Are you logging external UPSI within 48 hours? SEBI’s new Regulations have no room for error

  1. Home
  2. Are you logging external UPSI...

Are you logging external UPSI within 48 hours? SEBI’s new Regulations have no room for error

by | Apr 29, 2025 | Compliance, Legal analysis | 0 comments

Are you logging external UPSI within 48 hours? SEBI’s new Regulations have no room for error

Securities and Exchange Board of India (‘SEBI’) vide its Notification dated 11th March, 2025 brought in a significant update to its Prohibition of Insider Trading (PIT) Regulations, 2015 (‘PIT Regulations). Effective from 9th June, 2025, the new Regulations dramatically broaden the definition of Unpublished Price Sensitive Information (‘UPSI’), pulling in sensitive disclosures from outside the company walls as well. If you thought keeping tabs on internal data was tough enough, it is time to brace yourselves. And if you think this is just a semantic tweak, think again. It is potentially a recalibration of the compliance management process!

In line with its ongoing regulatory efforts, the groundwork for this tightening began last November when SEBI, floated a Consultation Paper dated 9th November, 2024, proposing aligning disclosures mandated under Regulation 30 of the Listing Obligations and Disclosure Requirements (LODR) Regulations, 2015 with insider trading controls. Essentially, SEBI wanted listed companies to treat key disclosures not just as investor updates but also as potential triggers for insider trading. The new Regulations gain effect on 9th June, 2025, and when they do, the way companies think about UPSI and how compliance teams track and tag it, may never be the same again.

Let us now step back briefly. Historically, UPSI was straightforward enough. For context, under Regulation 2(1)(n) of the PIT Regulations, UPSI broadly included non-public information, which, if made public, could materially affect/ significantly sway a company’s stock price. That is your typical financial results, dividends, or significant business deals. The updated Regulations, however, add far more layers of complexity and therefore potentially increases compliance workload.

The amendment adds new events to the UPSI definition. Here is the revised scope and from June this year, UPSI under Regulation 2(1)(n) of the PIT Regulations explicitly covers the following additional scenarios:

  • Change in rating(s), other than ESG rating(s);
  • Fundraising plans that haven’t yet been publicly disclosed;
  • Instances of fraud or defaults by the company, or even arrests involving promoters, directors, subsidiaries, or key managerial personnel (both domestic and overseas);
  • Resolution plan/debt restructuring or one time settlement in relation to loans/borrowings from banks/financial institutions;
  • Admission of winding-up petitions or corporate insolvency proceedings under India’s Insolvency and Bankruptcy Code;
  • Initiation of forensic audit (by whatever name called), by the company or any other entity designed to probe mis-statement in financials, misappropriation/ siphoning or diversion of funds and receipt of final forensic audit report;
  • Action(s) initiated or Orders passed within India or abroad, by any regulatory, statutory, enforcement authority or judicial body against the company or its directors, key managerial personnel, promoter or subsidiary, in relation to the company;
  • Outcome of any litigation(s) or dispute(s) which may have an impact on the company;
  • Giving of guarantees or indemnity or becoming a surety (by whatever named called), for any third party, by the company not in the normal course of business;
  • Granting, withdrawal, surrender, cancellation or suspension of key licenses or regulatory approvals.

Determining whether a particular event is UPSI just got more structured. The regulatory yardstick: In order to identify what qualifies as UPSI (among the above-mentioned newly added items), listed entities are required to follow the principles/ materiality criteria laid down in SEBI (LODR) Regulations, 2015 (Paragraphs A and B of Part A, Schedule III).

Now here is where it gets even more interesting. The amendments further clarify an important procedural shift. It acknowledges that UPSI does not always originate from the company itself. To that end, in the event UPSI originates from external sources, compliance teams now get a clear 48-hour window to record such details into their Structured Digital Database (‘SDD’). That is a compliance stopwatch starting the moment you see a show-cause notice or an enforcement alert! Miss this two-day window, and regulatory scrutiny could follow swiftly.

Then there is the tricky matter of trading windows. Traditionally, listed companies are required to shut their trading windows whenever Designated Persons or their immediate relatives are in possession of UPSI. But the new Regulations carve out an exception and clarifies that when the UPSI originates externally, companies are not obligated to close trading windows automatically: a nuance that provides companies more operational flexibility. But this newfound flexibility is no blank cheque. Companies are expected to exercise judgment and document the rationale for not closing the trading window. A risky move if done without watertight internal processes.

Make no mistake: this is not just about adding a few more bullet points to your UPSI list. It is about a fundamental shift in compliance posture. Compliance teams face an even bigger compliance puzzle! Each of the above-mentioned potential UPSI scenarios demands swift, nuanced analysis. Compliance teams need sharp vigilance and robust internal processes to separate routine market gossip from genuinely ‘price-sensitive’ intel. The margin for error is thin and failure to identify and handle UPSI could result in serious regulatory backlash. UPSI is no longer just about what you know internally. It is also about what happens to you externally. And this expands the onus on compliance teams to scrutinize every regulatory notice, legal update, and audit outcome through the UPSI lens. If stock takes a dive after a show-cause notice lands and it was not captured in the SDD, you have explaining to do. To your Board, your investors and yes, to SEBI!

Conclusion

In a nutshell, SEBI’s expanded definition places a heavier responsibility on companies and compliance teams thereof. It is no longer enough to just react to UPSI! Compliance teams need to proactively watch not only their internal operations but also developments outside their walls: from regulatory shifts and rating changes to forensic audits and judicial actions.

If your compliance strategy has not evolved to deal with modern risks, you are already behind. In this regulatory environment, tech-powered compliance platforms become indispensable. Take Komrisk, developed by Lexplosion Solutions. Designed as a sophisticated Legal Governance, Risk Management, and Compliance (LGRC) engine, Komrisk is not just a passive tracker, it is your compliance ally. It actively flags existing and upcoming regulatory obligations, categorises and dissects them into actionable workflows, and provides real-time alerts; constantly updated by a seasoned legal team with AI-powered timelines.

More importantly, Komrisk translates compliance into concrete actions. It enables organisations to digitally upload, verify and document compliance evidence, converting paperwork into real-time audit trails. If instances of non-compliance arise, it escalates swiftly through a ten-tier hierarchy, ensuring prompt, accountable resolution and prevents regulatory crises.

Its real-time dashboards provide top management instant visibility into the company’s compliance health, delivering actionable insights and enabling quick strategic decisions. Komrisk is precisely the sort of advanced compliance toolkit companies need in the era of heightened insider-trading scrutiny.

SEBI’s amendment is sending a clear message: casual compliance is history. Companies must evolve strategies, anticipate risks proactively, and build compliance frameworks fit for the future. Compliance, in other words, can no longer be just a checkbox. It has become a living, breathing system; one that requires agility, sophistication and constant vigilance.

Compliance engines like Komrisk represent precisely the evolution the moment demands: turning static compliance checklists into dynamic compliance intelligence.

To explore Komrisk further and step up your compliance regime, reach out to us at inquiries@lexplosion.in.

Written by: Kumar Bam Bam

Co-authored by: Abhishek Roy

Disclaimer

This content is intended for informational purposes only and does not constitute a legal opinion. Despite our efforts to maintain accuracy, we do not make representations, warranties or undertakings regarding the quality, completeness or reliability of the content. Readers are encouraged to seek legal counsel prior to acting upon any of the information provided herein. This content, including the design, text, graphics, their selection and arrangement, is Copyright 2024, Lexplosion Solutions Private Limited or its licensors. ALL RIGHTS RESERVED, and all moral rights are asserted and reserved.

For any clarifications, please reach out to us at 91-33-40618083 or inquiries@lexplosion.in. Refer to our privacy policy by clicking here.

Share this:

Related Posts:

Submit a Comment

Your email address will not be published. Required fields are marked *

Sign up for our

Newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

Lexplosion will use the information you provide on this form to be in touch with you and to provide updates and marketing.