Organisation Policies

Policy for Unauthenticated News Circulation

The director/employee shall not convey /circulate any information relating to any investment product dealt in by the Company unless and until it is obtained from authentic sources in public domains. Information available through trading platform of the exchanges, their official websites besides information disseminated by SEBI, RBI, IRDA, FMC, AMFI, exchanges, electronic and print media shall be considered as authenticated information. Any information which is not in public domain and is obtained through personal sources shall be unauthenticated information which cannot be discussed/ circulated with any of the client or prospective clients as the case may be. SEBI relevant circular available at SEBI website should be referred in the matter. The director/employee shall ensure that his/her acts are in conformity with the regulations.
PMLA/AMLA

Policy Formulated under AMLA

Inclusive of (Client Identification Procedure and Program at various stages forming part of the PMLA)


1. Introduction / Background

1.1 Money Laundering in plain words can be stated as engaging in financial transaction that involve money derived from criminal activity/unaccounted sources which is camouflaged for routing as legitimate money through law full channels to conceal the true origin of criminally derived proceeds.
1.2 International initiatives taken to combat drug trafficking, terrorism and other organized and serious crimes have concluded that financial institutions including securities market intermediaries must establish procedures of internal control aimed at preventing and impeding money laundering and terrorist financing.

2. Prevention of Money Laundering Act 2002

2.1 The Prevention of Money Laundering Act, 2002 (PMLA) has been brought into force with effect from 1st July 2005. Necessary Notifications /Rules under the said Act have been published in the Gazette of India on 1st July 2005 by the Department of Revenue, Ministry of Finance, and Government of India.
2.2 Financial Action Task Force (FATF) on Anti Money Laundering Standard has made recommendations based on which the SEBI has issued the Guidelines on Anti Money Standard vide their Circular Ref. No. ISD/CIR/RR/AML/1/06 Dated January 18, 2006. Further vide circular No ISD/CIR/RR/AMC/2/06 dated 20th March 2006 it has issued the obligation of the intermediates registered under Sector 12 of SEBI Act 1992.

3. Financial Intelligence Unit (FIU)- INDIA

3.1 To receive, process, analyses and monitor the information relating to suspicious financial transactions a body Financial Intelligence Unit- INDIA (FIU- INDIA) has been set up.
3.2 Intermediates are required to report information relating to cash and suspicious transactions to the Director, Financial Intelligence Unit- INDIA (FIU- INDIA).

4. Obligation to Establish Policies & Procedure

4.1 As per SEBI guidelines all intermediaries have been advised to ensure that a proper policy frame work on anti-money laundering is put in place.
4.2 In order to fulfill these requirements, there is a need for registered intermediaries to have a system in place for identifying, monitoring and reporting suspected money laundering or terrorist financing transactions to the law enforcement authorities.
4.3 Senior Management of a registered intermediary should be fully committed to establishing appropriate policies and procedures for the prevention of money laundering and terrorist financing and ensuring their effectiveness and compliance with all relevant legal and regulatory requirements.

5. AMLA Policy of Vivek Financial Focus Ltd.

5.1 Accordingly, Vivek Financial Focus Ltd. has initiated measures, as an internal policy, to implement the Guidelines on Anti Money Laundering standards as notified by the SEBI.

6. Implementation of PMLA Policy

6.1 Mr. Arvind Jaswal, the Principal Officer under PMLA is responsible for compliance of the provision of the PMLA and AML Guidelines and will act as central the reference point in onward reporting of suspicious transaction and will play an active roll in the identification and assessment of potentially suspicious transactions.
6.2 Mr. Ashok Kakar is appointed as designated director for the company for the purpose of PMLA and shall be ensuring the compliance according to SEBI circular number CIR/MIRSD/1/2014 dated March 12, 2014.

7. Anti Money Laundering Procedures

7.1 The main aspect of anti money laundering procedure is the Client Due Diligence procedure which comprises the following:
(a.) Obtaining sufficient information in order to identify person who is the actual beneficial owner of the securities or the person on whose behalf the securities are acquired or maintained. In the case of corporate clients, identity of the persons who are beneficial owners (as prescribed in the SEBI circular dated January 24, 2013) shall also be verified in addition to the other usual details/information.
(b.) Verifying the customer’s identity through reliable independent source documents, data or information.
(c.) Performing regular scrutiny of the transaction and account to ensure that the operations are consistent with the client’s background, financial position and risk profile.
7.2 The Client Due Diligence procedure includes the following specific parameters: (a.) Policy for acceptance of clients.
(b.) Client identification procedures.
(c.) Identification and reporting of suspicious transactions.

8. Policy For Acceptance Of Clients

8.1 In person verification of each client is a must. If due to any reasons any client is unable to come to office, concerned official may visit the client residence/office to get the client registration form completed.
8.2 All the requirements of KYC norms to be complied with viz. all the forms are to properly filled, photograph of the client is attached, and required supporting documents like PAN, Residential Proof, Bank Account, Depository Account, etc. are enclosed with KYC. All photocopies of documents submitted by client are to be checked with originals without any exception.
8.3 As far as possible try to ensure that new account is introduced by an existing client. Introduction should be checked with the introducer.
8.4 In case of walk in clients additional care should be exercised to ensure that no undesirable person becomes a client.
8.5 All supporting documents as specified by the SEBI/Exchange are to be obtained and verified for all categories of clients.
8.6 In case of any deficiency in the documents/information or any suspicion about the genuineness of the account, do not accept the client registration form and bring it to the notice of higher authorities.
8.7 Be careful about the Clients of Special Category (CSC) as specified by the SEBI/Exchange or any authority under PMLA. The document/records pertaining to clients belonging to this category should be minutely scrutinized and account to be identified accordingly. The following is the list of such clients:
a. Non resident clients
b. High net worth clients,
c. Trust, Charities, NGOs and organizations receiving donations
d. Companies having close family shareholdings or beneficial ownership
e. Politically exposed persons (PEP) of foreign origin
f. Current / Former Head of State, Current or Former Senior High profile politicians and connected persons (immediate family, Close advisors and companies in which such individuals have interest or significant influence)
g. Companies offering foreign exchange offerings
h. Clients in high risk countries (where existence / effectiveness of money laundering controls is suspect, where there is unusual banking secrecy, Countries active in narcotics production, Countries where corruption (as per Transparency International Corruption Perception Index) is highly prevalent, Countries against which government sanctions are applied, Countries reputed to be any of the following – Havens / sponsors of international terrorism, offshore financial centres, tax havens, countries where fraud is highly prevalent.
i. Non face to face clients
j. Clients with dubious reputation as per public information available etc.
The above mentioned list is only illustrative and independent judgment should be exercised to ascertain whether new clients should be classified as CSC or not.
8.8 Where the intimation about the account opening is received back undelivered the address should be reverified and matter to be brought to the notice of higher authority.

9. Client Identification Procedure

9.1 Client Identification Procedure involves procedures at three different stages as under:
(a.) While establishing the relationship with the client.
(b.) While carrying out transaction for the client.
(c.) Any doubt about veracity or the adequacy of previously obtained client identification data at a later stage.

10. Client Identification Procedure While Establishing Relationship With The Client

10.1 The identification of the client at the time of account opening is very important. As stated under the Policy for acceptance of client documents/information as prescribed by SEBI must be obtained and original of all documents submitted must be verified.
PAN has to be verified from Income Tax records independently. A list of documents required for each category of clients is stated in KYC. If any other information/document is deemed necessary the same can be requested from the client.

11. Client Identification Procedure During Operation

11.1 This involves maintaining continuous familiarity and follow up with the client account. This should be done keeping in view the information/document furnished by the client at the time of account opening to be able to detect any inconsistency with the information provided. The following are some steps in this direction.
a) Order is placed by the client or his authorized/natural representative and in case of any doubt personal identification like date of birth, phone no. etc. is asked for.
b) Orders of any unusual nature to be brought to the notice of higher authorities before execution.
c) While confirming the trade after execution the identity of the client is to be ensured and checked.
d) Contract note should be dispatched at the address provided or handed over to the client or his authorized/natural representative only.
e) Pay-In and Pay-Out should be in the respective client accounts only and in no case payments/securities are to be received or delivered otherwise
f) No cash payments to the clients are allowed. Cash receipts are also to be avoided. However in case of minor amounts towards cost of documents, depository charges and in exceptional cases of sticky/overdue accounts cash may be received at head office only with the approval of higher authorities.

12. Subsequent Verification

12.1 In case of any doubt about the veracity or the adequacy of previously obtained information about any client efforts should be made to call for additional information/documents to check the veracity of information/documents earlier provided. Failure of the client to provide such additional information/documents or if the new information/document is found to be contrary to the earlier ones the same should be noted and immediately brought to the notice of higher authority.
12.2 In case of any request from the client for change in the existing particulars written request along with necessary supporting documents is required.

13. Risk Based Approach

13.1 As each client poses different risk we need to identify clients who pose higher risk than the others in term of monitoring suspicious transactions under the money laundering or terrorist activities.
13.2 The clients can be classified into three categories.
a) Low Risk
b) Medium Risk
c) High Risk
13.3 The classification can be done on the basis of location of the client, nature of business, trading turnover, nature of transaction and manner of making payments.
13.4 Our client’s due diligence should take into account the risk profile at every stage of operation.
13.5 Category A: Clients may be classified as having nil or very little risk. These can be identified as corporate, individuals, HNI who have respectable official/social/financial standings, who are regular in payments and operate with in defined parameters.
Category B: Clients are those clients who take more exposure than their capacity and are very aggressive traders.
Category C: Clients who has low financial standing with very aggressive trading.
It is important to realize that the underlying principle of total regulatory requirement is that the company is fully aware of the client on whose behalf the company is dealing.

14.

It is important to realize that the underlying principle of total regulatory requirement is that the company is fully aware of the client on whose behalf the company is dealing.

14A.

Vivek Financial has adopted on ongoing employee training program so that the members of the staff are adequately trained in AML and CFT procedures. Training requirements have specific focuses for front line staff, back office staff, compliance staff, risk management staff and staff dealing with new customers. It is crucial that all those concerned fully understand that rationale behind these guidelines, obligations and requirements, implement them consistently and are sensitive to the risks of their systems being misused by unscrupulous elements. Implementation of such measures requires the staff to demand certain information from investors which may be of personal nature or which have hitherto never been called for. Such information can include documents evidencing source of funds/income tax returns bank records etc. this can sometimes lead to raising of questions by the customer with regard to the motive and purpose of collecting such information.

15. Record Keeping

15.1 It is important to maintain records in a manner that the desired information is retrievable on a timely basis. It is there fore necessary to keep proper records of all document relating to client registration, other correspondence with the clients, account files or other records as required under the SEBI Act, Rules & Regulations framed there under, PMLA 2002, other relevant legislation, Rules and Regulation of the Exchange or circulars etc.
15.2 Under the PMLA the minimum prescribed period in 10 years. In case, where the record relates to an ongoing investigation or have been the subject of suspicious transaction reporting, the same should be retained until it is confirmed that the case has been closed.

16. Suspicious Transactions Monitoring & Reporting

16.1 It is the duty of all to be vigilant to identify, analyse and report any suspicious transaction. Some of the reasons which can raise suspicion are as under:
a. Identity of the client becomes suspicious due to any reason.
b. Background of the client is found to be suspicious or criminal.
c. Operation of multiple accounts with no apparent reasons.
d. Unusual activity in the account like substantial increase in business without apparent cause.
e. Insistence of cash transaction by the clients.
f. Efforts to transfer money to or from apparently third party accounts with no linkage.
g. Any unusual transaction in the accounts of CSC.
This list is illustrative and there can be many other reasons which may cause suspicious and there fore there is necessity of continuous vigilance.

16.2

Any suspicious transaction should be immediately noted and brought to the notice of the higher authority giving detail of client, transaction, nature/reason of suspicion. It is to be ensured that this action is kept secret from client and activity with the concerned client should be kept normal unless and until instructed otherwise.

16.3

The following details are to be maintained for such transactions:
(i.) Nature of transactions.
(ii.) Amount of the transaction.
(iii.) Date of transaction.
(iv.) The parties to the transaction.

16.4

The report to the FIU-India should be submitted with in the stipulated time frame which is 15th of succeeding month in case of cash transaction and within 7 days of arriving at a conclusion that any transaction whether cash or non-cash is suspicious.

17.

Mr. Arvind Jaswal is designated principal officer and can be contacted for any information/classification in the regard.

Client Code Modification Policy

The client codes are not be modified in any circumstances. In case the senior trading staff considers it necessary to modify any client code, the authorisation needs to be taken from the senior management. Such authorisation from the senior management is only given in case the account code to be modified is among the family members. In any other case, no modification of client code is allowed. In case, if there is any other error while punching, the transaction is settled in error account.

Policy for Client Registration

Any new client who wishes to deal with us needs to have his client registration completed. The client registration requires the client to sign the Account Opening form and provide with his KYC details. The KYC is to be uploaded with KRA and CERSAI.
There has to be an In Person Verification (IPV) of the client for the documents to be executed. In case the client is a NRI where the IPV is not possible, all the attestation on KYC documents has to done by Notary Public, Court, Magistrate, Judge, Local Banker, Indian Embassy/Consulate General.
Once all of the above is executed, UCC needs to be sent to exchange detailing his email address and mobile number.
The client also specifically needs to sign against the exchanges and segments he wishes to trade in like NSE – Cash Market, NSE – Equity Derivative Market, NSE – Currency Derivative Market and BSE – Cash Market etc. In case the client wishes to trade in derivate segment of the exchange, he has to furnish a documentary evidence of his income proof like Income Tax Return or bank passbook/statement that verifies that he has the affordability to trade in derivate markets.
After the account is opened, the clients is sent a welcome letter with a copy of the Account opening form that details the RDD, Do’s and Don’t’s, Rights and Obligations etc.
Any changes in the documents that the client wishes to make have to be accompanied by a letter and documentary proof wherever required.

Risk Management

The Risk Management Policy articulates the steps/actions meant for mitigation of any risk that may accrue to the company owing to its dealings with its various stake holders. The risks are filtered and managed appropriately. The risks are managed at the time of registration of a new client, at the time of placement of the orders, at the time of failure to meet the obligations whether security or payment either in full or part in relation to the clients. Further, appropriate internal checks and balances for smooth functioning are built in organisational hierarchy. Risk management policy in regard to the clients is broadly discussed as under:
1. Every client is registered only upon successful completion of prescribed KYC procedure and satisfactory identification. While doing so, the following steps are taken:
(i.)The client’s identity is confirmed in person.
(ii.) The relevant documents are duly verified from the original documents.
(iii.) The PAN is verified with the Income Tax Department site.
(iv.) The confirmation about registered address is indirectly reconfirmed by sending account opening intimation through courier at registered address. Undelivered mail is monitored to identify any variations.
(v.) Self attested certified copies of the relevant documents pertaining to the client are sent to KRA in due course.
(vi.) The required information of every client is recorded in back-office before commencement of transactions.
(vi.) Any updation in the details pertaining to the clients is incorporated in relevant records after complying with the prescribed procedure for incorporation of such alterations.
2. A judgment of the financial status of the client is formed on the basis of his business/ profession and financial information, whether obtained directly from the client or gathered from the knowledgeable people associated with him. The opinion of the referral is given due weightage as normally relationship with the referral is quite old and has been assessed/tested.
3. We may from time to time impose and vary limits (including exposure limits, turnover limits, limits as to the number, value and/or kind of securities in respect of which orders can be placed) on the orders that the client can place through our trading system. The client is made aware and the client agrees that we may vary or reduce the limits or impose new limits urgently on the basis of the our risk perception and other factors considered relevant by us. Further, the client is informed that we may increase or decrease his limits that may be on account of but not limited to exchange/SEBI directions, and we may be unable to inform the client of such variation, reduction or imposition in advance. The client is also made aware that we shall not be responsible for such variation, reduction or imposition or the client's inability to route any order through our trading system on account of any such variation, reduction or imposition of limits.
4. The client is aware that we may at any time, at our sole discretion and without any prior notice, prohibit or restrict the client's ability to place orders or trade in securities through us. We may further subject any order placed by the client to a review before its entry into the trading systems and may refuse to execute/allow execution of orders due to but not limited to the reason of lack of margin/securities or the order being outside the limits set by exchange/SEBI and any other reasons which we may deem appropriate in the The client is aware that the losses, if any on account of such refusal or due to delay caused by such review, shall be borne exclusively by the client alone.
5. The client is aware that we may shift to margin based RMS system. Total deposits of the clients would be uploaded in the system and client may take exposure on the basis of margin applicable for respective security as per VAR based margining system of the stock exchange and/or margin defined by RMS based on their risk.
6. The client is aware that we have the right to sell client's securities or close clients' positions, without giving notice to the client, on account of non-payment of client's dues without prejudice to our other rights (Including the right to refer the matter to arbitration), we shall be entitled to liquidate/close out all or any of the clients position without giving notice to the client for non payment of margins or other amounts including the pay in obligation, outstanding debts and adjust the proceeds of such liquidation/close out, if any, against the clients liabilities/obligations.
7.The client shall ensure timely availability of funds/securities in form and manner at designated time and in designated bank and depository account(s), for meeting his/her/its pay in obligation of funds and securities. Any and all losses and financial charges on account of such liquidations / closing out shall be charged to & born by the client. In case the payment of the margin / security is made by the client through a bank instrument, we shall be at liberty to give the benefit / credit for the same only on the realization of the funds from the said bank instrument etc, at our absolute discretion. Where the margin / security is made available by way of securities or any other property, we are empowered to decline its acceptance as margin / security &/or to accept it at such reduced value as we may deem fit by applying haircuts or by valuing it by marking it to market or by any other method as we may deem fit in our absolute discretion. We have the right but not the obligation, to cancel all pending orders and to sell/close/liquidate all open positions/securities/ shares at the pre-defined square off time or when Mark to Market (M-T-M) percentage reaches or crosses stipulated margin percentage, whichever is earlier. We shall have sole discretion to decide referred stipulated margin percentage depending upon the market condition. In the event of such square off, the client agrees to bear all the losses based on actual executed prices, the client shall also be solely liable for all and any penalties and charges levied by the exchange(s).
8. Any customer who calls is asked his account number and in case the dealer doesn’t feel confident about the customer calling to make his trades, he specifically asks address/telephone number/DOB/PAN Details to access the authenticity of the client. This is a risk mitigation system to keep a check about the client placing his own orders.
9. Unauthorised Trades: All the customers are given a telephonic confirmation of the trades being done today by a different set of people. Also, they are sent SMS along with contract notes in hard/soft copy depending upon the requirement of the customer. Telephonic confirmation and SMS are done to avoid any unauthorized trades done at the organisation.
10. Regular training is given to all the dealers, so as to exercise caution while putting orders in illiquid securities, new listing and series type Equity/TFT/T2T which is in BE series.

Surveillance Policy

As per the surveillance policy of the company, the compliance officer shall look over all such activities. The following are the points to be included for surveillance: (i.) All the alerts from the stock exchange system, E-Boss/Connect2nse.com needs to be monitored on a weekly basis. Also, check the alerts from NSDL on its website iassist.nsdl.co.in and monitor on a 15 day basis.
(ii.) Due diligence process and scrutinizing each alert has to be carried out on a daily basis and information needs to be shared with the senior management.
(iii.) In case of any suspicious/manipulative activities of any client, the information needs to be reported to the exchange/DP/PMLA.
(iv.)A quarterly MIS shall be put up to the Board of Directors of the Company on the number of alerts pending at the beginning of the quarter, generated during the quarter, disposed off during the quarter and pending at end of the quarter. Reasons for pendency shall be discussed and appropriate action needs to be taken. Also, the Board shall be apprised of any exception noticed during the disposition of alerts.

Dormant Account Activation Policy

Any account that has not been trading with us for more than 6 months is considered to be dormant account. In case of dormant account (six months), before execution of any trade, any personal identification such as father/ husband name, date of birth etc. is enquired and verified before placement of order. The status of documentation vis-à-vis current KYC norms is also checked. In case there are any changes in KYC details, the changes are first needs to be done in the manner prescribed under various regulations and then any transaction is to be made.

Pre-funded Instruments Policy

Pre-funded instrument like Demand Draft may be accepted. In case of acceptance of such pre-funded instrument, the client also needs to furnish a copy of his bank statement stating that the pre-funded instrument is made from the client’s account. Such statement needs to be notarised by the banker proving the legitimacy of the actual account through which the instrument is funded.

Investors Complaint Redressal Mechanism

A client is generally briefed about the hierarchy in the organization including the persons to whom the client may contact in case of any difficulty. There is a specific email ID on which the investor may lodge his/ her complaints. Further, the same ID is also given on contract notes and mentioned on the website of the Company. The access to this ID is entrusted at responsible level in the organization. Further, there is a mechanism through which copy of any communication received at this ID is automatically passed on to the Managing Director of the Company.
The complaint is acknowledged and attended on top priority basis. The issues raised are resolved as soon as it is possible to do so; in any case the same must be done within 2 working days. Simultaneously, it is recorded in the ‘complaint register’ maintained for the purpose.
The Managing Director of the Company is immediately informed upon receipt of any complaints and is personally involved in its resolution.

Policy for Penny Stock

Penny stock is a stock that trades at a relatively low price and has very low market capitalisation. These types of stocks are generally considered to be highly speculative and high risk because of their lack of liquidity, large bid-ask spreads, small capitalisation and limited following. Depending upon the market conditions and RMS policy of the company, the company reserve the right to refuse to provide the facility of trading in penny stock.

Policy regarding penalty/delayed payment charges

Clients will be liable to pay late pay in/delayed payment charges for not making payment of their pay in/margin obligation on time as per the exchange requirement/schedule at the rate of 2% per month or at an agreed rate. The company may impose fines/penalties for any orders/trades/deals/ auctions of the client at the rate as deem fit. The company may also charge the clients all such sums that the company has to pay any fine or bear any punishment from any authority in connection with /as a consequence of/in relation to any of the orders/trades/deals/actions of the client.

Policy for Conflict of Interest

All the employees including the senior management must maintain high standards of integrity at all times. The clients should be treated fairly and no discrimination shall be done within the clients. They also need to ensure that the personal interest does not conflict with their duty to the clients and client’s interest always takes primacy in their advice, investment decision and transactions. The employees should always make appropriate disclosure to the clients of possible source or potential areas of conflict of interest which would impair their ability to render fair, objective and unbiased services. Appropriate restrictions on transactions in securities while handling a mandate of issuer or client in respect of such security so as to avoid any conflict should be implemented. The employees should not deal in securities while in possession of material non published information and neither communicates the material non published information to the clients.

Policy for Security Operation and Risk Management

We have 3 people who have passed the examination for Security Operations and Risk Management. Mr. Vivek Kakar, CEO of the company, oversees trading, compliance and investor grievances. Mr. Sundeep Bhambri oversees the settlement of funds and securities, risk management and payments. However, he is supported by the clerical team to coordinate the paperwork, cheques, limits enhancement etc.

Information System Policies

IT Infrastructure Policy

IT infrastructure is today the backbone of the operations in trading and depository departments. The various policies are understated that forms the complete IT infrastructure policy. The under stated policies are reviewed regularly. The age of IT infrastructure has to be considered and appropriate decisions have to be taken for the upgradation/change in the technology. The various Service Level Agreements (SLAs) for various hardware/software specifically have mean time to recovery (MTTR) for the operations to be up and running as quickly as possible in case of any issue. Such SLA are maintained and recorded regularly.

Framework for Physical and Environmental Security

A separate room for servers’ placement and maintenance is allocated as called as server room. The access to the server room is to only few employees who are in-charge for managing the set of servers. A separate UPS and other related hardware infrastructure to support all the office and branch offices is provided. The server room have a separate register to maintain the records of the people who are not allowed to access the server room in normal course of work.

Password Policy

The password policy is applicable to all the trading systems, back office software and all the systems relating to the operations for the Company.
1.The length of password should be of exact 8 characters.
2. The password shall be case sensitive and should contain at least one each of the following characters with no space:(i.)Uppercase : A to Z, (ii.)Lowercase : a to z, (iii.) Digit : 0 to 9, (iv.)Non- alphanumeric : Special characters @ # $ % & * / \
3. User shall be compulsorily required to change password after the lapse of 14 days
4. New password must be different from previous 5 passwords
5. User Id shall be locked after 5 invalid login attempts
6. Reset of password shall set the password to a default password
7. User shall not be allowed to set the default password as new password.

User Management and Access Control Policy

All the software used by the organisation is controlled through rights to be given to the user depending on the profile and the work allotted to him. Every software has dual system of protection - one is based on the rights/restrictions for the user to access and the other is password protection. Further, all the passwords are self expired in 15 days and the user needs to update the same as and when required. The password policy is existent and implemented. The web hosting channels and the internal servers are separately treated and are not linked on the same network. There are different channels for the internal network and web hosting channels to connect to the server.
All the activities by the users are maintained and logged in a predefined format as provided by the vendor to the software. These records are checked on a regular basis and the system has the provision to check the details of the reports/actions performed by the software with the user details in a particular time frame and date. All the privileges to be given are discussed with the senior officials before the rights are given to such users. The user has to follow the instructions of maker-checker to execute the queries as required.

Backup and Recovery Policy

The backups are taken on a daily basis for the broking operations. The depository operation backups are also taken on a daily basis. The backups are taken in 2 different copies and are kept at different locations. Such backups are regularly tested for their authenticity in case these have to be used in an emergency. Further, the previous year’s backups are also kept in 2 copies and the data is regularly checked. The media used for the backups shall be cleaned and checked every week. Moreover, monthly backups are made separately so that there is also a consolidation of data. The life of the media of storage is kept as 6 months. Every 6 months, the media is changed (in case there is any issue in the current media). The yearly archives are made at the end of the financial year for our usage.

Standard and Guidelines for Information Security

The standards and guidelines for information security is given below:
System Administration: The system administrator needs to check and maintain the various operations of all the hardware/software as used in the organisation. Such IT infrastructure needs to updated on a regular basis, disk scanning and cleaning is to be done on a weekly basis for the best performance of the infrastructure.
Technology Deployment: All the different technologies deployed in the organisation shall be looked upon very carefully. Proper manuals shall be created and referred from time to time as per the requirements. Such technologies shall be monitored on a regular basis.