Master Circular for Bankers to an Issue

Page 1 of 42 MASTER CIRCULAR SEBI/HO/CFD/PoD-1/P/CIR/2024/072 June 03, 2024 To All registered Bankers to an Issue (‘”BTI”) Dear Sir / Madam, Subject: Master Circular for Bankers to an Issue registered with SEBI

1. The Securities and Exchange Board of India (“SEBI” or “the Board”) has been, from time to time, issuing various circulars/directions to Bankers to an Issue under the relevant provisions of the Securities and Exchange Board of India (Bankers to an Issue) Regulations, 1994 and extant securities laws. In order to enable the stakeholders to have access to all such circulars at one place, this Master Circular in respect of the Bankers to an Issue is prepared and issued.
2. With the issuance of this Master Circular, all directions/instructions contained in the circulars listed out in the Appendix to this Master Circular shall stand rescinded to the extent they relate to Bankers to an Issue.
3. Notwithstanding such rescission, - (a) anything done or any action taken or purported to have been done or taken under the rescinded circulars, prior to such rescission, shall be deemed to have been done or taken under the corresponding provisions of this Master Circular;

Page 2 of 42 (b) any application made to the Board under the rescinded circulars, prior to such rescission, and pending before it shall be deemed to have been made under the corresponding provisions of this Master Circular; and (c) the previous operation of the rescinded circulars or anything duly done or suffered thereunder, any right, privilege, obligation or liability acquired, accrued or incurred under the rescinded circulars, any penalty, incurred in respect of any violation committed against the rescinded circulars, or any investigation, legal proceeding or remedy in respect of any such right, privilege, obligation, liability, penalty as aforesaid, shall remain unaffected as if the rescinded circulars have never been rescinded. 4. This Master Circular is issued in exercise of the powers conferred under Section 11(1) of the Securities and Exchange Board of India Act, 1992 (“SEBI Act”). 5. This Master circular is available at the web page “Master Circulars” on the website www.sebi.gov.in. Yours faithfully, Yogita Jadhav General Manager Division of Policy and Development Corporation Finance Department Phone + 91-022-26449583 Email: yogitag@sebi.gov.in

Page 3 of 42 Table of Contents List of Abbreviations................................................................................5 CHAPTER I – REGISTRATION RELATED MATTERS.............................6

1. Online Registration Mechanism for BTI ..................................................................6
2. Transfer of business by SEBI registered intermediaries to other legal entity ..........6
3. Prior approval for change in control........................................................................7
4. Registration of Non-scheduled Payments Banks as Bankers to an Issue.............10
5. Designated e-mail ID for redressal of investor complaints and regulatory communication with SEBI.....................................................................................11 CHAPTER II - GENERAL OBLIGATIONS / RESPONSIBILITIES AND REPORTING REQUIREMENTS..............................................................12
6. Regulatory Compliance and Periodic Reporting ...................................................12
7. Strengthening the Guidelines and Raising Industry standards for BTI ..................13
8. Advisory for Financial Sector Organizations regarding Software as a Service (SaaS) based solutions ....................................................................................................13 CHAPTER III – OTHER GUIDELINES.....................................................15
9. Processing of Investor Complaints in SEBI Complaints Redress System (SCORES) 15
10. Mandatory Requirement of Permanent Account Number (PAN) for all transactions in the securities market ........................................................................................15
11. Prevention of circulation of unauthenticated news by SEBI Registered Market Intermediaries through various modes of communication.....................................16
12. Guidelines on Outsourcing of Activities by BTI .....................................................17
13. General Guidelines for dealing with conflicts of interest of BTIs and their associated persons in the Securities Market ..........................................................................18
14. Reporting requirement under Foreign Accounts Tax Compliance Act (FATCA)....20
15. Guidelines on Anti-Money Laundering (AML) Standards and Combating the Financing of Terrorism (CFT) /Obligations of Securities Market Intermediaries under the Prevention of Money Laundering Act, 2002 and Rules framed thereunder .....21 Annexure 1 - Declaration-Cum-Undertaking ...........................................22 Annexure 2 - Format for sending the Designated e-mail ID for regulatroy communication with SEBI.........................................................................24 Annexure 3 - Format of Half yearly Report .............................................25 Annexure 4 - Provisions with regard to Payment of Dividend / Interest/ Redemption..............................................................................................30

Page 4 of 42 Annexure 5 Advisory For Financial Sector Organisation –RBI and SEBI …..32 Annexure 6 – Details of Format for Investor Grievance against BTI ......34 Annexure 7 – Principles For Outsourcing for BTIs………………………..35 Appendix.................................................................................................40

Page 5 of 42 List of Abbreviations ASBA Application Supported by Blocked Amount BTI Bankers to Issue BTI Regulations Securities and Exchange Board of India (Bankers to an Issue) Regulations, 1994 CERT-in Indian Computer Emergency Response Team CFD Corporation Finance Department DP Depository Participant GRC Governance, Risk & Compliance IFSC International Financial Service Centres Intermediaries Regulations Securities and Exchange Board of India (Intermediaries) Regulations, 2008 KYC Know Your Client NCLT National Company Law Tribunal NOC No Objection Certificate PAN Permanent Account Number RBI Reserve Bank of India RTA Registrar and Transfer Agents SaaS Software as a Service SAST Regulations Securities and Exchange Board of India (Substantial Acquisition of Shares and Takeovers) Regulations, 2011

Page 6 of 42 CHAPTER I – REGISTRATION RELATED MATTERS

1. Online Registration Mechanism for BTI1 1.1.The SEBI Intermediary Portal is available at https://siportal.sebi.gov.in for SEBI registered intermediaries including BTI to submit registration applications online. SEBI Intermediary Portal includes online application for registration, processing of application, grant of final registration, application for surrender/cancellation, submission of periodical reports, requests for change of name/ address/ other details, etc. The link for SEBI Intermediary Portal is also available on SEBI website – www.sebi.gov.in . 1.2. All applications for registration / surrender / other requests are required to be made through SEBI Intermediary Portal only. The applicants are separately required to submit relevant documents viz. declarations / undertakings required as a part of application forms prescribed in relevant regulations, in physical form, only for records without impacting the online processing of applications for registration. 1.3.In case of any queries and clarifications with regard to the SEBI Intermediary Portal, BTI may contact on 022-26449364 or may write at portalhelp@sebi.gov.in.
2. Transfer of business by SEBI registered intermediaries to other legal entity2 2.1.In respect of the registration applications pursuant to transfer of business (SEBI regulated business activity) from one legal entity, which is a SEBI registered Intermediary (transferor), to other legal entity (transferee), the following is clarified:

1 SEBI Circular No. SEBI/HO/MIRSD/MIRSD1/CIR/P/2017/38 dated May 02, 2017 2 SEBI Circular No. SEBI/HO/MIRSD/DOR/CIR/P/2021/46 dated March 26, 2021

Page 7 of 42 2.1.1. The transferee shall obtain fresh registration from SEBI in the same capacity before the transfer of business if it is not registered with SEBI in the same capacity. SEBI shall issue new registration number to transferee different from transferor’s registration number in the following scenario: “Business is transferred through regulatory process (pursuant to merger/ amalgamation / corporate restructuring by way of order of primary regulator /govt. / NCLT, etc.) or non-regulatory process (as per private agreement /MOU pursuant to commercial dealing / private arrangement) irrespective of transferor continues to exist or ceases to exist after the said transfer.” 2.2.In case of change in control pursuant to both regulatory process and non￾regulatory process, prior approval and fresh registration shall be obtained. While granting fresh registration to the same legal entity pursuant to change in control, same registration number shall be retained. 2.3.If the transferor ceases to exist, its certificate of registration shall be surrendered. 2.4.In case of complete transfer of business by transferor, it shall surrender its certificate of registration. 2.5.In case of partial transfer of business by transferor, it can continue to hold its certificate of registration. 3. Prior approval for change in control3 3.1.To streamline the process of providing approval to the proposed change in control of BTIs, the following procedure has been specified: 3.1.1. BTIs shall make an online application to SEBI for prior approval through the SEBI Intermediary Portal (‘SI Portal’) (https://siportal.sebi.gov.in). 3.1.2. The online application in SI portal shall be accompanied by the following information / declaration / undertaking about itself, the acquirer(s) / the

3SEBI Circular no. SEBI/HO/CFD/PoD-2/P/CIR/2023/141 dated August 10, 2023

Page 8 of 42 person(s) who shall have the control and the directors / partners of the acquirer(s) / the person(s) who shall have the control: a) Current and proposed shareholding pattern of the applicant b) Whether any application was made in the past to SEBI seeking registration in any capacity but was not granted? If yes, details thereof. c) Whether any action has been initiated / taken under Securities Contracts (Regulation) Act, 1956 / the SEBI Act or rules and regulations made thereunder? If yes, the status thereof along with the corrective action taken to avoid such violations in the future. The acquirer/ the person who shall have the control shall also confirm that it shall honour all past liabilities / obligations of the applicant, if any. d) Whether any investor complaint is pending? If yes, steps taken and confirmation that the acquirer/ the person who shall have the control shall resolve the same. e) Details of litigation(s), if any. f) Confirmation that all the fees due to SEBI have been paid. g) Declaration cum undertaking of the BTI and the acquirer(s)/ the person(s) who shall have the control (in a format enclosed at Annexure 1), duly stamped and signed by their authorized signatories that: i. there will not be any change in the Board of Directors of the incumbent, till the time prior approval is granted; ii. pursuant to grant of prior approval by SEBI, the incumbent shall inform all the existing investors/ clients about the proposed change prior to effecting the same, in order to enable them to take informed decision regarding their continuance or otherwise with the new management; and iii. the ‘fit and proper person’ criteria as specified in Schedule II of the Intermediaries Regulations are complied with. h) In case the incumbent is a registered stock broker, clearing member, depository participant, in addition to the above, it shall obtain approval /

Page 9 of 42 NOC from all the stock exchanges / clearing corporations / depositories, where the incumbent is a member / depository participant and submit self￾attested copy of the same to SEBI. 3.1.3. Subject to appropriate other sectoral regulator’s approval with regard to change in control, the prior approval granted by SEBI shall be valid for a period of six months from the date of SEBI’s approval within which the applicant shall file application for fresh registration pursuant to change in control. 3.2. To streamline the process of providing approval to the proposed change in control of BTI in matters which involve scheme(s) of arrangement which needs sanction of the NCLT in terms of the provisions of the Companies Act, 2013, the following has been decided: 3.2.1. The application seeking approval for the proposed change in control of the BTI shall be filed with SEBI prior to filing the application with NCLT. 3.2.2. Upon being satisfied with compliance of the applicable regulatory requirements, an in-principle approval will be granted by SEBI; 3.2.3. The validity of such in-principle approval shall be three months from the date issuance, within which the relevant application shall be made to NCLT. 3.2.4. Within 15 days from the date of order of NCLT, BTI shall submit an online application in terms of para 3.1 of this Master Circular along with the following documents to SEBI for final approval: a. Copy of the NCLT Order approving the scheme; b. Copy of the approved scheme; c. Statement explaining modifications, if any, in the approved scheme vis-à-vis the draft scheme and the reasons for the same; and d. Details of compliance with the conditions/ observations, if any, mentioned in the in-principle approval provided by SEBI.

Page 10 of 42 3.3. Transfer of shareholdings among immediate relatives and transmission of shareholdings and their effect on change in control4 3.3.1. Transfer /transmission of shareholding in case of unlisted body corporate BTI: In the following scenarios, change in shareholding of the BTI will not be construed as change in control: a) Transfer of shareholding among immediate relatives shall not result into change in control. Immediate relative shall be construed as defined under Regulation 2(l) of the SAST Regulations which inter-alia includes any spouse of that person, or any parent, brother, sister or child of the person or of the spouse; b) Transfer of shareholding by way of transmission to immediate relative or not, shall not result into change in control. 3.3.2. Incoming entities/ shareholders becoming part of controlling interest in the BTI pursuant to transfer of shares from immediate relative / transmission of shares (immediate relative or not), need to satisfy the fit and proper person criteria stipulated in Schedule II of the Intermediaries Regulations. 4. Registration of Non-scheduled Payments Banks as Bankers to an Issue5 4.1.Non-scheduled Payments Banks, which have prior approval from Reserve Bank of India, shall be eligible to act as a BTI subject to fulfilment of the conditions as stipulated in the BTI Regulations. 4.2.Payments Banks registered as a BTI shall also be permitted to act as a Self￾Certified Syndicate Bank subject to the fulfilment of the criteria laid down by SEBI in this regard from time to time. The blocking / movement of funds from the investor to issuer shall only be made through the savings account of the investor held with the payments bank.

4 SEBI Circular no. SEBI/HO/MIRSD/DOR/CIR/P/2021/42 dated March 25, 2021 5 SEBI Circular no. SEBI/HO/MIRSD/MIRSD_DOR/P/CIR/ 605 / 2021 dated August 03, 2021

Page 11 of 42 5. Designated e-mail ID for redressal of investor complaints and regulatory communication with SEBI6 5.1.BTIs shall designate e-mail IDs for (i) registration and redressal of investor complaints and (ii) regulatory communication with SEBI and shall inform to SEBI at bti@sebi.gov.in as per the format prescribed at Annexure 2. 5.2.The aforesaid e-mail IDs shall be exclusively used for the above purposes and shall not be a person-centric e-mail ID. 5.3.All registered BTI shall display the email ID and other relevant details prominently on their websites and in the various materials/pamphlets/advertisement campaigns initiated by them for creating investor awareness.

6 SEBI Circular No. MIRSD/DPS III/Cir-01/07 dated January 22, 2007 and SEBI Circular no. MIRSD/ DPSIII/ Cir-21/ 08 dated July 07, 2008

Page 12 of 42 CHAPTER II - GENERAL OBLIGATIONS / RESPONSIBILITIES AND REPORTING REQUIREMENTS 6. Regulatory Compliance and Periodic Reporting7 6.1.The BTIs are required to submit half-yearly reports to SEBI in electronic form only by e-mail within three months from the expiry of the half year. The format of the report is specified in Annexure 3. 6.2.The Board of Directors of BTIs shall review the half-yearly reports and record its observations on (i) the deficiencies and non-compliances; and (ii) corrective measures initiated to avoid such instances in future. 6.3.The compliance officer of BTI shall send the report in excel format to SEBI at bti@sebi.gov.in on half-yearly basis within three months from the expiry of the half year. 6.4.The excel files containing the half-yearly report is required to be sent to email ID bti@sebi.gov.in with the subject/title “Half-yearly report submitted by AAA for the half-year ended XXX YYYY” where AAA represents the name of the BTI, XXX represents the month at the end of the half-year and YYYY represents the year. Also, the attached excel file containing the half yearly report shall bear the name of the BTI, the periodicity of the report as well as the month at the end of the half￾year and the corresponding year. For example, if a BTI ABC Limited submits the report for the half year ended September, 2008, the report submitted to bti@sebi.gov.in shall bear the subject/title - “Half-yearly report submitted by ABC Limited for the half-year ended September 2008” and the attached excel file shall bear the name “ABCLimitedhalfyearlySeptember2008”.

7 SEBI Circular no. CIR/MIRSD/4/2012 dated March 29, 2012; SEBI Circular no. MIRSD/DPS-2/BTI/Cir￾15/2008 dated May 06, 2008; SEBI Circular no. BTI Circular no. 3 (1999-2000) dated July 09, 1999 and SEBI Circular no. RBTI ( G I Series) Circular no. 1 (95-96) dated April 21, 1995

Page 13 of 42 6.5.BTIs shall also report the following change(s) to SEBI in the half-yearly reports:8 a. Amalgamation, demerger, consolidation or any other kind of corporate restructuring falling within the scope of section 230 of the Companies Act, 2013 or the corresponding provision of any other law for the time being in force; b. Change in Director, including managing director/ whole-time director; c. Change in shareholding not resulting in change in control. 7. Strengthening the Guidelines and Raising Industry standards for BTI9 7.1.BTIs, shall strictly comply with guidelines placed at Annexure 4 to the extant relevant to them. 7.2.The guidelines annexed to this master circular cover the following broad areas: 7.2.1. Provisions with respect to Payment of Dividend / interest / redemption 7.2.2. Provisions with respect to Transfer / Transmission / Correction of errors etc. 7.3.The records /documents described in Annexure 4 shall be maintained for period not less than eight years after completion of the relevant transactions by BTIs. 7.4.BTIs can put in place more stringent internal checks and controls if they so desire. 8. Advisory for Financial Sector Organizations regarding Software as a Service (SaaS) based solutions10 8.1. Ministry of Electronics & Information Technology, Govt. of India (MoE&IT), had informed SEBI that the financial sector institutions avails or may avail Software as a Service (SaaS) based solution for managing their Governance, Risk & Compliance (GRC) functions so as to improve their cyber Security Posture. As observed by MoE&IT, though SaaS may provide ease of doing business and quick turnaround, but it may bring significant risk to health of financial sector as many a time risk and compliance data of the institution moves beyond the legal and jurisdictional boundary of India due to nature of shared cloud SaaS, thereby posing risk to the data safety and security.

8 SEBI Circular no. CIR/MIRSD/11/2011 dated June 20, 2011 9 SEBI Circular no. SEBI/HO/MIRSD/DOP1/CIR/P/2018/73 dated April 20, 2018 10 SEBI Circular no. SEBI/HO/MIRSD2/DOR/CIR/P/2020/221 dated November 03, 2020

Page 14 of 42 8.2. In this regard, Indian Computer Emergency Response Team (CERT-in) had issued an advisory for Financial Sector organizations. The advisory had been forwarded to SEBI for bringing the same to the notice of financial sector organization. The advisory is enclosed at Annexure 5. 8.3. BTIs are advised to ensure complete protection and seamless control over the critical systems at their organizations by continuous monitoring through direct control and supervision protocol mechanisms while keeping the critical data within the legal boundary of India. 8.4. The compliance of the advisory shall be reported in the half-yearly report to SEBI with an undertaking stating the following, “Compliance of the SEBI circular for Advisory for Financial Sector Organizations regarding Software as a Service (SaaS) based solutions has been made.”

Page 15 of 42 CHAPTER III – OTHER GUIDELINES 9. Processing of Investor Complaints in SEBI Complaints Redress System (SCORES)11 9.1.SEBI has launched a centralized web based complaints redress system ‘SCORES’ in June 2011. 9.2.BTIs shall comply with the requirements laid down vide Master Circular No. SEBI/HO/OIAE/IGRD/CIR/P/2023/156 dated September 20, 2023, as applicable and as amended from time to time. 9.3.As an additional measure and for information of all investors who deal/ invest/ transact in the market, the offices of BTI shall display information as provided in Annexure 6. 10. Mandatory Requirement of Permanent Account Number (PAN) for all transactions in the securities market12 10.1. In order to strengthen the Know Your Client (KYC) norms and identify every participant in the securities market, PAN shall be the sole identification number for all participants transacting in the securities market irrespective of the amount of transaction, thereby ensuring sound audit trail of all the transactions. 10.2. In this regard, the BTIs shall - 10.2.1. put in the necessary systems in place so that all the individual databases of their clients and clients’ transactions are linked to the PAN details of the client with which analysis can be made. 10.2.2. build the necessary infrastructure for enabling accessibility and query based on PAN thereby enabling retrieval of all the details of the clients that is available including transactions done by them. 10.2.3. collect copies of PAN cards issued to their clients by the Income Tax Department and maintain the same in their record after verifying with the

11 SEBI Circular no. CIR/MIRSD/3/2014 dated August 28, 2014 12 SEBI Circular no. MRD/DoP/Cir- 05/2007 dated April 27, 2007 and SEBI Circular no. MRD/DoP/Cir￾20/2008 dated June 30, 2008

Page 16 of 42 original. 10.2.4. cross-check the aforesaid details collected from their clients with the details on the website (link is given below) of the Income Tax Department. ( https://www.incometaxmumbai.gov.in/pan/online-pan-verification/ ) 10.3. PAN may not be insisted in the case of Central Government, State Government, and the officials appointed by the courts e.g. Official liquidator, Court receiver etc. (under the category of Government) for transacting in securities market. 10.4. However, the aforementioned clarification would be subject to the BTIs verifying the veracity of the claim of the specified organizations, by collecting sufficient documentary evidence in support of their claim for such an exemption. 11. Prevention of circulation of unauthenticated news by SEBI Registered Market Intermediaries through various modes of communication13 11.1. As market rumours can do considerable damage to the normal functioning and behavior of the market and distort price recovery mechanisms, the BTIs are directed that: 11.1.1. Proper internal code of conduct and controls should be put in place. 11.1.2. Employees/temporary staff/voluntary workers etc. employed/working in the Offices of BTIs do not encourage or circulate rumours or unverified information obtained from client, industry, any trade or any other sources without verification. 11.1.3. Access to Blogs / Chat forums / Messenger sites etc. should either be restricted under supervision or access should not be allowed. 11.1.4. Logs for any usage of such Blogs/Chat forums/Messenger sites (called by any nomenclature) shall be treated as records and the same should

13 SEBI Circular no. Cir/ ISD/1/2011 dated March 23, 2011; and SEBI Circular no. Cir/ISD/2/2011 dated March 24, 2011

Page 17 of 42 be maintained as specified by the respective Regulations which govern the BTIs. 11.1.5. Employees should be directed that any market related news received by them either in their official mail/personal mail/blog or in any other manner, should be forwarded only after the same has been seen and approved by the Compliance Officer of the BTI. If an employee fails to do so, he/she shall be deemed to have violated the various provisions contained in the SEBI Act / Rules / Regulations etc. and shall be liable for action. The Compliance Officer shall also be held liable for breach of duty in this regard. 12. Guidelines on Outsourcing of Activities by BTI14 12.1. SEBI Regulations for BTIs require that they shall render at all times high standards of service and exercise due diligence and ensure proper care in their operations. 12.2. It has been observed that often the BTIs resort to outsourcing with a view to reduce costs, and at times, for strategic reasons. 12.3. Outsourcing may be defined as the use of one or more than one third party – either within or outside the group by a BTI to perform the activities associated with services which the BTI offers. 12.4. Principles for Outsourcing - The risks associated with outsourcing may be operational risk, reputational risk, legal risk, country risk, strategic risk, exit￾strategy risk, counter party risk, concentration and systemic risk. The principles for outsourcing are given at Annexure 7 which shall be followed by BTIs. 12.5. Activities that are not to be Outsourced - The BTIs desirous of outsourcing their activities shall not, however, outsource their core business activities and compliance functions. In respect of Know Your Client (KYC) requirements, the

14 SEBI Circular no. CIR/MIRSD/24/2011 dated December 15, 2011

Page 18 of 42 BTIs are required to comply with the provisions of Securities and Exchange Board of India {KYC (Know Your Client) Registration Agency} Regulations, 2011 and Guidelines issued thereunder from time to time. 12.6. Reporting to Financial Intelligence Unit (FIU) - The BTIs are responsible for reporting of any suspicious transactions / reports to FIU or any other competent authority in respect of activities carried out by the third parties. 13. General Guidelines for dealing with conflicts of interest of BTIs and their associated persons in the Securities Market 15 13.1. BTIs and their associated persons shall abide by the following guidelines for avoidance of conflict of interest and they shall be responsible for educating their associated persons for compliance of these guidelines: 13.1.1. lay down, with active involvement of senior management, policies and internal procedures to identify and avoid or to deal or manage actual or potential conflict of interest, develop an internal code of conduct governing operations and formulate standards of appropriate conduct in the performance of their activities, and ensure to communicate such policies, procedures and code to all concerned; 13.1.2. at all times maintain high standards of integrity in the conduct of their business; 13.1.3. ensure fair treatment of their clients and not discriminate amongst them; 13.1.4. ensure that their personal interest does not, at any time conflict with their duty to their clients and client’s interest always takes primacy in their advice, investment decisions and transactions; 13.1.5. make appropriate disclosure to the clients of possible source or potential areas of conflict of interest which would impair their ability to render fair, objective and unbiased services;

15 SEBI Circular no. CIR/MIRSD/5/2013 dated August 27, 2013

Page 19 of 42 13.1.6. endeavor to reduce opportunities for conflict through prescriptive measures such as through information barriers to block or hinder the flow of information from one department/ unit to another, etc.; 13.1.7. place appropriate restrictions on transactions in securities while handling a mandate of issuer or client in respect of such security so as to avoid any conflict; 13.1.8. not deal in securities while in possession of material non published information; 13.1.9. not to communicate the material non published information while dealing in securities on behalf of others; 13.1.10. not in any way contribute to manipulate the demand for or supply of securities in the market or to influence prices of securities; 13.1.11. not have an incentive structure that encourages sale of products not suiting the risk profile of their clients; 13.1.12. not share information received from clients or pertaining to them, obtained as a result of their dealings, for their personal interest; 13.2. For the purpose of above guidelines "associated persons" shall have the same meaning as defined in the Securities and Exchange Board of India (Certification of Associated Persons in the Securities Markets) Regulations, 2007. 13.3. The Boards of BTIs shall put in place systems for implementation of aforementioned provisions and provide necessary guidance enabling identification, elimination or management of conflict of interest situations and shall periodically review the compliance of the aforesaid guidelines.

Page 20 of 42 14. Reporting requirement under Foreign Accounts Tax Compliance Act (FATCA)16 14.1. India joined the Multilateral Competent Authority Agreement (MCAA) on Automatic Exchange of Financial Account Information on June 3, 2015. In terms of the MCAA, all countries which are a signatory to the MCAA, are obliged to exchange a wide range of financial information after collecting the same from financial institutions in their country/jurisdiction. 14.2. Further, on July 9, 2015, the Governments of India and United States of America (USA) have signed an agreement to improve international tax compliance and to implement the Foreign Account Tax Compliance Act (FATCA) in India. The USA has enacted FATCA in 2010 to obtain information on accounts held by U.S. taxpayers in other countries. As per the aforesaid agreement, foreign financial institutions (FFls) in India will be required to report tax information about U.S. account holders/taxpayers directly to the Indian Government which will, in turn, relay that information to the U.S. Internal Revenue Service (IRS). 14.3. For implementation of the MCAA and agreement with USA, the Government of India has made necessary legislative changes to Section 285BA of the Income-tax Act, 1961. Further, the Government of India has notified Rules 114F to 114H under the Income Tax Rules, 1962 and form No. 61B for furnishing of statement of reportable account as specified in the Rules. 14.4. The “Guidance Note on implementation of Reporting Requirements under Rules 114F to 114H of the Income Tax Rules” as issued by the Department of Revenue, Ministry of Finance vide F.No.500/137/2011-FTTR-III dated August 31, 2015 is available at http://www.incometaxindia.gov.in/communications/notification/guidance_note s_on_implementation_31_08_2015.pdf. and https://incometaxindia.gov.in/Documents/exchange-of-information/LETTER-F￾NO-500-137-2011%20_1_.pdf 14.5. BTIs are advised to take necessary steps to ensure compliance with the requirements specified in the aforesaid Rules after carrying out necessary due diligence.

16 SEBI Circular CIR/MIRSD/2/2015 dated August 26, 2015 and SEBI Circular CIR/MIRSD/3/2015 dated September 10, 2015

Page 21 of 42 15. Guidelines on Anti-Money Laundering (AML) Standards and Combating the Financing of Terrorism (CFT) /Obligations of Securities Market Intermediaries under the Prevention of Money Laundering Act, 2002 and Rules framed thereunder17 BTIs are advised to refer to SEBI Master Circular bearing reference no. SEBI/HO/MIRSD/MIRSD-SEC-5/P/CIR/2023/022 issued on February 03, 2023 with respect to ‘Guidelines on Anti-Money Laundering (AML) Standards and Combating the Financing of Terrorism (CFT) /Obligations of Securities Market Intermediaries under the Prevention of Money Laundering Act, 2002 and Rules framed there under’. The said Master Circular can also be accessed at the following link: https://www.sebi.gov.in/legal/master-circulars/feb-2023/guidelines-on-anti-money￾laundering-aml-standards-and-combating-the-financing-of-terrorism-cft￾obligations-of-securities-market-intermediaries-under-the-prevention-of-money￾laundering-act-2002-a-_67833.html

17 SEBI Circular no. SEBI/HO/MIRSD/MIRSD-SEC-5/P/CIR/2023/022 dated February 03, 2023

Page 22 of 42 Annexure 1 Declaration-Cum-Undertaking We M/s. (Name of the intermediary / the acquirer(s) / person(s) who shall have the control), hereby declare and undertake the following with respect to the application for prior approval for change in control of (name of the intermediary along with the SEBI registration no.):

1. The intermediary (Name) and its principal officer, the directors or managing partners, the compliance officer and the key management persons and the promoters or persons holding controlling interest or persons exercising control over the applicant, directly or indirectly (in case of an unlisted applicant or intermediary, any person holding twenty percent or more voting rights, irrespective of whether they hold controlling interest or exercise control, shall be required to fulfill the ‘fit and proper person’ criteria) are fit and proper person in terms of Schedule II of Securities and Exchange Board of India (Intermediaries) Regulations, 2008.
2. We bear integrity, honesty, ethical behaviour, reputation, fairness and character.
3. We do not incur following disqualifications mentioned in Clause 3(b) of Schedule II of Securities and Exchange Board of India (Intermediaries) Regulations, 2008 i.e. i. No criminal complaint or information under section 154 of the Code of Criminal Procedure, 1973 (2 of 1974) has been filed against us by the Board and which is pending. ii. No charge sheet has been filed against us by any enforcement agency in matters concerning economic offences and is pending. iii. No order of restraint, prohibition or debarment has been passed against us by the Board or any other regulatory authority or enforcement agency in any matter concerning securities laws or financial markets and such order is in force. iv. No recovery proceedings have been initiated by the Board against us and are pending. v. No order of conviction has been passed against us by a court for any offence involving moral turpitude. vi. No winding up proceedings have been initiated or an order for winding up has been passed against us. vii. We have not been declared insolvent. viii. We have not been found to be of unsound mind by a court of competent jurisdiction and no such finding is in force.

Page 23 of 42 ix. We have not been categorized as a wilful defaulter. x. We have not been declared a fugitive economic offender. 4. We have not been declared as not ‘fit and proper person’ by an order of the Board. 5. No notice to show cause has been issued for proceedings under Securities and Exchange Board of India (Intermediaries) Regulations, 2008 or under section 11(4) or section 11B of the SEBI Act during last one year against us. 6. It is hereby declared that we and each of our promoters, directors, principal officer, compliance officer and key managerial persons are not associated with vanishing companies. 7. We hereby undertake that there will not be any change in the Board of Directors of incumbent, till the time prior approval is granted. 8. We hereby undertake that pursuant to grant of prior approval by SEBI, the incumbent shall inform all the existing investors/ clients about the proposed change prior to effecting the same, in order to enable them to take informed decision regarding their continuance or otherwise with the new management. The said information is true to our knowledge. (stamped and signed by the Authorised Signatories)

Page 24 of 42 Annexure 2 Format for sending the Designated e-mail ID for regulatory communication with SEBI

1. The file should be an excel file.
2. The name of the file and the subject of the email shall specify the type of intermediary and the name of the intermediary. For example – “Bankers to an Issue – XUZ co. Ltd.”
3. The file shall contain the following details: Name Address Category Registration No Designated e-mail id Name of compliance officer
4. The file shall be e-mailed to bti@sebi.gov.in.

Page 25 of 42 Annexure 3 SECTION I (Activity Report) REPORT OF BANKER TO AN ISSUE (BTI) FOR THE HALF YEAR ENDED MARCH/SEPTEMBER, 20.. NAME: REGISTRATION NO: DATE OF REGISTRATION (in dd/mm/yy): Number of branches authorized to act as Collecting Branches SECTION I: ACTIVITIES A. Details of activity as Collecting Banker / Self Certified Syndicate Bank / Refund Banker / Paying Banker for Public Issues Type No. of issues handled during the half year ended March / Sep 20-

Cumulative no. of issues managed up to the half year ended March / Sep Size (in crores) of issues handled during the half year ended March / Sep 20-- Cumulative Size (in crores) of issues handled up to the half year ended March / Sep 20-- Equity Debt (listed) Total Equity Debt (listed) Total Collecting Banker Self Certified Syndicate Bank Refund Banker Paying Banker (Dividend/Interest) Name of Compliance Officer Email ID

Page 26 of 42 (Name of the Bankers to an Issue) SECTION II (Redressal of Investor Grievances) For the Half-year ended March/September, 20.. A. Status of Investor Grievances Name of the Company No. of complaints pending at the end of the last half year No. of complaints received during the half year No. of complaints resolved during the half year No of complaints pending at the end of half year B. Details of the complaints pending for more than 30 days Name of the Company No. of complaints pending for more than 30 days Nature of complaint(s)* Steps Taken for redressal Status of the complaint (if redressed, date of redressal) Name of compliance officer: Email ID: *Nature of complaint(s):

1. Deficiencies in handing application forms / payment instrument(s)
2. Deficiencies in capturing data of applicants
3. Deficiency in blocking /unblocking of bank accounts
4. System failures (for ex regarding electronic ASBA applications)
5. Any other

Page 27 of 42 (Name of the Banker to an Issue) SECTION III – COMPLIANCE COMPLIANCE CERTIFICATE FOR THE HALF YEAR ENDED MARCH/ SEPTEMBER, 20.. A. No conflict of interest with other activities The activities other than bankers to an issue performed by BTI are not in conflict with BTI activities and appropriate systems and policies have been put in place to protect the interests of investors. B. Change in status or constitution i. BTI shall require the taking prior approval from SEBI for change in control and reporting the following change to SEBI in the half-yearly reports submitted in accordance with the SEBI. a) Amalgamation, demerger, consolidation or any other kind of corporate restructuring falling within the scope of section 230 of the Companies Act, 2013 or the corresponding provision of any other law for the time being in force. b) Change in Director, including managing director/whole-time director c) Change in shareholding not resulting in change in control ii. If there is no change during the relevant quarter, it shall be indicated in the report. C. Other Information i. Details of arrest/ conviction of key officials of BTI ii. Details of prosecution cases or criminal complaints filed by investors against the BTI iii. Details of any fraudulent activity by the employees associated with BTI activities and action taken by the BTI iv. Details of any disciplinary action taken/ penalty imposed by SEBI/ other regulatory authority. v. Action taken by the BTI on the above issues D. Compliance with Registration Requirements i. Certified that the requirements specified for SEBI registration as BTI i.e., necessary infrastructure, communication and data processing facilities and manpower to effectively discharge its activities are fulfilled ii. Certified that the BTI or any of its directors is not involved in any litigation connected with the securities market which has an adverse bearing on the business as BTI or has not been convicted of any economic offence. E. Flow of applications i. Certified that the requirements prescribed from time to time with respect to the ASBA are fulfilled except for those mentioned below:

Page 28 of 42 a) Issue wise instances of delay in forwarding information to the Registrar to an Issue (beyond the period prescribed from time to time) S. No Issuer Number of days of delay in forwarding information on ASBA applications uploaded & amount blocked (Currently time line is T+2) b) Issue wise instances of delay in forwarding application forms to registrar (beyond the period prescribed from time to time) S. No Issuer Number of application forms received Number of application forms forwarded to Registrar with delay Range of delay (min and max no., of days) c) Issue wise instances of delay in unblocking the bank accounts under ASBA (beyond the period prescribed from time to time) S. No Issuer Number of ASBA applications received Number of instances of delay Range of delay (min and max no., of days) d) In respect of the following accounts, outstanding balance (in Rupees) i. Refund ii. Dividend iii. Interest e) Issue wise details of transfer of funds to Investor Education and Protection Fund (As per Section 125 of Companies Act, 2013) f) Details of deficiencies and non-compliances (in addition to those mentioned at 'E' above. g) Details of the review of the report by the Board of Directors Date of Board Review (dd/mm/yyyy) Observation of the Board on i. Deficiencies and non compliances mentioned at E & F ii. Corrective measures initiated to avoid such instances in future Certified that we have complied with Securities and Exchange Board of India (Bankers to an Issue) Regulations, 1994, applicable provisions of Securities and Exchange Board of India (Issue of Capital and Disclosure Requirements) Regulations, 2018, Circulars issued by SEBI and any

Page 29 of 42 other laws applicable from time to time except the deficiencies and non-compliances those specifically reported at 'E' and 'F' above. Name of Compliance Officer Email ID

Page 30 of 42 Annexure 4 I. Provisions with regard to Payment of Dividend / Interest / Redemption:

1. The dividend / interest / redemption processing Bank shall ensure that the Dividend / Interest / redemption Master file (i.e. file containing detailed list of beneficiaries entitled for dividend / interest / redemption distribution by whatever name called on the record date) shall include Company Name, Folio No., DPID/Client ID, Name of the first securities holder, Dividend / interest / redemption payment date, Dividend / interest / redemption amount, Payee details, Bank name, Bank account, Bank branch of the holder of securities, MICR number, Dividend / Interest / Redemption Warrant number, details of payment made through electronic channels such as RTGS/NEFT. The said file shall be shared with the Banker through a secured process/procedure as per Banker's prescribed secured mechanism. Copy of the Dividend / Interest / Redemption Master data file containing details for each dividend / interest / redemption paid shall be maintained by the bank and the same shall be reconciled by the RTA and the Issuer Company.
2. In cases where bank account details of the securities holder is not available with RTA or there is change in bank account details, RTA shall obtain account details along with cancelled cheque to update the securities holder's data. The original cancelled cheque shall bear the name of the securities holder failing which securities holder shall submit copy of bank passbook /statement attested by the bank. RTA shall then update the bank details in its records after due verification. The unpaid dividend shall be paid via electronic bank transfer. In cases where either the bank details such as MICR (Magnetic Ink Character Recognition), IFSC (Indian Financial System Code), etc. that are required for making electronic payment are not available or the electronic payment instructions have failed or have been rejected by the bank, the issuer companies or their RTA may ask the banker to make payment though physical instrument such as banker's cheque or demand draft to such securities holder incorporating his bank account details.
3. The dividend / interest / redemption processing Bank shall ensure that any dividend / interest / redemption instrument (such as demand drafts dividend / interest / redemption warrants etc.) lying unpaid beyond the validity period of the instrument shall be cancelled and the dividend / interest / redemption amount transferred earlier by issuer in the said account shall be credited back immediately to the relevant bank account of the Issuer Company. Banks should also provide the unpaid instrument details when reconciliation data is shared with Issuer Company / RTAs.

Page 31 of 42 4. the dividend / interest / redemption processing Bank shall ensure that the Banks provide reconciliation of the Paid and Unpaid details (including bank Transaction Reference Number, payee name etc.) of the Dividend / interest / redemption paid fortnightly during the initial validity of the instrument and after the expiry of validity period of the instrument, quarterly till transfer of funds to Investor Education and Protection Fund (hereinafter referred to as IEPF). Dividend / interest / redemption reconciliation data sent by banks to RTA / Issuer Companies shall contain details of all DDs / new instruments issued / electronic instructions sent in lieu of original dividend / interest / redemption payment. Details of old as well as new dividend instruments shall be provided. RTA shall also do the reconciliation and inform the Bankers / Issuer Companies in case of any discrepancies. The reconciliation files sent by the Banker shall be maintained by all the three entities, RTA, the Issuer Company, and the dividend / interest / redemption payment processing Banker as its record for a period of eight years. 5. Details of the rejection of electronic remittance, dividend / interest / redemption instruments undelivered, dividend / interest / redemption instruments expired and subsequent payment of dividend / interest / redemption made through new instruments including the status of payment of the same shall be linked to dividend / interest / redemption payment record of each of the specific folios by RTA and audit trail shall be kept in the system of the RTA.

Page 32 of 42 Annexure 5 CERT-Fin Advisory- 201155100308 Advisory for Financial Sector Organisations- RBI and SEBI Overview It has been learnt that some of the financial sector institutions are availing or thinking of availing Software as a Service (SaaS) based solution for managing their Governance, Risk & compliance (GRC) functions so as to improve their cyber security posture. Many a time the risk & compliance data of the institution moves cross border beyond the legal and jurisdictional boundary of India due to the nature of shared cloud SaaS. While SaaS may provide ease of doing business and quick turnaround, it also brings significant risk to the overall health of India's financial sector with respect to data safety and security. Description If the following data sets fall in the hands of an adversary/cyber attacker, it may lead to unprecedented increase in the attack surface area and weakening of Indian financial sector infrastructure's overall resilience. • Credit Risk Data • Liquidity Risk Data • Market Risk Data • System & Sub-System Information • Internal & Partner IP Schema • Network Topography & Design • Audit/Internal Audit Data • System Configuration Data • System Vulnerability Information • Risk Exception Information • Supplier Information & its dependencies related Data

Page 33 of 42 Solution The Financial Sector organisations may be advised to protect such critical data using layered defence approach and seamless protection against external or insider threat. The organisations may also be advised to ensure complete protection & seamless control over their critical system by continuous monitoring through direct control and supervision protocol mechanisms while keeping such critical data within the legal boundary of India. The organisations may also be requested to report back to their respective regulatory authority regarding compliance to this advisory. It is requested that you may kindly keep CERT-In informed of the actions taken and periodically provide the updated compliance to this advisory. (It may be noted that TLP Amber means: limited disclosure, restricted to participants' organizations. When should be used: Sources may use TLP:AMBER when information requires support to be effectively acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the organizations involved. How may it be shared: Recipients may only share TLP:AMBER information with members of their own organization, and with clients or customers who need to know the information to protect themselves or prevent further harm. Sources are at liberty to specify additional intended limits of the sharing: these must be adhered to.)

Page 34 of 42 Annexure 6 For Bankers to an Issue Dear Investor, In case of any grievance/complaint against the Bankers to an Issue:  Please contact Compliance Officer of the Bankers to an Issue (Name and Address)/ email-id (xxx.@email.com) and Phone No. -91-XXXXXXXXXX.  You may also approach CEO / email-id(xxx.email.com) and Phone No.- 91- XXXXXXXXXX  If not satisfied with the response of the Bankers to an Issue you can lodge your grievances with SEBI at http://scores.gov.in or you may also write to any of the offices of SEBI. For any queries, feedback or assistance, please contact SEBI Office on Toll Free Helpline at 1800227575/ 18002667575.

Page 35 of 42 Annexure 7 PRINCIPLES FOR OUTSOURCING FOR BTIs

1. A BTI seeking to outsource activities shall have in place a comprehensive policy to guide the assessment of whether and how those activities can be appropriately outsourced. The Board (as the case may be) {hereinafter referred to as the "the Board"} of the BTI shall have the responsibility for the outsourcing policy and related overall responsibility for activities undertaken under that policy. 1.1. The policy shall cover activities or the nature of activities that can be outsourced, the authorities who can approve outsourcing of such activities, and the selection of third party to whom it can be outsourced. For example, an activity shall not be outsourced if it would impair the supervisory authority's right to assess, or its ability to supervise the business of the BTI. The policy shall be based on an evaluation of risk concentrations, limits on the acceptable overall level of outsourced activities, risks arising from outsourcing multiple activities to the same entity, etc. 1.2. The Board shall mandate a regular review of outsourcing policy for such activities in the wake of changing business environment. It shall also have overall responsibility for ensuring that all ongoing outsourcing decisions taken by the BTI and the activities undertaken by the third-party, are in keeping with its outsourcing policy.
2. The BTI shall establish a comprehensive outsourcing risk management programme to address the outsourced activities and the relationship with the third party. 2.1. A BTI shall make an assessment of outsourcing risk which depends on several factors, including the scope and materiality of the outsourced activity, etc. The factors that could help in considering materiality in a risk management programme include￾a. The impact of failure of a third party to adequately perform the activity on the financial, reputational and operational performance of the BTI and on the investors I clients; b. Ability of the BTI to cope up with the work, in case of non performance or failure by a third party by having suitable back-up arrangements; c. Regulatory status of the third party, including its fitness and probity status; d. Situations involving conflict of interest between the BTI and the third party and the measures put in place by the BTI to address such potential conflicts, etc. 2.2 While there shall not be any prohibition on a group entity I associate of the BTI to act as the third party, systems shall be put in place to have an arm's length distance between the BTI and the third party in terms of infrastructure, manpower, decision￾making, record keeping, etc. for avoidance of potential conflict of interests. Necessary

Page 36 of 42 disclosures in this regard shall be made as part of the contractual agreement. It shall be kept in mind that the risk management practices expected to be adopted by an BTI while outsourcing to a related party or an associate would be identical to those followed while outsourcing to an unrelated party. 2.3 The records relating to all activities outsourced shall be preserved centrally so that the same is readily accessible for review by the Board of the BTI and I or its senior management, as and when needed. Such records shall be regularly updated and may also form part of the corporate governance review by the management of the BTI. 2.4 Regular reviews by internal or external auditors of the outsourcing policies, risk management system and requirements of the regulator shall be mandated by the Board wherever felt necessary. The BTI shall review the financial and operational capabilities of the third party in order to assess its ability to continue to meet its outsourcing obligations. 3. The BTI shall ensure that outsourcing arrangements neither diminish its ability to fulfill its obligations to customers and regulators, nor impede effective supervision by the regulators. 3.1 The BTI shall be fully liable and accountable for the activities that are being outsourced to the same extent as if the service were provided in-house. 3.2 Outsourcing arrangements shall not affect the rights of an investor or client against the BTI in any manner. The BTI shall be liable to the investors for the loss incurred by them due to the failure of the third party and also be responsible for redressal of the grievances received from investors arising out of activities rendered by the third party. 3.3 The facilities / premises / data that are involved in carrying out the outsourced activity by the service provider shall be deemed to be those of the BTI. The BTI itself and regulator or the persons authorized by it shall have the right to access the same at any point of time. 3.4 Outsourcing arrangements shall not impair the ability of SEBI/SRO or auditors to exercise its regulatory responsibilities such as supervision/inspection of the BTI. 4. The BTI shall conduct appropriate due diligence in selecting the third party and in monitoring of its performance. 4.1 It is important that the BTI exercises due care, skill, and diligence in the selection of the third party to ensure that the third party has the ability and capacity to undertake the provision of the service effectively. 4.2 The due diligence undertaken by an BTI shall include assessment of:

Page 37 of 42 a. third party's resources and capabilities, including financial soundness, to perform the outsourcing work within the timelines fixed; b. compatibility of the practices and systems of the third party with the BTI's requirements and objectives; c. market feedback of the prospective third party's business reputation and track record of their services rendered in the past; d. level of concentration of the outsourced arrangements with a single third party; and e. the environment of the foreign country where the third party is located. 5. Outsourcing relationships shall be governed by written contracts / agreements / terms and conditions (as deemed appropriate) {hereinafter referred to as "contract"} that clearly describe all material aspects of the outsourcing arrangement, including the rights, responsibilities and expectations of the parties to the contract, client confidentiality issues, termination procedures, etc. 5.1 Outsourcing arrangements shall be governed by a clearly defined and legally binding written contract between the BTI and each of the third parties, the nature and detail of which shall be appropriate to the materiality of the outsourced activity in relation to the ongoing business of the BTI. 5.2 Care shall be taken to ensure that the outsourcing contract: a. clearly defines what activities are going to be outsourced, including appropriate service and performance levels; b. provides for mutual rights, obligations and responsibilities of the BTI and the third party, including indemnity by the parties; c. provides for the liability of the third party to the BTI for unsatisfactory performance / other breach of the contract d. provides for the continuous monitoring and assessment by the BTI of the third party so that any necessary corrective measures can be taken up immediately, i.e., the contract shall enable the BTI to retain an appropriate level of control over the outsourcing and the right to intervene with appropriate measures to meet legal and regulatory obligations; e. includes, where necessary, conditions of sub-contracting by the third-party, i.e. the contract shall enable BTI to maintain a similar control over the risks when a third party outsources to further third parties as in the original direct outsourcing; f. has unambiguous confidentiality clauses to ensure protection of proprietary and customer data during the tenure of the contract and also after the expiry of the contract; g. specifies the responsibilities of the third party with respect to the IT security and contingency plans, insurance cover, business continuity and disaster recovery plans, force majeure clause, etc.; h. provides for preservation of the documents and data by third party; i. provides for the mechanisms to resolve disputes arising from implementation of the outsourcing contract;

Page 38 of 42 j. provides for termination of the contract, termination rights, transfer of information and exit strategies; k. addresses additional issues arising from country risks and potential obstacles in exercising oversight and management of the arrangements when BTI outsources its activities to foreign third party. For example, the contract shall include choice-of-law provisions and agreement covenants and jurisdictional covenants that provide for adjudication of disputes between the parties under the laws of a specific jurisdiction; I. neither prevents nor impedes the BTI from meeting its respective regulatory obligations, nor the regulator from exercising its regulatory powers; and m. provides for the BTI and /or the regulator or the persons authorized by it to have the ability to inspect, access all books, records and information relevant to the outsourced activity with the third party. 6. The BTI and its third parties shall establish and maintain contingency plans, including a plan for disaster recovery and periodic testing of backup facilities. 6.1 Specific contingency plans shall be separately developed for each outsourcing arrangement, as is done in individual business lines. 6.2 BTI shall take appropriate steps to assess and address the potential consequence of a business disruption or other problems at the third party level. Notably, it shall consider contingency plans at the third party; co-ordination of contingency plans at both the BTI and the third party; and contingency plans of the BTI in the event of non-performance by the third party. 6.3 To ensure business continuity, robust information technology security is a necessity. A breakdown in the IT capacity may impair the ability of the BTI to fulfill its obligations to other market participants / clients / regulators and could undermine the privacy interests of its customers, harm the BTI's reputation, and may ultimately impact on its overall operational risk profile. BTIs shall, therefore, seek to ensure that third party maintains appropriate IT security and robust disaster recovery capabilities. 6.4 Periodic tests of the critical security procedures and systems and review of the back-up facilities shall be undertaken by the BTI to confirm the adequacy of the third party's systems. 7. The BTI shall take appropriate steps to require that third parties protect confidential information of both the BTI and its customers from intentional or inadvertent disclosure to unauthorised persons. 7.1 BTI that engages in outsourcing is expected to take appropriate steps to protect its proprietary and confidential customer information and ensure that it is not misused or misappropriated.

Page 39 of 42 7.2 The BTI shall prevail upon the third party to ensure that the employees of the third party have limited access to the data handled and only on a "need to know" basis and the third party shall have adequate checks and balances to ensure the same. 7.3 In cases where the third party is providing similar services to multiple entities, the BTI shall ensure that adequate care is taken by the third party to build safeguards for data security and confidentiality. 8. Potential risks posed where the outsourced activities of multiple BTIs are concentrated with a limited number of third parties. 8.1. In instances, where the third party acts as an outsourcing agent for multiple BTIs, it is the duty of the third party and the BTI to ensure that strong safeguards are put in place so that there is no co-mingling of information /documents, records and assets.

Page 40 of 42 Appendix LIST OF RESCINDED CIRCULARS S. No. Circular No. and Date Subject / Title

1. SEBI RBTI(G I Series) CIRCULAR No. 1(95-96) dated April 21, 1995 Submission of quarterly reports for each quarter of the year
2. BTI CIRCULAR NO.3 (1999-2000) dated July 9, 1999 All Bankers to Issues
3. SEBI Circular No. MIRSD/DPS III/Cir-01/07 dated January 22, 2007 Exclusive e-mail ID for redressal of Investor Complaints
4. SEBI Circular MRD/DoP/Cir-05/2007 dated April 27, 2007 Permanent Account Number (PAN) to be the sole identification number for all transactions in the securities market
5. SEBI Circular No. MIRSD/DPS-2/BTI/Cir￾15/2008 dated May 06, 2008 Reporting of Information on a periodic basis
6. SEBI Circular No. MRD/DoP/Cir-20/2008 dated June 30, 2008 Mandatory requirement of Permanent Account Number (PAN)
7. SEBI Circular No. MIRSD/ DPSIII/ Cir-21/ 08 dated July 07, 2008 Designated e-mail ID for regulatory communication with SEBI
8. SEBI Circular No. Cir/ISD/1/2011 dated March 23, 2011 Unauthenticated news circulated by SEBI Registered Market Intermediaries through various modes of communication
9. SEBI Circular No. Cir/ISD/2/2011 dated March 24, 2011 Unauthenticated news circulated by SEBI Registered Market Intermediaries through various modes of communication
10. SEBI Circular No. CIR/MIRSD/11/2011 dated June 20, 2011 Periodical Report – Grant of prior approval to Bankers to an Issue
11. SEBI Circular No. CIR/MIRSD/24/2011 dated December 15, 2011 Guidelines on Outsourcing of Activities by Intermediaries
12. SEBI Circular No. CIR/MIRSD/4/2012 dated March 29, 2012 Review of Regulatory Compliance and Periodic Reporting

Page 41 of 42 LIST OF RESCINDED CIRCULARS S. No. Circular No. and Date Subject / Title 13. SEBI Circular No. CIR/MIRSD/5/2013 dated August 27, 2013 General Guidelines for dealing with Conflicts of Interest of Intermediaries, Recognised Stock Exchanges, Recognised Clearing Corporations, Depositories and their Associated Persons in Securities Market 14. SEBI Circular No. CIR/MIRSD/3/2014 dated August 28, 2014 Information regarding Grievance Redressal Mechanism 15. SEBI Circular No. CIR/MIRSD/2/2015 dated August 26, 2015 Implementation of the Multilateral Competent Authority Agreement and Foreign Account Tax Compliance Act 16. SEBI Circular No. CIR/MIRSD/3/2015 dated September 10, 2015 Reporting requirement under Foreign Account Tax Compliance Act (FATCA) and Common Reporting Standard (CRS)- Guidance Note 17. SEBI Circular No. SEBI/HO/MIRSD/MIRSD1/CIR/P/2017/38 dated May 02, 2017 Online Registration Mechanism for Securities Market Intermediaries 18. SEBI Circular No. SEBI/HO/MIRSD/DOP1/CIR/P/2018/73 dated April 20, 2018 Strengthening the Guidelines and Raising Industry Standards for RTA, Issuer Companies and Bankers to an Issue 19. SEBI Circular No. SEBI/HO/MIRSD/DOR/CIR/P/2020/221 dated November 03 2020 Advisory for Financial Sector Organizations regarding Software as a Service (SaaS) based solutions 20. SEBI Circular No. SEBI/HO/MIRSD/DOR/CIR/P/2021/46 dated March 26, 2021 Transfer of business by SEBI registered intermediaries to other legal entity 21. SEBI Circular No. SEBI/HO/MIRSD/DOR/CIR/P/2021/42 dated March 25 2021 Prior Approval for Change in control: Transfer of shareholdings among immediate relatives and transmission of shareholdings and their effect on change in control

Page 42 of 42 LIST OF RESCINDED CIRCULARS S. No. Circular No. and Date Subject / Title 22. SEBI Circular No. SEBI/HO/MIRSD/MIRSD_DOR/P/CIR/605/2021 dated August 03, 2021 Permitting non-scheduled Payments Banks to register as Bankers to an Issue 23. SEBI Circular No. SEBI/HO/CFD/PoD￾2/P/CIR/2023/141 dated August 10, 2023 Procedure for seeking prior approval for change in control with respect to Merchant Bankers and Bankers to an issue.