“The regulatory email may arrive later; your preparedness must not.”
A SEBI or stock exchange query is frequently approached as a response exercise that begins when the email lands. That instinct is natural, but does not protect the Company’s interests. The query is seldom limited to the precise questions framed in the communication. More often, it operates as an assessment of the Listed Company’s internal governance mechanism.
The response to that query is not built on the day it is received. It is built over the course of time in the materiality note, board paper, audit committee set, SDD entries, books of account, MIS trail, related party transaction file, trading-window decision, investor communication record, internal policy workflow and action-taken report. Investigation readiness and governance readiness, therefore, may have different focus areas, but they draw from the same records.
This Article sets out practical points for boards, audit committees, compliance officers, legal teams and senior management on building governance systems that can withstand investigative scrutiny and on responding to investigative queries with discipline.
For queries or clarifications on this piece, difficulties in dealing with a SEBI or Stock Exchange investigation, or suggestions on issues that may be examined in future pieces, readers may write to litigation@indiacp.com or info@indiacp.com.
Internal Preparedness Must Not Start with the Arrival of a Query
A query may be received today from SEBI or the Stock Exchange, but the material record must be prepared well in advance.
A typical query may call for a sequence of events, the list of persons who knew the information, an SDD extract, MIS reports, trading details, pre-clearance approvals, board minutes, investor-call records and supporting documents. These may look like independent information requests. In substance, they test whether the company can demonstrate how the relevant event moved through its internal governance system.
Sometimes, a narrow-looking question carries a broader concern.
(a) A request for SDD entries may question how and when UPSI was triggered;
(b) Trading records may question whether the policy is carried out in practice by the Compliance Officer, Designated Persons, and their Immediate Relatives or not;
(c) MIS may question whether internal records have been prepared before making a public disclosure ;
(d) Board minutes may question whether the issue in question was discussed and assessed by the right authority;
(e) RPT details may question how entities are mapped and how conflicts are prevented or disclosed;
(f) Rumour verification may question how the Company deals with investor communication controls;
(g) Action-taken reports, or the absence of the same, for internal breaches may question how the Company deals with a Code of Conduct violation.
The risk, a query poses, is sharper in evolving and abrupt transactions, such as acquisitions, fund-raisings, strategic arrangements, commercial contracts, regulatory approvals, litigations and settlements, where the primary assessment is when the information first became sufficiently concrete and price-sensitive, and how the Company treated the same.[1]
The Response to Regulatory Query Must be Built on Logical Explanations, Not Evidence Overload
Upon receipt of a query, the Company and its officers must assess the real issue being inquired about and then respond effectively. This assessment must also anticipate the likely follow-up or subsequent query that may arise.
The purpose is not to flood the regulator with annexures. The purpose is to address the issue through a logical and legally backed explanation.
If an event was not treated as UPSI, the reply should explain its nature, stage, likely price impact, materiality assessment and approval basis. If a designated person breached pre-clearance rules but there was no UPSI, the reply should distinguish between an internal code breach and insider trading. If a gap exists, it should be acknowledged and explained, not concealed.
Investigation Is Not a Memory Exercise
Regulatory scrutiny is an exercise in verification. SEBI and stock exchanges test explanations against records.[2] If a document was not maintained, the company should not pretend that it was. If an informal discussion preceded formal approval, the company should not artificially shift the starting point to the first board meeting. If a policy gap existed, the company should not hide it behind generic compliance language.
Being unable to produce a particular record may indicate a compliance weakness. Inventing facts, backfilling chronology, overstating controls or making unsupported assertions is materially worse. Once falsity is uncovered, the issue may no longer be confined to the original query; it can expose the company, its officers, and signatories to broader regulatory risk. In that sense, an honest explanation of record limitations is safer than false precision that later collapses under verification.
The response should be candid, clear and consistent. It should answer the precise issue. It should reconcile with available records. Before any reply is filed, the company should ask: if a follow-up query comes, can every statement in the response be explained?
Policies Must Work in Practice
Policies are often treated as statutory documents to be uploaded, reviewed and archived. That view is too limited. For listed entities, policies should operate as decision-making systems. They should tell the company what to do when a borderline event arises, who should decide, what record should be created, and how exceptions should be handled.[3]
What if the company does the required work but has no policy, or has a policy that has not been updated with the latest amendments? And what if the company has a well-drafted and updated policy but does not follow it in practice? The former is manageable, but the latter is more dangerous. An ignored policy can become the company’s own exhibit against itself. It shows that the board-approved framework said one thing, while actual conduct did another.
The relevant framework includes the materiality and disclosure policy, PIT code, code of fair disclosure, SDD process or SOP, RPT policy, vigil mechanism, document preservation and archival framework, investor communication protocol, material subsidiary policy and subsidiary governance framework. In practice, listed entities may also require matrices for delegation of authority, conflict management, employee violations, and penalty determination.[4] The test is whether the existing policy answers hard situations, and is followed in practice.
Chronology and Materiality Expose Judgment
Most regulatory queries ask for a sequence of events. That request should not be treated as a table-filling exercise. A chronology is the company’s explanation of how an event moved from business discussion to governance decision and, where required, to market disclosure.
A proper chronology should show when the issue first arose, who became aware, when management evaluated it, when a financial or legal assessment was undertaken, when the board or committee was involved, when external advisers were engaged, and when the exchange filing was made. It should connect the commercial event, approval event and disclosure event.
Materiality under Regulation 30 of LODR Regulations and UPSI under the PIT Regulations are connected, but not identical. Every Regulation 30 disclosure is not automatically UPSI. Every SDD entry is not an admission that the information was UPSI. A company may record an event in SDD out of abundant caution, internal sensitivity or governance discipline, even if the event later turns out not to be material or price-sensitive.[5]
When a materiality decision is later tested, what will the company point to – a conclusion, or the reasoning that led to it? In borderline cases, the real weakness is often not the final view that the event was “not material”, but the absence of a contemporaneous record and underlying factors showing how the company assessed the event as “not material”.
Records Must Support Market Statements
A listed entity’s public position must be traceable to internal records. If the company discloses sales numbers, operational updates, fund utilisation, debt exposure, acquisition value, customer contracts, expansion plans, financial results, RPTs or business updates, the underlying records should support that position.
Board and committee records are equally important. They are evidence of governance judgment. A regulator may test whether the right body considered the right issue, whether material facts were placed before it, whether conflicts were disclosed, whether approvals were properly taken and whether minutes fairly capture the decision-making process.[6]
The same logic applies to RPTs and entity classification. RPT scrutiny may test party identification, ordinary-course assessment, arm’s-length basis, audit committee information, shareholder approval, conflict recording and disclosures.[7] A label such as “group company” or “associate” may be convenient internally, but the regulatory consequences may depend on the precise legal and accounting classification.
SDD, Trading Controls and Grey-Zone Conduct
PIT compliance is not the whole governance story, but it remains one of the most common areas of scrutiny. Where trades occur around a corporate announcement or sensitive event, the company may be asked whether information was UPSI, who had access, whether the trading window was closed, whether pre-clearance was obtained, whether SDD was maintained and whether designated persons or their immediate relatives complied with the code.[8]
Grey zones are common. A designated person may trade when there is no UPSI but fails to obtain pre-clearance. A contra trade may occur without price-sensitive information. A pledge may be revoked or invoked without the explicit direction of a Designated Person during a trading window closure period. A missing SDD entry may look clerical, but may point to a deeper failure in UPSI identification or information-flow control.[9]
The uncomfortable question is how should the Company treat a violation that may not always be an insider violation, but a code of conduct and internal governance failure?
Investor Communication and Rumour Response Need Controls
Investor communication is where formal disclosure controls meet market behaviour. Exchange filings, earnings presentations, analyst calls, investor meetings, press releases, media responses, business updates, website disclosures and social media posts can all become relevant during scrutiny.
A statement made in an investor call may be compared with an exchange disclosure. A press release may be tested against board-approved material. A business update may be compared with MIS and books. A rumour response may later be tested against the actual transaction chronology.[10] If a company knew more internally than it said externally, can it explain why? If it said more externally than it had disclosed formally, can it defend that communication?
Conclusion: The Query Comes Later – Your Readiness Should Not
Investigation readiness should not be viewed as panic management. It is part of listed company governance hygiene. Boards and senior management should periodically ask whether the company can explain its governance decisions if questioned.
Can it show how materiality was assessed? Can it explain why an event was or was not UPSI? Can it reconcile disclosures with books and MIS? Can it show whether the RPT mapping was proper? Can it prove that SDD entries match actual information flow? Can it show that internal breaches were handled proportionately?
This requires the right record at the right time. Strong governance may not eliminate regulatory queries. But it may reduce panic, inconsistency and post-facto reconstruction when queries arise.
The query comes later. The governance record is created earlier. A company that has built its systems well can answer with clarity. A company that has not may be forced into defensive explanations, over-documentation and avoidable inconsistency. That is where risk begins.
To read more, see Corporate Professionals, Hidden Hatchery: The Birth of Unpublished Price Sensitive Information, LiveLaw (Sept. 11, 2024), https://www.livelaw.in/law-firms/law-firm-articles-/sebi-upsi-united-spirits-limited-securities-appellate-tribunal-apex-frozen-foods-godfrey-philips-india-limited-corporate-professionals-advisers-advocates-269354.
Securities and Exchange Board of India Act, 1992, No. 15 of 1992, §§ 11(2), 11(2A), 11C, 15A, India Code (1992), https://www.sebi.gov.in/acts/act15ac.pdf.
To read more, see Corporate Professionals, SOPs & Their Strategic Importance in Compliance Management for Listed Entities, Corporate Professionals (Feb. 24, 2026), https://www.corporateprofessionals.com/articles/sops-their-strategic-importance-in-compliance-management-for-listed-entities/.
Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) Regulations, 2015, regs. 4, 6, 17, 18, 21-24, 30, 30A, 46, https://www.sebi.gov.in/legal/regulations/dec-2025/securities-and-exchange-board-of-india-listing-obligations-and-disclosure-requirements-regulations-2015-last-amended-on-december-16-2025-_98594.html.
Securities and Exchange Board of India (Prohibition of Insider Trading) Regulations, 2015, regs. 2(1)(n), 3(5)-3(6), 8, 9, https://www.sebi.gov.in/legal/regulations/mar-2025/securities-and-exchange-board-of-india-prohibition-of-insider-trading-regulations-2015-last-amended-on-march-12-2025-_92672.html; SEBI Circular No. SEBI/HO/CFD/CFD-PoD-2/P/CIR/2025/25, Industry Standards on Regulation 30 (Feb. 25, 2025), https://www.sebi.gov.in/legal/circulars/feb-2025/industry-standards-on-regulation-30-of-sebi-listing-obligations-and-disclosure-requirements-regulations-2015_92172.html.
[6]
Companies Act, 2013, No. 18 of 2013, §§ 118, 173, 174, 177, India Code (2013), https://www.indiacode.nic.in/bitstream/123456789/2114/5/A2013-18.pdf.
[7]
Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) Regulations, 2015, reg. 23; Companies Act, 2013, No. 18 of 2013, §§ 177, 184, 188-189; To read more, see Corporate Professionals, Presentation on Related Party Transactions (Aug. 23, 2024), https://www.corporateprofessionals.com/wp-content/uploads/2024/08/PPT-on-RPT_23.08.2024.pdf.
[8]
Securities and Exchange Board of India (Prohibition of Insider Trading) Regulations, 2015, regs. 2(1)(e), 2(1)(g), 2(1)(n), 3-5, 7-9A, sched. B, https://www.sebi.gov.in/legal/regulations/mar-2025/securities-and-exchange-board-of-india-prohibition-of-insider-trading-regulations-2015-last-amended-on-march-12-2025-_92672.html.
[9]
BSE Ltd., Notice No. 20241018-44, Standard Operating Process for Structured Digital Database (Oct. 18, 2024), https://www.bseindia.com/markets/MarketInfo/DispNewNoticesCirculars.aspx?page=20241018-44; To read more, see Corporate Professionals, Structured Digital Database (Aug. 6, 2021), https://www.corporateprofessionals.com/wp-content/uploads/2021/08/webinar-SDD-1.pdf.
SEBI Circular No. SEBI/HO/CFD/CFD-PoD-2/P/CIR/2024/52, Industry Standards on Verification of Market Rumours (May 21, 2024), https://www.sebi.gov.in/legal/circulars/may-2024/industry-standards-on-verification-of-market-rumours_83485.html.


