Myths on Structured Digital Database

Myths & Myth Busters

1. We can maintain data required under SDD Compliance Regulation 3 (5) of SEBI PIT Regulations, 2015 in an Excel sheet!

As per Regulation 3(5) of the PIT Regulations, SDD must be maintained with adequate internal controls and checks such as time stamping and audit trails to ensure non-tampering of the database. These features are not possible in an Excel sheet. As per the regulation, the requirement is to maintain a Database and not an Excel sheet. Databases offer robust security features such as user authentication, authorization, and encryption to protect sensitive data, unlike Excel sheets that provide basic password protection.

2. I have to purchase Structured Digital Database Software (“SDD Software”) only through my Registrar and Transfer Agent (“RTA”).

No, RTA provides services related to share registry maintenance and share transfer activities. Regulation 3(5) and 3(6) of the PIT Regulations stipulate the responsibility and details of UPSI to be captured in the database, which must be maintained internally. There is no requirement to purchase SDD Software exclusively from RTA. Companies can evaluate software vendors.

3. SDD Compliance does not apply to our Company as we are listed on the Metropolitan Stock Exchange (“MSEI”) and Calcutta Stock Exchange (“CSE”).

Even though shares of the Company are listed on MSEI or CSE, the company is still defined as a listed company under the law. The company is required to maintain SDD Software.

4. SDD Compliance does not apply to our Company as our shares are not actively traded or not at all traded on the Stock Exchanges.

Even though shares of the Company are not actively traded or not at all traded on the Stock Exchanges, the company is still defined as a listed company under the law. The company must maintain SDD Software.

5. SDD Compliance does not apply to our Company as our shares are suspended to trade on the Stock Exchanges.

Even though shares of the Company are suspended from trading on the Stock Exchanges, the company is still defined as a listed company under the law. The company must maintain SDD Software.

6. SDD Compliance applies to only listed companies and not practicing professionals / fiduciaries.

No, all fiduciaries who handle UPSI of a listed company in the course of business operations must maintain SDD Software, according to SEBI (PIT) Regulations, 2015.

7. SDD Compliance applies to only listed companies and not intermediaries.

No, all intermediaries who handle UPSI of a listed company in the course of business operations must maintain SDD Software, as per SEBI (PIT) Regulations, 2015.

8. We are fiduciaries to the listed company and use the same software that the company is maintaining while sharing the information back to the company.

No, fiduciaries and the company cannot use the same software for maintaining SDD. Fiduciaries must maintain a separate SDD Software internally, which should not be connected to the listed company.

9. I am a listed company and operationally I am a SEBI registered intermediary dealing with UPSI of other listed companies, but since I have SDD software for listed compliance, I don’t need to buy for my intermediary operations.

No, separate software is required for maintaining UPSI as a listed company and for intermediary operations dealing with UPSI of other listed companies.

10. All emails have to be stored on a common email related to UPSI and make entries accordingly or through email automation.

No, the SDD Regulation requires only the nature of UPSI to be captured, not every conversation. Storing all emails on a common email related to UPSI can pose a systematic data risk, making sensitive data more vulnerable.