Categories: CA

Mandatory Compliance: SDD for Fiduciaries CAs & Audit Firms

Mandatory Compliance: Structured Digital Database (SDD) for Fiduciaries (CAs & Audit Firms)

As a chartered accountant or audit firm dealing with unpublished price-sensitive information such as financial data, earnings, or other confidential information of listed companies prior to public disclosure, you are classified as a fiduciary under the SEBI (Prohibition of Insider Trading) Regulations, 2015.

Based on the NSE Circular dated 28.10.2022—Annexure II—and the SEBI (Prohibition of Insider Trading) Regulations, 2015, here is a compliance summary tailored for chartered accountants and audit firms handling unpublished price-sensitive information. 

This fiduciary status imposes a mandatory obligation to maintain an internal Structured Digital Database (SDD) to ensure transparency and prevent misuse of UPSI. This is not merely a good practice—it is a regulatory requirement. CA Firm handling financials or UPSI of listed or proposed-to-be-listed companies, you are considered a fiduciary under Regulation 3(2A) of the SEBI (PIT) Regulations, 2015. This brings a direct legal obligation to maintain a Structured Digital Database (SDD) internally.

What Must Be Maintained in the SDD?

As per Regulation 9A(2)(d) and Schedule C of the PIT Regulations, your firm must internally maintain a digital database that captures:

  • Nature of UPSI received or shared

  • Names, PAN or other identifiers of persons involved (shared with or received from)

  • Date and time stamps of information access/sharing

  • Audit trails with non-tamperable entries

Important Requirements for Chartered Accountant or audit firm :

  • SDD cannot be outsourced – must be maintained internally

  • Entries must be time-stamped and tamper-proof

  • Any correction must be made via new entry referencing the old, not by altering past records

  • Access must be limited to “need-to-know” individuals and identity must be auditable

  • SDD is mandatory even for UPSI shared internally, not just with external parties

Non-Compliance = Risk

chartered accountant or audit firm Failure to maintain a valid SDD can result in penalties, regulatory scrutiny, and reputational damage—affecting both the audit firm and the client (the listed entity). CA may use external software for maintaining SDD, provided it is installed and managed internally, ensuring data control, security, and traceability.

Next Steps for Your CA Firm:

  1. Identify team members handling UPSI

  2. Implement or upgrade an internal SDD system

  3. Train staff on SDD compliance and PIT obligations

  4. Conduct periodic reviews and internal audits for adherence

Failure to maintain a compliant SDD can expose your firm and your clients to significant regulatory scrutiny and penalties under SEBI norms.

A chartered accountant or audit firm protects and safeguards his clients. Ensure CA SDD is active, secure, and compliant. If CA  firm is not yet maintaining a structured digital database, we urge CA to implement one immediately to remain compliant and avoid regulatory consequences.

In summary, the SDD must accurately record the nature of UPSI received or shared, Names, PANs or other identifiers of individuals with whom the information is shared or Date and time stamps, including audit trails of such sharing

FAQs on Structured Digital Database (SDD)

Q 1. Who is required to maintain the SDD?

Ans :  As per Regulation 3(5) of the SEBI (PIT) Regulations, 2015: “The Board of Directors or head(s) of the organisation of every person required to handle Unpublished Price Sensitive Information (UPSI)” is mandated to maintain an SDD. This includes:

  • Listed or proposed-to-be-listed companies (as per Regulation 2(1)(hb) of PIT Regulations)

  • Intermediaries/fiduciaries, as referred under the Explanation to Regulation 3(2A), who handle UPSI in the course of their business

Q 2. Are intermediaries/fiduciaries required to maintain SDD?

Ans :  Yes. Intermediaries/fiduciaries must maintain a separate internal SDD for

  • UPSI shared with them

  • UPSI they have shared with others

This applies even for unlisted companies whose securities are proposed to be listed. (Ref: Regulation 9A(2)(d) & Schedule C of SEBI PIT Regulations)

Q 3. What is the trigger point for inserting a record into the SDD?

Ans :  The sharing of UPSI, internally or externally, triggers the requirement to record the event in the SDD.

Q 4. What qualifies as UPSI?

Ans :  UPSI is defined under Regulation 2(1)(n). It includes information that:

  • Is not publicly available

  • Would materially affect the price of securities if made public

Examples include financial results, mergers, acquisitions, and key management changes.

Q 5. When is UPSI considered to be “germinated”?

Ans : UPSI is germinated when:

  • It starts taking shape as price-sensitive information

  • The probability of the event happening is greater than not happening, and

  • The event is likely to materially affect the securities’ price upon disclosure

Q 6. Should internal sharing of UPSI also be recorded in the SDD?

Ans :  Yes. Whether UPSI is shared within or outside the organization, it must be recorded in the SDD. Example: While finalizing financial results, sharing UPSI with accounts personnel or auditors must be recorded with their names and identifiers (e.g., PAN). Audit firms that receive UPSI must also maintain their own SDD.

Q 7. What are the technical requirements for maintaining the SDD?

Ans :

  • The database must not be outsourced

  • It must have adequate internal controls, time stamping, and audit trails

  • Once an entry is made, it cannot be altered

  • Any corrections must be made via new entries referencing the original, with reasons

Q 8. Who can access and insert UPSI into the SDD?

Ans :

  • The responsibility lies with the Board of Directors or the Head of the Organization

  • Access must be granted on a ‘need-to-know’ basis

  • Identity of every user must be established and audit-trailed

Q 9. For group companies, should each maintain its own SDD?

Ans :  Yes. Each company within a group must maintain a separate, independent SDD, as per Regulation 3(5).

Q 10. What if PAN of the person is not available?

Ans :  Capture the PAN wherever available. If not, use any other valid identifier (like Aadhaar, Passport No., etc.) to record the identity.

Q 11. Can external software be used to maintain the SDD?

Ans :  Yes. You may purchase or license external software, but the SDD must be maintained internally (within the control of the fiduciary/entity).

Q 12. Are companies under CIRP required to maintain SDD?

Ans : Yes. Resolution Professionals must ensure compliance with all applicable laws, including SEBI PIT Regulations, as per IBBI Circular No. IP/002/2018 dated January 03, 2018.

Tags: CAs & Audit Firms
2 months ago
Rajput Jain & Associates

Rajput Jain & Associates is a Chartered Accountants firm, with it's headquarter situated at New Delhi (the capital of India). The firm has been set up by a group of young, enthusiastic, highly skilled and motivated professionals who have taken experience from top consulting firms and are extensively experienced in their chosen fields has providing a wide array of Accounting, Auditing, Taxation, Assurance and Business advisory services to various clients and their stakeholders. Rajput jain & Associates, a professional firm, offers its clients a full range of services, To serve better and to bring bucket of services under one roof, the firm has merged with it various Chartered Accountancy firms pioneer in diversified fields. We have associates all over India in big cities. All our offices are well equipped with latest technological support with updated reference materials. We have a large team of professionals other than our Core Team members to meet the requirements of our prospective clients including the existing ones. However, considering our commitment towards high quality services to our clients, our team keeps on growing with more and more associates having strong professional background with good exposure in the related areas of responsibility.

Leave a Comment

Related Post

Recent Posts

Smart Term Insurance Picks for the Self-Employed

Smart Term Insurance Picks for the Self-Employed Being self-employed is like walking a tightrope; you enjoy the thrill of independence,… Read More

1 day ago

2500 Cr Loss Risk from Compensation Cess Credits in GST 2.0

FADA : Rs. 2,500 Cr Loss Risk from Compensation Cess Credits in GST 2.0 Transition The Federation of Automobile Dealers… Read More

3 days ago

Complete Guide to CA Articleship

Complete Guide to CA Articleship (2024-25) CA Articleship is the most important phase after clearing CA Intermediate. This training bridges… Read More

5 days ago

Statutory Compliance Calendar – September 2025

Statutory Compliance Calendar – September 2025 5th September : SEZ: MPR filing. 7th September FEMA: ECB 2 Return. Income Tax: TDS/TCS… Read More

6 days ago

Crypto Futures & Options in India: How to Report in ITR?

Crypto F&O in India: Must Know About - How to Report in ITR? As Indian investors dive into crypto derivatives,… Read More

6 days ago

Made a Political Donation? Income Tax Dept Tightens Scrutiny

Made a Political Donation? Income Tax Dept Tightens Scrutiny Many taxpayers who claimed deductions under Section 80GGC (political donations) are… Read More

6 days ago
Call Us Enquire Now