4 hours ago
To further strengthen the governance mechanism at market infrastructure institutions (MIIs), regulator SEBI on Monday released comprehensive guidelines for internal audit mechanisms at such establishments, along with the prescribed composition of the audit committee.
SEBI stressed that it is essential for MIIs — comprising stock exchanges, clearing corporations, and depositories — to operate in an efficient and transparent manner. These institutions must be accountable for their actions while upholding the highest standards of governance and risk management.
Highlighting the critical role of internal audits, SEBI said, "Internal audit helps to identify, assess, and mitigate risks that could impact the MII's operations, efficiency, financial stability, etc. Internal audit also ensures that the MII's comply with relevant laws, regulations, circulars, guidelines, industry standards, etc".
To ensure consistent oversight, SEBI mandated that every MII needs to conduct an internal audit of all its functions and activities at least once in a financial year. This includes functions under three verticals: Vertical 1, covering critical operations; Vertical 2, dealing with regulatory, compliance, risk management, and investor grievances; and Vertical 3, which includes other areas such as business development.
Under the new guidelines, internal auditors must be from independent audit firms. MIIs are required to have a clearly defined policy for the appointment of internal auditors, which must be approved by both the audit committee and the governing board, Sebi said in its circular.
Further, the internal auditor will only report to the audit committee. The scope of the audit will involve all three verticals and needs to receive the audit committee's approval.
To ensure consistency across the sector, SEBI suggested that MIIs may standardise the terms of reference for internal auditors in consultation with the Industry Standards Forum of MIIs (ISF).
Once observations are made by the internal auditor, these must be forwarded to the respective Heads of Departments (HoDs) for their comments within a specified timeframe. After incorporating these comments, the internal auditor will submit the final report to the audit committee in a time-bound manner.
Moreover, even those observations that are dropped or closed following clarifications from HoDs need to be included in the final report, along with a rationale for dropping. Where necessary, the audit committee may also consult other statutory committees of the MII regarding the auditor's findings.
SEBI said that timelines for conducting internal audits will be defined by the MII's audit committee. Additionally, the internal auditor is required to brief the audit committee at least twice a year — within 60 days from the end of September and March — on any critical issues, doing so in the absence of management to preserve objectivity.
The audit committee's terms of reference include, among other responsibilities, the approval of related party transactions, scrutiny of financial statements, and evaluation of internal financial controls and risk management systems.
With regards to the composition of the audit committee, SEBI said that no executive director, including the managing director (MD), will be a member of the committee.
While auditors and Key Management Personnel (KMPs) may attend meetings to present or discuss the auditor's report, they will not possess voting rights.
If needed, KMPs, including the MD, may be invited to attend audit committee meetings, subject to the chairman's permission, but they too will not have voting rights.
This newly introduced framework will come into effect from the 90th day after the issuance of the circular.
