SEBI Issues Fresh Guidelines For Registered Custodians

SEBI by way of circular dated 04.03.2026¹ (“Custodian Circular”), has issued updated guidelines for registered Custodians, following the amendment to the SEBI (Custodian) Regulations, 1996 (“Custodian Regulations”) issued by notification dated 18.09.2025.

The Custodian Circular covers the following key areas:

(a) Segregation of Activities:

(i) Custodians are permitted to offer financial services beyond custody. Non-bank Custodians must operate SEBI-regulated and non-SEBI-regulated services through separate Strategic Business Units (SBUs), with separate accounts maintained on an armslength basis.

(ii) Non-bank Custodians offering unregulated financial services must disclose this to clients and obtain a written acknowledgement that SEBI recourse is not available for grievances arising from such services.

(iii) All Custodians may share staff, infrastructure and systems across services, subject to adequate conflict-of-interest controls such as information barriers. The permitted list of financial services activities will be specified by the Custodians and DDPs Standards Setting Forum (“CDSSF”) in consultation with SEBI.

(b) Outsourcing of Custodian Activities: Custodians may outsource non-core activities but cannot outsource core business activities or compliance functions. CDSSF will work out a standardised list categorising core and non-core activities, with approval from SEBI.

(c) Vault Requirements: The vault requirements have been simplified. Custodians not holding physical securities are not required to maintain a vault. Where physical securities are held, storage arrangements may be flexible, subject to full client disclosure and informed consent. Custodians must report vault specifications and size as part of their quarterly report.

(d) Governance and Risk Management:

(i) Custodians must put in place board-level committees covering audit, remuneration (as applicable), and risk management. Banks and their group entities may rely on organisationwide governance frameworks, provided any additional requirements under the Custodian Regulations are incorporated.

(ii) Custodians must maintain a documented risk management policy covering operational risks, legal risks, data security, and suspicious transaction reporting to the Financial Intelligence Unit (FIU). The policy must be reviewed annually. Critical custody systems must be capable of processing at least 1.2 times the average transaction load of the prior year.

(e) Wind-Down Framework:

(i) Custodians must put in place a framework for orderly wind-down of operations, ensuring:

A. Seamless transfer of clients to other SEBI-registered Custodians;

B. Protection of client funds and securities throughout the process;

C. Adequate advance notice to clients; and

D. Minimal disruption to the market.

(ii) This framework must be in place by 23.09.2026. Wind-downs triggered by regulatory action or net worth erosion will be supervised by SEBI or the relevant Market Infrastructure Institution.

(f) Reporting Requirements: To eliminate duplicate reporting, several reports previously submitted directly to SEBI have been discontinued, as the same data is already reported to NSDL and CDSL.

The Custodian Circular shall come into force on 24.03.2026, except where otherwise provided for.

Footnote

1 SEBI Guidelines for Custodians

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.