The Securities and Exchange Board of India (SEBI) has imposed a ₹1 lakh penalty on Link Intime India Pvt Ltd due to cybersecurity compliance failures that occurred before its merger with TSR Consultants Pvt Ltd. The penalty follows delays in addressing security vulnerabilities flagged in a mandatory audit.
TSR’s Cybersecurity Lapses and Delayed Compliance
TSR Consultants, a registered registrar to an issue and share transfer agent (RTA), underwent an inspection by SEBI from September 2022 to November 2023, with an additional review in February 2024. During these assessments, the regulator identified 62 cybersecurity vulnerabilities, including nine critical and seventeen high-risk issues.
As per SEBI guidelines, such security gaps must be resolved within three months, with formal compliance reports submitted. However, TSR missed this deadline, eventually submitting the required reports in June 2024—over a year after the initial findings were raised. SEBI classified this delay as a violation of its cybersecurity circulars issued in 2017 and 2022.
Merger With Link Intime and Disputed Liability
Following the merger of TSR Consultants into Link Intime India, the latter argued that it should not be held responsible for cybersecurity lapses that occurred before the amalgamation. However, SEBI rejected this defense, citing Clause 7 of the National Company Law Tribunal (NCLT)-approved merger scheme, which transferred all liabilities, obligations, and debts of TSR to Link Intime.
SEBI’s Final Order and Penalty Imposition
Considering that TSR ultimately submitted its overdue cybersecurity compliance reports in June 2024, SEBI deemed the violation non-critical but still imposed a ₹1 lakh penalty on Link Intime. The regulator also noted that TSR had a prior history of cybersecurity non-compliance, having faced penalties under SEBI’s Registrar to an Issue and Share Transfer Agents Regulations, 1993.
Also read: SEBI Fines Brightcom ₹34 Cr for Fraud
Reinforcing Cybersecurity Compliance for Financial Intermediaries
This regulatory action underlines SEBI’s strict enforcement of cybersecurity compliance within financial intermediaries. In an era where digital security is increasingly crucial to investor protection and market stability, SEBI continues to hold financial firms accountable for lapses in safeguarding sensitive data and IT infrastructure.
