• Audit Trails are maintained for both systems as well as application process by user activities and applications.
• The series of records of computer events about the operating systems. The applications and the user activities. The different audit trails are required to be maintained and audit trails provides information about computer systems and helps to audit of the computer system.
• The audit trails is used to establish individual accountability which has helped the user proper behavior.
• Any events to circumvent security policy will be revealed immediately and the appropriate actions are taken immediately.
• Any specific problem is always investigated by use of audit trails and system activity to find out what exactly happens.
• The event is reconstructed at appropriate level and it is analyzed to find any misuse or mischief created by any user and also to prevent unauthorized use of the system and the network on real time basis. It has also helped the virus attack and it has prevented the unacceptable system performance. The identification process immediately detects the unauthorized access was attempted and resultant damaged is assessed and controls which were attacked.
• System maintains several audit trails on concurrent basis which are recorded and saved.
• Further such records are reviewed on regular basis which also includes keystroke monitoring. These logs are preserved in the system.
• The review of audit trails has been utilize to find tune the system performance and to avoid any flow violations of security policy committed in application, this helps the misuse of the system by any individual user and all users remains accountable.
• The audit trails also examine the access control and its violation.
• The record of email application logs and its logs prevents the data pilferage the appropriate action after establishing the misuse and attempt of accessing the data in unauthorized way.
• System administrator is required to record the logs of user activities. The sensitive server applications and accessing the network is required to examine regularly.
• The attempts of log-in and unsuccessful log in are been checked.
• Application level audit trails are monitored and records are been maintained to examine the confidential information is not available to any unauthorized user.
• User audit trails the commands directly initiated by the user and also any unauthorized attempts and files and resources access any attempt to delete the log is viewed and noted very seriously.
• There is this audit logs are preserved for minimum 1 year and they are not available for review, access or monitor by anyone other than CEO or system administrator they are confidentially preserved.
• The audit trails are reviewed after any events or any software malfunctioning.
• The periodic review of audit trail data is being carried out by system administrator and under directions from CEO.

• In order to manage the unforeseen disaster and to come out of the ill effects of the same with least damages to business, business continuity plan (BCP ) and Disaster Recovery Plan ( DRP ) have been in place. Now it becomes a master document for the company to see through the ill facade of business uncertainty.
• These two master plans, which are put into use complement each other and through our organization's constant review of business and system processes, the plans shall get updated commensurate with the size of business and its growth. The plan has been arrived at after making detailed risk evaluation of the location(s) where from the businesses are operated.
• MOTTO: Contingency plans stated both, as part of BCP & DRP is active and fault-free. The plans relating to minor or routine electronic or communication failures are dealt with as part and parcel of Business Continuity Plan while contingency plan for the organization for severe calamites like Earthquake, Flood, Fire or any other natural or man made disaster are dealt with under DRP Plan.

Objective of Surveillance

• Business Process Continuity ensuring desired level of efficiency
• Continuity of Business Data integrity & confidentiality
• Data Security
• Speedy retrieval of data and other operational aspects.

Areas of Surveillance

• Physical Surveillance of IT assets
  • 24-hour building security guard
  • Maintain proper location of system so that unauthorized access by third parties does not happen
  • Ensure proper physical lock of main gate and server room and restrict admission into server room to employees not entrusted with server room management tasks
  • Improve systems through in-house maintenance
  • Always ensure that third-party vendors are accompanied in the server room and their activities are monitored
• Connectivity
  • Two alternative sites are available for connectivity in case the primary connection fails
  • Branches connect via NOW or dedicated leased lines; local branches may use dial-up (ISDN/PSTN) and broadband
• Data
  • ODIN Manager and Database Server backup is taken
  • Backup schedule is maintained
  • ODIN database backup process is defined
  • Backup plan covers required systems and databases
  • Daily database backup report is maintained and signed by the backup owner and verifier (implementation stage)
  • Database restore process with screenshots and step-by-step manual is maintained under DR documentation
• User responsibility & accountability
  • Password policies and standards are defined and followed as per exchange regulations and circulars
  • User management norms are defined and followed as per exchange regulations and circulars
• Change Control Management
  • Change Request Forms (CRF) are maintained for all software change requests submitted to vendors
  • System Administrator maintains records of versions and patches for OS and applications at:
    • HO
    • Branch
    • Retail Clients
• Maintenance and upgradation of hardware and software
  • UPS, batteries, and generator sets are verified quarterly
  • Staff are warned not to place inflammable items near electrical systems
  • Environment is kept dust-free
  • Emergency call list is maintained
  • Physical access is restricted to authorized employees only
  • Entry to server room will be secured using electronic identification (smart cards)
  • Fire safety equipment is installed to safeguard against fire hazards
• Preparation, Maintenance and Revision of documentation
  • Documentation is maintained for day begin processes, data restore, data backup, and email escalation procedures
• Escalation Process shall be practiced in the following order
  • Day Begin or Day End failure
  • Other system process failures
• Business processes are performed strictly in adherence to policies and procedures defined by authorities and exchanges and updated as per circulars and directives before deadlines
• Business process contingency
  • Two internet lines are available for online trading
  • In case of connectivity failure, clients are assisted to switch to the alternate line
  • ODIN registry files are available on FTP for clients
  • Clients can download registry files and continue trading without disruption
  • Antivirus and firewalls are updated online
• Critical Processes Management
  • Server startup process documentation with screenshots and step-by-step instructions is maintained in manual format

Surveillance

• Preventive
  • Daily start-up process status report is monitored.
• Detective
  • All server event viewer monitoring is done on a daily basis.
• Corrective
  • Clients are guided through menus by helpdesk staff to ensure smooth, uninterrupted program operation. Helpdesk staff are allotted specific support tasks based on job domain. Customer complaints received by phone or email are monitored as per the escalation procedure and communicated through circulars or email.
• Plan Drill
  • Backup restore plan is tested regularly.
  • Backup connectivity is tested every month.
  • Management conducts surprise visits to IT locations to ensure no unauthorized access to IT setup.
  • Loose data cables and electrical wires are closely monitored.
  • The entire plan is reviewed regularly and updated as processes and documentation change.
• Capacity Management
  • Hardware performance is closely monitored. CPU usage is capped around 50%. Hardware is upgraded when usage exceeds 50% for sustained periods. Servers, routers, and switches are properly racked with controlled access and air-conditioned capacity.
  • Hardware performance is continuously monitored and unserviceable hardware is replaced regularly.
  • Hardware capability and capacity are reviewed against growth plans and current activity volumes, with upgrades done accordingly.
• Risk Management (Policy Document)
  • ODIN is used as front-end and NEAT wherever required. Both provide controllable risk parameters.
  • Real-time risk management software with defined parameters is installed and provided by an external vendor with proven implementation.
  • Risk parameters are defined by the Chairman & Managing Director and the Head Office risk management team. Executive personnel are not authorized to change these parameters.
  • Trading activity is continuously monitored. Alerts and warnings are issued to constituents immediately and corrective actions are taken.
  • Branches are strictly monitored using day-end reports. Required corrections in risk parameters are applied before day end.
  • Trading activity of major clients is reviewed regularly to mitigate risk of bad debts or irregular activity.

Business Continuity Plan

• We have ensured to create mirror image of entire setup for business contingencies and continuity plan to avoid any hazards at two different locations.
• We have planned growth for ensuing years to meet the growth requirement, the monitoring, re-structuring, re-defining the network requirement, hardware requirements and software requirements is being done continuously in consultation with in house IT teams sitting at both the location and outside IT experts.
• We have created appropriate hierarchy of management personnel and executives by providing appropriate training and giving right kind of exposure. We continuously focus our attention on training and development of Human Resources with us. We also ensure that the entire team of company remains positive and willing and able workforce for company by organizing several events time and again of their interests. We also have created business organization required for sincere needs with reference to the envisaged growth and sourcing or equipping our selves by hiring outside experts either on full time basis or on retainer basis to ensure that business continue in all circumstances.
• We keep vigil on market movements and hire expert advice on market movements and safeguard everyone including our branches and clients to ensure to keep manageable exposure to the market in the event market may go against their respective positions.
• We have always remained most competitive in offering our services to our clients and have kept vigil on market development in brokerage and depository service charges. We provide value added services like 'SPEED-e', Investment Advice and assistance to resolve their grievances on any investment issue, Internet Trading, Portfolio Management Advise at free of cost to remain competitive.

Disaster Recovery Plan

1. Preamble
   • This plan is to be known by the short name DRP.
   • This plan document is the only approved document that replaces/overrules all past instructions issued by various officials in so far as they conflict with the present plan.
   • If and when NSE/BSE/MCDX/NCDEX issues any instruction to the broking member with reference to this plan and if the same conflicts with the laid down plan, then the Exchange or statutory authority rule shall be binding and the DRP plan shall be modified accordingly.
2. Plan Follow-up Yardstick
   • Plan In Place
   • Action Plan to be implemented
   • Plan for follow-up and surveillance
3. Plan
   1. The Plan in Place
      1. The Broker has initiated DRP since inception of the broking business.
      2. Standard office layout plans address physical access risks and unforeseen disasters.
      3. Central DRP Team consists of designated members.
      4. Each Branch Head coordinates with the Central DRP Team during crisis.
      5. Branch In-Charges are informed of DRP tasks by Central DRP Team.
      6. HOD System coordinates crisis management with internal and external teams.
      7. Mock trading sessions are conducted on the backup server.
      8. Emergency contact numbers are displayed at HO.
      9. No-smoking policy is enforced at HO and branches.
      10. Insurance details are maintained at HO and branches.
      11. Daily online backup of branch critical data to HO.
      12. Policy for preservation of old data is in place.
      13. Media backups are stored off-site.
      14. UPS load testing is conducted periodically.
      15. No recent water damage observed at HO floors.
      16. No water or drain pipes pass through system rooms.
      17. Emergency passwords stored securely off-site.
      18. Password secrecy policy enforced.
      19. No recent disasters at HO or branches.
      20. No proximity to hazardous material centers.
      21. No contamination from surroundings.
      22. Area not affected by civil disturbances.
      23. Computer room cleaning done regularly.
      24. Roof condition is sound.
      25. Electrical cabling is safe.
      26. Network cabling separated from power lines.
      27. Proper drainage system in building.
      28. Surge protection devices installed.
      29. Three-phase power distribution maintained.
      30. Overloaded outlets are periodically checked.
      31. Server room access is strictly controlled.
      32. Physical security during off-hours is satisfactory.
   2. Action Plan to be Implemented
      1. Emergency contact numbers to be displayed at branches.
      2. Branches to ensure UPS backup or standby generator.
      3. Evaluate fire suppression requirements.
      4. Ensure backup communication lines between HO and branches.
   3. Plan for Follow-up and Surveillance
      1. Monthly branch risk assessment and reporting to Central DRP Team.
      2. Second-level verification of critical data and reports.
      3. Disaster drills every six months.
      4. Ensure UPS backup or standby generator capacity.

Information Security Policy

• We have introduced the physical controls at server room, back office room by not permitting any unauthorized entry physically.
• No visitor is allowed in this area without prior approval and they are not allowed to carry any laptops, pen drives, floppies, cds etc., inside the secured areas.
• All employees are not allowed to carry any information in any form from the office while leaving the office. No direct access to Internet is provided to anyone other than authorized persons. All the computers are controlled, their activities are frequently viewed by senior officials time and again to ensure that no pilferage of any sensitive information.
• No third party vendors, contractors are permitted in restricted zone. Any meetings with this person if required are held at non secured zone office at the front office.
• Physical controls of office premises and facilities Physical security guard stationed at the entry point guards the office. No unauthorized entry is permitted. Suitable locking arrangements are maintained
• The keys remain with senior most directors of the Company. For alternative arrangement, the set of keys are kept at a secured place in vicinity of the office.
• Protecting against external environmental risks We have created earthquake proof structure at office premises.
• The Zero level is raised much higher than the ground level to ensure to avoid the damage due to floods.
• No open or vacant area is left in the office.
• Photographic video, audio or any recording equipments like cameras in mobile devices are not permitted inside the secured area. Even employees are not allowed to carry their mobile phones with camera to have full proof physical security of sensitive information.
• We have also ensured to discard all unused or unserviceable equipments, Records, papers not required are destroyed to avoid the unnecessary piling up of unused materials to avoid the dust, fire, explosion, vibration, chemical, electrical damage.

Information Security policy and Network Security Policy

• Purpose The purpose of this policy is to out line acceptable use of computer equipment at company. These rules are in place to protect the entire company's team and company. In appropriate use expose risks including virus attack, compromise of network system and service and legal issues The Scope This policy covers employees,contracters,consultants, and temporaries including all personnel affiliated with third parties. This policy applies to all equipment that is owned or leased leased by company.
• Policy
  • The legitimate use of network and reasonable level of privacy is ensured.
  • Employees are responsible for exercising good judgment regarding the reasonableness of personal use.
  • This policy recommends that any information that is considered sensitive is Encrypted.
  • Regular Audit of network system is done on periodic basis to ensure the Compliance of this policy.
• All employees are not allowed to carry any information in any form from the office while leaving the office. No direct access to Internet is provided to anyone other than authorized persons. All the computers are controlled, their activities are frequently viewed by senior officials time and again to ensure that no pilferage of any sensitive information.
• No third party vendors, contractors are permitted in restricted zone. Any meetings with this person if required are held at non secured zone office at the front office.
• Physical controls of office premises and facilities Physical security guard stationed at the entry point guards the office. No unauthorized entry is permitted. Suitable locking arrangements are maintained
• The keys remain with senior most directors of the Company. For alternative arrangement, the set of keys are kept at a secured place in vicinity of the office.
• Protecting against external environmental risks We have created earthquake proof structure at office premises.
• The Zero level is raised much higher than the ground level to ensure to avoid the damage due to floods.
• No open or vacant area is left in the office.
• Photographic video, audio or any recording equipments like cameras in mobile devices are not permitted inside the secured area. Even employees are not allowed to carry their mobile phones with camera to have full proof physical security of sensitive information.
• We have also ensured to discard all unused or unserviceable equipments, Records, papers not required are destroyed to avoid the unnecessary piling up of unused materials to avoid the dust, fire, explosion, vibration, chemical, electrical damage.

Security and proprietary information

• The interface for information contained on Internet/Intranet/Extranet-related system should be classified as either confidential or not confidential, defined by corporate confidentiality guideline, detail of which can be found in Human Resources policies. Examples of confidential information include but are not limited to: company private, corporate strategies, competitor
  • Sensitive, trades secret, specifications, customer lists, And research data. Employees should take all necessary steps to prevent unauthorized access to this information.
  • keep password secure and do not share accounts. Authorized users are responsible for the security of their password and accounts. System level password should be changed quarterly, user level password should be changed every six month.
  • All PCs,laptop and workstations should be secured with a password protected screensaver with the automatic activation feature set at 10 minutes or less, or by logging off (control-alt-delet for win2k users) when host will be unattended.
  • Use encryption of information in compliance with this policy's Acceptable Encryption use policy.
  • Because information contained on portable computers is especially vulnerable, special care should be exercised Protect laptop in accordance with "Laptop Security Tips"
  • Postings by employees from a company email addresses to newsgroups should contain a disclaimer stating that the opinions expressed are strictly their own and not necessarily those of company, unless posting is in the course of business duties.
  • All hosts used by the employee that are connected to the company securities pvt ltd. Internet/Intranet/Extranet. Owned by company shall be continually executing approved virus scanning software with a current virus database. Unless overridden by departmental or group policy.
  • Employees must use extreme caution when opening e-mail attachments received from unknown senders, which may contain viruses, e-mail bombs, or Trojan horse code.

Unacceptable Use

• The following activities are, in general, prohibited. Employees may be exempted from these restrictions during the course of their legitimate job responsibilities (e.g. systems administration staff may have a need to disable the network access of a host if that host is disrupting production services)
• Under no circumstances is an employee of company authorized to engage in any activity that is illegal under local, state, federal or international law while utilizing company's owned resources. The lists below are by no means exhaustive, but attempt to provide a framework for activities which fall into the category of unacceptable use.

System and Network Activities

• The following activities are strictly prohibited, with no exceptions:
  • Violations of the rights of any person or company protected by copyright, trade secret, patent, or other intellectual property or similar laws or regulations, including but not limited to the installation or distribution of pirated or other software products that are not appropriately licensed for use by the company.
  • Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books, or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which the company or the end user does not have an active license is strictly prohibited.
  • Exporting software, technical information, encryption software, or technology in violation of international or regional export control laws is illegal. Appropriate management must be consulted prior to the export of any material that is in question.
  • Introduction of malicious programs into the network or server, such as viruses, worms, Trojan horses, email bombs, etc.
  • Revealing your account password to others or allowing use of your account by others. This includes family and other household members when work is being done at home.
  • Making fraudulent offers of products, items, or services originating from any company account.
  • Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the employee is not an intended recipient or logging into a server or account that the employee is not expressly authorized to access unless these duties are within the scope of regular duties. For the purposes of this section, disruption includes, but is not limited to, network sniffing, ping floods, packet spoofing, denial of service, and forged routing information for malicious purposes.
  • Port scanning or security scanning is expressly prohibited unless prior notification and approval as per this policy is obtained.
  • Executing any form of network monitoring that intercepts data not intended for the employee's host unless this activity is part of the employee's normal job duties.
  • Circumventing user authentication or security of any host, network, or account.
  • Interfering with or denying service to any user other than the employee's host, such as denial of service attacks.
  • Using any program, script, or command, or sending messages of any kind with the intent to interfere with or disable a user's terminal session by any means, locally or via the Internet, Intranet, or Extranet.
  • Providing information about or lists of company employees to parties outside the company.

Email and Communication Activities

• Sending unsolicited email messages, including the sending of "junk mail" or other advertising material to individuals who did not specifically request such material ( email spam)
• Any form of harassment via email, telephone or paging, whether through language, frequency, or size of messages.
• Unauthorized use, or forging, of email headers information.
• Solicitation of email for any other email addresses, other than that of the poster's account, with the intent to harass or to collect replies.
• Use of unsolicited email originating from within company networks of other Internet/Intranet/Extranet service providers on behalf of, or to advertise, any service hosted by company , or connected via company's network.
• Posting the same or similar non-business-related messages to large numbers of Usenet newsgroups(newsgroup Spam)

Enforcement

• Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. We have introduced the physical controls at server room, back office room by not permitting any unauthorized entry physically.
• No visitor is allowed in this area without prior approval and they are not allowed to carry any laptops, pen drives, floppies, cds etc. inside the secured areas.
• All employees are not allowed to carry any information in any form from the office while leaving the office. No direct access to Internet is provided to anyone other than authorized persons. All the computers are controlled, their activities are frequently viewed by senior officials time and again to ensure that no pilferage of any sensitive information.
• No third party vendors, contractors are permitted in restricted zone. Any meeting with this person if required are held at non secured zone office at the front office.

Physical controls of office premises and facilities

• Physical security guard stationed at the entry point guards the office. No unauthorized entry is permitted. Suitable locking arrangements are maintained.
• The keys remain with senior most directors of the Company. For alternative arrangement, the set of keys are kept at a secured place in vicinity of the office.

Protecting against external environment risks

• We have created earthquake proof structure at office premises.
• The Zero level is raised much higher than the ground level to ensure to avoid damage due to floods.v No open or vacant area is left in the office.
• Photographic video, audio or any recording equipments like cameras in mobile devices are not permitted inside the secured area. Even employees are not allowed to carry their mobile phones with camera to have full proof physical security of sensitive information.
• We have also ensured to discard all unused ot unserviceable equipments, records, papers not required are destroyed to avoid the unnecessary piling up of unused materials to avoid the dust, fire, explosion, vibration, chemical, electrical damage.

• Closures of client account and dormant accounts
• In case client has not used his account for a period exceeding 12 months, his account shall be In Activated, freezed for further trading and his account shall be reactivated only after proper recording of reason for such non use in writing, after taking reactivation form along with all the required proof in support and after performing IPV (In Person Verification) of such clients.
• Any Client's account would be closed on the basis of closure request received from that client either on the basis of account closure forms received or on the basis of closure request received from that particular client's registered e-mail address maintained in our records. Any accounts where there is no trading activity over two years and having no significant balance or uncleared debit balance with no activities more than or equal to 6 months, such clients would be served with an advance notice of 30 days through e-mail on their registered e-mail address maintained in our records to close their account by submitting account closure forms and in absence of the same, accounts (trading and demat) of such clients would be closed by us on expiration of 30 days notice period and the balance amount on those account would be transferred to Kasar account or any other account as decided by the management of the company from time to time.

• Procedures and policies followed by the company
• We are following the procedure for different areas of operations as under:
• This procedure has been explained to all concerned, dealing officials and no deviations are permitted at their level if any deviations required they have to obtain approval from the director.

• Registration and documentation and updations
  The branches/ sub brokers given duly stamped empty client agreement forms similarly at head office stamped empty KYC forms are kept ready. As and when the client approaches for account opening the due diligence of the client is carried out by the director at head office and by the branch head/ sub broker at their offices.
  
  The required copies of documents like PAN Number, address proof and bank details DP details etc. are collected and verified with original and originals are returned back to the respective clients. PAN number is verified from Income Tax web site.
  
  The action taken report data is checked before activating the client. Further in person verification is carried out by concern officials mentioned above. The client is made to understand risk in dealing in capital market during in person verification.
  
  Then only the client is activated in UCC and concern client is informed about the Client ID and make to understand the risk dealing in the capital market.
  
  Any up-dations in address, bank details, DP details etc. the dealing officials collect the proof and verifies with originals and update in back office and this papers are kept with respective KYCs.
  
  All KYCs are stored client code wise Branch wise / sub broker wise and easily accessible.
  
  No client is entertained if he walks in for client registration. We verify the financial details from his bank account and copy of latest income tax return.
  
  We have adopted the concept of maker and checker while dealing with KYC in order to avoid any mistakes.
  
  The copy of client registration form is given to the client and acknowledgement is obtained. We do not offer any promotional schemes nor offer any thing free to the clients. We do not out source client registration work.
  
  Total numbers of active clients are 5500
• Sales Policies followed by the member
  We do not have the sales personnel or relation ship managers as such and we do not induce any client to trade nor do we give our views about market movements. We also do not provide any market tips. All trades exclusively occurred at the instances of the clients. Whenever we decide to consider for opening any new branches or accepting any new sub broker details market survey is conducted and complete due diligence of sub broker is carried out.
• Closures of client account and dormant accounts
  Any clients who has not traded over six month and have zero balance or insignificant debit or credit balance are treated as dormant accounts. The dealing officials are advised to re confirm the trade request made by such account holders. The clients who have not traded over two years are deleted from the server and if client desires to trade new KYC is obtained.
  
  Any accounts where there is no trading activity over two years and having no significant balance such accounts are closed on annual closing of books of account and the balance amount on those account is transferred to Kasar account and such accounts are closed . A letter is obtained from the client to close the account. In case client has not traded over six month such client places the order, re- confirmation is obtained by calling the clients.
  
  We do not allow client to transfer from one branch/ sub broker to another branch/ sub broker.
• Order receipt and execution
  Orders are received either on phone or in person at head office, branch/ sub broker office. They are punched in to the systems carefully as instructed by the client. In case of client trading by telephone, client's voice is recognized by concerned operators. In case of doubts operators are instructed to reconfirm by calling the client at the registered contact numbers with us.
  
  We do not have telephone recording system for orders.
  
  We convey over telephone in case trade has taken place against his limit orders.
• Sending contract notes, daily margin statement quarterly statements of accounts to the clients
  We print contract notes in duplicate. Original copy is sent to clients and acknowledgment of client is obtained in duplicate copy and maintain day wise.
  
  The contract notes are sent through ECN and the acknowledgement is obtained through ECN Logs In case bounced mail we send hard copies and acknowledgment is obtained .The designated email ID and password is issued to the client through a welcome letter. In case client desires to change his/ her Email Ids the letter to that effect is obtained and change is carried out.
  
  We send electronically on daily basis the outstanding positions along with M To M, margin paid and short fall in margin (if any) to each client. The margin shortfall is monitored by the director on daily basis.
• Collection of pay in , margin , limits setting for exposures & turnover for clients, terminals, branches & sub broker level (Risk Management)
  The director continuously monitor for ensuring each and every clients makes the PAY IN in-time. In case of delay from clients side in PAY IN appropriate action is taken by the director. The trading limits are reduced or zeroed in till such time the full PAY IN is received. Similarly the branch/ sub broker limits are also reduced or closed. Normally, we face the issues of timely PAY IN from the clients when market is falling, in such event the director calls each and every client to either square up their position or make the PAY IN on next day morning. In the event of any doubt the positions are squared up if the market is continuously falling and most of the times our clients have buy positions.
  
  We have written down policies for risk management and which is also exhibited to the clients.
  
  We debit late payment charges in the case of late payment received against the debit balances to the clients.We do not do any funding to clients.
  
  We do not allow any third party transfers in any client accounts nor do we accept cash or DD or bankers cheques.
• Monitoring debit balances
  The director continuously monitors debit balances and the follow up at client level as well as at branch/ sub broker level and every day the statement of outstanding is send to each dealing offices. The old debit balances over 15 days are watched and trading limits are closed. In the event net debit over 90 days are treated as bad and appropriate action is taken for recovery there of.
• Liquidation of client position
  In case when client do not pay short fall in margin on T + 1 basis we telephone the client and squared up of his/ her positions. Provided client do not assure for the payment in a day or two. Client will not authorize the square up his position we do not maintain the record of telephone calls made for margin calls. However, such actions are resorted to, in emergencies only.
• Policies for Internal Shortages
  Clients are instructed not to sale securities purchased yesterday in the event of sale stocks purchased on previous trading day and received short from the exchange it goes to auction and the client's account is debited on account of auction. We do not hold any securities of the client unless payment is outstanding over Rs. 1 Lac.
• Transfer of trades
  We do not transfer any trades in back office. The transfer of trades on account of mistakes done by dealing operators are only transferred as per the system lay down by the exchange. However, such transfer of trades are very few and on account of mistakes done by operators. The operators are trained and warned for more then one such mistakes.
• Investor's redressed Mechanism
  Any complain is received on phone or orally the first thing we ask them to give it in writing. Complain is entered in complain register and put up before the director. The director issues appropriate instructions and the resolution are arrived at. However there are no complains as such during the period. The complain register is maintained at head office clients are informed about the E mail for investor's grievances through contract notes.
  
  The director monitors the pending investor complains and also calls the client and the branch/ sub brokers in charge immediately after market hours and appropriate action is taken for rederesal and necessary instructions are issued to the concerned officials.
  
  The complaints are handled by the director. However there is no complaint pending as on the date. The director during the personal hearing with the client examines all aspects and also verifies relevant records and payments made by the clients.
  
  We do not maintain more then one back office software. We do not operate on POA for clients trading accounts.
• Allotment, surrender trading terminals
  We have CTCL as front-end. We have allotted client id and default password to all our branches and sub brokers based on appropriate NCFM certificates and the information is up loaded to the Exchange in required modules.
  
  At head office we use NEAT and NEAT OP. the IDs have been created and required information have been uploaded to the exchange and supported by NCFM certificates
  
  All CTCL IDs are uploaded to the exchange in ENIT and after successful up-ladation, branches are allowed to log in. The limits are set based on the deposits given by the branch/ sub brokers. We carry out surprised inspection of the branches and ensure that no unauthorized use of the trading terminal is done by the branches. We also maintain the branch inspection report.
  
  The procedure for opening and closing of branches/ sub brokers is explained at Point No. 02 We convey to the clients of the closed branch/ sub brokers by telephone.
  
  In case client desirous to trade he is conveyed over telephone. We have a check list which list downs the steps followed for opening and closing of the branch/ sub brokers.
  
  In case of closing the business with sub broker the cancellation procedure like issuing public notice and surrendering the sub broker registration to SEBI the exchange.
• Payments, receipts of fund and Securities from / to clients.
  The pay out is made and pay in received from the clients through a designated bank account declared by the clients. Any PAY IN cheques is received from any other accounts is rejected and if the client is produces the proof of account , in such case the additional bank details is uploaded to the back office after verification of documents. We do not use clients stocks for any other purposes other than making pay in on his behalf. No third party transfers of securities are permitted
• Receipts, deliveries of securities from/ to clients
  The pay out is made and pay in received from the clients through a designated DP account declared by the clients. Any PAY IN is received from any other accounts is rejected and if the client is produces the proof of account , in such case the additional DP details is uploaded to the back office after verification of documents.
• Power of Attorney
  We do not have any Power of attorney in any trading accounts.
• Capacity of systems with reference to volume
  We have adequate and updated system installed at our Head office which addresses our trading as well as back office needs. However all the branches / sub brokers are allotted CTCL id, our system with reference to capacity is more than adequate.
• Branch audit
  We carry out branch/ sub brokers inspection every year and check all aspects as laid down by SEBI like sign board, display of notice board, SEBI certificate, contact person name and telephone number.
  
  Further, we also verify that no cash dealing is done by the branch. We further verify that the branch is not trading out side the trading system.
  
  Further we also verify that branch do not obtain the signed blank DP Instructions from the clients. We check from the clients that they receive statement of accounts, contract notes etc.
  
  We also maintain the report of branch/ sub broker's inspection carryout by us.
  
  We have appointed internal auditor as prescribed by the exchange with detailed scope as specified by the exchange. Any adverse remarks made by the internal auditors are placed before the board and corrective action are undertaken immediately. No new branches are opened without survey conducted in that area. In case we decide to open the branch the sub broker registration is obtained first and then only terminal is activated in case of sub brokers branches and company does not wish to open new branches own in the present circumstances.
• PMLA
  We have a separate a written down policy which has been explained to all our dealing officials. The policy is regularly reviewed by the directors.
  
  Due diligence is carried out for
  
  1. Opening a client account 2. Entering in to a sub broker agreement 3. Appointing any personnel
  
  We carry out in person verification of the clients and therefore there are no benami accounts. We do not have any accounts as specified entities in guideline for anti money laundering by SEBI.
  
  In due diligence of the clients we also ask the client to fill up the introducers column and signature of the introducer is obtained. We are in the process of establishing automated alerts for dormant and suspicious transactions in the back office software.
  
  We have appointed the principal officer and the Anti Money Laundering Policy has been forwarded to FIU. We make aware our clients and branch in charge about Anti Money Laundering Policy and impart training to them from time to time.
  
  Further, we also classify the clients into different categories like high risk clients, low risk clients and medium risk clients with specific reference to ANTI MONEY LAUNDING policy. We have developed the reporting system for suspicious transactions.
• Internet trading
  We have obtained permission for internet trading and KYC agreement is obtained for clients wishing to do internet trading.

• Clients may voluntarily freeze/block and unfreeze/unblock their online trading accounts due to suspicious activities. Clients can request account freezing/blocking via email from their registered email ID, SMS from their registered mobile number, our App/website, or any other legally verifiable mechanism. Requests should be sent to stoptrade@econobroking.com. Upon receiving a request, we shall validate it through registered contact details or 2-Factor Authentication, issue an acknowledgement, and freeze/block the account within 15 minutes during trading hours or before the next session if received after market hours, while simultaneously cancelling all pending orders. Further post freezing, we shall notify clients via registered mobile number and/or email, providing details of open positions and contract expiry information within one hour. We shall maintain logs of all requests, confirmations, and communications.
• We are accountable for any trades executed between the time of request receipt and account freezing/blocking if not completed within the prescribed timeline. To unfreeze/unblock an account, upon receipt of request, we shall conduct due diligence, validate the request, and restore access after verification. Freezing/blocking restricts online access but does not impact Risk Management activities or mark the client's UCC as inactive in Exchange records.