Custodians of foreign portfolio investors
(FPIs) as well as industry lobby groups have written to the Securities and Exchange Board of India (Sebi), raising privacy concerns arising out of the regulator’s April 10 circular mandating disclosure of additional information to identify the beneficial owners (BOs).
As part of Sebi’s know-your-client
(KYC) requirement, FPIs
have to disclose BOs’ details such as address, date of birth, tax residency number, social security number and passport number, and they have six months to comply with the directive.
“India’s new KYC
norms may clash with global data privacy laws. Investment firms globally, too, are not comfortable with sharing personal information of their employees,” said a source. “Data security is another area of concern. No one is quite sure if India has the right infrastructure in place to ensure adequate security.”
Globally, there have been an increasing number of cases of identity theft, and regulators and governments are doing their bit to protect personal data. Europe, for instance, has introduced the General Data Protection Regulation (GDPR), which deals with privacy for all individuals within the European Union
(EU) and the European Economic Area
The GDPR aims to give control to citizens and residents over their personal data and simplifies the regulatory environment for international business by unifying the regulation within EU. It also addresses the export of personal data outside the EU and the EEA.
“If investment managers under local laws are barred from sharing personal information, how will they share it with Indian authorities?” said a person who has a business relationship with FPIs.
“Investors may agree to divulge information only if it is directly shared with the regulator, and not if it is passed through local custodians or other agencies.”
Sebi’s current guidelines mandate that if no beneficial owner can be identified based on controlling ownership, a senior managing official (SMO) needs to be identified as a BO. SMOs are designated as BOs merely by virtue of their position as they do not have any ownership in FPIs, said experts.
“SMOs are concerned about having to share personal data, including tax residency number and social security number,” said Mark Austen, CEO, Asia Securities Industry & Financial Markets Association (Asifma), an FPI lobby group that has raised privacy concerns as part of its submission to the HR Khan committee.
should differentiate between the data that needs to be collected from BOs that are owners, and from BOs that are SMOs. In the case of SMOs, minimum information like name, business address and nationality should be sufficient as SMOs are merely acting in their professional capacity.” Industry observers reckon that Sebi
should not ask for BO details from all and sundry and instead take an undertaking that data will be provided when demanded.
are subject to a KYC
review as and when there is any change in material information or disclosure. Going forward, a comprehensive KYC
review of FPIs
will be done periodically.
For instance, for high risk clients, the KYC
check will be done yearly; for others it would be once every three years. Sebi
is also reportedly mulling greater scrutiny for high-risk jurisdictions that could include six-monthly KYC
and monthly or three-monthly reporting beneficial ownership.
At present, high-risk clients have to comply with the KYC
requirement applicable to category-III foreign portfolio investors.
This includes providing information such as an audited annual financial statement or a certificate from auditor certifying net worth.
Mauritius, Cyprus, Cayman Islands, UAE and China were among 25 high-risk jurisdictions identified by global banks that act as custodians for offshore funds. However, this list may be under review as there is disagreement on the names that need to be included.