Module: | Statutory Audit, NFRA & ICAI Standards
Q49: Consider the following statements regarding the Structured Digital Database (SDD) requirement under SEBI (Prohibition of Insider Trading) Regulations in 2025:
1. Every listed company must maintain an SDD internally to log the names of persons with whom Unpublished Price Sensitive Information (UPSI) is shared.
2. The database must be maintained for a minimum of eight years after the completion of the relevant transaction to which the UPSI pertains.
3. Companies are permitted to outsource the hosting and maintenance of the Structured Digital Database to a third-party cloud service provider for better security.
Which of the above statements is/are correct?
2. The database must be maintained for a minimum of eight years after the completion of the relevant transaction to which the UPSI pertains.
3. Companies are permitted to outsource the hosting and maintenance of the Structured Digital Database to a third-party cloud service provider for better security.
Which of the above statements is/are correct?
✅ Correct Answer: A
🎯 Quick Answer:
A. Only 1 and 2 are correct.Structural Breakdown: Statement 1 is correct; logging UPSI sharing is the primary legal purpose of the SDD.
Statement 2 is correct; the preservation period is strictly eight years to allow for long-term SEBI investigations.
Statement 3 is incorrect; SEBI regulations explicitly prohibit the outsourcing of the SDD to any third-party service provider.
The database must be maintained internally to prevent external data leaks.
Historical/Related Context: Following several high-profile insider trading rings where information was leaked through informal channels, SEBI mandated the SDD to create a definitive audit trail of exactly who knew what and when.
Causal Reasoning: Prohibiting third-party outsourcing ensures that the company's Board of Directors and Compliance Officer retain absolute accountability for the security and integrity of the UPSI data.