Corporate Law · Board & Corporate Governance Advisory
Corporate Policy & Disclosure Framework Development
Corporate policies are not paperwork you keep in a drawer for an auditor to glance at once a year.
Chartered Accountants · Chennai · Hyderabad · Bangalore · Dubai · Since 1986
Corporate policies are not paperwork you keep in a drawer for an auditor to glance at once a year. A well-drafted Code of Conduct for Prevention of Insider Trading, a Related Party Transaction Policy, a Whistle Blower Policy, and a Board-level Disclosure Framework are the documents a regulator, an investor, or an NCLT bench will actually read line by line the day something goes wrong. Boilerplate downloaded from the internet — with clauses that reference the wrong entity type, the wrong regulator, or a listing obligation that does not apply to your company — creates exposure rather than protection. PNPC drafts governance policy frameworks calibrated to your company's actual regulatory footprint: private company, Section 8 company, or listed entity under SEBI's LODR and PIT Regulations. We have built these frameworks for companies since 1986, across India and the UAE, and we stay engaged after the policy is adopted — through every Board review, every amendment, and every disclosure event that tests whether the framework actually works.
What it costs
No hidden charges. The exact figure is set in your engagement letter.
Corporate Policy & Disclosure Framework Development refers to the drafting, Board approval, and ongoing maintenance of the internal governance policies that regulate how a company's directors, key managerial personnel (KMP), designated employees, and connected persons handle sensitive information, related party dealings, and mandatory disclosures. For listed companies, the core mandatory frameworks are the Code of Conduct for Prevention of Insider Trading and the Code of Fair Disclosure of Unpublished Price Sensitive Information (UPSI), both required under the SEBI (Prohibition of Insider Trading) Regulations, 2015 (PIT Regulations), and the Related Party Transaction (RPT) Policy required under Regulation 23 of the SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 (LODR). A Whistle Blower Policy / Vigil Mechanism is mandatory for listed companies and for certain classes of unlisted public companies under Section 177(9) of the Companies Act 2013 read with Rule 7 of the Companies (Meetings of Board and its Powers) Rules 2014, and is strongly recommended as good governance practice even where not legally compulsory.
For unlisted private companies and closely-held public companies, these frameworks are not always statutorily mandated in the same form, but they remain highly relevant. Section 188 of the Companies Act 2013 governs related party transactions for every company regardless of listing status — requiring Board approval, and shareholder approval by ordinary resolution for transactions exceeding prescribed thresholds, with related directors and members abstaining from voting where they are interested parties. A documented RPT policy, even where not legally mandatory, is the mechanism by which a company demonstrates that its related party dealings were conducted at arm's length and were not used to siphon value away from minority shareholders or creditors — a scrutiny point that surfaces routinely in investor due diligence, bank credit appraisal, and any eventual IPO readiness review.
Insider trading policies matter beyond the immediate listed-company mandate as well. A private company that is actively fundraising, preparing for an IPO, or has statutory auditors, merchant bankers, or institutional investors with access to material non-public information benefits from a documented framework governing how such information is handled, who is designated as an 'insider' or 'connected person,' and what trading windows or pre-clearance requirements apply before the company actually lists. Building this discipline before listing avoids a scramble in the run-up to an IPO, when SEBI's Insider Trading Regulations, LODR disclosure obligations, and the Companies Act's disclosure sections all become simultaneously and immediately applicable.
A disclosure framework more broadly also covers the statutory disclosure of interest by directors under Section 184 of the Companies Act (Form MBP-1, filed annually and on any change), disclosure of shareholding and interest by KMP, related party disclosures required in the financial statements under Ind AS 24 / AS 18, and the Board's own policy on determining materiality of events and information for disclosure purposes (mandatory for listed companies under Regulation 30 of LODR). Each of these strands is legally distinct but operationally interconnected — a well-designed governance framework treats them as one coherent system rather than a set of disconnected compliance checkboxes, because in practice, a lapse in one (an undisclosed related party transaction, for instance) is very often discovered because of a gap in another (a director's Form MBP-1 that was never updated).
When a documented policy framework becomes necessary
Company is listed or is preparing for an IPO — the PIT Code of Conduct, Code of Fair Disclosure, RPT Policy, and Materiality of Events Policy under LODR are mandatory, non-negotiable prerequisites for listing and continuous compliance thereafter
Board or promoters routinely enter into transactions with group companies, relatives, or entities in which a director holds interest — a documented RPT policy protects the company and its directors from allegations of self-dealing and demonstrates Section 188 compliance
Company has institutional investors (VC/PE) on the cap table — sophisticated investors expect governance frameworks (insider trading discipline, RPT policy, whistle blower mechanism) to be in place well before a Series B/C round or pre-IPO round, and will flag their absence in due diligence
Company is a large unlisted public company meeting the Section 177(1) Audit Committee thresholds (paid-up capital of ₹10 crore or more, turnover of ₹100 crore or more, or outstanding loans/borrowings/debentures/deposits exceeding ₹50 crore in aggregate, under Rule 6 of the Companies (Meetings of Board and its Powers) Rules 2014) — an Audit Committee is mandatory, and once bank/PFI borrowings alone exceed ₹50 crore, the Section 177(9) Vigil Mechanism becomes mandatory as well
Company has employees, consultants, or advisors with access to unpublished price sensitive information (financials, M&A discussions, fundraising terms) ahead of an anticipated listing — a Code of Conduct establishes trading windows, pre-clearance, and confidentiality obligations before it becomes a SEBI-mandated requirement
Board wants to formalise a materiality framework for what gets disclosed to shareholders, lenders, or the public — even outside a formal SEBI mandate, a documented disclosure policy demonstrates board-level governance discipline that banks and rating agencies increasingly assess
Company is undergoing a related party restructuring — intercompany loans, asset transfers, management fee arrangements, or common-director transactions — and needs the transaction properly documented, priced at arm's length, and Board/shareholder-approved before execution
Statutory or internal auditor has flagged inadequate related party disclosure or absence of a documented insider trading framework as an audit observation or a qualification risk
When a full formal framework may not (yet) be necessary
Very early-stage private company with no institutional investors, no related party transactions beyond routine founder-company dealings, and no near-term listing plan — a lighter internal governance note may suffice until the company scales, though Section 188 Board approval discipline for any related party transaction still applies regardless of size
Sole proprietorship or partnership firm — these frameworks are built around the Companies Act / SEBI regulatory architecture for companies; a proprietorship or partnership has no comparable statutory basis and different governance considerations apply
Company has no related party transactions whatsoever and no plans for external fundraising or listing in the foreseeable future — the cost-benefit of a full framework is lower, though PNPC still recommends baseline Section 184 (director interest disclosure) compliance regardless of stage
One Person Company (OPC) with a single member-director and no other stakeholders — the related party and insider trading concerns these frameworks address largely do not arise in a single-person structure
Dormant or non-operational company with no transactions of any kind — the priority in this scenario is regularising basic annual compliance, not building disclosure policy infrastructure that has nothing to govern
Core governance policy frameworks compared
| Policy | Governing Law | Mandatory For | What It Covers | Key Consequence of Absence/Breach |
|---|---|---|---|---|
| Code of Conduct — Prevention of Insider Trading | SEBI (PIT) Regulations, 2015, Schedule B/C | Listed companies; intermediaries; fiduciaries handling UPSI | Trading window closures, pre-clearance for designated persons, UPSI handling, structured digital database (SDD) | SEBI penalty up to ₹25 crore or 3x profit made, whichever higher; criminal prosecution possible under SEBI Act |
| Code of Fair Disclosure of UPSI | SEBI (PIT) Regulations, 2015, Regulation 8 | Listed companies | Principles for uniform and universal dissemination of unpublished price sensitive information | SEBI action for selective/preferential disclosure; market abuse exposure |
| Related Party Transaction (RPT) Policy | Companies Act 2013 s188; SEBI LODR Regulation 23 (listed only) | All companies (s188); listed companies (LODR, enhanced thresholds) | Board/Audit Committee approval mechanism, arm's-length pricing, omnibus approvals, threshold-based shareholder approval | s188 non-compliance — contract voidable at Board's option, promoter/director liable to indemnify loss, penalty on officer in default |
| Whistle Blower Policy / Vigil Mechanism | Companies Act 2013 s177(9)-(10); LODR Regulation 22 (listed) | Listed companies; companies accepting public deposits; companies with loans/borrowings above ₹50 crore | Reporting channel for genuine concerns, protection against victimisation, direct access to Audit Committee Chairman in exceptional cases | Statutory non-compliance penalty; reputational and governance-rating impact |
| Policy for Determination of Materiality of Events | SEBI LODR Regulation 30 | Listed companies only | Criteria for what constitutes a 'material' event/information requiring disclosure to stock exchanges | Regulation 30 non-disclosure — SEBI fine, exchange penalty, potential suspension of trading in extreme cases |
| Directors' Disclosure of Interest (Form MBP-1) | Companies Act 2013 s184 | All companies | Annual and event-based disclosure by every director of their interest/concern in other entities | Non-disclosure — director liable to a fine and, in specified cases, vacation of office; contract may be voidable |
| Board Diversity & Familiarisation Policy | Companies Act 2013 s149; LODR Regulation 25(7) (familiarisation, listed) and Regulation 19 Nomination & Remuneration Committee provisions (diversity, listed) | Companies with independent directors; mandatory detail for listed companies | Board composition principles, independent director induction and familiarisation programme | Not a penal provision typically, but a governance-rating and disclosure gap flagged in Board evaluation and by proxy advisory firms |
Applicability varies sharply by whether the company is listed, unlisted public, or private, and by size thresholds under Section 177(9). This table is directional — PNPC assesses your company's specific regulatory footprint (listing status, capital, turnover, borrowings, sector) before recommending which frameworks are legally mandatory versus governance best practice for your stage.
| # | Stage & What PNPC Does | What Portals and Generic Templates Miss | Timeline |
|---|---|---|---|
| 1 | Regulatory Footprint Assessment — determine exactly which policies are mandatory for your company | A downloaded 'insider trading policy template' usually assumes a listed company. Applying it verbatim to an unlisted private company creates clauses referencing stock exchange disclosures, trading window mechanisms tied to quarterly results announcements, and SEBI registration numbers that do not exist for your entity. We first determine: are you listed, about to list, or unlisted? Do you cross the Section 177(9) thresholds for a mandatory Vigil Mechanism? Do you have related party transactions requiring a documented policy under Section 188? | Day 1–3 |
| 2 | Related Party Mapping — identify every related party under Companies Act and (if applicable) LODR definitions | The Companies Act definition of 'related party' under Section 2(76) is broader than most founders assume — it includes a director's relative, a KMP, a private company in which a director is a member or director, and entities under common control. LODR Regulation 2(1)(zb) further widens this for listed companies. We map your actual related party universe before drafting the policy — a policy that doesn't correctly identify who it applies to is not enforceable in practice. | Day 3–7 |
| 3 | Insider Trading Framework Drafting — Code of Conduct + Code of Fair Disclosure (where applicable) | Effective 2019 amendments to the PIT Regulations require a Structured Digital Database (SDD) to log every instance of UPSI sharing, with time-stamps and audit trails — most template policies still reference the pre-SDD regime. We draft policies aligned with the current regulatory text, including designated person identification criteria, trading window closure triggers, and pre-clearance thresholds calibrated to your company's actual scale. | Week 1–2 |
| 4 | Related Party Transaction Policy Drafting — Board approval mechanism, arm's-length methodology, omnibus approval framework | A generic RPT policy often omits the omnibus approval mechanism (Regulation 23(3) of LODR / Audit Committee practice for unlisted companies) that lets a company pre-approve a category of recurring transactions rather than seeking case-by-case approval for every single one — a practical necessity for companies with routine intercompany service arrangements. We build this into the policy from the outset. | Week 1–2 |
| 5 | Whistle Blower Policy / Vigil Mechanism Drafting (where mandatory or recommended) | A weak Vigil Mechanism policy that does not clearly provide for direct access to the Audit Committee Chairman in exceptional cases, or that lacks a genuine non-retaliation clause, fails the substantive test under Section 177(9) even if a document exists. We draft mechanisms that would withstand scrutiny in an actual whistle-blower event — not just a document that exists to tick a box. | Week 2 |
| 6 | Materiality of Events Policy (listed companies only) — Regulation 30 LODR framework | This policy requires the company to pre-define, in Board-approved language, what quantitative and qualitative thresholds trigger a disclosure obligation to the stock exchanges. Getting the thresholds wrong either creates disclosure fatigue (over-disclosure of immaterial events) or regulatory risk (under-disclosure of material ones). We calibrate this to your sector and scale, referencing SEBI's illustrative list under Schedule III Part A. | Week 2–3 (listed companies) |
| 7 | Board Approval — presenting the policy suite to the Board for formal adoption | Board approval is not a formality — it must be minuted with the specific policy title, version, and effective date, and (for RPT Policy and PIT Code under LODR) subsequently disclosed on the company website if listed. We prepare the Board agenda, explanatory notes for directors, and the resolution language; we also brief independent directors on their specific obligations under the new framework. | Week 3 |
| 8 | Designated Persons Identification & Communication (for PIT Code) | The PIT Code requires identifying 'designated persons' — a category broader than just directors and KMP, potentially including employees in finance, legal, and strategy functions with regular access to UPSI. Each designated person must be formally notified of their status, the trading window mechanism, and the pre-clearance requirement. We prepare the designated persons register and the notification communication. | Week 3–4 |
| 9 | Website Disclosure & Regulatory Filing (listed companies) | LODR requires certain policies — RPT Policy, Code of Practices and Procedures for Fair Disclosure, Vigil Mechanism, Familiarisation Programme — to be disclosed on the company's website with a direct weblink, and some require intimation to the stock exchange. Missing this disclosure step is itself a LODR non-compliance even if the policy was properly Board-approved internally. | Week 4 |
| 10 | Structured Digital Database (SDD) Set-Up (for PIT compliance) | The SDD is a mandatory, internally maintained digital log of every person with whom UPSI is shared, the nature of UPSI, and the date. PNPC advises on the practical SDD implementation — whether a dedicated compliance software or a properly structured internal log — appropriate to your company's transaction volume and scale. | Week 4–5 |
| 11 | Staff Training & Rollout — briefing designated persons, directors, and KMP on their obligations | A policy that sits in a Board minute but is never communicated to the people it governs offers no real protection. We conduct or support a rollout briefing so that designated persons understand trading window closures, pre-clearance forms, and reporting obligations under the Vigil Mechanism — not just receive an email with a PDF attached. | Week 5 |
| 12 | Annual Review & Amendment Cycle — Board review of policy effectiveness at least annually | SEBI and the Companies Act framework expects these policies to be living documents, periodically reviewed by the Board or Audit Committee — not adopted once and forgotten. We build the review into your annual compliance calendar and update the policy language as regulations amend (as happened with the SDD requirement in 2019 and further PIT amendments since). | Annually thereafter |
| 13 | Event-Driven Amendments — triggered by regulatory change, new related party relationships, or a specific transaction | A new related party relationship (e.g., a new group company incorporated, a director joining another entity) or a change in SEBI's PIT Regulations requires the policy to be updated and re-approved by the Board — not left stale. PNPC monitors regulatory changes affecting these frameworks and flags amendment triggers proactively. | As needed — PNPC on call |
Realistic timeline for a full policy suite (insider trading, RPT, whistle blower, materiality where applicable) from engagement to Board adoption and rollout: 4–6 weeks for a company with an organised related party and stakeholder map; 8–10 weeks where related party mapping and designated persons identification require more extensive fact-finding. Pre-IPO companies should build in 3–4 months' lead time before the anticipated listing date to have the frameworks operating and demonstrably tested before regulatory scrutiny begins.
Certificate of Incorporation and latest MoA/AoA — to confirm entity type, objects, and any existing governance clauses
Latest audited financial statements — to assess Section 177(9) threshold applicability (paid-up capital, turnover, borrowings)
Listing status confirmation — listed, in the process of listing (DRHP filed), or unlisted — determines which frameworks are statutorily mandatory versus recommended
Existing Board-approved policies (if any) — for review, gap analysis, and update rather than drafting from a blank page
Shareholding pattern / cap table — to identify promoter, institutional investor, and significant shareholder relationships relevant to related party mapping
List of all directors, KMP, and their relatives (as defined under Section 2(77) of the Companies Act and applicable Rules)
List of group companies, subsidiaries, associates, and joint ventures — with shareholding and common-director details
Details of existing or anticipated transactions with any related party — intercompany loans, management fees, asset transfers, guarantees, leases
Details of any entity in which a director or KMP holds more than 2% shareholding, or is a director/manager/promoter
Copies of any existing related party agreements — for review of pricing methodology and Board approval history
List of proposed 'designated persons' — directors, KMP, and employees in finance, legal, strategy, or other functions with regular UPSI access
Details of any planned corporate actions in the near term — fundraising, M&A discussion, financial results timeline — relevant to trading window design
Existing employee handbook or code of conduct — to ensure consistency and avoid duplicated or conflicting obligations
Details of any SEBI-registered intermediaries (merchant banker, registrar, auditor) engaged, for coordination on UPSI-sharing protocols
Existing Audit Committee composition and terms of reference
Existing HR grievance redressal policy (if any) — to be distinguished from the Vigil Mechanism, which is a distinct statutory requirement
Details of the proposed reporting channel — email, dedicated portal, physical drop-box, or third-party ethics hotline
Confirmation of Audit Committee Chairman's contact details for the exceptional direct-access provision
Board meeting calendar and quorum details — to schedule the policy approval agenda item appropriately
Draft Board resolution language for each policy (PNPC prepares this as part of the engagement)
Company website access / web administrator contact — for listed companies requiring mandatory website disclosure of specific policies
Register of Directors' interest (Form MBP-1 filings to date) — reviewed for currency and completeness alongside the new framework rollout
Draft Red Herring Prospectus (DRHP) or listing timeline, if applicable — to sequence policy adoption ahead of the listing date
Merchant banker / lead manager contact details — for coordination on SEBI disclosure requirements tied to the IPO process
Stock exchange intimation format requirements (BSE/NSE) — for RPT Policy, Fair Disclosure Code, and Materiality Policy website disclosure
Existing Structured Digital Database (SDD) system details, if any — for gap assessment against the current PIT Regulations requirement
| Phase | Triggered By | PNPC CA Guidance | Risk If Ignored |
|---|---|---|---|
| Initial Policy Adoption | Institutional funding round, pre-IPO planning, or Section 177(9) threshold being crossed | Regulatory footprint assessment, related party mapping, drafting of Code of Conduct, RPT Policy, Whistle Blower Policy calibrated to actual entity type and scale, Board approval process management | Investor due diligence flags governance gaps; deal delayed or valuation impacted; Section 188 non-compliance on undocumented related party dealings |
| Designated Persons Rollout | Policy adopted; PIT Code applicable | Identification and formal notification of designated persons, trading window communication, pre-clearance form design, SDD implementation | Undocumented UPSI sharing exposes the company and individuals to SEBI action; designated persons trading without pre-clearance creates personal liability exposure |
| Ongoing Related Party Transactions | Any transaction with a related party — loan, service agreement, asset transfer, guarantee | Pre-transaction Board/Audit Committee approval per the RPT Policy, arm's-length pricing documentation, omnibus approval tracking for recurring transactions, shareholder approval where thresholds are crossed | Contract voidable at the Board's option under s188(3); director/promoter personally liable to indemnify company for loss; heightened scrutiny in subsequent audits and investor diligence |
| Annual Policy Review | Board/Audit Committee annual governance cycle | Review of policy effectiveness, update for regulatory amendments (PIT Regulations, LODR amendments), refresh of designated persons list, Board minuting of the review | Stale policy fails to reflect current regulatory text; a policy that has not been reviewed is itself a governance-rating and audit observation point |
| Whistle Blower Event | A genuine concern is raised through the Vigil Mechanism | Guidance on Audit Committee handling process, confidentiality protection, non-retaliation enforcement, and documentation of the investigation and outcome | Mishandled whistle-blower events create legal exposure (retaliation claims), reputational damage, and — for listed companies — potential SEBI/exchange scrutiny if the underlying concern relates to a disclosure lapse |
| Listing / IPO Transition | Company files DRHP and moves toward stock exchange listing | Upgrade of the entire policy suite to full LODR compliance — Materiality of Events Policy, Fair Disclosure Code, enhanced RPT thresholds, SDD audit-readiness, coordination with merchant banker on SEBI disclosure requirements | Incomplete or non-compliant governance framework at the time of listing delays SEBI clearance or creates post-listing compliance defaults from Day 1 of being a listed entity |
| Related Party Restructuring / M&A | Group restructuring, merger, or transaction involving common promoters/directors | Enhanced related party scrutiny, valuation and fairness opinion coordination, NCLT scheme documentation where applicable, RPT Policy application to the specific transaction | Restructuring without documented arm's-length pricing and proper approval invites minority shareholder or creditor challenge, and NCLT/regulatory objection to the scheme |
| Regulatory Amendment Response | SEBI amends PIT Regulations, LODR, or Companies Act rules change | Proactive monitoring of regulatory changes affecting adopted policies, drafting of amendments, re-approval by the Board, updated website disclosure where applicable | Operating under an outdated policy that no longer reflects current law is a compliance gap discoverable in the next statutory or secretarial audit |
What exactly is a 'Corporate Policy & Disclosure Framework' — is this one document or several?
It is a suite of distinct Board-approved policies, not a single document. The core components are: a Code of Conduct for Prevention of Insider Trading, a Code of Fair Disclosure of Unpublished Price Sensitive Information, a Related Party Transaction Policy, a Whistle Blower Policy (Vigil Mechanism), and — for listed companies — a Policy for Determination of Materiality of Events under LODR Regulation 30. Which of these are legally mandatory for your company depends on whether you are listed, unlisted public, or private, and on size thresholds under Section 177(9) of the Companies Act.
Is an insider trading policy mandatory for a private, unlisted company?
The formal Code of Conduct requirement under SEBI's PIT Regulations, 2015 applies to listed companies, market intermediaries, and certain fiduciaries — not to unlisted private companies as a direct statutory mandate. However, a private company that is fundraising with sophisticated institutional investors, preparing for an eventual IPO, or has employees and advisors with routine access to sensitive financial or strategic information often adopts an insider trading policy voluntarily — both as a governance best practice that investors expect, and to build the operational discipline needed before the company actually lists and the SEBI mandate becomes immediately applicable.
What is UPSI — Unpublished Price Sensitive Information — and why does the definition matter so much?
UPSI is any information relating to a company or its securities, directly or indirectly, that is not generally available and which upon becoming generally available is likely to materially affect the price of the securities. Under Regulation 2(1)(n) of the PIT Regulations, this specifically includes: financial results, dividends, change in capital structure, mergers/acquisitions/de-mergers/disposals, changes in key managerial personnel, and material events as specified under LODR. The definition matters because it triggers the entire insider trading framework — trading window closures, pre-clearance requirements, and the prohibition on communicating UPSI except for 'legitimate purposes.'
Who counts as a 'related party' for the purposes of Section 188 of the Companies Act?
Section 2(76) of the Companies Act 2013 defines related party broadly: a director or their relative; a KMP or their relative; a firm in which a director, manager, or their relative is a partner; a private company in which a director or manager is a member or director; a public company in which a director or manager is a director and holds along with relatives more than 2% of paid-up share capital; any body corporate whose Board, managing director, or manager is accustomed to act on the directions of the company's director or manager; any person under whose advice a director or manager is accustomed to act; a holding, subsidiary, or associate company; a subsidiary of a common holding company (fellow subsidiary); and directors or KMP of the holding company and their relatives.
Does every related party transaction need Board approval, or only large ones?
Every related party transaction requires Board approval under Section 188(1) of the Companies Act, regardless of value, unless it is entered in the ordinary course of business and at arm's length price — in which case Board approval alone (via the RPT policy's approval mechanism) generally suffices without further shareholder approval. Transactions exceeding prescribed thresholds under Rule 15 of the Companies (Meetings of Board and its Powers) Rules 2014 — which vary by transaction type (sale/purchase of goods, availing/rendering services, appointment to office of profit, leasing property, etc.) — additionally require prior approval by an ordinary resolution of shareholders, with related parties abstaining from voting.
What does 'arm's length' pricing actually mean, and how is it documented?
An arm's length transaction is one conducted as though the parties were unrelated and each acting in their own independent commercial interest, with no undue influence from the relationship. In practice, this is documented by benchmarking the pricing or terms against comparable third-party transactions (market rate for a lease, prevailing interest rate for an intercompany loan, standard commercial terms for a services agreement), and — where the transaction is significant or the benchmark is not straightforward — supporting the pricing with a CA or valuer's opinion. The RPT Policy should specify the documentation standard the company applies before certifying a transaction as arm's length.
What is an omnibus approval and why does it matter for companies with recurring related party transactions?
An omnibus approval allows the Audit Committee (or Board, where no Audit Committee exists) to pre-approve a category of recurring, similar-nature related party transactions in advance — for example, monthly management fee payments to a group company, or recurring raw material purchases from a related supplier — rather than requiring case-by-case approval for every individual instance. This is a practical necessity for companies with routine intercompany dealings. The omnibus approval must specify the maximum value, the nature of transactions covered, and is generally valid for a financial year, subject to periodic review.
Is a Whistle Blower Policy / Vigil Mechanism mandatory for our company?
Under Section 177(9) of the Companies Act 2013, a Vigil Mechanism is mandatory for: every listed company; companies that accept deposits from the public; and companies that have borrowed money from banks and public financial institutions in excess of ₹50 crore. For companies outside these categories, it is not a direct statutory mandate, but the SEBI LODR Regulations require it for all listed companies as part of continuous compliance, and it is widely regarded as governance best practice for any company with institutional investors or a professionalising Board.
What must a Vigil Mechanism actually provide for, beyond just 'having a policy'?
Rule 7 of the Companies (Meetings of Board and its Powers) Rules 2014 requires the Vigil Mechanism to: provide for adequate safeguards against victimisation of the whistle-blower; provide direct access to the Chairperson of the Audit Committee in exceptional cases; and be disclosed on the company's website (where a website is maintained) and in the Board's report. A policy document that does not genuinely implement these three elements — particularly the non-retaliation safeguard and the direct escalation path — does not meet the substantive requirement even if a document titled 'Whistle Blower Policy' exists on file.
What is the Structured Digital Database (SDD) requirement under the PIT Regulations?
Following the 2019 amendment to SEBI's PIT Regulations, every listed company, intermediary, and fiduciary is required to maintain a Structured Digital Database internally, capturing the names of persons with whom UPSI is shared, along with the Permanent Account Number or other identifier, the nature of UPSI shared, and the date on which it was shared. The SDD must have adequate internal controls and checks to ensure non-tampering, and must be preserved for a minimum period specified under the regulations (currently eight years, and preserved further if any litigation is pending).
What is a trading window, and when does it close?
A trading window is the period during which designated persons and their immediate relatives are permitted to trade in the company's securities. The PIT Code of Conduct specifies that the trading window closes when the compliance officer determines that a designated person or class of designated persons can reasonably be expected to have access to UPSI — for example, ahead of quarterly/annual financial results announcements, or during discussions on a material corporate action such as an M&A transaction, fundraise, or a significant management change. It reopens 48 hours after the UPSI becomes generally available.
Who should be the Compliance Officer for the insider trading policy?
Under the PIT Regulations, the listed company must designate a Compliance Officer — typically a senior officer, often the Company Secretary — reporting to the Board or the Board Committee, responsible for setting the trading window, pre-clearing designated persons' trades, maintaining the Structured Digital Database, and monitoring adherence to the Code. This should be a person with sufficient seniority and independence to enforce restrictions even against senior management and promoters, and the appointment should be formally recorded in Board minutes.
Can a designated person trade in company shares without pre-clearance if the trading window is open?
This depends on the threshold set in the company's own PIT Code — the regulations require companies to specify a value threshold above which pre-clearance is mandatory even during an open trading window (a common threshold used by many listed companies is trades exceeding ₹10 lakh in value over a specified period, though the exact figure is set by each company's Board-approved policy, not a fixed statutory number applicable to all companies). Below the company's specified threshold, pre-clearance may not be required, but designated persons remain bound by the general prohibition on trading while in possession of UPSI regardless of window status or value.
How does a Related Party Transaction Policy differ for a listed company versus an unlisted one?
For an unlisted company, the RPT Policy operationalises Section 188 of the Companies Act — Board approval, arm's-length assessment, and shareholder approval above Rule 15 thresholds. For a listed company, LODR Regulation 23 layers additional, more stringent requirements: mandatory Audit Committee (not just Board) approval for all RPTs, materially higher shareholder-approval thresholds tied to the company's consolidated turnover (with related parties abstaining from the shareholder vote), and mandatory half-yearly disclosure of RPTs to the stock exchanges in the prescribed format. The listed-company RPT Policy is a materially more detailed document.
What happens if a related party transaction is entered into without the required Board or shareholder approval?
Under Section 188(3) of the Companies Act, a related party contract entered into without Board or (where applicable) shareholder approval is voidable at the option of the Board, and if the contract is with a related party to a director, the director concerned is liable to indemnify the company against any loss incurred. Section 188(5) further provides that any director or employee who enters such a contract in contravention of the section is punishable with a fine — following the Companies (Amendment) Act, 2020, the earlier imprisonment provision for listed-company officers was removed as part of the decriminalisation of this offence, so the current penalty under Section 188(5) is a monetary fine only, for both listed and other companies. Ratification within three months of the transaction can regularise it in some cases, subject to the specific facts.
Does the Related Party Transaction Policy need to be disclosed publicly?
For listed companies, yes — LODR Regulation 23(1) requires the RPT Policy to be disclosed on the company's website, with the weblink provided in the Annual Report. Additionally, listed companies must disclose related party transactions in the specified format to stock exchanges on a half-yearly basis and in the financial statements as per applicable accounting standards (Ind AS 24). For unlisted companies, there is no equivalent public website disclosure mandate, though related party transactions and balances must still be disclosed in the notes to the financial statements under AS 18 / Ind AS 24 as applicable, and Form AOC-2 (particulars of contracts with related parties) must accompany the Board's Report every year.
What is Form MBP-1 and how often must directors file it?
Form MBP-1 is the notice of disclosure of interest or concern that every director must give to the company under Section 184(1) of the Companies Act — disclosing their shareholding, directorship, or interest in any other body corporate, firm, or association of individuals. It must be given at the first Board meeting in which the director participates after their appointment, at the first Board meeting of every financial year, and whenever there is a change in the disclosures previously made. It is filed with the company (not with MCA directly) and recorded in the company's records; it is not an MCA e-form.
What is the Policy for Determination of Materiality of Events, and why is it only for listed companies?
Under LODR Regulation 30, listed companies must disclose 'material' events or information to the stock exchanges — some events are deemed material automatically (Schedule III Part A, Para A), while others require the company to apply a Board-approved materiality policy to judge whether disclosure is triggered (Para B), based on omnibus criteria such as impact on turnover/net worth/profit thresholds, or whether the event would be regarded as material by a reasonable investor. This obligation exists specifically because listed company disclosures directly and immediately affect a publicly traded security's price — a concern that does not arise for unlisted companies, whose shares are not publicly traded.
Our company is not listed but we have a large institutional investor on our cap table. Do they expect these policies?
Very often, yes. Institutional investors — particularly at Series B and beyond, and certainly ahead of any pre-IPO round — routinely review a target company's governance framework during due diligence, and the absence of a documented related party policy, insider trading discipline, or whistle-blower mechanism is flagged as a governance gap, sometimes as a condition to closing or as a post-closing action item in the shareholders' agreement. Building these frameworks proactively, before an investor asks, signals governance maturity and can smooth the diligence process considerably.
How does PNPC price this engagement — is it a one-time fee or ongoing?
PNPC typically structures this as an initial engagement covering the regulatory footprint assessment, related party mapping, drafting of the applicable policy suite, and Board approval support — priced as a fixed, agreed fee confirmed in writing before work begins. Given that these policies require periodic review, amendment for regulatory changes, and (for listed companies) ongoing compliance officer support, many clients then move to an annual retainer that folds this into broader corporate secretarial and compliance services.
Can PNPC help identify who our related parties actually are — we're not entirely sure ourselves?
Yes — this is a core part of the engagement, not an assumption we work around. We review your shareholding pattern, Board composition, group company structure, and directors' other directorships and interests to build an actual related party map before drafting the policy. This exercise itself often surfaces relationships that founders had not consciously flagged as 'related party' in the legal sense — a cross-directorship with a vendor, or a director's spouse holding a stake in a supplier, for example.
What is the difference between the Code of Conduct for Insider Trading and the Code of Fair Disclosure?
These are two distinct, though related, requirements under the SEBI PIT Regulations. The Code of Conduct for Prevention of Insider Trading (Schedule B for listed companies, Schedule C for intermediaries/fiduciaries) governs how designated persons and connected persons handle UPSI internally — trading restrictions, pre-clearance, trading windows. The Code of Practices and Procedures for Fair Disclosure of UPSI (Regulation 8) is a separate, shorter set of principles governing how the company itself discloses UPSI to the outside world — requiring prompt, uniform, and universal dissemination rather than selective disclosure to analysts or specific investors. Both are mandatory for listed companies but address different audiences and risks.
What are 'connected persons' under the PIT Regulations, and how is this different from 'designated persons'?
'Connected person' is a broader regulatory concept under Regulation 2(1)(d) of the PIT Regulations — it includes anyone who is or has been associated with the company in any capacity, directly or indirectly, in a way that would reasonably be expected to give access to UPSI, including relatives of connected persons, and specifically includes categories such as auditors, accountancy firms, law firms, analysts, consultants, and bankers of the company. 'Designated persons' is a narrower, company-defined subset — the specific individuals (employees, directors, KMP) the company itself identifies as needing trading window restrictions and pre-clearance under its own Code of Conduct.
How does an ESOP grant or exercise interact with the insider trading policy?
ESOP grants and exercises to designated persons must be conducted with awareness of the trading window and UPSI status — while regulatory carve-outs exist for certain ESOP-related transactions under specific conditions in the PIT Regulations (such as exercise of options where the exercise price is pre-determined and does not involve a market trade at the time UPSI is held), the underlying acquisition or subsequent sale of shares obtained through ESOP exercise is not automatically exempt from insider trading restrictions if the individual is in possession of UPSI at the time of sale. The company's PIT Code should specifically address how ESOP-related transactions are treated.
Is a related party transaction policy required for a Section 8 (non-profit) company?
Section 188 of the Companies Act applies to companies generally, and a Section 8 company is a company under the Act, so the underlying related party approval discipline is relevant. In practice, however, Section 8 companies more often face related party scrutiny in the context of FCRA compliance, 12A/80G exemption conditions, and grant-funder due diligence — where a documented conflict-of-interest and related party policy is frequently a condition of institutional grant funding or CSR-linked funding, even where the exact SEBI/LODR-style framework built for commercial companies does not directly apply.
How does PNPC handle this for a group with both an Indian company and a UAE entity?
Cross-border group structures raise an additional related party dimension — transactions between the Indian company and its UAE affiliate (management fees, intercompany loans, cost-sharing arrangements) are related party transactions under Indian law and are also subject to India's transfer pricing rules under Section 92 of the Income-tax Act if they qualify as international transactions with associated enterprises, in addition to UAE Corporate Tax's own related party and connected person provisions under Federal Decree-Law No. 47 of 2022. PNPC's Chennai/Bangalore/Hyderabad and Dubai offices coordinate the RPT policy design and the transfer pricing documentation as a single, consistent engagement.
What is the difference between this and a general 'Code of Conduct' for employees?
A general employee Code of Conduct covers workplace behaviour, ethics, anti-harassment, and conflict-of-interest principles broadly — it is good HR practice but is not the same as the statutorily-specific Code of Conduct for Prevention of Insider Trading, which has a defined regulatory structure (designated persons, trading windows, pre-clearance, SDD) under the PIT Regulations. Companies sometimes believe a general ethics code satisfies the insider trading requirement — it does not. The two documents should coexist and cross-reference each other, but they serve legally distinct purposes.
Does the Board need to re-approve these policies every year, or only when something changes?
Good governance practice — and, for listed companies, the LODR framework's expectation of periodic review — is for the Audit Committee and Board to review these policies at least annually, even if no regulatory change has occurred, to confirm they remain fit for purpose given the company's current related party universe, designated persons list, and business activities. A formal re-approval resolution is not always required if the review concludes no amendment is needed, but the review itself, and the Board's consideration of it, should be minuted.
What happens during a SEBI inspection or investigation if our insider trading policy is found to be inadequate?
SEBI has wide powers under the SEBI Act and the PIT Regulations to investigate suspected violations, and an inadequate or non-functional Code of Conduct (one that exists on paper but was not actually implemented — no trading window enforcement, no SDD, no pre-clearance records) compounds the company's exposure if an actual insider trading violation is found, because it demonstrates a systemic governance failure rather than an isolated lapse. Penalties under Section 15G of the SEBI Act for insider trading violations can extend up to ₹25 crore or three times the profit made, whichever is higher, and can include disgorgement, debarment from the securities market, and criminal prosecution in serious cases.
Our company is about to cross the Section 177(9) borrowing threshold. What should we do first?
Once a company's aggregate borrowings from banks and public financial institutions exceed ₹50 crore, the Vigil Mechanism under Section 177(9) becomes mandatory, alongside the requirement to constitute an Audit Committee if one does not already exist (thresholds for mandatory Audit Committee constitution under Section 177(1) are assessed separately based on paid-up capital, turnover, and outstanding loans/borrowings/deposits). PNPC first confirms whether the Audit Committee constitution threshold has also been crossed, since the Vigil Mechanism is designed to operate through the Audit Committee, and sequences the two requirements together rather than addressing the Vigil Mechanism in isolation.
Can PNPC draft these policies for a company that already has existing (but outdated or generic) versions?
Yes — this is a common engagement type. PNPC reviews the existing policy suite against the current regulatory text, identifies gaps (outdated SDD provisions, missing omnibus approval mechanism, absent materiality thresholds, non-functional Vigil Mechanism escalation path), and either amends the existing documents or redrafts them where the gap is substantial enough that amendment is less efficient than a fresh draft calibrated to the company's current structure.
Does adopting these policies protect directors personally, or only the company?
Both, to a meaningful extent. A properly implemented related party transaction policy, with documented Board approval and arm's-length pricing analysis, is a director's primary evidence of having exercised due diligence and acted in the company's interest — relevant both to defending against a Section 188 indemnification claim and to the broader duty of care standard under Section 166 of the Companies Act. Similarly, a functioning insider trading compliance framework, with pre-clearance records showing a director sought and received approval before trading, is significant evidence in the director's favour if a trade is later scrutinised by SEBI, even though it does not create automatic immunity if UPSI possession is independently established.
| Feature | Downloaded Template | Generic Legal/CS Firm | PNPC Global |
|---|---|---|---|
| Regulatory footprint assessment | None — one template applied regardless of entity type or listing status | Basic — may not distinguish unlisted vs. listed thresholds precisely | Full assessment of listing status, Section 177(9) thresholds, and related party universe before any drafting begins |
| Related party mapping | Not performed — policy assumes you already know your related parties | Sometimes performed superficially | Structured mapping across directors, KMP, relatives, group companies, and 'accustomed to act' relationships |
| Regulatory currency | Frequently references pre-2019 PIT Regulations, missing SDD requirements | Varies by firm — may lag recent amendments | Drafted against current SEBI PIT Regulations, LODR text, and Companies Act provisions, with amendment tracking |
| Implementation support | None — document handed over, no rollout | Limited — drafting only in many engagements | Designated persons identification, SDD set-up guidance, trading window mechanism, staff briefing support |
| Cross-border coordination | Not addressed | Typically India-only | India-UAE related party and transfer pricing coordination from Chennai/Bangalore/Hyderabad and Dubai offices |
| Annual review | Not offered | Reactive — on request only | Built into the annual compliance calendar; proactive amendment on regulatory change |
| Section 188 / RPT documentation | Generic clause, no arm's-length methodology guidance | Policy drafted, benchmarking often left to the client | Arm's-length documentation standard and omnibus approval framework built into the policy itself |
| Listed-company LODR upgrade path | Not addressed | May require a separate re-engagement | Pre-IPO frameworks designed with the LODR upgrade path in mind from the outset |
What the PNPC package includes
- 01
Regulatory footprint assessment — listing status, Section 177(9) thresholds, applicable mandate confirmation
- 02
Related party mapping — directors, KMP, relatives, group companies, and indirect control relationships
- 03
Code of Conduct for Prevention of Insider Trading — drafted against current SEBI PIT Regulations including SDD provisions
- 04
Code of Fair Disclosure of UPSI — Regulation 8 compliant, for listed companies
- 05
Related Party Transaction Policy — Section 188 and (where applicable) LODR Regulation 23 compliant, with omnibus approval framework
- 06
Whistle Blower Policy / Vigil Mechanism — genuine non-retaliation and Audit Committee escalation provisions, not boilerplate
- 07
Policy for Determination of Materiality of Events — Regulation 30 LODR, calibrated with company-specific quantitative thresholds
- 08
Designated persons identification and formal notification support
- 09
Structured Digital Database (SDD) implementation guidance appropriate to company scale
- 10
Board approval process management — agenda, explanatory notes, resolution language
- 11
Website and stock exchange disclosure support for listed companies
- 12
Annual policy review built into the ongoing compliance calendar
- 13
Direct access to your engagement CA for ad hoc queries — trading window questions, new related party transactions, whistle-blower events
Speak with a PNPC Chartered Accountant before adopting — or before relying on — your company's governance policy framework. A policy that has not been calibrated to your actual regulatory footprint and related party universe protects no one when it is tested. We have built these frameworks for companies across India and the UAE since 1986, and we stay engaged long after the Board resolution is passed.