Category

Resources

SBO Rules and its impact on ownership structures of Indian companies

By | Latest Articles, Resources

Indian Law Updates March 2019 | Regulatory Practice

Aadhaar and other Laws (Amendment) Ordinance, 2019

Aadhaar and Other Laws (Amendment) Ordinance, 2019 has received the Presidential assent on March 4, 2019. The Ordinance effects changes to the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, the Indian Telegraph Act, 1885 and the Prevention of Money-laundering Act, 2002. Certain salient changes effected by the Ordinance is as follows:

  • Deletion of Section 57:Earlier, the Supreme Court of India in the case of Justice Puttaswamy (Retd.) & Anr. vs. Union of India, had held Section 57 of the Aadhar Act to be partly unconstitutional, in so far as it enabled use of Aadhar number for establishing identity of an individual for any purpose by the State or a body corporate or a person pursuant to any law or any contract. The Ordinance removes Section 57 entirely from the statute but allows private entities to use Aadhaar or alternate virtual identification for authentication based on a framework of safeguards set out in the Ordinance.
  • Definition of Aadhaar ecosystem:The Ordinance defines the Aadhaar ecosystem, to include enrolling agencies, Registrars, requesting entities, offline verification-seeking entities and other entities which may be specified by regulations within the ambit of an Aadhaar ‘ecosystem’. Persons who qualify as part of the ecosystem will be governed and bound by the be directions and regulations by the UIDAI.
  • Creation of an alternate virtual id:An alternative virtual id which is connected to each Aadhaar number. Those who do not wish to provide Aadhaar number can provide a virtual id for electronic authentication. Each virtual id is connected to one Aadhaar number. The UIDAI may decide whether an entity can use Aadhaar number or must restrict itself to the virtual id for authentication.
  • Offline verification:Introduction of offline verification process to establish identity which does not involve authentication using biometric or electronic means. The Ordinance however does not spell out the offline verification methods but leaves such processes to be spelt out by UIDAI through separate regulations.
  • Voluntary option to provide Aadhaar number:A voluntary process for providing Aadhaar number for authentication to private entities, such as telecom and banking companies. Such use is only with the informed consent of the Aadhaar number holder.
  • Conditions for authentication by an entity: Section 4 has been amended to allow an entity to perform authentication if it is satisfied that the requesting is compliant with standards of privacy and security which are specified by regulations and permitted to offer authentication services under the provisions of any law made by Parliament or a purpose prescribed by the Central Government.
  • Purposes for use/ disclosure of information to be specified in writing at the time of data collection: Section 29(3) has been amended to clarify that any entity which requests authentication or offline verification shall not use or disclose any information available with it for any purpose, other than purposes informed in writing to the individual at the time of submitting information for authentication or offline verification.
  • Stipulation of regulation-making power of UIDAI:The UIDAI will now have power to make regulations governing the Aadhaar ecosystem, biometric and demographic information and the process of collecting the same, standards of privacy and security, etc
  • Other updates:There are other updates such as provision for children to cancel their Aadhaar number on attaining the age of eighteen years, prevention of denial of services for refusing to undergo authentication, establishment of a Unique Identification Authority of India Fund, provision of civil penalties, etc.

Analysis

The Ordinance which has been assented to by the President after the Aadhaar Amendment Bill lapsed in the Rajya Sabha. While, the Ordinance may be welcomed by banks and telecom companies, it does appear that other financial services players such as mutual funds, wealth managers will not benefit from the ability to use Aadhaar data immediately. Such intermediaries will need to firstly, determine based on rules and regulations the nature of processes than can be used for authentication of Aadhaar data and rationalise their KYC rules with the amendments to the money laundering regime effected by the Ordinance.

Further, and more importantly the Ordinance may be subject to constitutional challenge. The Ordinance disregards the judgment of the Supreme Court which held that the use of Aadhaar information by private parties enabled commercial surveillance and was therefore unconstitutional. The Ordinance may be further scrutinized in light of the judgment of the Supreme Court as it has been passed in the absence of a comprehensive data privacy law, which in the view of the Supreme Court enhanced the level of privacy rights violations of the original Aadhaar legislation.

The Aadhar Ordinance – an analysis

By | Latest Articles, Resources

Indian Law Updates March 2019 | Regulatory Practice

Aadhaar and other Laws (Amendment) Ordinance, 2019

Aadhaar and Other Laws (Amendment) Ordinance, 2019 has received the Presidential assent on March 4, 2019. The Ordinance effects changes to the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, the Indian Telegraph Act, 1885 and the Prevention of Money-laundering Act, 2002. Certain salient changes effected by the Ordinance is as follows:

  • Deletion of Section 57: Earlier, the Supreme Court of India in the case of Justice Puttaswamy (Retd.) & Anr. vs. Union of India, had held Section 57 of the Aadhar Act to be partly unconstitutional, in so far as it enabled use of Aadhar number for establishing identity of an individual for any purpose by the State or a body corporate or a person pursuant to any law or any contract. The Ordinance removes Section 57 entirely from the statute but allows private entities to use Aadhaar or alternate virtual identification for authentication based on a framework of safeguards set out in the Ordinance.
  • Definition of Aadhaar ecosystem: The Ordinance defines the Aadhaar ecosystem, to include enrolling agencies, Registrars, requesting entities, offline verification-seeking entities and other entities which may be specified by regulations within the ambit of an Aadhaar ‘ecosystem’. Persons who qualify as part of the ecosystem will be governed and bound by the be directions and regulations by the UIDAI.
  • Creation of an alternate virtual id: An alternative virtual id which is connected to each Aadhaar number. Those who do not wish to provide Aadhaar number can provide a virtual id for electronic authentication. Each virtual id is connected to one Aadhaar number. The UIDAI may decide whether an entity can use Aadhaar number or must restrict itself to the virtual id for authentication.
  • Offline verification: Introduction of offline verification process to establish identity which does not involve authentication using biometric or electronic means. The Ordinance however does not spell out the offline verification methods but leaves such processes to be spelt out by UIDAI through separate regulations.
  • Voluntary option to provide Aadhaar number: A voluntary process for providing Aadhaar number for authentication to private entities, such as telecom and banking companies. Such use is only with the informed consent of the Aadhaar number holder.
  • Conditions for authentication by an entity: Section 4 has been amended to allow an entity to perform authentication if it is satisfied that the requesting is compliant with standards of privacy and security which are specified by regulations and permitted to offer authentication services under the provisions of any law made by Parliament or a purpose prescribed by the Central Government.
  • Purposes for use/ disclosure of information to be specified in writing at the time of data collection: Section 29(3) has been amended to clarify that any entity which requests authentication or offline verification shall not use or disclose any information available with it for any purpose, other than purposes informed in writing to the individual at the time of submitting information for authentication or offline verification.
  • Stipulation of regulation-making power of UIDAI: The UIDAI will now have power to make regulations governing the Aadhaar ecosystem, biometric and demographic information and the process of collecting the same, standards of privacy and security, etc.
  • Other updates: There are other updates such as provision for children to cancel their Aadhaar number on attaining the age of eighteen years, prevention of denial of services for refusing to undergo authentication, establishment of a Unique Identification Authority of India Fund, provision of civil penalties, etc.

The Ordinance which has been assented to by the President after the Aadhaar Amendment Bill lapsed in the Rajya Sabha. While, the Ordinance may be welcomed by banks and telecom companies, it does appear that other financial services players such as mutual funds, wealth managers will not benefit from the ability to use Aadhaar data immediately. Such intermediaries will need to firstly, determine based on rules and regulations the nature of processes than can be used for authentication of Aadhaar data and rationalise their KYC rules with the amendments to the money laundering regime effected by the Ordinance.

Further, and more importantly the Ordinance may be subject to constitutional challenge. The Ordinance disregards the judgment of the Supreme Court which held that the use of Aadhaar information by private parties enabled commercial surveillance and was therefore unconstitutional. The Ordinance may be further scrutinized in light of the judgment of the Supreme Court as it has been passed in the absence of a comprehensive data privacy law, which in the view of the Supreme Court enhanced the level of privacy rights violations of the original Aadhaar legislation.

Regulatory Updates – February 2019

By | Latest Articles, Resources

Indian Law Updates February 2019 Corporate Practice

The Companies (Amendment) Ordinance, 2019:

Whilst the Companies (Amendment) Bill, 2018, is still pending to be passed by the Rajya Sabha, the Companies (Amendment) Ordinance, 2019 has been promulgated, with effect from 12 January 2019, to continue the applicability of the provisions contained in the Companies (Amendment) Ordinance, 2018, relating to rearrangement of penalties for offences in the Companies Act, 2013 (the Act) and easing up compliance procedure in some respects. The pending bill shall become an Act post the approval of the Rajya Sabha and receipt of presidential assent and shall be effective from the date of notification in the Gazette. Once that happens, the amendments brought in by the Companies (Amendment) Ordinance, 2019 will also be crystallized in the Act.

While the inserted Section 10A prohibits all companies (whether public or private) from commencing business before they bring in the subscribers’ funds (the outer limit for which is within 180 days), file a declaration by the directors to this effect and report the registered office of the company within 30 days of commencement, Section 12(9) empowers the registrar to cause a physical verification of the registered office. On failure to file the declaration relating to the funds and verification of registered office, the registrar can initiate proceedings to remove the name of the company from the register under Chapter XVIII. This can act as a deterrent for shell companies since a physical office and receipt of funds is now mandatory.

Following are some provisions which ease up procedural requirements:

  • Change in the financial year of a holding, subsidiary or associate company of a company incorporated outside India and the conversion of a public company into private company, which earlier required the approval of National Company Law Tribunal (NCLT) can now be approved by the Central Government.
  • Section 197(7) which stated that an independent director will not be entitled to stock options and can receive remuneration in the form of sitting fees and reimbursements has been removed, adding a bit of flexibility to the payment mechanisms for independent directors.
  • The maximum amount of penalty which can be compounded by the Regional Director has been increased to twenty-five lakhs rupees.

Provisions where the fines / additional fees have been rearranged include:

  • The minimum fine for the issue of shares at discount is fixed as the amount raised through the issue of such shares, the maximum fine is capped at five lakhs rupees and the company shall have to refund the monies received with 12 percent interest from date of issue.
  • The initial period for registration of charges has been increased from 30 to 60 days, but the extension which can be granted by the registrar has been brought down from 300 to 60 days. Further, the fees for extension have been changed from additional to ad valorem, which means high value charges will have higher fees, rather than a time-based slab.
  • Wilfully furnishing false information or suppressing material information in relation to charges will now invite penalty equivalent to fraud, which can extend to fifty lakh rupees.
  • Section 90 relating to significant beneficial owners, which had been significantly amended by the Companies (Amendment) Act, 2017 provides that NCLT, at the request of the company, can make an order restricting the rights on the shares owned by a person who is believed to be the beneficial owner, but who is not registered as a beneficial owner. A person who is aggrieved by this order can apply to NCLT for the restrictions to be removed, but the time period for this application has now been restricted to one year. If the application is not filed within one year, the shares can be transferred to the authority constituted for the administration of Investor Education and Protection Fund.
  • Continuing penalties per day of default have been brought in such as one hundred rupees per day for non-filing of financial statements and annual return, five hundred rupees per day for non-filing of resolutions and agreements under Section 117 of the Act and one thousand per day for not complying with the requirement to appoint key managerial personnel in accordance with Section 203.
  • Maximum fine for frauds not involving public interest or less than ten lakhs rupees or one percent of the turnover have been increased to fifty lakhs rupees from twenty lakhs rupees.
  • Amendments in Section 454 relating to imposition of penalty by adjudicating officer or regional director now bring into its purview ‘any other persons’, apart from the company itself and officers in default.
  • If the same offence for which the penalty was imposed by adjudicating officer or regional director is repeated, the penalty would then be twice the amount of penalty provided for such default.

Regulatory Updates – January 2019

By | Latest Articles, Resources

Indian Law Updates January 2019 Regulatory Practice

SEBI Circular on Artificial Intelligence (AI) and Machine Learning (ML) applications and systems offered and used by market intermediaries:

SEBI, through its circular released on 4 January 2019 has asked all registered stock brokers and depository participants using AI / ML based systems to submit the details of such systems in a prescribed form on a quarterly basis to the stock exchanges and the depositories. The stock exchanges and depositories shall further submit a consolidated quarterly report of all registered intermediaries using AI / ML applications and systems in a soft copy at prescribed email addresses to SEBI. The stock exchanges and depositories are also required to make necessary amendments to their bye laws, rules and regulations, make the provisions of the circular known to members and participants and communicate the status of implementation in their Monthly Development Report to SEBI.

The reporting is required if such systems are used by intermediaries to facilitate investing and trading or to disseminate investment strategies and advice or to carry out compliance operations / activities and where AI / ML is portrayed as a part of the product offering or for compliance or management purposes.

The circular also contains a list of systems which are deemed to be based on AI / ML systems. These include natural language processing systems such as robo chat bots, neural networks – systems modeling the brain such as some systems used for anomaly detection, machine learning such as those based on decision tree, systems using statistical heuristics, feedback mechanism or knowledge representation.

SEBI (Foreign Portfolio Investors) (Third Amendment) Regulations 2018:

These regulations, notified on 31 December 2018 seek to prohibit registration of foreign portfolio investors (FPIs) who are predominantly owned or controlled by non resident Indians (NRIs) or overseas citizens of India (OCIs) or resident Indians. For being eligible to register as FPI, the contribution to the corpus of the FPI from a single NRI/OCI/resident Indian is required to be less than 5% and the aggregate from all NRIs/OCIs/resident Indians is required to be less than 50% of the total contribution and the NRIs/OCIs/resident Indians should not be in control of the FPI. The definition of control has been brought in the regulations and includes the right to appoint majority directors or to control management or policy decisions. However, the disqualification does not apply to offshore funds in certain cases or non investing FPIs or FPIs investing only in units of schemes floated by mutual funds in India.

The regulations also prohibit registration of, and therefore investment from FPIs which are mentioned in the United Nations Security Council Sanctions List or FPIs which are from a high risk jurisdiction in terms of Anti-money laundering (AML) or combating the financing of terrorism (CFT) measures as identified by the Financial Action Task Force. FPIs with underlying investors of more than 25% corpus falling in the above criteria will also be barred from registering.

An applicant or an existing FPI which is predominantly controlled by NRIs / OCIs / resident Indians is mandated to comply with the above criteria within a period of two years from the effective date of the regulation or date of registration whichever is earlier. Existing FPIs which do not satisfy the sanctions / AML / CTF requirements are required to comply within a period of three months of the effective date of the regulation.

In order to be categorised as Category I FPI, government agencies will mean entities in which more than 75% ownership or control is held by Government of a foreign company.The transfer of offshore derivative instruments to entities disqualified from being registered as FPIs is also prohibited.

The investment limits of multiple FPIs having common ownership of more than 50% or common control will be clubbed, with the exception of FPIs which are public retail funds themselves or are regulated by public retail funds in certain cases.

SEBI (Substantial Acquisition of Shares and Takeovers) (Third Amendment) Regulations, 2018:

By virtue of these regulations dated 31 December 2018, SEBI has exempted housing finance companies (HFCs) registered with the National Housing Bank and systemically important non banking financial companies (NBFCs) recognised as such by the Reserve Bank of India from the requirement to make disclosures in relation to the shares aggregating to five percent or more of the shares of the target company taken as pledgee, where the shares have been pledged for securing indebtedness in the ordinary course of business. Such disclosures were earlier required to be made by the HFCs or NBFCs within two days of taking the shares as an encumbrance to the target company itself and the stock exchanges where the target company is listed.

Department of Industrial Policy and Promotion Press Note No. 2 (2018) regarding FDI in e- commerce

By | Latest Articles, Resources

The Department of Industrial Policy and Promotion (DIPP) released a press note on December 26, 2018 (PN 2/2018), bringing into place some conditions related to e-commerce activities of entities which have FDI. PN 2/2018 will be effective from February 1, 2019.

The 2017 FDI policy prohibited the e- commerce entity from having more than 25% of sales value from the marketplace on financial year basis from one vendor or their group companies. This was undertaken with the intention of distributing the sales value of the e-commerce entity amongst many vendors and ensuring that sales are not predominantly concentrated in an entity controlled by the e- commerce marketplace. This was set as the criteria to ensure that the model does not become an ‘inventory’ based model, which was not permitted.

However, PN 2/2018 shifted the 25% restriction from the e-commerce entity to the vendor. It states that if more than 25% of purchases of a vendor are from the marketplace entity or any of its group companies, inventory of the vendor shall be deemed to be controlled by the e-commerce marketplace entity, and this would turn the business into an inventory based model, which is not allowed. It also expressly prohibits a marketplace from mandatorily requiring a vendor to exclusively sell products on its platform.

These restrictions may impact several exclusive sales tie-ups with specific brands, and even for new product launches exclusively on a particular marketplace. Also, the e-commerce entity will be required to demonstrate that a vendor has less than 25% of its total sales on that platform. The requirement increases data collection requirements for the e-commerce operator as it requires it to obtain total sales information of each vendor.

PN 2/2018 also provides that where the e- commerce marketplace entity or its group companies has / have an equity stake in an entity or exercises control over such entity, such entity will not be permitted to sell its products on the platform run by such marketplace entity. Further, an entity cannot sell its products on an e-commerce platform if its inventory is controlled by that e-commerce entity.

The third change in the FDI policy requires the ecommerce marketplace entity to provide other services such as logistics, warehousing, etc. on a fair and non-discriminatory basis. Thus, preferential treatment for one or more sellers will no longer be feasible. The provision clarifies that provision of services to any vendor on such terms which are not made available to other vendors in similar circumstances will be deemed to be unfair and discriminatory.

Further, cash backs provided by the group companies of the e-commerce entity must be fair and non-discriminatory i.e. other vendors must be permitted to provide similar terms. As per PN 2/2018, guarantees, warranties and after-sales services are to be provided by sellers. Payments can be facilitated by the e- commerce entity only in accordance with methods and guidelines of the Reserve Bank of India (RBI). The e-commerce marketplace entity will be required to furnish a report of compliance to the RBI annually by September 30 of each year, for the previous financial year.

Potential Impact: In addition to the impact as set out above, these modifications (a) could result in limiting the deep discounts provided by large e-commerce companies, (b) prohibit exclusive arrangements with a particular market place, (c) will result in e-commerce market place entities disposing their equity participation in selling entities.

SEBI norms for Debt Raising, RBI relaxation on Securitsation Norms

By | Latest Articles, Resources

SEBI Circular on issuance of debt securities by ‘Large Corporates’

With a view to providing an impetus to corporate bonds and being consistent with budget announcements, SEBI, on November 26, 2018 released guidelines for mandatory issue of debt securities by a Large Corporate, a term used for listed entities which have:

a) specified securities or debt securities or non-convertible redeemable preference shares listed on recognized stock exchanges (RSEs); and
b) which have outstanding long term borrowings of Rs 100 crores or above, with original maturity of more than one year (excluding ECBs and inter corporate borrowings between parent – subsidiary (ICBs)); and
c) which have a credit rating of AA and above for unsupported bank borrowings and plain vanilla bonds.

Notably, the term ‘Listed Entities’ also refers to those entities which have debt securities listed on the debt segment of the RSE. Therefore, this circular appears to apply to private companies whose debt securities are listed, if such company also fulfills the other criteria referenced in the circular.

The circular mandates a Large Corporate (LC) to meet at least 25% of its incremental borrowings, during the financial year subsequent to the financial year in which it is identified as an LC, by way of issue of debt securities. There is no minimum amount specified for the incremental borrowings and it covers all borrowings with maturity of 1 year or more (excluding ECBs and ICBs). This may be restrictive for entities since they might be required to incur the cost of public issue or privately placing debt securities even for smaller amounts of incremental borrowings.

The requirement to meet incremental borrowing norms by way of issuing debt securities shall be applicable for FY2020 and FY2021 on an annual basis, and if the LCs are unable to comply, the shortfall shall be explained to the stock exchange. Therefore, for entities following the April-March as their financial year, the framework shall come into effect from April 1, 2019.

However, from FY2022, the requirement must be met over a contiguous block of 2 years and a shortfall (i.e. amount required to be raised through debt securities but not so raised) shall be subject to a penalty of 0.2% of the shortfall. The penalty shall be paid to the stock exchanges, who will remit this amount to SEBI Investor Protection and Education Fund.

The Large Corporates are required to disclose the fact of their being Large Corporates as per the circular and the incremental borrowings during the financial year to the stock exchanges as well as to include the disclosures in their audited annual financial results. The disclosures made by the Large Corporates are to be certified both by the Company Secretary and the Chief Financial Officer of the Large Corporate.

Relaxation in NBFC Securitization Guidelines

The Reserve Bank of India vide circular dated November 29, 2018 (“RBI Circular”) relaxed the Minimum Holding Period (MHP) for certain transactions to facilitate assignment of loans / receivables by NBFC’s.

As per the RBI Circular, the MHP requirement for originating NBFCs, in respect of loans of original maturity above 5 years, has been reduced to receipt of repayment of six monthly instalments or two quarterly instalments (as applicable). Therefore, the MHP has effectively been reduced from 1 year to 6 months. Provided however, Minimum Retention Requirement for such securitisation/assignment transactions are to be 20% of the book value of the loans being securitised/20% of the cash flows from the assets assigned.

The above dispensation is only applicable to securitisation/assignment transactions carried out during a period of six months from the date of issuance of the RBI Circular.

SEBI Circular on Alternative Investment Funds (AIFs) in International Finance Service Centres (IFSCs)

These guidelines provide for the setting up of AIFs in an International Financial Service Centre (IFSC) (so far, only Gujarat International Finance Tec-City or GIFT) by incorporation as a trust, company, LLP or body corporate. The AIFs can apply for registration under SEBI AIF Regulations, 2012. Non-residents and resident institutional or individual investors eligible under FEMA to invest offshore can invest in these AIFs as per SEBI IFSC Guidelines, 2015. These AIFs can now invest in India through the FVCI / FDI route, in addition to the Foreign Portfolio Investment route. Some requirements in relation to such AIFs can be tabled as under:

Minimum scheme corpus USD 3mn.
Minimum investment from an investor (other than employees / Directors of AIF or Manager) USD150000
Minimum investment from employees or Directors of AIF or Manager USD40000
Minimum continuing interest of Manager or Sponsor (except for category III AIF) Two and half percent of corpus or USD750000 whichever is lower
Minimum continuing interest of Manager or Sponsor for category III AIF Five percent of the corpus or USD1.5mn whichever is lower

It is mandatory for a category III AIF to appoint a SEBI registered custodian, while for category I and II AIFs, it is mandatory to appoint a custodian if the corpus is more than USD70mn.

The circular also provides for Angel Funds to be set up in IFSCs, with the following requirements:

Minimum Corpus USD750000
Minimum net tangible assets of an individual investor who invests in an angel fund (excluding value of his principal residence) USD300000
Minimum net tangible assets of a corporate angel investor USD1.5mn
Minimum investment in angel fund by an angel investor USD40000 up to maximum 5 years
Minimum continuing interest of Manager or Sponsor Two and half percent of corpus or USD80000 whichever is lesser

Reserve Bank of India (RBI) issues guidelines for enabling interoperability of Prepaid Payment Instruments (PPIs)

By | Latest Articles, Resources

In accordance with the road map provided earlier by its Master Direction, the RBI has issued the consolidated guidelines on October 16, 2018 for enabling interoperability between Prepaid Payment Instruments (PPIs).

These guidelines enable wallet to wallet transfers and is likely to increase the use and acceptability of the payment wallets. PPIs issued in the form of wallets will be entitled to enable interoperability through UPI. Further, participating PPI’s will have to adhere to the technical specifications / standards / requirements as well as the reconciliation and grievance redressal mechanisms of National Payments Corporation of India (NPCI), which will facilitate the PPI issuers’ participation.

PPIs which are issued in the form of cards, will be entitled to enable interoperability in association with card networks. It opens up the whole domain of card payments to them, though such PPI Issuers will be required to follow all the technical requirements of the card networks such as membership type and criteria, merchant onboarding etc. PPI issuers operating in specific segments such as meal, gifts and money transfer services may also implement interoperability.

PPIs which have been issued in the form of wallets are required to adhere to the requirements of the sponsor bank arrangements in the UPI for settlement purposes.

Certain other salient provisions of the guidelines are:

a) PPI issuers are required to have a board approved policy for achieving interoperability.

b) Interoperability shall be facilitated on all KYC compliant accounts.

c) The new PPIs issued in form of cards would need to be EMV chip and PIN compliant. Participants will have to ensure that re-issuance / renewal of PPIs in form of cards is also EMV chip and PIN compliant. However, gift cards and cards for Mass Transit Systems (MTS) can be issued with or without EMV chip and PIN enablement.

For interoperability through UPI, PPI issuers shall link only their own customers’ wallets to the handle issued by NPCI and shall onboard only their own customers and not of any bank or other PPI issuer. The authentication i.e. checking the user’s identity will be completed by the PPI holders as per their existing wallet credentials and hence the transaction will be pre-approved before it reaches the UPI.

Personal Data Protection Bill 2018

By | Latest Articles, Resources

The Ministry of Electronics and Information Technology (“MeitY”) has released a draft of the Personal Data Protection Bill, 2018 (“Bill”), which was prepared by a committee constituted under the Chairmanship of Justice B.N. Srikrishna

Applicability: The Bill applies to processing of personal data if such data has been used, shared, disclosed, collected or otherwise processed in India, by a private or a government entity. In respect of processing by fiduciaries that are not present in India, the Bill shall apply if such processing is in connection with any business carried on in India activities such as profiling of data principals in India. The Bill extends to any personal data collected, used, shared, disclosed or otherwise processed by anybody corporate incorporated under Indian law or an Indian citizen will be covered, irrespective of whether it is actually processed in India.

Data Protection: Data protection is the process of safeguarding personal information from corruption, compromise or loss.

The Data Protection Authority of India (DPA): will be an independent regulatory body is responsible for the enforcement and implementation of the law.

Data Principal: the individual, who’s personal data is being processed, stored or collected.

Data Fiduciary: the entity who is in possession of the personal data of the data principal, for the purposes of storing, collecting and processing such principal’s data. Data fiduciaries are not limited only to persons who are processing data electronically, but even those persons who are processing, collecting or storing data physically.

Processing: The DPA will issue specific guidelines for processing of various categories of personal data and sensitive personal data in various contexts. Sensitive personal data will include passwords, financial data, health data, official identifier, sexual orientation, biometric and genetic data, and data that reveals transgender status, gender, caste, tribe, religious or political beliefs or affiliations of an individual.

Consent: Consent will be a lawful basis for processing of personal data. For consent to be valid it should be free, informed, specific, clear and capable of being withdrawn.

As a general rule, a copy of all personal data must be stored in India. The Government may issue rules specifying that certain categories of data can only be stored or processed in India.

Obligations of data fiduciaries: All processing of personal data by data fiduciaries must be fair and reasonable and for purposes which are clear, specific and lawful. A data fiduciary is obliged to provide notice to the data principal at the time of the collection of her personal data. The DPA will be notified when there is a data breach and in certain circumstances, to the data principal also.

Data principal rights: The right to confirmation, access, correction and data portability. The right to be forgotten provides a data principal the right against the disclosure of her data when the processing of her personal data has become unlawful or unwanted.

Transfer of personal data outside India: Other than critical personal data, all cross-border data may be transferred or processed on the basis model contract clauses containing key obligations. Critical personal data, as notified by the central government, will be subject to the requirement to process only in India. Personal data will however have permitted to be transferred for reasons of prompt action or emergency, such as for medical reasons.

Exemptions: Processing of personal or sensitive personal data if it is necessary in the interest of the security of the state, and for prevention, detection, investigation and prosecution of contraventions of law, are exempted. For enforcing a legal right or claim, for seeking any relief, defending any charge, opposing any claim or for obtaining legal advice from an advocate in an impending legal proceeding would be also exempted from the application of the Bill.

A mandatory approval requirement has been imposed on data processors who process data which carries a risk of significant harm to data principals. Such processors are required to implement Trust Scores, Data Audits as well as a Data Protection Impact Assessment.

The Bill introduces the concept of “privacy by design”, where privacy principles prescribed by the Bill are to be built into technology and operating systems of data fiduciaries and not be implemented as a reaction to new legal or other contractual requirements.

Appeals: An appellate tribunal will hear any appeal against an order of the DPA. Appeals against orders of the appellate tribunal will lie with the Supreme Court of India.

Penalties: Significant penalties of up to 2%-4% of global turnover in some cases and other monetary penalties in the range of USD 728,000 and USD 21,85,000, depending on the nature of harm and type of data which has been breached, may be imposed on data fiduciaries and compensation may be awarded to data principals for violations of the data protection law. In addition, the Bill also imprisonment for certain types of data violations. A person aggrieved by any action in violation of the Bill may also apply to the DPA seeking compensation for the harm caused.

Impact: The Bill is a welcome step towards the establishment of a statutory framework for privacy protection in India. However, the nature of obligations imposed on the data fiduciaries is in many instances ambiguous and onerous. The Bill contemplates the issuance of further guidelines and codes of conduct by the Government to facilitate the implementation of the Bill. This could lead to misalignment between genuine principles of data protection and commercial consequences such as costs and compliance required to satisfy future directions by the Government. MeitY will be required to have a wide range of discussions with stakeholders on the Bill so as to provide data fiduciaries with certainty as to the obligations that are required to be satisfied. MeitY, it is hoped, will also provide a sufficient window for data fiduciaries to put in place systems for complying with the provisions of the Bill.

Indian Law Updates April 2018 | Regulatory Practice

By | Resources

SEBI REVISES CORPORATE GOVERNANCE STANDARDS BASED ON RECOMMENDATIONS OF THE KOTAK COMMITTEE.

 

The Securities and Exchange Board of India (“SEBI”) by way of a press release dated March 28, 2018 (“Press Release”) has announced actions taken at the SEBI board meeting including adoption of certain recommendations of the Uday Kotak Committee constituted in June 2017.

The Kotak Committee was constituted to make recommendations for improving standards of corporate governance of listed entities in India and the report (“Committee Report”) was released in October 2017. After having reviewed the Committee Report, on March 28, 2018, SEBI at its board meeting approved certain recommendations in toto and accepting some with modifications. This Press Release does not detail all recommendations of this committee which have been adopted by SEBI and is also silent on those which have been rejected.

These recommendations which have been highlighted in the Press Release will be applicable only after necessary amendments are made in the relevant regulations. Further, the points mentioned below are not exhaustive and indicate only the key highlights of the Press Release:

❖ Composition and Role of the Board of Directors – Recommendations accepted

→ CEO/MD: Separation of CEO/MD and Chairperson positions (modified recommendation in the Committee Report): Applicable to the top 500 listed entities in terms of market capitalization, effective from April 1, 2020. Note, the Committee Report had recommended that (a) listed entities with more than 40% public shareholding should separate the roles of Chairperson and MD/CEO with effect from April 1, 2020, and (b) after 2020, SEBI may examine extending the requirement to all listed entities with effect from April 1, 2022.

→ Gender Diversity (modified recommendation in the Committee Report): At least one ‘woman independent director’ to be on the Board of Directors of the top 500 listed entities by April 1, 2019 and in the top 1000 listed entities by April 1, 2020. The Committee Report had recommended that every listed entity have at least one independent woman director on its board of directors.

→ Minimum Directors (modified recommendation in the Committee Report): At least six directors to constitute the Board in the top 1,000 listed entities by April 1, 2019 and in the top 2,000 listed entities, by April 1, 2020. Currently, the minimum number of directors for such companies is 3. The Committee Report had recommended that this provision be adopted by all listed entities.

→ Maximum Directors: A director can be appointed on the Board of only up to 8 listed companies by April 1, 2019 and it will be reduced to 7 by April 1, 2020. Currently, the Companies Act, 2013 stipulates this as 10 directorships. This recommendation of the Committee Report has been adopted without any modification.

→ Quorum (modified recommendation in the Committee Report): Quorum for board meetings to be one third of the size of the board or three members, whichever is higher, for top 1,000 listed companies by April 1, 2019 and for top 2,000 listed companies by April 1, 2020. Currently, the Companies Act, 2013 requires a quorum of one-third of the total strength of the board of directors or two directors, whichever is higher. However, it is important to note that the Committee Report had also recommended that at least 1 independent director be required to constitute quorum.

❖ Disclosures and transparency- Recommendations accepted (without any modification)

→ QIPs: Disclosure on utilization of funds raised from Qualified Institutional Placement and preferential issues.

→ Quarterly: Mandatory disclosure of consolidated quarterly results with effect from FY 2019-20.

→ Auditor: Disclosures of auditor credentials, audit fee, reasons for resignation of auditors, etc. to be disclosed in the notice to the shareholders to allow shareholders to take an informed decision on the appointment of auditors of listed companies.

❖ Investor participation in meetings of Listed entities – Recommendation accepted (with modification)

→ Timeline for holding AGM: Top 100 entities to hold AGMs within 5 months after the end of FY 2018-19 i.e. by August 31, 2019. Currently, under the Companies Act 2013, listed entities in India are required to hold Annual General Meetings within six months from the end of the financial year. There is no specific provision in SEBI LODR Regulations on this matter. The Committee Report had recommended that the time period be reduced to 4 months over time.

→ Royalty payments: Mandatory approval of the majority of minority shareholders for any payments on account of brand or royalty to a related party exceeding 2% of the consolidated turnover. The Committee Report had recommended a 5% threshold in this regard.

❖ Enhanced disclosure of related party transactions – Recommendations accepted (without any modification)

→ Disclosure: SEBI has adopted the enhanced disclosure requirements for related party transactions as prescribed in the Committee Report. The Committee Report had inter alia recommended that listed companies submit within 30 days of publication of its standalone and consolidated financial results for the half year, disclosures of related party transactions on a consolidated basis, in the format prescribed in the relevant accounting standards for annual results, to the stock exchanges and publish the same on its website.

❖ Monitoring of group entities – Recommendations accepted (without any modification)

→ Secretarial Audit: Secretarial Audit is mandatory for listed entities and their material unlisted subsidiaries under SEBI (Listing Obligations and Disclosure Requirements) Regulations 2015.

❖ Enhanced obligations on the listed entities with respect to subsidiaries- Recommendations accepted (without any modification)

→ Subsidiaries: The recommendations in the Committee Report on the enhanced obligations with respect to subsidiaries were accepted by SEBI. Therefore, amongst other amendments, the monetary threshold in the definition of ‘material subsidiary’ will now be reduced to 10% (as against 20% currently). These recommendations aim for better transparency on the governance levels of downstream investee entities of the listed entity and also to improve the monitoring of the listed entity at a consolidated level.

❖ Enhanced obligations on the listed entities with respect to subsidiaries- Recommendations accepted (without any modification)

→ Eligibility criteria: The recommendations for expanding the eligibility criteria for independent directors was adopted by SEBI. The Committee Report inter alia sought to specifically exclude persons who constitute the ‘promoter group’ of a listed entity from the definition of an ‘independent director’. Further, it also excluded “board interlocks” arising due to common non-independent directors on boards of listed entities.