Understanding SEBI Governance Requirements for AMCs
SEBI Governance Requirements AMC: A Comprehensive Compliance Framework
Asset Management Companies in India operate within one of the most prescriptive governance frameworks in the financial services sector. SEBI governance requirements for AMCs span board composition, compliance oversight, periodic reporting, cybersecurity controls, and investor protection mandates, each carrying specific obligations with defined timelines and consequences for non-compliance.
For compliance leaders at AMCs managing multiple fund categories, the challenge is structural. Requirements interact across regulations, timelines overlap, and evidence obligations compound with every new circular SEBI issues. This post maps the full scope of what AMCs must comply with and how the governance architecture must be designed to hold up under regulatory scrutiny.
SEBI’s Regulatory Framework for Asset Management Companies
The foundational regulation governing AMCs is the SEBI (Mutual Funds) Regulations, 1996, amended multiple times since. This framework establishes the registration requirements, permissible activities, investment restrictions, and governance standards that every AMC must maintain throughout its operating life.
Beyond the base regulation, AMCs must simultaneously comply with multiple SEBI circulars that layer additional requirements. These include the SEBI Circular on Governance and Oversight of Mutual Funds (October 2022), the Cybersecurity and Cyber Resilience Framework (CSCRF) issued in August 2024, periodic disclosure requirements under various master circulars, and specific guidelines on stewardship responsibilities, ESG disclosures, and risk management frameworks.
Consider an AMC with six fund categories spanning equity, debt, hybrid, solution-oriented, and index funds. Each category triggers different investment restriction monitoring, different risk disclosure standards, and overlapping but distinct reporting timelines. The regulatory framework is not a single document but a matrix of obligations that compound based on the AMC’s product portfolio.
Registration and Ongoing Eligibility
SEBI mandates that AMCs maintain a minimum net worth of Rs. 50 crore at all times. This is not just a registration threshold but an ongoing compliance obligation, requiring periodic certification and disclosure. Any breach triggers immediate reporting to SEBI and potential restrictions on new fund launches.
The fit and proper criteria under Schedule II of the SEBI (Intermediaries) Regulations apply to all directors and key management personnel. Changes in directors, compliance officers, or fund managers require prior SEBI approval in specified cases, creating a governance layer that directly links personnel decisions to regulatory compliance.
Governance Structure Requirements Under SEBI
SEBI prescribes specific governance architecture for AMCs that goes well beyond standard corporate governance norms under the Companies Act. The board composition requirements mandate that at least 50% of directors be independent, with specific restrictions on who qualifies as independent in the mutual fund context.
Board-Level Oversight Mandates
The AMC board must constitute specific committees with defined responsibilities. The risk management committee must review risk parameters, investment limit breaches, and operational risk incidents at defined intervals. The valuation committee must independently review fair valuation of securities. The audit committee must oversee internal controls and compliance with SEBI’s accounting and valuation norms.
SEBI’s October 2022 circular on enhanced governance introduced unit holder protection committees at the trustee level and mandated that AMC boards directly review compliance with key investment norms quarterly. This created a direct reporting line from compliance functions to board committees, with documented evidence requirements for each review cycle.
Trustee Oversight Architecture
The trustee-AMC relationship carries specific governance obligations. Trustees must independently evaluate whether the AMC is operating within the trust deed and SEBI regulations. They must receive quarterly compliance reports, review deviation reports, and certify to SEBI on half-yearly and annual bases that the AMC has complied with all regulatory requirements.
This dual governance layer, where both the AMC board and trustees maintain oversight, creates documentation and evidence obligations at two levels simultaneously. Compliance teams must maintain separate reporting artifacts for board committees and trustee reporting, often covering the same underlying data but structured differently for each audience.
Compliance Officer Role and Responsibilities in AMCs
The compliance officer at an AMC holds a uniquely demanding position within SEBI’s framework. Unlike compliance roles at brokerages or depositories, the AMC compliance officer must monitor compliance across investment restrictions, operational requirements, disclosure obligations, and investor servicing standards simultaneously. For a detailed look at how compliance officer responsibilities differ at brokerages, see our analysis of SEBI compliance requirements for brokerages.
Statutory Responsibilities
The compliance officer must certify to SEBI on a half-yearly basis that the AMC has complied with all regulatory requirements. This certification carries personal accountability. The compliance officer must also maintain records of all investment restriction breaches (even passive breaches), ensure timely filing of all regulatory reports, and serve as the primary point of contact for SEBI inspections and queries.
Under SEBI’s compliance test requirements, the compliance officer must ensure that every investment decision passes through pre-trade and post-trade compliance checks. This means real-time monitoring of exposure limits, sector limits, issuer limits, and instrument-level restrictions across every scheme the AMC manages. For a mid-sized AMC running 30-40 schemes, this translates to hundreds of compliance parameters being monitored continuously.
Accountability and Personal Liability
SEBI has consistently held compliance officers personally accountable for regulatory violations at AMCs. Enforcement actions in recent years have included personal penalties on compliance officers for failure to detect front-running, inadequate monitoring of investment restrictions, and delayed reporting of material incidents. This personal liability dimension makes it critical that compliance officers maintain comprehensive audit trails demonstrating active monitoring and timely escalation.
Platforms like eQomply become relevant infrastructure here because they create system-generated evidence of compliance monitoring activities, policy attestations, and escalation workflows. When a SEBI inspection examines whether the compliance officer exercised due diligence, having automated audit trails that demonstrate continuous monitoring rather than periodic manual reviews makes a material difference to enforcement outcomes.
Reporting Obligations: Half-Yearly and Annual Requirements
AMC reporting obligations to SEBI operate on multiple cadences. The following table maps the key periodic reporting requirements that compliance teams must track:
| Report Type | Frequency | Filing Deadline | Key Content |
|---|---|---|---|
| Compliance Certificate | Half-yearly | Within 30 days of half-year end | Certification of compliance with all SEBI regulations |
| Trustee Report to SEBI | Half-yearly | Within 2 months of half-year end | Trustee observations on AMC compliance |
| Annual Report to SEBI | Annual | Within 6 months of financial year end | Full compliance status, deviation summary, corrective actions |
| Net Worth Certificate | Annual (quarterly monitoring) | Along with annual report | Auditor-certified net worth computation |
| Risk Management Report | Quarterly to board, annual to SEBI | Per board meeting schedule | Risk parameters, breaches, mitigation actions |
| Stewardship Report | Annual | As per SEBI timeline | Voting records, engagement activities |
| Cybersecurity Audit Report | Annual (under CSCRF) | Within specified timeline | CSCRF compliance, vulnerability assessment results |
Beyond these periodic filings, AMCs must report material events, investment restriction breaches, and regulatory incidents within specified timelines. Passive breaches of investment limits (caused by market movements rather than active decisions) must still be reported and rectified within defined timeframes, typically within 30 days for equity exposure breaches.
Disclosure Obligations to Investors
SEBI mandates specific disclosures in Scheme Information Documents, Key Information Memoranda, and monthly/quarterly factsheets. Portfolio disclosures must be made within defined timeframes. Total Expense Ratio calculations must be continuously monitored and disclosed. Any change in fundamental attributes requires investor consent through defined processes.
The challenge for compliance teams is that these disclosure obligations interact with NAV calculation processes, investor servicing functions, and fund accounting systems. A single error in expense calculation can simultaneously create a regulatory reporting violation, an investor disclosure issue, and a NAV miscalculation, each requiring different remediation workflows.
Cybersecurity Requirements Under CSCRF for AMCs
SEBI’s Cybersecurity and Cyber Resilience Framework, issued in August 2024, introduces structured cybersecurity obligations for all SEBI-regulated entities including AMCs. The framework categorizes entities into tiers based on their asset size and systemic importance, with larger AMCs falling into higher compliance categories requiring more extensive controls.
CSCRF Compliance Architecture
Under CSCRF, AMCs must establish a cybersecurity governance framework that includes board-approved cybersecurity policies, a designated CISO (or equivalent), periodic vulnerability assessments, and defined incident response procedures. The framework mandates specific technical controls around data protection, access management, network security, and application security.
The incident reporting requirements under CSCRF align with CERT-In’s six-hour reporting mandate for certain categories of incidents. AMCs must maintain capabilities to detect, classify, and report cybersecurity incidents within these compressed timelines. This requires pre-built incident classification frameworks and escalation workflows that can execute within hours, not days.
Overlap with DPDP Act Obligations
AMCs processing investor personal data (KYC information, transaction records, bank details) also fall under the Digital Personal Data Protection Act, 2023. The DPDP Act’s data protection obligations intersect with CSCRF’s security requirements, creating a dual compliance mandate around the same underlying data assets. Compliance teams must map controls that satisfy both frameworks simultaneously rather than treating them as separate workstreams.
eQomply’s approach to this challenge involves pre-mapped control frameworks that show where CSCRF requirements and DPDP obligations overlap, allowing compliance teams to implement unified controls with evidence captured once but reported against multiple regulatory requirements. This reduces duplication without sacrificing the specificity each regulator expects.
Managing Compliance Across Multiple Fund Types
The most operationally complex challenge for AMC compliance teams is managing scheme-level compliance across diverse fund categories. Each category carries distinct investment restrictions, risk parameters, and disclosure requirements that must be monitored independently while being reported in consolidated formats.
Investment Restriction Monitoring at Scale
Consider an AMC managing equity schemes, debt schemes, hybrid schemes, and index funds simultaneously. Equity scheme compliance requires monitoring single issuer limits (typically 10% of NAV), sector limits, market capitalization category adherence (for large-cap, mid-cap, small-cap schemes), and minimum equity allocation thresholds. Debt scheme compliance adds credit quality monitoring, maturity profile limits, sector exposure limits specific to debt, and single issuer limits calculated differently than for equity. Hybrid schemes must maintain allocation ratios within defined bands while simultaneously complying with the underlying asset class restrictions.
Each scheme’s compliance parameters must be monitored at pre-trade and post-trade levels. When market movements cause passive breaches, the compliance system must detect them, classify them correctly, trigger rebalancing workflows within mandated timeframes, and document the entire sequence for regulatory reporting.
Structural Challenges for Compliance Teams
This multi-fund complexity creates three structural challenges that most compliance functions face. First, the volume of parameters creates monitoring fatigue where genuine risks get lost in routine alerts. Second, overlapping deadlines across different reporting obligations for different fund types create peak-load situations where errors become more likely. Third, the evidence trail must connect individual fund-level compliance checks to consolidated AMC-level reporting without gaps that an inspection could identify.
An AMC launching a new fund category, say its first international fund of fund, suddenly inherits an entirely new set of SEBI restrictions around international exposure limits, hedging requirements, and additional disclosure obligations. The compliance infrastructure must absorb these new parameters without disrupting existing monitoring workflows for the rest of the portfolio.
Building Institutional Compliance Memory
Regulatory inspections at AMCs frequently examine historical compliance records spanning two to three years. Inspectors look for patterns: were breaches detected and reported consistently? Were corrective actions documented and tracked to closure? Did board committees receive accurate information about the compliance posture? Were previous inspection findings remediated within committed timelines?
This institutional memory requirement means compliance cannot operate on point-in-time checks alone. The entire compliance lifecycle, from policy creation through monitoring, breach detection, escalation, remediation, and reporting, must be captured in a connected system that preserves relationships between events over time.
This is where purpose-built GRC infrastructure becomes structurally necessary rather than merely convenient. eQomply’s architecture is designed to maintain these longitudinal compliance records with full audit trails, connecting policy attestations to control monitoring to incident management to board reporting in a single evidence chain. For AMCs preparing for SEBI inspections, this connected history eliminates the scramble to reconstruct compliance evidence from fragmented spreadsheets and email chains.
Building a Compliance Architecture That Scales with Regulatory Change
SEBI’s regulatory output for the mutual fund industry has accelerated significantly over the past three years. New circulars on ESG disclosures, passive fund governance, AT1 bond valuation, swing pricing, and side-pocketing have each added layers to the compliance obligation set. The compliance architecture at an AMC must be designed to absorb new requirements without requiring fundamental restructuring each time.
The compliance operating model must account for regulatory intelligence (tracking new circulars and assessing their applicability), gap analysis (identifying what changes are needed in policies, processes, and controls), implementation (updating monitoring parameters and reporting templates), and evidence generation (demonstrating compliance from day one of a new regulation’s effective date).
For AMCs managing the full breadth of SEBI governance requirements, the choice of compliance infrastructure determines whether new regulatory obligations are absorbed within days or create multi-month implementation projects. The difference between these two outcomes often determines whether an AMC demonstrates compliance by the effective date or accumulates a remediation backlog that compounds with each subsequent circular.
If your compliance team is managing SEBI’s expanding AMC governance requirements across multiple fund types and reporting timelines, a structured approach to compliance infrastructure can reduce both risk exposure and operational burden. Schedule a demo with eQomply to see how pre-mapped SEBI workflows and connected evidence management can support your compliance architecture.
