarding the termination of the sandbox testing and informing them on the necessary steps to be taken. 38.2.2. Settling/ transferring etc. of the current position of the existing users within 15 days of the initiation of the withdrawal strategy, as may be applicable. 38.2.3. Refund of any dues to the existing users within 15 days of the initiation of the withdrawal strategy. 39. At the end of the Stage-II testing period, the permission granted to the applicant as well as the legal and regulatory requirements relaxed by SEBI, shall expire. 40. Upon completion of testing, i) SEBI shall decide whether to permit the innovation to be introduced in the market on a wider scale. Where allowed, applicants intending to carry out regulated businesses shall be assessed based on applicable licensing, approval and registration criteria under various SEBI regulations, as the case may be. 41. The applicant may withdraw from the sandbox on its own by giving a prior notice to SEBI, in writing, of its intention to withdraw from the sandbox. 42. The applicant shall ensure that any existing obligation to the users of the Innovative solution(s) in the sandbox are completely fulfilled or addressed before withdrawing from the sandbox or before discontinuing the sandbox testing. 43. The applicant is required to maintain records of acknowledgement of all its users stating that all the obligations towards the users have been met. These records shall be maintained by the applicant for a period of three (3) years from the date of withdrawal from the sandbox. Revocation of the Approval

Page 184 of 220 44. SEBI may revoke an approval, to participate in the sandbox, at any time before the end of the testing period, if the applicant: i) Fails to carry out risk mitigants. ii) Submits false, misleading or inaccurate information, or has concealed or failed to disclose material facts in the application iii) Contravenes any applicable law administered by SEBI or any applicable law in India or abroad iv) Unsatisfactory progress v) Suffers a loss of reputation vi) Undergoes or has gone into liquidation vii) Compromises the digital security and integrity of the service or product or elevates the risk of a cyber-security attack viii) Carries on business in a manner detrimental to users or the public at large ix) Fails to effectively address any technical defects, flaws or vulnerabilities in the product, service or solution which gives rise to recurring service disruptions or fraudulent activities x) Fails to implement any directions given by SEBI xi) Not in the interest of users or securities market xii) Fails to adhere to the general requirements of Market Infrastructure Institutions (MIIs) etc. 45. In addition to revocation of approval for participating in the sandbox, appropriate actions under relevant regulatory framework may be initiated against the applicant in case solution provided by the applicant under the regulatory sandbox framework facilitates the following: i) Undermining of Know Your Customer (KYC) principles ii) Violation of users’/investors’ privacy iii) Promotion/ facilitation of sale of fraudulent/illegal products or services iv) Promotion/ facilitation of mis-selling of products or services v) Violation of Anti-Money Laundering (AML) norms vi) Creation of risk to market integrity vii) Theft of intellectual property viii) Not in the interest of users/ investors or securities market 46. If SEBI proposes to revoke the approval granted to an applicant to participate in the sandbox, then SEBI shall:

Page 185 of 220 i. immediately suspend trials on new users i.e. not permitting new users to sign up for using/ testing the solution and give a notice to the applicant of the intention of SEBI to revoke the approval detailing the grounds for such an intention; ii. provide an opportunity to the applicant to respond to SEBI on the grounds for revocation; and iii. dispose of the notice through a speaking order. 47. Notwithstanding anything contained in paragraph 46 above, where SEBI is satisfied that in the interest of the applicant, its users or the securities market, revocation is necessary, it may revoke the approval immediately and issue a notice of revocation containing grounds for revocation, after the effective date of revocation. If the response of the applicant is found to be satisfactory, then SEBI may reinstate the approval and allow the applicant to continue participating in the Regulatory Sandbox. 48. Upon revocation of an approval, the applicant must: i) Immediately implement its withdrawal plan to cease the provision of the product, process, service or solution to new and existing users; ii) Notify its users about the cessation and their rights to grievance redressal, as applicable; iii) Comply with obligations imposed by SEBI to dispose of all confidential information including user’s personal information collected over the duration of the testing; iv) Submit a report to SEBI on the actions taken, within 30 days from the revocation; v) Comply with any other directions given by SEBI.

Page 186 of 220 Annexure-28A REGULATORY SANDBOX APPLICATION FORM – STAGE- I:

1. Applicant’s Information Sr. No. Description Response 1.1 Name of the Entity/ Organization 1.2 SEBI Registration no. 1.3 Name of the Authorized Representative 1.4 Designation 1.5 Contact No 1.6 Email id
2. Details of other entity involved, if any Sr. No. Description Response 2.1 Provide a brief description of other entity and its core businesses including but not limited to: a. registration with other regulators, b. affiliation to prominent societies, c. Accreditations, d. significant achievements e. financial standing including avenues for funding f. Profile of key personnel 2.2 Does the entity has a presence in India? If yes then please provide details. 2.3 Is the entity’s business is already active abroad? If yes then please provide details. 2.4 Current orders or proceedings against the entity in India and abroad (if any)
3. About the proposed solution Sr. No. Description Response

Page 187 of 220 3.1 Provide a short summary of the proposed solution to be tested in the sandbox including but not limited to: a. Objective of the proposed Innovative solution or the statement of purpose

Page 188 of 220 b. Key benefits to the users and markets c. Business Model, including asset deployment and sources of revenue d. Target users e. Compliance obligations f. Time period for testing 3.2 Sumg. maCryoof mptheliantceechntoithe cal sol objuetciontiveinofcludtheinReg bguulato t not limi ry Staedndto: box a. Technical architecture b. Usage of Artificial Intelligence and Machine Learning, if any c. Cyber resilience: VAPT results, if any d. Certification from Common Criteria Recognition Arrangement (CCRA), if any e. Business Continuity Plan, if any f. Any other certifications, if any 3.3 With respect to the genuine need to test , please provide why testing in test environment with test data is not enough and it is required to test the solution on real users on live environment 3.4 Awareness of similar offering in other countries or for other than securities/commodities markets 4. Sandbox Sr. readiness No. Description Response 4.1 Illustrate the aspect of the Innovative solution that will be tested 4.2 The test criteria and expected outcomes 4.3 Describe the use case that will be tested in the sandbox 4.4 Define success for a test and the Key Performance Indicators that will indicate a successful test 4.5 Probable start and end date of sandbox testing

Page 189 of 220 4.6 Details of users including but not limited to: a. Maximum number of participating users b. Profile of users (retail, institutional, etc.) c. Process for enrollment and acquisition of users

Page 190 of 220 d. Requirement of KYC e. User awareness required/conducted f. Whether consent required /has consent been obtained g. Arrangements to limit loss if applicable e.g. Margin, stop loss thresholds etc. h. User compensation if any i. Value at risk per user j. Transaction thresholds per user 4.7 Risk assessment and mitigation options including but not limited to: a. Failure of sandbox testing b. Financial loss to the users c. Cyber attack d. AML and terrorism financing 4.8 Any instance of a legal and regulatory non-compliance for any other regulator during the sandbox testing 5. Legal and Regulatory Assessment: other regulators 5.1 Legal and regulatory status (registration, licensing, authorization, approval, recognition etc.) 5.2 Legal opinion sought on the proposed Innovative solution, if any 5.3 Relevant license to deploy the proposed solution in the production environment? Please provide the details 6. Deployment post-testing 6.1 Describe how the regulatory requirements will be met post successful sandbox testing 6.2 Please provide a pan-India deployment strategy, post successful sandbox testing 6.3 Please provide a clear strategy to monitor the outcomes in the live scenario

Page 191 of 220 6.4 Please provide withdrawal strategy if the deployed solution turns unviable and the tests are unsuccessful including action plan for participating users who had joined the sandbox 7. Relaxation of SEBI regulations and guidelines 7.1 Outline the list of rules, regulation, guidelines, circulars etc. of SEBI that, as per the applicant, may act as an impediment to the proposed Innovative solution, along with detailed rationale 7.2 Is SEBI to relax any specific regulatory requirements, for the duration of the sandbox? Please provide the details along with detailed rationale 7.3 In the event of a successful test and before exit from the sandbox, provide details on how SEBI’s regulatory requirements shall be complied with. 7.4 The applicant needs to mention what regulatory changes are expected to enable the applicant to launch their solution in the live market post completion of the sandbox testing. Enclosures with Annexure- 28A  Copy of Certificate of SEBI Registration  Letter of undertaking that the applicant is not blacklisted or debarred by any Govt. department due to breach of general or specific instructions, corrupt or fraudulent or any other unethical business practices.  Letter of undertaking declaring that the applicant accepts that in case of any violation as detailed under clause 45 of Annexure-28, SEBI may initiate appropriate action against the applicant such as debarment, monetary penalty, prosecution etc.  Project Plan including timelines and milestones of major activities.  Positive consent of users who would be participating in the sandbox testing as per the format prescribed in Annexure-28D.

Page 192 of 220 Annexure-28B REGULATORY SANDBOX APPLICATION FORM: STAGE –II

1. Applicant’s Information Sr. No. Description Response 1.1 Name of the Organization 1.2 SEBI Registration no. 1.3 Name of the Authorized Representative 1.4 Designation 1.5 Contact No 1.6 Email id 1.7 Date of Submission of Application Form for STAGE-I
2. About the proposed solution Sr. No. Description Response 2.1 Please submit the details of the risks observed during Stage-I testing along with steps taken to mitigate those risks 2.2 Please provide the adverse feedback received from the users participated during Stage-I and steps taken to address the same
3. Sandbox readiness during Stage-II Sr. No. Description Response 3.1 The test criteria and expected outcomes 3.2 Describe the additional use case that will be tested in the sandbox based on the learning from Stage-I testing 3.3 Define success for a test and the Key Performance Indicators that will indicate a successful test 3.4 Probable start and end date of sandbox testing

Page 193 of 220 3.5 Details of users including but not limited to: a. Number of participating users b. Profile of users (retail, institutional, etc.) c. Process for enrollment and acquisition of users d. Requirement of KYC e. User awareness required/conducted f. Whether consent required /has consent been obtained g. Arrangements to limit loss if applicable e.g. Margin, stop loss thresholds etc. h. User compensation if any i. Value at risk per user j. Transaction thresholds per user 3.6 Risk assessment and mitigation options including but not limited to: a. Failure of sandbox testing b. Financial loss to the users c. Cyber attack d. AML and terrorism financing 4. Deployment post-testing 4.1 Describe how the regulatory requirements will be met post successful sandbox testing 4.2 Please provide a pan-India deployment strategy, post successful sandbox testing 4.3 Please provide a clear strategy to monitor the outcomes in the live scenario 4.4 Please provide withdrawal strategy if the deployed solution turns unviable and the tests are unsuccessful including action plan for participating users who had joined the sandbox

Page 194 of 220 Enclosure with Annexure-28B  Positive consent of users who would be participating in the sandbox testing as per the format prescribed in Annexure-28D. Annexure-28C REQUIREMENTS WHICH WILL NOT BE RELAXED AND WHICH MAY MERIT RELAXATION: (FOR ILLUSTRATIVE PURPOSE) a. Requirements for which relaxation will not be considered i. Fit and proper criteria of applicant and partner ii. Principles of KYC of clients iii. Prevention of money laundering and countering the financing of terrorism. iv. Confidentiality of customer/user information v. Risk checks (like price check, order value check, etc.) vi. Handling of user’s moneys and assets by intermediaries beyond the existing regulations b. Requirements that may merit relaxation i. Net worth of applicant ii. Financial soundness of applicant iii. Track record of applicant iv. Registration fees v. SEBI Guidelines, such as technology risk management guidelines and outsourcing guidelines

Page 195 of 220 Annexure-28D USER CONSENT FORM FOR PARTICIPATING IN THE REGULATORY SANDBOX Organization Name [Sandbox Applicant]: ______________________________ Name of the user participating in the Sandbox testing: __________________________

1. I hereby agree to participate in the sandbox testing conducted by the abovementioned sandbox applicant.
2. I have been fully informed about the purpose of the test.
3. I have read the full documentation provided by the sandbox applicant and confirm that I am aware of the risks of using the solution and know that I may lose my investment.
4. I am also aware that my participation in the testing will be only till the approved duration of the sandbox testing and SEBI may revoke approval to participate sandbox testing as per “Revocation of the Approval” clause of the Standard Operating Procedure of the Regulatory Sandbox.
5. I understand that participation in this sandbox testing is voluntary.
6. I also confirm that the applicant has published and I have read and agreed to the grievance redressal mechanism to address any of the grievances which I might have, related to participating in the sandbox.
7. I note that certain exemptions have been given to the sandbox applicant under regulatory sandbox which limits my level of protection in the market.
8. I have read and understood the exit and withdrawal strategy proposed by the applicant which shall be applicable in the event of successful and unsuccessful testing.
9. I understand and agree that in the event of any claim for financial loss or damages arising from participating in the sandbox testing, I shall pursue the same only against the applicant before the appropriate forum or court of law.
10. I understand and agree that I can revoke my consent during the middle of testing. By signing below I acknowledge that: I have fully understood the above mentioned statements and give my consent for participation in the Regulatory Sandbox testing. Signature of the User: ______________ Date: _______________

Page 196 of 220 Annexure-29 Procedures on the Rights Issue process A. Application Form a. The issuer shall dispatch a common application form to its shareholders as on the record date. Along with application form, the issuer shall also send the details of the rights entitlements of the shareholder separately. b. This application form can be used both by shareholder or renounce. c. Registrar to the issue shall also upload the application forms on its website. d. Applicants can use application form available on the website of registrar to the issue or printed forms sourced from the issuer, merchant bankers or registrars to the issue. e. In terms of Regulation 78 of the ICDR Regulations, investor also has option to make an application in writing on a plain paper. B. Credit of Rights Entitlements (“REs”) in dematerialized form a. The depositories shall put necessary procedures in place for issue and credit of REs in demat mode. b. The issuer making a rights issue of specified securities shall ensure that it has made necessary arrangements with depositories to issue and credit the REs in demat mode in the demat accounts of shareholders holding shares as on the record date. c. A separate ISIN shall be obtained by the issuer for credit of REs. d. Issuer shall specify the ISIN for REs while announcing the record date. However, for issues where the record date is announced before February 14,2020, and the letter of offer is filed with the stock exchanges on or after February 14, 2020, the Issuer shall file the letter of offer with the stock exchanges only after it has obtained ISIN for REs. e. Based on the rights entitlement ratio, the issuer shall credit REs in dematerialized mode through corporate action to shareholders holding shares as on record date. The ISIN of REs shall be kept frozen (for debit) in the depository system till the date of opening of the issue. f. Physical shareholders shall be required to provide their demat account details to Issuer / Registrar to the Issue for credit of REs not later than two working days prior to issue

Page 197 of 220 closing date, such that credit of REs in their demat account takes place at least one day before issue closing date. g. In case of fractional entitlements of REs, the fractional part shall be ignored by rounding down the entitlement. h. The issuer shall submit details of total REs credited to the stock exchanges immediatel after completing the corporate action for the same and shall obtain requisite trading approval from the stock exchanges. i. The details with respect to shareholder entitlement shall be made available on the website of the Registrar to the issue and the investors shall be able to check their respective entitlements on the website of the Registrar by keying their details, after adequate security controls to ensure that investors’ information is made available only to the particular investor. Issuer shall also carry these links on their website. j. If the demat account of a shareholder is frozen or demat account details are not available, including shares held in unclaimed suspense account or in the account of IEPF Authority, then REs shall be credited in a suspense escrow demat account of the Company and an intimation should be sent to such shareholder by the issuer /Registrar to the issue. k. The issuer shall intimate issue closing date to the depositories at least one day before the issue closing date, and the depositories shall suspend the ISIN of REs for transfers, from issue closing date. l. REs which are neither renounced nor subscribed by the shareholders, shall be lapsed after closure of the Rights Issue. m. Issuer Company shall ensure that REs which are lapsed are extinguished from the depository system once securities are allotted pursuant to Rights Issue. Once allotment is done, the ISIN for REs shall be permanently deactivated in the depository system by the depositories. C. Renunciation process and trading of REs on stock exchange platform: a. The stock exchanges shall put necessary procedures in place for trading of REs on stock exchange platform. b. REs credited to demat account can be renounced either by sale of REs using stock exchanges platform or off-market transfer and such trades will be settled by transferring dematerialized REs through depository mechanism in the same manner as done for all other types of securities. c. For sale of REs through stock exchange, investors can place order for sale of REs only to the extent of REs available in the demat account of the investor. Trading in REs on the secondary market platform of Stock exchanges will happen electronically

Page 198 of 220 on T+2 rolling settlement basis where T being the date of trading. The transactions will be settled on trade-for-trade basis. d. Issuer shall inform the dates of issue opening and closing to the stock exchanges and the depositories at the time of filing the letter of offer with the stock exchanges. e. Trading in REs shall commence on the date of opening of the issue and shall be closed at least three working days prior to the closure of rights issue. D. Submission of Application form in Rights Issue a. All investors (including renouncee) shall submit application forms using ASBA facility through the Self Certified Syndicate Banks (SCSB) network during the issue period. b. Investor shall submit only one application form for REs available in a particular demat account. E. Allotment process in the rights issue a. Facility for correction of bid data as collated by the SCSBs after issue closing shall be provided for period of one day i.e. on next working day after issue closing. b. Registrar shall obtain demographic details of all applicants from depositories. c. Registrar shall obtain details of holders of REs as on issue closing date, from the depositories. d. After reconciliation of valid ASBA applications, funds blocked and REs demat holding list, the registrar shall finalise allocation of securities offered through rights offering. e. Registrar shall credit the shares to the respective demat accounts of the applicants based on basis of allotment approved by the designated stock exchange and shall issue instructions to unblock bank accounts wherever necessary.

Page 199 of 220 Annexure-30 Role of Registrar in respect of timelines from issue closure till listing S. No. Details of activities Due Date (working day) 1 Issue Closes T (Issue closing date) 2 Registrar to get the electronic bid details from the stock exchanges by end of the day. Registrar to give bid file received from stock exchanges containing the application number and amount to all the SCSBs who may use this file for validation/ reconciliation at their end. T+1 3 Issuer, merchant banker and registrar to submit relevant documents to the stock exchange(s) except listing application, allotment details and demat credit and refund details for the purpose of listing permission. SCSBs to send confirmation of funds blocked (final certificate) to the registrar by end of the day. Registrar shall reconcile the compiled data received from the stock exchange(s) and all SCSBs (hereinafter referred to as the “reconciled data”). Registrar to undertake “Technical Rejection” test based on electronic bid details and prepare list of technical rejection cases. T+2 4 Finalization of technical rejection and minutes of the meeting between issuer, lead manager, registrar. Registrar shall finalise the basis of allotment and submit it to the designated stock exchange for approval. Registrar to prepare funds transfer schedule based on approved basis of allotment. Registrar and merchant banker to issue funds transfer instructions to SCSBs. T+3

Page 200 of 220 5 Registrar/ issuer to initiate corporate action for credit of debt securities, NCRPS, municipal debt securities and SDIs to successful allottees. Issuer and registrar to file allotment details with designated stock exchange(s) and confirm all formalities are complete except demat credit. Registrar to send bank-wise data of allottees, amount due on debt securities, municipal debt securities, NCRPS and SDIs allotted, if any, and balance amount to be unblocked to SCSBs. T+4 6 Registrar to receive confirmation of demat credit from depositories. Issuer and registrar to file confirmation of demat credit and issuance of instructions to unblock ASBA funds, as applicable, with stock exchange(s). T+5 7 Trading commences T+6

Page 201 of 220 Annexure-31 Timelines from issue closure till listing Sl. No. Details of activities Due date (working day*) 1 Issue closes T (Issue closing date)

Page 202 of 220 2 a) Stock exchange(s) shall allow modification of selected fields (till 11 AM) in the bid details already uploaded. b) RTA to get the electronic bid details from the stock exchanges by end of the day. c) Designated branches of Self Certified Syndicate Banks (SCSB) may not accept applications after T+1 day. d) Syndicate members, brokers, DPs and RTAs to forward a schedule with following fields along with the application forms to designated branches of the respective SCSBs for blocking of funds. S.No. Details 1 Symbol 2 Intermediary code 3 Location code 4 Application No. 5 Category 6 PAN 7 DP Id 8 Client ID 9 No. of units 10 Amount e) RTA to give bid file received from stock exchanges containing the application number and amount to all the SCSBs who may use this file for validation/ reconciliation at their end. f) SCSBs to continue/begin blocking of funds. g) Demat Account of REIT is credited with the shares of SPV. T+1

Page 203 of 220 Sl. No. Details of activities Due date (working day*) 3 a) Manager on behalf of REIT, merchant banker and RTA to submit relevant documents to the stock exchange(s) except listing application, allotment details and demat credit and refund details for the purpose of listing permission. b) SCSBs to send confirmation of funds blocked (final certificate) to the RTA by end of the day. c) RTA shall reconcile the compiled data received from the stock exchange(s) and all SCSBs. d) RTA to undertake “Technical Rejection” test based on electronic bid details and prepare list of technical rejection cases. e) Transfer of shares from Sponsor Demat a/c to Trust Demat account T+2 4 a) Finalization of technical rejection and minutes of the meeting between manager on behalf of REIT, merchant banker, RTA. b) The allotment in the public issue of units to applicants other than anchor investors and strategic investors shall be on proportionate basis. c) RTA shall finalise the basis of allotment and submit it to the designated stock exchange for approval. d) Designated stock exchange to approve the basis of allotment. e) RTA to prepare funds transfer schedule based on approved basis of allotment. f) RTA and merchant banker to issue funds transfer instructions to SCSBs. g) Sponsor shall transfer its entire shareholding or interest or rights in the holdCo. and /or SPV or ownership of the real estate or property as disclosed in the offer document. T+3

Page 204 of 220 Sl. No. Details of activities Due date (working day*) h) Manager on behalf of the REIT to initiate corporate action for credit of units of REIT to the sponsor/other shareholders of the SPVs/assets. 5 a) SCSBs to credit the funds in public issue account of the REIT and confirm the same. b) After successful transfer of assets to REIT, the allotment of units to investors in the public issue shall be made. c) RTA/ Manager to initiate corporate action for credit of units of REIT to successful allottees in the public issue. d) Manager and RTA to file allotment details with designated stock exchange(s) and confirm all formalities are complete except demat credit. e) RTA to send bank-wise data of allottees, amount due on units allotted, if any, and balance amount to be unblocked to SCSBs. T+4 6 a) RTA to receive confirmation of demat credit from depositories. b) Manager and RTA to file confirmation of demat credit and issuance of instructions to unblock ASBA funds, as applicable, with stock exchange(s). c) The merchant banker(s) shall ensure that the allotment, credit of dematerialised units of REIT and unblocking of application monies, as may be applicable, are done electronically. d) Manager on behalf of REIT shall make listing application to stock exchange(s) to give listing and trading permission. e) Stock exchange(s) to issue notice for listing and commencement of trading. T+5

Sl. No. Details of activities Due date (working day*) 7 Trading commences T+6

• Working days will be all trading days of stock exchanges, excluding Sundays, and bank holidays Annexure-32 Indicative Timeline Schedule for Various Activities S. No. Details of Activities Due Date (working day*) 1 An investor, intending to subscribe to a public issue, shall submit a completed bid-cum-application form to any of the following intermediaries: i. an SCSB, with whom the bank account to be blocked, is maintained ii. a syndicate member (or sub-syndicate member) iii. a stock broker registered with a recognised stock exchange (and whose name is mentioned on the website of the stock exchange as eligible for this activity) (‘broker’) iv. a depository participant (‘DP’) (whose name is mentioned on the website of the stock exchange as eligible for this activity) v. a registrar to an issue and share transfer agent (‘RTA’) (whose name is mentioned on the website of the stock exchange as eligible for this activity) Retails investors submitting application with any of the entities at (ii) to (v) above (hereinafter referred as ‘Intermediaries’), have to use UPI and shall also their UPI ID in the bid-cum-application form Issue opening date to issue closing date (where T is issue closing date) 2 The aforesaid intermediaries shall, at the time of receipt of application, give an acknowledgement to investor, by giving the counter foil or specifying the application number to the investor, as a proof of having accepted the application form, in physical or electronic mode, respectively. (i) For applications submitted by investors to SCSB: After accepting the form, SCSB shall capture and upload the relevant details in the electronic bidding system as specified by the stock exchange(s) and may begin

S. No. Details of Activities Due Date (working day*) blocking funds available in the bank account specified in the form, to the extent of the application money specified. (ii) For applications submitted to intermediaries, with use of UPI for payment: After accepting the application form, respective intermediary shall capture and upload the relevant bid details, including UPI ID, in the electronic bidding system of stock exchange(s). Stock exchange(s) shall validate the electronic bid details with depository’s records for DP ID/Client ID and PAN Combination, on a real time basis through API Integration and bring the inconsistencies to the notice of intermediaries concerned, for rectification and re-submission within the time specified by stock exchange. Stock exchange(s) shall allow modification of selected fields viz. DP ID/Client ID or Pan ID (Either DP ID/Client ID or Pan ID can be modified but not BOTH), Bank code and Location code, in the bid details already uploaded. . Issue opening date to issue closing date (where T is issue closing date) 3. For retail applications submitted to intermediaries, with use of UPI for payment: Stock Exchange to share bid details including the UPI ID with Sponsor Bank on a continuous basis through API integration, to enable Sponsor Bank to initiate mandate request on investors for blocking of funds. Sponsor Bank to initiate request for blocking of funds through NPCI to investor. Investor to accept mandate request for blocking of funds, on his / her mobile application, associated with UPI ID linked bank account 4 Reconciliation Steps to be done on daily basis (for UPI Mandates): Step 1: Sponsor bank shall do a reconciliation of bid requests received from exchange(s) and sent to NPCI. Sponsor bank shall ensure that all the bids received from exchange(s) are pushed to NPCI. Step 2: NPCI shall ensure that all the bid requests received from sponsor bank are pushed to the corresponding payment system participants of issuer banks. The issuer banks/sponsor bank shall download the mandate related UPI settlement files and raw data files from NPCI portal on daily basis after every settlement cycle and shall do a three-way reconciliation with Banks UPI switch data, CBS data and the Issue opening date to issue closing date (where T is issue closing date)

S. No. Details of Activities Due Date (working day*) UPI raw data. NPCI shall coordinate with issuer banks /sponsor bank on continuous basis. Step 3: The issuer banks shall process all the incoming bid requests from NPCI and shall send the response to NPCI in real time. NPCI shall further facilitate the flow of these responses to sponsor bank. Step 4: Sponsor bank shall do a reconciliation of bid responses received from NPCI and sent to exchange(s). Sponsor bank shall ensure that all the responses received from NPCI are sent to the exchange(s) platform with detailed error code and description, if any. Step 5: Sponsor bank shall do a final reconciliation of all bid requests and responses (obtained in Step 1 and Step 4) throughout their lifecycle on daily basis and share the consolidated report not later than 07:00 PM to Merchant Banker Step 6: Merchant Banker shall share the consolidated file received from sponsor bank with SEBI on daily basis not later than 09:00 PM as per the format mentioned in Annexure ‘32A’ Step 7:On ‘T’ day, after the closure of issue, Sponsor Bank shall share the consolidated data to Merchant Banker not later than 07:00 PM. Merchant Banker shall share the consolidated data as on ‘T’ day (data obtained on daily basis in step 6) to SEBI not later than 09:00 PM as per the format mentioned in Annexure ‘32A’ The objective of the reconciliation exercise is to ensure that every bid entered in the exchange(s) bidding platform has successfully completed its entire lifecycle and got its response updated back in the same exchange(s) bidding platform. Merchant Banker shall be responsible for the reconciliation exercise and shall coordinate with NPCI, Sponsor Bank and Exchange(s) on continuous basis. Merchant Banker shall be the nodal entity for any issues arising out of public issuance process. 5 Issue Closes T(Issue closing date) 6 For retail applications submitted to intermediaries with use of UPI for payment:

S. No. Details of Activities Due Date (working day*) Sponsor Bank may not accept bid details from Stock Exchanges post 11:00 a.m. Sponsor Bank to initiate request for blocking of funds of investor, with confirmation cut off-time of 12:00 p.m. All pending requests at the cut-off time would lapse. Applicant to accept mandate request for blocking of funds prior to cut off￾time of 12:00 p.m. Sponsor Bank to send confirmation of funds blocked (Final Certificate) to the registrar through stock exchange not later than 06:00 PM For QIB & NII application submitted to intermediaries: Intermediaries to forward a schedule as per format given below along with the application forms to designated branches of the respective SCSBs for blocking of funds. Field No. Details* 1 Symbol 2 Intermediary Code 3 Intermediary Name 4 Bank Code 5 Bank Name 6 Location Code 7 Application No. 8 Category 9 PAN 10 DP ID 11 Client ID 12 Quantity T+1

S. No. Details of Activities Due Date (working day*) 13 Amount 14 Order No. 15 Exchange (*The character length for each of fields of the schedule to be forwarded by the intermediaries along with each application form to the designated branches of the respective SCSBs for blocking of funds shall be uniformly prescribed by the stock exchange(s)) Designated branches of SCSBs may not accept schedule and applications after T+1 day 11:00 AM. SCSBs to begin blocking of funds. Registrar to give bid file received from stock exchanges containing the application number and amount to all the SCSBs who may use this file for validation / reconciliation at their end. For all applications submitted to SCSB The respective SCSB to send confirmation of funds blocked (Final Certificate) to the registrar not later than 06:00 PM On ‘T+1’ day, after the closure of modification and mandate acceptance by applicant, NPCI shall share the analysis of failures in UPI mandate transactions, duly classifying them into business declines and technical declines and further sub-classifying them as per their error descriptions to sponsor bank not later than 08:00 PM On ‘T+1’ day, after the closure of modification and mandate acceptance by applicant, Sponsor Bank shall share the final consolidated data (Annexure ‘32A’) and the error description analysis report received from NPCI to Merchant Banker not later than 08:15PM Merchant Banker shall share the final consolidated data as per the format mentioned in Annexure ‘32A’ (by ensuring that point 4 of the ‘detailed timelines of Activities to be adhered in T+6 listing –Phase II’ is strictly adhered to) and the error description analysis report received from sponsor bank to SEBI not later than 09:00 PM 7. Third party confirmation process to be initiated by Registrar not later than 09:00am on T+2. SCSBs and Issuer Banks to provide confirmation on the third party applications to the registrar not later than 09:00 pm on T+2. Issuer, merchant banker and registrar to submit relevant documents to the stock exchange(s) except listing application, allotment details and demat credit and refund details for the purpose of listing permission. T+2

S. No. Details of Activities Due Date (working day*) Registrar shall reconcile the compiled data received from the stock exchange(s), all SCSBs and Sponsor Bank (hereinafter referred to as the “reconciled data”). Registrar shall reject multiple applications determined as such, based on common PAN. Registrar to undertake “Technical Rejection” test based on electronic bid details and prepare list of technical rejection cases. Merchant Banker shall submit a report of compliance with all activities in T+2 to SEBI not later than 10:00 PM. 8. For every bid entered in the exchange(s) bidding platform, the audit trail shall be maintained by NPCI. The liability to compensate the investor in case of failed transactions shall be with the concerned entity in the ‘ASBA with UPI as the payment mechanism’ process (Sponsor Bank/ NPCI/ Issuer Banks) at whose end the lifecycle of the transaction has come to a halt. NPCI shall share the audit trail of all disputed transactions/investor complaints to the sponsor bank/Issuer banks. Merchant Banker shall obtain the audit trail from Issuer banks/Sponsor banks for analysis and fixation of liability. Issue opening date to ‘T+2’ (where T is issue closing date) 9. Finalisation of technical rejection and minutes of the meeting between issuer, lead manager, registrar. Registrar shall finalise the basis of allotment and submit it to the designated stock exchange for approval. Designated Stock Exchange(s) to approve the basis of allotment. Registrar to prepare funds transfer schedule based on approved basis of allotment. Registrar / Issuer to initiate corporate action to carry out lock-in for pre￾issue capital held in depository system. Registrar to issue funds transfer instructions to SCSBs. Registrar to issue funds transfer instructions to Sponsor Bank in two files, one for debit processing and the other for unblocking of funds. Merchant Banker shall submit a report of compliance with all activities in T+3 to SEBI not later than 09:00 PM. T+3

S. No. Details of Activities Due Date (working day*) 10. Registrar to receive confirmation for pre-issue capital lock-in from depositories. SCSBs and Sponsor Bank to credit the funds in public issue account of the issuer and confirm the same. Issuer shall make the allotment. Registrar / Issuer to initiate corporate action for credit of shares to successful allottees. Issuer and registrar to file allotment details with designated stock exchange(s) and confirm all formalities are complete except demat credit. Registrar to send bank-wise data of allottees, amount due on shares allotted, if any, and balance amount to be unblocked to SCSBs and Sponsor Bank. Merchant Banker shall submit a report of compliance with all activities in T+4 to SEBI not later than 09:00 PM Sponsor bank, in coordination with NPCI and Issuer banks, shall share the data points 4 to 8 mentioned in Annexure ‘32B’ with the Registrar. Registrar shall coordinate with Sponsor Bank/SCSB’s and submit a comprehensive report on status of debit/unblock requests of allottees/Non￾allottees not later than 08:00 PM as per the format mentioned in Annexure ‘19B’ to Merchant Banker. Merchant Banker shall submit a comprehensive report on status of debit/unblock requests (Annexure ‘32B’) received from the Registrar to SEBI not later than 09:00 PM. T+4 11. Registrar to receive confirmation of demat credit from depositories. Issuer and registrar to file confirmation of demat credit, lock-in and issuance of instructions to unblock ASBA funds, as applicable, with stock exchange(s). Issuer to make a listing application to stock exchange(s) and stock exchange(s) to give listing and trading permission. Issuer, merchant banker and registrar to initiate the process of publishing the allotment advertisement. Stock exchange(s) to issue commencement of trading notice. T+5

S. No. Details of Activities Due Date (working day*) Merchant Banker shall submit a report of compliance with all activities in T+5 to SEBI not later than 09:00 PM 12. Issuer, merchant banker and registrar to publish allotment advertisement before the commencement of trading, prominently displaying the date of commencement of trading, in all the newspapers where issue opening/closing advertisements have appeared earlier. Trading commences Merchant Banker shall identify the non-adherence of timelines and processes (‘T’ to ‘T+6’ days) mentioned in ‘detailed timelines of activities to be adhered in T+6 listing – Phase II’ and submit a report to SEBI with a comprehensive analysis of entities responsible for the delay and the reasons associated with it. Merchant Banker should diligently follow all the activities mentioned in ‘detailed timelines of activities to be adhered in T+6 listing – Phase II’ on daily basis from ‘T’ day to ‘T+6’ day. T+6

• Working days will be all trading days of stock exchanges, excluding Sundays, and bank holidays Annexure-32A Exchange (s) **Bank ASBA S yn di ca te A S B A **On line U P I No of Unique Applicati on s No of Share s Block ed No of Unique Applicat io ns No of Share s Block ed No of Unique successful Applicatio ns No of Shares successful ly Blocked No of Unique failed Applicati on s, if any No of Shares failed to get Blocked BSE NSE Total ** - Data to be obtained by merchant banker from registrar/exchange(s) Annexure-32B S. No. Data Point Count Date of Activity

1. Total No of unique applications received Total Bank ASBA Online

S. No. Data Point Count Date of Activity UPI 2. Total No of Allottees Total Bank ASBA Online UPI 3. Total No of Non-Allottees Total Bank ASBA Online UPI 4. Out of total UPI Allottees (Debit execution file), How many records were processed successfully? Cou nt : No of shares: Amount: 5. Out of total UPI Allottees (Debit execution file), How many records failed? Coun t: No of shar es: Amo unt: 6. Out of total UPI Non-Allottees (Unblocking file), How many records were successfully unblocked? 7. Out of total UPI Non-Allottees (Unblocking file), How many records failed in unblocking? 8. Whether offline revoke is taken up with issuer banks due to failure of online unblock system? If yes, Share a separate list of bank-wise count and application numbers.

XIII. List of Circulars / Notifications S. No. Date of Circular Circular No. Subject 1 05-Nov-93 RRTI CIRCULAR NO.1 (93-94) General Instructions issued by SEBI to RTISTA 2 11-Oct-94 RRTI Circular No. 1(94- 95) Instructions to Registrars to an Issue and Share Transfer Agents 3 19-Jan-95 RMB (GI Series) Circular No.4 (94-95) Disclosure of PAN/GIR No. in Application Forms 4 05-Feb-97 RRTI CIRCULAR NO.1 (96-97) Appointment of Compliance Officer 5 18-Jan-99 RRTI CIRCULAR NO.3(98-99) PMID/DSV/CIR/5500/99 Submission of the Networth Certificate 6 20-May-99 RRTI Circular No.1(99- 2000) PMD/SU/11560 /99 Delay in processing dematerialisation requests 7 01-Jun-99 RRTI CIRCULAR NO. 2(1999-2000) PMD/SU/ /99 Treatment of Stock-invests, after basis of allotment is finished 8 01-Jun-99 PMD/SU/12024/99 Treatment of stock-invests, after basis of allotment is finalized 9 23-Aug-99 SMDRP/Policy/Cir-28/99 Meeting of Depositories, Depository Participants, Registrars and Share Transfer Agents and Registrar Association of India (RAIN) 10 25-Sep-02 RRTI CIRCULAR NO. 1 (2002-2003) Procedure for granting registration to another entity in the same group 11 20-Nov-02 SEBI/RRTI CIRCULAR NO. 2 (2002-2003) Application procedure for registration/renewal as Registrar to an Issue and/or Share Transfer Agent 12 31-Dec-02 D&CC/FITTC/CIR – 17/2002 RECONCILIATION OF THE ADMITTED, ISSUED AND LISTED CAPITAL 13 22-Jan-07 MIRSD/DPS III//Cir-01/07 Exclusive e-mail ID for redressal of Investor Complaints 14 27-Apr-07 MRD/DoP/Cir- 05/2007 Permanent Account Number (PAN) to be the sole identification number for all transactions in the securities market 15 06-May-08 Cir. No. MIRSD/DPS￾2/RTA/Cir-17/2008 Reporting of information on a quarterly basis 16 30-Jun-08 MRD/DoP/Cir-20/2008 Mandatory requirement of Permanent Account Number (PAN) 17 07-Jul-08 MIRSD/DPSIII/CIR-21/08 Designated e-mail ID for regulatory communication with SEBI

S. No. Date of Circular Circular No. Subject 18 30-Jul-08 SEBI/CFD/DIL/DIP/31/200 8/30/7 Circular on Applications Supported by Blocked Amount - Registrars to an Issue 19 25-Sep-08 SEBI/CFD/DIL/2008/ 25 /09 Applications Supported by Blocked Amount (ASBA) facility in Rights Issues 20 20-May-09 MRD/DoP/ Cir-05/2009 PAN requirement for transfer of shares in physical form 21 22-Apr-10 CIR/CFD/DIL/3/2010 Reduction in time between issue closure and listing 22 13-Jul-10 CIR/CFD/DIL/7/2010 Applications Supported by Blocked Amount (ASBA) facility in public issues 23 12-Oct-10 CIR/CFD/DIL/8/2010 Applications Supported by Blocked Amount (ASBA) facility in public issues 24 23-Mar-11 Cir/ ISD/1/2011 Unauthenticated news circulated by SEBI Registered Market Intermediaries through various modes of communication 25 24-Mar-11 Cir/ISD/2/2011 Addendum to Circular no. Cir/ISD/1/2011 dated March 23, 2011 26 17-Jun-11 CIR/MIRSD/5/2011 Periodical report- Grant of prior approval to registrars to an issue and share transfer agents 27 24-Aug-11 CIR/MIRSD/17/2011 Processing of Investor Complaints in SEBI Complaints Redress System (SCORES) 28 15-Dec-11 CIR/MIRSD/24/2011 Guidelines on Outsourcing of Activities by Intermediaries 29 05-Jul-12 CIR/MIRSD/7/2012 Review of Regulatory Compliance and Periodic Reporting 30 27-Jul-12 CIR. /IMD/DF-1/20/2012 System for Making Application to Public Issue of Debt Securities 31 28-Aug-12 CIR/CFD/DIL/10/2012 Redemption of Indian Depository Receipts (IDRs) into Underlying Equity Shares 32 01-Mar-13 CIR/CFD/DIL/6/2013 Guidelines for Enabling Partial Two-Way Fungibility of Indian Depository Receipts (IDRs) 33 27-Aug-13 CIR/MIRSD/5/2013 General Guidelines for dealing with Conflicts of Interest of Intermediaries, Recognised Stock Exchanges, Recognised Clearing Corporations, Depositories and their Associated Persons in Securities Market

S. No. Date of Circular Circular No. Subject 34 28-Aug-14 CIR/MIRSD/3/2014 Information regarding Grievance Redressal Mechanism 35 18-Dec-14 CIR/OIAE/1/2014 Redressal of investor grievances through SEBI Complaints Redress System (SCORES) platform 36 13-Apr-15 CIR/CFD/POLICYCELL/1/ 2015 Mechanism for acquisition of shares through Stock Exchange pursuant to Tender-Offers under Takeovers, Buy Back and Delisting 37 26-Aug-15 CIR/MIRSD/2/2015 Circular on Implementation of the Multilateral Competent Authority Agreement and Foreign Account Tax Compliance Act 38 10-Sep-15 CIR/MIRSD/3/2015 Reporting requirement under Foreign Account Tax Compliance Act (FATCA) and Common Reporting Standards (CRS)-Guidance Note 39 10-Nov-15 CIR/CFD/POLICYCELL/1 1/2015 Streamlining the Process of Public Issue of Equity Shares and Convertibles 40 01-Dec-15 CIR/CFD/DCR/17/2015 Introduction of system-driven disclosures in Securities Market 41 21-Jan-16 SEBI/HO/CFD/DIL/CIR/P/ 2016/26 Clarification Circular on Streamlining the Process of Public Issue of Equity Shares and Convertibles 42 21-Dec-16 CFD/DCR/CIR/2016/139 System-driven disclosures in Securities Market 43 02-May-17 SEBI/HO/MIRSD/MIRSD1 /CIR/P/2017/38 Online Registration Mechanism for Securities Market Intermediaries 44 16-May-17 SEBI/HO/GSD/T&A/CIR/P /2017/42 Digital mode of payment 45 08-Sep-17 SEBI/HO/MIRSD/CIR/P/2 017/0000000100 Cyber Security and Cyber Resilience framework for Registrars to an Issue / Share Transfer Agents 46 26-Mar-18 SEBI/HO/OIAE/IGRD/CIR/ P/2018/58 Investor Grievance Redress Mechanism - New Policy Measures 47 20-Apr-18 SEBI/HO/MIRSD/DOP1/CI R/P/2018/73 Strengthening the Guidelines and Raising Industry standards for RTA, Issuer Companies and Banker to an Issue 48 13-Jul-18 IMD/FPIC/CIR/P/2018/114 Investment by Foreign Portfolio Investors (FPI) through primary market issuances 49 16-Jul-18 SEBI/HO/MIRSD/DOS3/CI R/P/2018/115 Strengthening the Guidelines and Raising Industry standards for RTAs, Issuer Companies and Banker to an Issue – Clarification 50 10-Aug-18 SEBI/HO/MIRSD/DoP/CIR /P/2018/ 119 Enhanced monitoring of Qualified Registrars to an Issue and Share Transfer Agents 51 01-Nov-18 SEBI/HO/CFD/DIL2/CIR/P /2018/138 Streamlining the Process of Public Issue of Equity Shares and convertibles

S. No. Date of Circular Circular No. Subject 52 03-Apr-19 SEBI/HO/CFD/DIL2/CIR/P /2019/50 Streamlining the Process of Public Issue of Equity Shares and convertibles- Extension of time lime for implementation of Phase I of Unified Payments Interface with Application Supported by Block Amount 53 27-May-19 SEBI/ HO/ MIRSD/ DOS3/CIR/P/2019/68 Enhanced disclosure in case of listed debt securities 54 28-Jun-19 SEBI/HO/CFD/DIL2/CIR/P /2019/76 Streamlining the Process of Public Issue of Equity Shares and convertibles￾Implementation of Phase II of Unified Payments Interface with Application Supported by Blocked Amount 55 19-Jul-19 SEBI/HO/ISD/ISD/CIR/P/2 019/82 Standardizing Reporting of violations related to Code of Conduct under SEBI (PIT) Regulations, 2015 56 26-Jul-19 SEBI/HO/CFD/DIL2/CIR/P /2019/85 Streamlining the Process of Public Issue of Equity Shares and convertibles￾Implementation of Phase II of Unified Payments Interface with Application Supported by Block Amount 57 02-Aug-19 SEBI/HO/OIAE/IGRD/CIR/ P/2019/86 Streamlining issuance of SCORES Authentication for SEBI registered intermediaries 58 15-Oct-19 SEBI/HO/MIRSD/DOP/CI R/P/2019/110 Cyber Security & Cyber Resilience framework for Qualified Registrars to an Issue / Share Transfer Agents 59 08-Nov-19 SEBI/HO/CFD/DCR2/CIR/ P/2019/133 Streamlining the Process of Public Issue of Equity Shares and convertibles- Extension of time lime for implementation of Phase II of Unified Payments Interface with Application Supported by Blocked Amount 60 22-Jan-20 SEBI/HO/CFD/DIL2/CIR/P /2020/13 Streamlining the Process of Rights Issue 61 30-Mar-20 SEBI/HO/CFD/DIL2/CIR/P /2020/50 Continuation of Phase II of UPI with ASBA due to Covid-19 virus pandemic 62 05-Jun-20 SEBI/HO/MRD￾1/CIR/P/2020/95 Framework for Regulatory Sandbox 63 30-Jun-20 SEBI/HO/IMD/DF6/CIR/P/ 2020/113 Collection of stamp duty on issue, transfer and sale of units of AIFs 64 31-Jul-20 SEBI/HO/CFD/CMD1/CIR/ P/2020/144 Clarification on applicability of regulation 40(1) of SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 to open offers, buybacks and delisting of securities of listed entities

S. No. Date of Circular Circular No. Subject 65 08-Sep-20 SEBI/HO/MIRSD/DOP/CI R/P/2020/167 Entities permitted to undertake e-KYC Aadhaar Authentication service of UIDAI in Securities Market – Addition of NSE to the list 66 03-Nov-20 SEBI/HO/MIRSD2/DOR/C IR/P/2020/221 Advisory for Financial Sector Organizations regarding Software as a Service (SaaS) based solutions 67 16-Mar-21 SEBI/HO/CFD/DIL2/CIR/P /2021/2480/1/M Streamlining the process of IPOs with UPI in ASBA and redressal of investor grievances 68 25-Mar-21 SEBI/HO/MIRSD/DOR/CI R/P/2021/42 Prior Approval for Change in control: Transfer of shareholdings among immediate relatives and transmission of shareholdings and their effect on change in control 69 26-Mar-21 SEBI/HO/MIRSD/DOR/CI R/P/2021/46 Transfer of business by SEBI registered intermediaries to other legal entity 70 31-Mar-21 SEBI/HO/CFD/DIL1/CIR/P /2021/47 Reduction in unblocking/refund of application money 71 02-Jun-21 SEBI/HO/CFD/DIL2/P/CIR /2021/570 Streamlining the process of IPOs with UPI in ASBA and redressal of investors grievances 72 14-Jun-21 SEBI/HO/ITD/ITD/CIR/P/2 021/575 Revised Framework for Regulatory Sandbox 73 26-Jul-21 SEBI/HO/IMD/IMD￾II/DOF3/P/CIR/2021/604 RTA inter-operable Platform for enhancing investor's experience in Mutual Fund transactions/ service requests 74 10-Aug-21 SEBI/HO/DDHS/P/CIR/20 21/613 Operational Circular for issue and listing of Non￾Convertible Securities (NCS), Securitised Debt Instruments (SDI), Security Receipts (SR), Municipal Debt Securities and Commercial Paper (CP) 75 13-Aug-21 SEBI/HO/CFD/DCR￾III/CIR/P/2021/615 Tendering of shares in open offers, buybacks and delisting offers by marking lien in the demat account of the shareholders 76 14-Oct-21 SEBI/HO/OIAE/IGRD/CIR/ P/2021/642 Streamlining of issuance of SCORES Authentication 77 16-Nov-21 SEBI/HO/MIRSD/MIRSD_ IT/P/CIR/2021/000000065 8 Framework for Regulatory Sandbox 78 26-Nov-21 SEBI/HO/MIRSD_RTAMB /P/CIR/2021/670 Publishing Investor Charter and Disclosure of Complaints by Registrar and Share Transfer Agents (RTAs) 79 25-Jan-22 SEBI/HO/MIRSD/MIRSD_ RTAMB/P/CIR/2022/8 Issuance of Securities in dematerialized form in case of Investor Service Requests 80 25-Feb-22 SEBI/HO/DEPA-III/DEPA￾III_SSU/P/CIR/2022/25 Approach to securities market data access and terms of usage of data provided by data sources in Indian securities market

S. No. Date of Circular Circular No. Subject 81 08-Apr-22 SEBI/HO/CFD/SSEP/CIR/ P/2022/48 Standard Operating Procedures (SOP) for dispute resolution available under the stock exchange arbitration mechanism for disputes between a listed company and its shareholder(s) investor(s) 82 20-Apr-22 SEBI/HO/CFD/DIL2/CIR/P /2022/51 Streamlining the process of public issues and redressal of investor grievances 83 28-Apr-22 SEBI/HO/DDHS/DDHS_Di v3/P/CIR/2022/55 Reduction of timelines for listing of units of Infrastructure Investment Trust (InvIT) 84 28-Apr-22 SEBI/HO/DDHS/DDHS_Di v3/P/CIR/2022/54 Reduction of timelines for listing of units of Real Estate Investment Trust (REIT) 85 18-May-22 SEBI/HO/MIRSD/MIRSD_ RTAMB/P/CIR/2022/65 Simplification of procedure and standardization of formats of documents for transmission of securities pursuant to amendments to the Securities and Exchange Board of India (Listing Obligations) 86 19-May-22 SEBI/HO/CFD/SSEP/CIR/ P/2022/66 Streamlining the Process of Rights Issue￾Addendum to SEBI/HO/CFD/DIL2/CIR/P/2020/13 dated January 22, 2020 87 25-May-22 SEBI/HO/MIRSD/MIRSD_ RTAMB/P/CIR/2022/70 Simplification of procedure and standardization of formats of documents for issuance of duplicate securities certificates 88 27-May-22 SEBI/HO/MIRSD/TPD/P/C IR/2022/96 Modification in Cyber Security and Cyber resilience framework of Qualified Registrars to an Issue and Share Transfer Agents (“QRTAs”) 89 30-May-22 SEBI/HO/MIRSD/MIRSD_ RTAMB/P/CIR/2022/76 Standard Operating Procedures (SOP) for dispute resolution under the Stock Exchange arbitration mechanism for disputes between a Listed Company and/or Registrars to an Issue and Share Transfer Agents (RTAs) and its Shareholder(s)/Investor(s) 90 24-Jun-22 SEBI/HO/DDHS/DDHS_Di v3/P/CIR/2022/085 Introduction of Unified Payments Interface (UPI) mechanism for Infrastructure Investment Trusts (InvITs) 91 06-Jul-22 SEBI/HO/MIRSD_RTAMB /P/CIR/2022/73 Modification in Cyber Security and Cyber resilience framework of Qualified Registrars to an Issue and Share Transfer Agents (QRTAs) 92 20-Jul-22 SEBI/HO/MIRSD/SEC￾5/P/CIR/2022/99 Entities allowed to use e-KYC Aadhaar Authentication services of UIDAI in Securities Market as sub-KUA 93 07-Nov-22 SEBI/HO/OIAE/IGRD/P/CI R/2022/150 Master Circular on the redressal of investor grievances through the SEBI Complaints Redress System (SCORES) platform

S. No. Date of Circular Circular No. Subject 94 28-Nov-22 SEBI/HO/MIRSD/ MIRSD￾PoD-2/P/CIR/2022/163 Procedure for seeking prior approval for change in control 95 10-Mar-23 SEBI/HO/MIRSD/MIRSD￾PoD-1/P/CIR/2023/36 Clarification with respect to Qualified RTAs 96 16-Mar-23 SEBI/HO/MIRSD/MIRSD￾PoD-1/P/CIR/2023/37 Common and simplified norms for processing investor’s service requests by RTAs and norms for furnishing PAN, KYC details and Nomination

---