April 20, 2014
Home | Circulars | Recent Circulars | 2008
 
 

Annexure 1

A. Objectives of internal audit: -

The following are the broad objectives of` internal audit for depository operations -

  • To assure the management that the operations of the Participant are in compliance with the requirements of The Depositories Act, 1996, SEBI (Depositories & Participants) Regulations, 1996, NSDL Bye Laws and Business Rules, its agreement with the Client and NSDL and various circulars issued by NSDL from time to time.

  • To assure management that the DPM is managed and maintained in a manner that there is no threat to business continuity, integrity of data processing system is maintained at all times and methods are put in place to ensure that records are not lost, destroyed or tampered with or in the event of loss or destruction of data, sufficient backup of records is available at all times.

  • To assure management that the capacity of computer system, staff strength and internal procedures are commensurate with the level of business activity.

  • To assure management and NSDL that the business operations of the Participant are conducted in a manner that the foreseeable risks are addressed with appropriate internal control mechanism.

  • To assure management that the operations are conducted in a manner that there is no loss of revenue and receivables are received promptly.

  • To assure management and NSDL that the business operations of the Participant are conducted as per the operations manual and in strict adherence with NSDL prescribed procedures.

B. Audit program: -

Internal audit program should cover all facets of the depository operations. Auditor may expand the scope of audit / add more audit points to achieve the objectives listed above. Participants are advised to extend full co-operation to their auditors to enable them to perform an effective audit. All circulars / guidelines issued by NSDL / SEBI from time to time and other information / records desired by the auditors should be made available to them within a reasonable time.

IAR must contain auditor’s observation on all the audit points given below:

1. Operations Manual

The Operations Manual prepared by the Participant should be reviewed by the auditor. The Operations Manual should have organization chart showing hierarchy of the staff members involved in depository activities, a chart showing accountability at each level, segregation of duties, maintenance of records and documents, procedure to be followed for reporting exceptional issues related to systems (e.g. problem in hardware or any component of hardware/software, backup, UPS, telephone line, reducing hard disk space, decreasing speed of machine, etc.) and operations (e.g. failure in executing delivery instructions, failure of transactions leading to auction of clients, delay in confirmation back to clients, loss of certificates sent for demat, frauds, misappropriation of securities etc.), procedure to comply with the requirements related to anti-money laundering, Compliance Certificate etc.

Auditor shall certify -

1.1. Whether Operations Manual covers all depository activities?

1.2. Whether the Operations Manual is updated as and when required?

1.3. Whether the Operations Manual is available to persons who need to refer it?

1.4. Whether procedures mentioned in the Operations Manual are followed?

1.5. Whether there are procedures / systems in place to ensure compliance with guidelines?

Auditor may refer following circulars:

  • Circular No. NSDL/POLICY/2006/0025 dated July 6, 2006- Submission of information to Financial Intelligence Unit-India (FIU-IND) under Prevention of Money Laundering Act, 2002 (PMLA).

  • Circular No. NSDL/POLICY/2007/0017 dated March 22, 2007- Important-Mandatory comments in IAR and Clarification for Concurrent Audit Report.

  • Circular No. NSDL/POLICY/2007/0039 dated July 11, 2007 - Amendment to the Rules framed under the PMLA.

  • Circular No. NSDL/POLICY/2007/0055 dated September 25, 2007- Submission of details of all places from where depository services are offered and approval of new branches and franchisees in the prescribed format.

  • Circular No. NSDL/POLICY/2008/0003 dated January 17, 2008- SEBI's advise to Depositories and its Participants on Compliance with PMLA and Rules framed there-under.

The auditor should review the Operations Manual atleast once in a year (in first half yearly audit) and provide his comments in report. If the Participant has not prepared the Operations Manual, auditor should mention this fact in the report and management comments should be obtained.

2. Anti Money Laundering

2.1. Whether the Participant has complied with the relevant laws, rules and instructions on Anti Money Laundering?

While commenting on this area, auditor shall also mention whether the Participant has drawn up a policy for implementation of Anti-Money Laundering mechanism and has appointed a ‘Principal Officer’. If the Participant has not drawn up a policy and/or has not appointed a Principal Officer, auditor shall mention this fact in the report and management comments shall be obtained.

Auditor may refer following circulars:

  • Circular No. NSDL/POLICY/2006/0025 dated July 17, 2006- Submission of information to FIU-IND under PMLA.

  • Circular No. NSDL/POLICY/2007/0017 dated March 22, 2007- Important-Mandatory comments in IAR and Clarification for Concurrent Audit Report.

  • Circular No. NSDL/POLICY/2007/0039 dated July 11, 2007- Amendment to the Rules framed under the PMLA.

  • Circular No. NSDL/POLICY/2008/0003 dated January 17, 2008- SEBI's advice to Depositories and its Participants on Compliance with PMLA and Rules framed there-under.

  • Circular No. NSDL/POLICY/2008/0052 dated July 26, 2008 Filing of Suspicious Transaction Report (STR) to FIU-IND under PMLA.

3. Audit of Account opening

3.1 Whether the Participant has undertaken necessary due diligence to comply with the ‘Know Your Client’ (KYC) norms, ‘in-person’ verification, maintenance of records of ‘in-person’ verification, Permanent Account Number (PAN) verification, verification of original documents, etc., as prescribed by SEBI / NSDL for all categories of accounts?

Auditor may refer following circulars:

  • Circular No. NSDL/PI/2001/1307 dated August 27, 2001- Speed-e accounts.

  • Circular No. NSDL/POLICY/2006/0005 dated February 7, 2006- KYC compliance.

  • Circular No NSDL/POLICY/2007/0071 dated November 12, 2007- Modification of Account Opening Form & DIS – Incorporation as per FIU-IND under PMLA guidelines.

  • Circular No. NSDL/POLICY/2007/0077 dated December 19, 2007- Master Circular on 'Account Opening' - Version 1.

  • Circular No. NSDL/POLICY/2008/0018 dated March 24, 2008- Guidelines on opening of Trust accounts.

  • Circular No. NSDL/POLICY/2008/0030 dated April 30, 2008- SEBI’s clarification on ‘In-person’ verification of Beneficial Owner (BO) at the time of account opening.

  • Circular No. NSDL/POLICY/2008/0037 dated May 27, 2008– Clarification on acceptance of copy of the bank statement as proof of address.

  • Circular No. NSDL/POLICY/2008/0040 dated June 4, 2008- Clarification with respect to capturing of landmark details under the address field in the DPM.

3.2 Whether data entered in DPM is exactly matching with the details mentioned in the account opening form?

3.3 Whether signature of the client on the account opening form is exactly same as that scanned in DPM? (Circular No. NSDL/POLICY/2007/0002 dated January 4, 2007).

For points 3.2 and 3.3 above, auditor should randomly verify data entered in the DPM and the signature(s) of the client(s) scanned vis a vis the details in the account opening form(s). Auditor shall record the findings in following manner:

  • Number of accounts verified:

  • Number of accounts where signature scanned and/or data entered matches:

  • Number of accounts where signature and /or data entered do not match:

3.4 Whether PAN is verified and captured in DPM as per prescribed procedure? (Circular No.NSDL/POLICY/2007/0026 dated May 10, 2007).

3.5 Whether the Participant has executed utilities provided by NSDL at regular intervals and has taken necessary actions? (Circular Nos.NSDL/POLICY/2006/0042, NSDL/POLICY/2006/0047, NSDL/POLICY/2006/0057 dated September 23, 2006, October 16, 2006 and November 24, 2006 respectively).

4. Audit of changes in Client Master details

4.1 Whether changes in Client Master details (i.e. change of address, change of signature and change in bank details / Nomination / Transmission / Closure / Freezing / Unfreezing etc.) are being done as per prescribed procedure?

Auditor may refer following circulars:

  • Circular No. NSDL/PI/2002/0365 dated March 4, 2002- Closure of account with Zero Balances.

  • Circular No. NSDL/PI/2002/2175 dated December 18, 2002- Closure of account wherein request received on Plain Paper.

  • Circular No. NSDL/PI/2003/0309 dated February 22, 2003- Closure of account wherein demat is pending.

  • Circular No. NSDL/POLICY/2006/0068 dated December 29, 2006- Closure of account with zero balance after December 31, 2006 that are frozen due to non compliance of PAN requirements.

  • Circular No. NSDL/POLICY/2007/0005 dated January 18, 2007- Clarification- Obtaining/Capturing of PAN details in the DPM in case of transmission in depository account.

  • Circular No. NSDL/POLICY/2007/0006 dated January 23, 2007- Capturing of PAN details in the DPM in case of transmission in depository account.

  • Circular No. NSDL/POLICY/2007/0030 dated June 18, 2007- Requirement of submission of Transaction Statement for various depository related activities.

  • Circular No. NSDL/POLICY/2007/0077 dated December 19, 2007- Master Circular on 'Account Opening' - Version 1

  • Circular No. NSDL/POLICY/2008/0034 dated May 21, 2008- Procedure to be followed by Participants on Minor attaining majority.

  • CircularNo.NSDL/POLICY/2008/0040 dated June 4, 2008 - Clarification with respect to capturing of landmark details under the address field in the DPM System

  • Circular No. NSDL/POLICY/2008/0066 dated September 29, 2008-Deadline for closure of PAN non-compliant BO accounts with no security balances.

4.2 Whether the Participant has collected the requisite documents to claim waiver of settlement fees consequent to transfer of securities with respect of SEBI directive on account closure? (Circular No. NSDL/POLICY/2007/0060 dated October 5, 2007).

5. Audit of demat requests

5.1. Whether demat requests received are sent to Issuer/ Registrar & Transfer agent within seven days from the date of receipt of the request from the clients?

5.2. Whether controlling office/service centers have a provision for safekeeping of security certificates received from clients for dematerialisation and security certificates received after rejection of the demat request from Issuer/Registrar & Transfer Agent?

6. Audit of delivery instructions

6.1. Whether prescribed guidelines are followed for issuance, acceptance and execution of instruction slips (including Inter-depository instruction slips and Pledge slips)?

6.1.1. Issuance of DIS

The procedure followed by the Participants for -

  • Issuance of DIS booklets to clients including loose slips.

  • Existence of controls on DIS issued to clients including pre-stamping of Client Id and unique pre-printed serial numbers.

  • Record maintenance for issuance of DIS booklets (including loose slips) in the back office.

6.1.2. Verification of DIS

The procedure followed by the Participants for -

  • Date and time stamping (including late stamping) on instruction slips.

  • Blocking of used/reported lost/stolen instruction slips in back office system / manual record.

  • Blocking of slips in the back office system / manual record which are executed in DPM directly.

  • Two step verification for a transaction for more than Rs. 5 lakh especially in case of off-market transactions.

  • Instructions received from dormant accounts.

Auditor may refer following circulars:

  • Circular No. NSDL/PI/98/519 dated October 13, 1998- Date and time stamping.

  • Circular No. NSDL/PI/2002/0740 dated May 9, 2002- Fax instructions.

  • Circular No. NSDL/PI/2003/0406 dated March 7, 2003 & Circular No. NSDL/PI/2004/1911 dated October 21, 2004- Late stamping.

  • Circular No. NSDL/PI/2004/1401 dated August 5, 2004- Guidelines on issuance/re-issuance and acceptance of DIS.

  • Circular No. NSDL/POLICY/2007/0011 dated February 15, 2007- SEBI circular on safeguards to address the concerns of the investors on transfer of securities in dematerialized mode.

  • Circular No. NSDL/POLICY/2007/0030 dated June 18, 2007- Requirement of submission of Transaction Statement for various depository related activities.

  • Circular No NSDL/POLICY/2007/0071 dated November 12, 2007- Modification of Account Opening Form & DIS – Incorporation of details as per FIU-IND under PMLA guidelines.

  • Circular No. NSDL/POLICY/2008/0002 dated January 11, 2008- Procedure for execution of transactions based on receipt of electronic instructions.

  • Circular No. NSDL/POLICY/2008/0004 dated January 24, 2008- Facility for submitting consolidated DIS accompanied by computer print-outs by Power of Attorney holder on behalf of its Clients.

  • Circular No. NSDL/POLICY/2008/0011 dated February 29, 2008- SEBI circular on safeguards to address the concerns of the investors on transfer of securities in dematerialized mode.

7. Audit of other transactions/services

7.1. Whether transaction statements are provided to the clients as per prescribed guidelines?

7.1.1. Whether the transaction statements are generated from back office or DPM?

7.1.2. If generated from back office, whether the details match with statement generated from DPM?

Auditor may refer following circulars:

  • Circular No. NSDL/PI/2000/103 dated January 31, 2000- Format of transaction statement.

  • Circular No. NSDL/PI/2002/0398 dated March 7, 2002- Transaction statement through internet.

  • Circular No. NSDL/PI/2003/0308 dated February 22, 2003- RBI directive on providing Transaction Statement to Bank clients.

  • Circular No. NSDL/PI/2004/1104 dated June 21, 2004- Footnote in transaction statement sent to client.

  • Circular No. NSDL/PI/2004/1514 dated August 24, 2004- Exemption from giving hard copies of transaction statements to BO by Participants.

  • Circular No. NSDL/PI/2004/2291 dated December 23, 2004- Features to be incorporated in back office “client type" and "client sub type".

  • Circular No. NSDL/PI/2005/1692 dated September 9, 2005- Conditions for Exemption from sending transaction statements.

  • Circular No. NSDL/PI/2005/2088 dated October 28, 2005- Dispatch of transaction statement.

  • Circular No. NSDL/POLICY/2006/0010 dated March 24, 2006- Exemption from sending physical transaction statement to subscribers of IDeAS.

  • Circular No. NSDL/POLICY/2006/0014 dated May 11, 2006- Providing Statement of transaction to BO consequent to account closure.

  • Circular No. NSDL/POLICY/2008/0036 dated May 21, 2008- Providing Transaction Statements to clients by email or on website.

8. Audit of branch / franchisee

8.1. Whether depository related activities carried out by branch / franchisee (whether offering the services as a service centre, collection centre, drop box centre or called by any other name) are in accordance with procedure/system explained in Operations Manual? Auditor may visit the branches / franchisees and ensure compliance of the same. (Circular No. NSDL/PI/2005/2088 dated October 28, 2005).

8.2. Whether NCFM qualified person is available at each branch / franchisee? If no, then the number of branches/franchisees where qualified person is not available should be mentioned in the report? (Circular No. NSDL/POLICY/2007/0067 dated November 1, 2007).

8.3. Whether NSDL’s approval has been obtained for all the branches / franchisees opened during the audit period?

8.4. Whether the prescribed procedure has been followed for any branch / franchisee closed / terminated during the audit period? (Circular no. NSDL/PI/2002/0346 dated February 26, 2002).

8.5. Whether the branches / franchisees handling more than 5000 accounts have direct electronic connectivity with the office of the Participant, which is directly connected to the Depository? (Circular No. NSDL/POLICY/2007/0055 dated September 25, 2007).

8.6. Which methodology is adopted by the Participant with respect to records maintained pertaining to each depository activity (Account opening forms, DIS, DIS requisition slips, DIS issuance register, etc.)? Auditor shall comment ‘centralised’ if records are maintained at controlling office and ‘decentralised’ if records are maintained at various centres. Auditor shall list down each activity with methodology of record keeping commented against it.

9. Back office software

9.1. Whether there is a mechanism in place whereby the balances as per back office system are reconciled on a daily basis with the DPM? (Circular no. NSDL/PI/2005/2088 dated October 28, 2005).

10. Audit of DPM Procedures

10.1. Whether necessary measures have been adopted as per Circular No. NSDL /PMC/Email- 62/05 dated May 3, 2005 to ensure business continuity of the Participant? (Circular No. NSDL/PI/2005/1898 dated October 5, 2005).

11. Audit of Client Billing

Auditor may refer Circular No. NSDL/PI/2005/2392 dated December 6, 2005.

12. Exceptional Reporting

12.1. In addition to above mentioned points, auditor shall verify all other depository related operational areas including supplementary agreements/power of attorney executed with clients, handling of investor grievances, records and documents maintained, format of stationery, information on timely submission of reports/dues, etc. and shall submit only an exceptional report with a statement that "All other operational areas have been verified and found satisfactory and the exceptions are mentioned hereunder". Report shall point out findings and conclusions, recommendations, reservations, qualifications, areas where internal controls are weak/do not exist, areas where internal controls exist, but exceptions are observed.

C. Audit report: -

In addition to comments on above-mentioned 12 mandatory audit points, the audit report should also contain the following:

  • A certification by the auditor that

    1. 100% verification is carried out for demat account opening (i.e. all accounts opened during the audit period).

    2. 100% verification is carried out for controls over issuance of DIS booklets including loose slips (all DIS issued from controlling office and all branch / franchisees).

    3. At least 25% of the DIS processed is verified (Circular no. NSDL/POLICY/2006/0021 dated June 24, 2006 and NSDL/POLICY/2007/0017 dated March 22, 2007). Auditor shall mention the exact percentage of samples verified.

  • Samples verified for other depository activities such client master changes, demat requests, pledge instructions etc.

  • If any major/significant deviations and deviations of recurring nature are observed, then these should be highlighted in the audit report.

  • If the observation is in the nature of a deviation or a recommendation, management response should be sought and recorded in the report. (Circular No. NSDL/PI/2001/0467 dated April 4, 2001).

  • Comments by the auditor on whether the Participant has complied with all the observations noted during last NSDL visit. (Circular No. NSDL/PI/2001/0847 dated June 15, 2001).

  • Comment on the issues for which NSDL has specifically sought auditor's certification to be included in IAR.

  • Comment by auditor on whether there were any pending compliances on deviations reported by auditor in last audit report on which management has assured to take necessary action, if yes, whether same has been complied with. If no, auditor should highlight on the deviations which continue to be non-complied.

  • Comments on improvements made in the operations since last audit. (Circular No. NSDL/PI/2001/0847 dated June 15, 2001).

  • Approximate man hours spent and level of persons engaged in this work.

  • A statement by the auditor that this circular was read, understood and the IAR is based on the guidelines given in this circular.

  • A statement by the auditor that the auditor is neither related to officials of the Participant and/or does not have any interest in the management of the Participant nor has any partner/proprietor in the firm who is also a Participant official.

  • Auditor’s membership number should be mentioned at the end of the report.

It may be noted that for the purpose of compliance with Bye Law 10.3 of NSDL, the audit must be conducted in accordance with the aforesaid guidelines.

The circulars referred above under various head are indicative and not exhaustive.


 
Best viewed at 800 by 600. Copyright © 2005 | National Securities Depository Limited (NSDL). Powered by SIFY Ltd.