The Securities and Exchange Board of India (SEBI) issued a circular dated March 4, 2026 prescribing detailed guidelines for custodians following amendments to the SEBI (Custodian) Regulations, 1996 notified on September 18, 2025. The circular specifies conditions regarding segregation of activities, outsourcing, vault requirements, governance obligations, risk management, technology infrastructure, business continuity planning, and reporting obligations. Custodians that are not banks or bank affiliates must conduct financial services within and outside SEBI’s regulatory purview through separate Strategic Business Units (SBUs) and maintain separate accounts while meeting net worth requirements excluding the SBU books. Custodians providing unregulated services must disclose this to clients and obtain acknowledgements regarding lack of SEBI grievance recourse. The circular also introduces governance committees, risk management frameworks, business continuity plans, and orderly wind-down mechanisms to protect investors. Additionally, certain reporting requirements to SEBI are discontinued to avoid duplication. Most provisions take effect March 24, 2026, with specific timelines for wind-down frameworks and disaster recovery infrastructure.
Securities and Exchange Board of India
Circular No. H0/19/(1)2025-AFD-FPICELUI/5928/2026 | Dated: March 04, 2026
To,
All Registered Custodians
Dear Sir/Madam,
Subject: Guidelines for Custodians
1. SEBI (Custodian) Regulations, 1996 (Custodian Regulations) were amended vide notification dated September 18, 2025. The amendment notification, inter alia, specified provisions related to net worth, rendering of financial services, obligations and responsibilities for Custodian. In this context, the specific conditions and modalities with respect to various provisions pertaining to Custodians are being prescribed by way of this Circular.
2. Segregation of activities
2.1. Regulation 9 (f) of Custodian Regulations specifies as under:
“9. The certificate granted to custodian shall be subject to the following conditions, namely:—
(a) …
(b) …
(f) besides providing custodial services, it may carry on any activity relating to rendering of financial services;
Provided that a custodian who is not a banking company as defined under the Banking Regulations Act, 1949 or a subsidiary/associate/joint venture of such banking company may render such financial services subject to conditions as may be specified by the Board.”
In this regard, the following is specified —
2.1.1. The list of activities relating to rendering of financial services that can be carried out by a Custodian, in terms of the certificate granted under the Custodian Regulations shall be specified through the Custodians and DDPs Standards Setting Forum (`CDSSF’), in consultation with SEBI.
2.1.2. Custodian (except which is a Bank or a subsidiary / associate / joint venture of a Bank) shall undertake financial services activities falling under the purview of SEBI and those outside the purview of SEBI through separate Strategic Business Units (SBU) respectively. The following safeguards shall be put in place by such Custodian:
i. Separate accounts shall be prepared and maintained for the SBUs on arms-length basis;
ii. Net worth criteria for Custodian shall be satisfied after excluding the books of the SBU./
2.1.3. Custodian (except which is a Bank or a subsidiary/ associate/ joint venture of a Bank) rendering unregulated financial services shall make appropriate disclosure to its clients to this effect. Such Custodian shall obtain an acknowledgement from the client that no recourse is available to them with SEBI for their grievances related to the services obtained by them with respect to such unregulated activities of the Custodian.
2.2. The requirements of clauses (i) and (ii) of Regulation 13 of Custodian Regulations shall not apply to a Custodian subject to such conditions as may be specified by SEBI. Accordingly, a Custodian may share manpower resources, infrastructure and systems across other financial services activities undertaken by it, subject to the following conditions:
‘In terms of Regulation 7(1) of SEBI (Custodian) Regulations, 1996, Custodian shall fulfill the net worth requirements under Custodian Regulations, separately and independently, of the capital adequacy requirements, if any, for each activity undertaken by it under the relevant regulations.
2.2.1. Custodian shall ensure that adequate controls and mechanisms, including chinese walls and adherence to ‘need to know’ principles, are in place to address issues of conflicts of interest.
2.2.2. Custodian shall continue to adhere to general guidelines as specified in SEBI Circular no. CIR/MIRSD/5/2013 dated August 27, 2013 for dealing with conflict of interest.
3. Outsourcing of Custodian Activities
3.1. In terms of SEBI Circular CIR/MIRSD/24/2011 dated 15 Dec 2011, the registered intermediaries including Custodians are allowed to outsource non-core activities. The Intermediaries, however, cannot outsource their core business activities and compliance functions.
3.2. For a harmonious interpretation and consistent approach amongst industry participants, CDSSF shall work out and adopt a list of core / non-core activities categorization, in consultation and with due approval from SEBI.
4. Specification of Vault with Custodian
4.1. Chapter III of SEBI’s Master Circular dated May 10, 2024 for Custodians (Custodian Master Circular) provides specifications of vaults with Custodians.
4.2. To facilitate ease of doing business for Custodians, provisions of the said Chapter III of the Custodian Master Circular stand replaced with the following:
4.2.1. If the Custodian is not holding any physical securities, there shall be no requirement of vaults.
4.2.2. If the Custodian holds physical securities, it shall comply with the requirement of having vault. Subject to full disclosure and taking informed consent from client, physical securities may be held in the vault/safe or equivalent storage with features that may be harmoniously adopted by the industry through the CDSSF, in consultation with SEBI.
4.2.3. Custodian shall submit the specifications of its vault along with its size as part of its quarterly report.
5. Obligations and Responsibilities
In order to further strengthen the compliance and governance framework for Custodians, SEBI vide Gazette notification dated September 18, 2025, inter alia, inserted Regulation 19B in the Custodian Regulations, mandating certain obligations and responsibilities. Accordingly, the following are specified:
5.1. Governance structure and processes:
Governance structure
5.1.1. Custodian shall have committees of Board of Directors (BoD) or analogous body or committee appointed/delegated by such body, such as Audit Committee, Nomination and Remuneration Committee (as applicable), Risk Management Committee or equivalent thereof and any other Committee as mandated by SEBI from time to time.
5.1.2. Custodian which is a bank or subsidiary/ associate/ joint venture of a bank, may not be required to formulate separate specific committees for custody business/function and may rely on the bank wide or organization wide policies, committees, governance structures that apply across all functions of the bank, including the custodian business. However, where Custodian Regulations prescribe any additional requirements, the Custodian shall ensure that such requirements are appropriately incorporated within the relevant bank wide policies or through supplementary procedures, as necessary.
5.1.3. The committees, governance structure of Custodian entity (except which is a Bank or a subsidiary/ associate/ joint venture of a Bank), set up for custody business, may also oversee / supervise other financial services provided by the entity.
Governance processes
5.1.4. The BoD or analogous body or committee appointed/delegated by such body of the Custodian shall exercise oversight over incidents/vulnerabilities having an impact on functioning of the Custodian in the securities market and investor protection including data security breaches that can affect investor data.
5.1.5. The Chief Financial Officer (CFO) or analogous person of the Custodian shall submit to the audit committee or analogous body or committee appointed/delegated by the BoD, details in respect of financial status of the entity, and to the extent it relates to the custodian activity, disclosure of any related party transactions, inter-corporate loans and investments, internal financial controls and risk management systems, compliance with listing and other legal requirements relating to financial statements, adherence to regulatory provisions etc.
5.1.6. Custodian shall keep record of observations of the said committees as mentioned at Para 5.1.1, corrective action taken by the Custodian and measures taken to prevent recurrence of such incidents.
5.1.7. Custodian (except which is a Bank or a subsidiary/ associate/ joint venture of a Bank) shall, before appointing directors, Key Managerial Personnel (KMP), consult the Nomination and Remuneration Committee with regard to their appointment, tenure and remuneration.
5.2. Risk Management Policy and Processes:
5.2.1. Custodian shall devise a clear and a well-documented risk management policy which encompasses all relevant risks that may have to be borne for custodian activities such as operational risk, legal risk, risks such as mis-utilization of clients’ sensitive information, etc., after taking inputs from Risk Management Committee.
5.2.2. Custodian may, however, rely on entity/group level risk management policy that cover the relevant risks pertaining to custody operations.
5.2.3. Such risk management policy shall:
i. strive to address the root cause of the risks and try to prevent recurrence of such risks;
ii. enable early identification and prevention of risk;
iii. assess the likely impact of a probable risk event on various aspects of the functioning of the Custodian such as impact on clients, impact on other stakeholders in the market, financial loss to the Custodian, reputational loss etc. and lay down measures to minimize the impact of such event.
5.2.4. The risk management framework shall have measures for Suspicious Transaction Reporting (STR) to Financial Intelligence Unit (FIU) and monitoring alerts from the Depositories.
Ensuring Integrity of Operations
5.2.5. Custodian shall maintain adequate human resources, systems, processes and procedures for seamless running of operations and protection of investor data.
5.2.6. A senior level officer shall be designated as responsible for overall risk management associated with functioning of the Custodian.
5.2.7. Custodian shall employ adequate tools to strive to automate the process of risk management, reporting and compliance.
5.2.8. The risk management policy shall be reviewed on yearly basis or on ad-hoc basis in case of material changes by the Custodian.
5.3. Scalable infrastructure and appropriate technical capacity:
5.3.1. Custodian (except which is a Bank or a subsidiary/ associate/ joint venture of a Bank) shall put in place a policy framework, approved by its IT Committee or analogous committee, for upgradation of infrastructure and technology from time to time to ensure smooth functioning and scalability for delivering services to investors at all Securities and ‘Exchange Board of India times. Such framework shall be reviewed on yearly basis or on ad-hoc basis in case of material changes.
5.3.2. Custodian shall, at all times, maintain adequate capacity of critical custody system to ensure ability to process 1.2 times the average transaction load encountered during the preceding year and shall also fulfill all other requirements as specified by SEBI from time to time, in this regard.
5.4. Framework for orderly winding down/ Contingency planning:
5.4.1. In case of closure of business of Custodian due to inability to provide services to clients or meet prescribed regulatory requirements, continuity of services to clients is critical. For this purpose, Custodian shall put in place a framework for orderly wind down of its business. Such wind-down framework shall encompass the following:
i. Seamless portability of its clients to other SEBI registered Custodians while protecting the funds and securities of such clients;
ii. Providing all necessary support to the clients to ensure a smooth and secure transfer process;
iii. Providing adequate notice to the clients before winding down of the operations; and
iv. Preventing any significant impact on the market and inconvenience to the investors.
5.4.2. In case of wind down due to regulatory action, erosion of net worth of the Custodian etc., such wind down of operations shall be implemented under the supervision of SEBI/Mils.
5.5. Business Continuity Plan:
5.5.1. Custodian shall put in place a comprehensive Business Continuity Plan (BCP). Such policy shall be reviewed on yearly basis or within three months of material change to minimize the incidents affecting business continuity.
5.5.2. Custodian shall develop and document mechanisms and standard operating procedures (SOP) to recover operations from Disaster Recovery Site (DRS) of Custodian. A suitable framework shall be put in place to constantly monitor health and performance of critical custody systems in the normal course of business.
5.5.3. The BoD or analogous body or committee appointed/delegated by such body of the Custodian shall review the implementation of the BCP and SOP on Disaster Recovery (DR) on atleast yearly basis or on ad-hoc basis in case of material changes.
5.5.4. The DRS for custody systems shall preferably be set up in different seismic zones. In case, due to any reasons like operational constraints, such a geographic separation is not possible, then the Primary Data Centre (PDC) and DRS shall be separated from each other by a distance of at least 250 kilometers, or the DRS shall be designed and constructed to meet the resilience requirements of a higher seismic zone vis-a-vis the PDC, to ensure that both of them do not get affected by the same natural disaster. The DR site shall be made accessible from PDC to ensure syncing of data across two sites.
5.5.5. Hardware, system software, application environment, network and security devices and associated application environments of DRS and PDC shall have one-to-one correspondence between them. Adequate resources shall be made available at all times to handle operations at PDC or DRS.
5.5.6. Custodian shall conduct DR drills from DR site. DR drills shall include running all critical operations from DRS for at least 1 working day in a year.
5.5.7. The Auditor, while covering the BCP-DR as a part of mandated annual Audit, shall check the preparedness of the Custodian to shift its operations from PDC to DRS and also comment on documented results and observations on DR drills conducted by the Custodian. The Auditor shall also check whether the DRS is designed and constructed to meet the resilience requirements of a higher seismic zone vis-a-vis the PDC, as applicable, as specified in Para 5.5.4 above.
6. Review of reporting requirements
6.1. Custodian Master Circular has, inter alia, specified various reporting requirements for Custodians under Chapter IV of the Custodian Master Circular.
6.2. As Custodians already report the data to NSDL and CDSL, with a view to facilitate ease of doing business for the Custodians through removal of duplicate reporting requirement, it has been decided that the following reports to SEBI shall be discontinued: –
6.2.1. Report on fortnightly basis to submit ISIN wise AUC details of Flpls
6.2.2. Report on category-wise AUC data for all clients viz. FPI, FDI, MF, etc.
6.2.3. Report on category-wise AUC data for Flpls
6.2.4. Report on country-wise AUC data for Flpls
6.2.5. Report on change of Custodian details during the month
Applicability
7. The provisions of this Circular, except for the following, shall come into force with effect from March 24, 2026.
7.1. The framework for orderly wind down, in terms of provisions of Para 5.4.1 of this Circular, shall be put in place on or before September 23, 2026.
7.2. In view of the capacity planning and resource allocation involved in establishing a data centre, DRS shall be set up in compliance with the directions at Para 5.5.4 of this Circular on or before March 23, 2029.
Securities and ‘Exchange Board of India
8. This Circular is issued in exercise of the powers conferred under Section 11(1) of the Securities and Exchange Board of India Act, 1992 read with Regulations 9(f), 13 and 19B of SEBI (Custodian) Regulations, 1996 to protect the interest of investors in securities and to promote the development of, and to regulate the securities market.
9. This Circular is available at sebi.gov.in under the link “Legal —Circulars”.
Yours faithfully,
Siddharth K Dachalwal
Deputy General Manager
Tel No.: 022 – 26449123
E-mail: siddharthkdasebi.00v.in
