E-mail to be made default mode of dispatch for CAS from 1st August 2024
From 1st of August 2024, e-mail address of client will be considered default mode of dispatch for Consolidated Account Statement (CAS) for all securities assets. The Depositories, Mutual Fund Registrar and Transfer Agent (MF-RTAs) and Depositories Participants (the agents of Depositories) must send CAS through E-mail. Although this is a welcome move, but full of loopholes.
The availability of client e-mail id is a must to implement the rule. Although, an e-mail id is now mandatory to open demat account, there is no way to verify the sanctity of such e-mail ids. OTP based e-mail verification system is meaningless in this age of cyberfraud.
There, there must be a check on use of single e-mail id for numerous accounts. In certain cases, depositories participants put their own e-mail id while opening demat account of a client. This may lead to compromise with the security of demat account. It’s technologically possible to make a provision that whatever details have been filled up in DP system is biometrically verified and such verification should be made mandatory for activation of demat account.
Sending OTP at existing e-mail id for updating exiting e-mail id is not a foolproof method. At present, there is a technical provision of blocking such OTP at the time of changing e-mail id. Better, if we follow the banking system for such verification, wherein biometric verification is a must for changing e-mail id/mobile number.
The circular gives an option for receiving CAS in physical mode also. This is itself a loophole. Mandatory means mandatory. If e-mail mode of dispatch has been made mandatory, all demat account holders should be given CAS through this mode. The option of receiving CAS in physical mode should be treated as “extra” facility.
What if an investor is holding mutual fund units in physical form as well as digital form with different addresses, e-mail ids and phone number? As to where the CAS will be dispatched and how. If the last registered e-mail id is taken into consideration, it may lead to compromise of all the securities.
The SEBI circular says that the ‘Depositories shall also intimate the investor on quarterly basis through the SMS mode specifying the e-mail id at which the CAS is being sent’. What if the mobile number has been changed in the system to the delight of fraudsters? The NSDL portal permits such change. The DP system loopholes should be plugged first.
In my view, the SEBI circular is a welcome move to the extent that the regulator is at least thinking of protecting investors, but it is full of loopholes. Before making any such move, the NSDL/CDSL system should be made foolproof. Apart from these, the digital addresses like the e-mail id and mobile number should be made sacrosanct. In present scenario, one can easily change/update digital addresses in KYC registry.
