Anand Rathi Share and Stock Brokers Limited has formally disclosed receiving a penalty order from the Securities and Exchange Board of India (SEBI) dated March 13, 2026. The market regulator has imposed a consolidated monetary penalty of ₹10,00,000 on the brokerage firm for various cybersecurity and compliance violations identified during a regulatory inspection.

Penalty Details and Communication

The penalty order was issued by SEBI's Adjudicating Officer following an inspection conducted for the period from April 01, 2023 to August 31, 2024. The company received the SEBI communication on March 13, 2026 at 4:26 p.m. through email, as disclosed under Regulation 30 of the listing regulations.

Scope of Cybersecurity Violations

The penalty covers multiple critical areas of cybersecurity and operational compliance that were found deficient during the regulatory inspection. The violations relate to non-compliance with the Cyber Security & Cyber Resilience Framework, SEBI (Stock Brokers) Regulations, 1992, and applicable SEBI circulars.

Key violation areas include:

• Infrastructure Planning: Capacity planning and system architecture
• Business Continuity: Business Continuity Planning (BCP) and Disaster Recovery Site (DRS) policy
• Access Controls: Password policy, privileged access management, and PowerShell access controls
• Security Measures: Data leakage prevention, API security, and network security protocols
• Risk Assessment: Vulnerability Assessment and Penetration Testing (VAPT)
• Operational Compliance: Incident reporting, monitoring and detection systems
• Client Management: KYC validation of clients

Regulatory Compliance and Action

As per the penalty order, the company must pay the imposed fine of ₹10,00,000 within 45 days of receiving the order. The penalty amount will be debited directly from the company's settlement account. The disclosure was made by Company Secretary and Compliance Officer Chetan Prajapati under his membership number A39130.

Stock Exchange Communication

The company has formally informed both BSE Limited and National Stock Exchange of India about the penalty order as required under the listing regulations. The firm trades under scrip code 544530 on BSE and symbol ARSSBL on NSE. The disclosure was made pursuant to Regulation 30 read with Part A of Schedule III of the SEBI Listing Regulations.

This penalty highlights the increasing regulatory focus on cybersecurity compliance in the financial services sector, particularly for stock brokers handling sensitive client data and financial transactions.

Anand Rathi Share and Stock Brokers Limited has appointed Ernst & Young LLP (EY) to conduct a comprehensive forensic audit following the discovery of significant fraudulent activities in its depository operations. The company made this announcement to BSE Limited and National Stock Exchange of India Ltd. on March 06, 2026, in compliance with SEBI regulations.

Forensic Audit Details

The forensic audit engagement was formalized through a letter signed on March 06, 2026, with Ernst & Young LLP taking the lead role in conducting the investigation. This appointment follows the company's earlier intimation dated February 06, 2026, where it first disclosed the fraudulent activities.

Nature of Fraudulent Activities

The forensic audit aims to independently examine serious offences identified in the company's depository activities. The investigation focuses on multiple criminal activities that have been uncovered in the company's operations.

The identified offences include:

• Fraud and cheating
• Fabrication of documents and electronic records
• Other related offences in depository activities

Important Note: The fraudulent activities are specifically limited to depository operations and do not involve the company's broking activities.

Financial Impact and Client Details

The fraudulent scheme involved off-market transfers of shares from a client's Demat account, resulting in significant financial exposure for the company.

Regulatory Compliance

Anand Rathi Share and Stock Brokers Limited has ensured full compliance with regulatory requirements by informing both major stock exchanges. The company has also uploaded the relevant information on its official website at https://anandrathi.com/investors for stakeholder access and transparency.

The disclosure was made pursuant to Regulations 30 and 51 of the SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015, and in accordance with the SEBI Master Circular dated January 30, 2026. Company Secretary and Compliance Officer Chetan Prajapati signed the official communication, ensuring proper corporate governance protocols were followed.