The concern about storage and privacy of data pertaining to *offshore entities has turned into a challenge* not just for Reserve Bank of India (RBI) but also for capital markets regulator Securities and Exchange Board of India (Sebi). Some foreign portfolio investors (FPIs) have *expressed concerns over Sebi’s plan to create a centralised data storage platform* for the offshore investors. This platform is proposed to be managed by the registrars. FPIs view them as third-party entities and hence are wary of sharing data with them. Instead, FPIs want Sebi to directly handle their data. These investors brought up their concerns over the step in a recent meeting with the HR Khan committee, appointed by Sebi to ease norms for FPIs, said two people privy to the matter. FPIs are opposed to this move as beneficial owners (BOs) of FPIs, who run the funds, will be required to share more personal information with Sebi after the introduction of new know your customer (KYC) norms for FPIs. Until now, the KYC information of FPIs was stored by their respective global custodians.
These custodians would in turn share the data with regulator and market intermediaries wherever required. Most of these custodians are international banks which are bound by not just Sebi laws but also global data privacy laws. KYC Registrar Agents (KRAs) are domestic entities governed by Indian laws. FPIs are worried that the standards maintained by these agencies in terms of security and encryption are not on a par with the global best practices. With the implementation of data protection laws like General Data Protection Regulation (GDPR), FPIs are extremely sensitive in the sharing of any personal information of investors or their senior management officials (SMOs). In the current context, FPIs view the KRAs as external service providers and are more comfortable sharing information with the regulator, said Suresh Swamy. Several countries such as the US and EU have formulated strict data privacy rules. Some of the provisions of these laws are in direct conflict with Indian laws. The KYC documentation requirements for FPIs have gone up significantly for category II FPIs — the largest chunk among the Indian FPIs. As per the new norms, individuals who have been identified as beneficial owners of are required to share information such as date of birth and social security number. Several FPIs had expressed concerns about privacy of such data, which prompted Sebi to come up with an alternative framework. The HR Khan led committee on FPIs had proposed moving to a centralised data storage system in its interim report.