29-Apr-2026

When Process Failures Become Penalties: What Every Listed Company Must Learn from SEBI's Enforcement Actions

InsiderQ • Become Penalties • 7 min read

In this article

The Old Assumption That No Longer Holds
The Pattern SEBI Is Establishing
The 2025 PIT Amendment: New Process Requirements, New Exposure
What "Personal Liability" Actually Means
The Gap Most SME-Listed Companies Have
What to Do Now
Closing Thought

You don't have to trade on insider information to face a SEBI penalty. You just have to fail to follow the right process at the right time.

That is the quiet but important shift in how India's capital markets regulator approaches insider trading enforcement. And if your company is listed - on the main board or on the BSE SME/Startup Platform - it is a shift that your Compliance Officer, management team, and board need to understand in full.

The Old Assumption That No Longer Holds

For years, the working assumption inside listed companies was simple: insider trading enforcement is about people who traded on tips. Prove the tip existed, prove someone profited, and SEBI would act. If nobody traded illegally, the compliance machinery was largely seen as administrative overhead.

That assumption is now no longer reliable.

SEBI has spent the last several years building enforcement precedent that targets something different: the failure of the compliance framework itself, independent of whether any illegal trade occurred. Two recent cases make this clear.

Case 1: Edelweiss Financial Services - A Compliance Officer Penalised for Not Closing the Trading Window

Penalty: ₹5 lakh

SEBI found that the company's trading window was not closed during a period when Unpublished Price Sensitive Information (UPSI) was in existence - specifically, during acquisition-related discussions involving subsidiaries ECAP and AIMIN.

The Compliance Officer, B. Renganathan, was held personally liable under Regulation 6(2) of the SEBI (Prohibition of Insider Trading) Regulations, 2015, which makes the CO directly responsible for ensuring the trading window is closed when UPSI is active.

The critical point: the penalty was not for insider trading. It was for a process failure. The trading window should have been closed. It was not. That was enough. The Securities Appellate Tribunal (SAT) later reduced the quantum on appeal - but the principle was upheld.

Case 2: Nestlé India - A Warning Letter for a Designated Person's Contra-Trade

Outcome: Formal SEBI warning to Compliance Officer

On March 6, 2025, SEBI issued a formal warning to Nestlé India Limited's Compliance Officer in connection with a contra-trade violation by a designated person. Contra-trades - where a designated person buys and then sells (or vice versa) securities of their own company within a six-month window - are prohibited under Schedule B of the PIT Regulations.

Nestlé disclosed the matter to stock exchanges, categorising it as having no material financial impact. But the regulatory consequence - a formal SEBI warning - demonstrates that even where there is no measurable harm, the regulator will hold compliance personnel accountable for failures in the oversight system.

The Pattern SEBI Is Establishing

These two cases are not isolated incidents. They are part of a clear regulatory pattern.

SEBI is no longer only investigating what happened. It is investigating whether your compliance system was functioning correctly - and if it was not, someone will be held responsible.

The specific failure modes SEBI has been targeting:

Trading window not closed when UPSI is active. If UPSI exists and the trading window is open, the Compliance Officer has failed in a primary duty.
Contra-trades not detected or acted upon. The CO must monitor trading by all designated persons and identify prohibited patterns.
UPSI not entered into the SDD within the required timeframe. From June 9, 2025, under the amended PIT Regulations, UPSI must be entered into the Structured Digital Database within two calendar days of coming into existence.
SDD records incomplete or inconsistent. Gaps in records are evidence of a process failure - even if no trade occurred.

The 2025 PIT Amendment: New Process Requirements, New Exposure

The SEBI (Prohibition of Insider Trading) (Amendment) Regulations, 2025 - notified March 11, 2025 and effective June 9, 2025 - significantly increased the precision required of compliance systems. Two changes matter most.

1. Two-calendar-day UPSI entry deadline. Every event or information that constitutes UPSI must be entered into the SDD within two calendar days of coming into existence or being identified. This is not a best-effort guideline. It is a defined compliance obligation with a specific timeframe. Missing it, for even one event, creates an recordable gap.

2. Eight-year SDD retention. Records in the SDD must be maintained for eight years from the date of entry. For Compliance Officers at smaller listed companies managing SDD records in spreadsheets or simple systems, this retention requirement alone creates significant practical and legal risk.

If your SDD records are being maintained in Excel, in a shared folder, or in a system without an audit log - the gap between your current practice and what SEBI will expect in an investigation is material.

What "Personal Liability" Actually Means

The PIT Regulations define a Compliance Officer as the person responsible for compliance on behalf of the listed entity. Under the SEBI Act, 1992, penalties under Section 15G can reach ₹10 lakh minimum, up to ₹25 crore or three times the profit made - whichever is higher.

These are not corporate penalties only. SEBI has demonstrated in the Edelweiss and other cases that it will name and penalise the individual CO where a process failure can be attributed to their role. Directors and senior management who were aware of UPSI and failed to ensure correct processes have also faced action.

The designation "Compliance Officer" is not a title. It is a legal accountability - one that requires an actively functioning compliance system, not paperwork and good intentions.

The Gap Most SME-Listed Companies Have

For companies listed on the BSE SME or Startup Platform, the compliance burden under SEBI's LODR Regulation 46 is partially exempted. But the PIT Regulations apply in full, with no SME carve-out.

Many SME-listed companies have a Compliance Officer - often a Company Secretary or CFO wearing a dual hat - who has implemented a basic PIT framework: a code of conduct, a designated persons list, a trading window calendar. What they typically lack:

A proper SDD implementation that timestamps UPSI entry and maintains an auditable record
Active monitoring of trading by designated persons, including contra-trade detection
A documented process for UPSI identification and escalation - so there is no ambiguity about when the two-day entry clock starts
Evidence that the trading window was closed correctly for every UPSI event - not just for quarterly results

The gap is not knowledge - most COs know the rules. The gap is documentation and system support. SEBI's process-based enforcement means the absence of documented evidence is itself a finding.

What to Do Now

If your PIT compliance framework was set up at the time of listing and has not been significantly upgraded since, now is the time to assess it against SEBI's current enforcement expectations.

Audit your UPSI log. Does every qualifying event have a timestamped entry? Is it within two calendar days? Is the entry in a system that creates an tamper-proof record trail?
Review your trading window management. Is there a documented process for determining when UPSI is "live" and triggering window closure - not just the standard quarterly closure? Are there records for every closure and reopening?
Check your designated persons register. Is it current? Does it capture all categories defined in your Code - employees, advisors, family members? Are contra-trades being monitored?
Assess your SDD against the 8-year retention requirement. If you are storing records in ways that could be lost or are not readily exportable, you have a retention compliance gap.
Read the June 9, 2025 amendments with your CO. The 2-day entry deadline requires process changes - who identifies UPSI, who enters it, what constitutes "coming into existence" for different event types.

Closing Thought

SEBI's enforcement posture has changed. The question it now asks is not only "did someone trade on UPSI?" but "did your compliance system work correctly?" That is a harder question to answer - because the answer lives in your processes, your records, and your audit trail, not in the absence of scandal.

Companies and Compliance Officers who understand this shift and build accordingly will be in a much better position. Those who do not will discover the new enforcement standard the hard way.

InsiderQ by Naapbooks is purpose-built for listed companies that need to move beyond basic PIT compliance. From SDD management with audit-grade timestamping to real-time trading window control and designated person monitoring, InsiderQ gives Compliance Officers a documented, defensible compliance record. Learn more about InsiderQ →

Disclaimer: This article is for informational purposes only and does not constitute legal advice. Please consult a qualified legal or compliance professional for advice specific to your situation