NIFTY
BANKNIFTY
FINNIFTY
SENSEX
NIFTY
BANKNIFTY
FINNIFTY
SENSEX
NIFTY
BANKNIFTY
FINNIFTY
SENSEX

Internal Policies and Procedures

Website Governance, Compliance & Operating Procedures

Entity: Trade Encore (Sole Proprietorship)

SEBI RA Reg. No.: INH000009269 | BSE RAASB Enlistment No.: 5530

Document Owner: Compliance Officer (Non-client-facing)

Version: v1.0

1) Purpose

This document defines internal controls to ensure Trade Encore's website and all web-linked communication remain compliant with:

  • SEBI (Research Analysts) Regulations, 2014 and applicable SEBI directions/circulars, and
  • BSE RAASB requirements (where applicable).

2) Scope

Applies to:

  • All pages on tradeencore.com, subdomains, landing pages, and downloadable materials (PDFs, brochures, videos, app links).
  • Website-led onboarding (membership, payments, forms).
  • Any communication that links to the website (push notifications, email, WhatsApp, social media, ads).

3) Definitions

  • Advertisement: Any communication (including website banners, landing pages, social/messaging posts) that promotes RA services/products or could influence investment decisions.
  • Client/Subscriber: A person/entity who has executed terms, paid fees through banking channels, and completed onboarding as per RA process.
  • Impersonal Research: Research not tailored to a specific individual's profile, objectives, or risk.

4) Governance & Roles

4.1 Proprietor (Research Analyst)

Final accountability for regulatory compliance, research integrity, disclosures, and approvals.

4.2 Compliance Officer (Non-client-facing) — Mrs. Mugdha Mainkar

Owns compliance calendar; maintains archives; maintains ad-approval register; performs website compliance checks; prepares monthly complaint tables; coordinates RAASB advertisement approvals; controls policy versioning.

4.3 Website Administrator / Vendor

Executes changes only on written instruction; maintains backups; provides logs; no independent content posting.

4.4 Maker–Checker Principle (Website)

  • Maker: drafts/updates content.
  • Checker: compliance officer verifies against this policy.
  • Approver: Proprietor signs off for go-live.

5) Mandatory Website Disclosures (Always Visible)

The website must clearly display (header/footer and/or dedicated "Disclosures" page):

  1. RA identity: Trade Encore (legal name), proprietor name, registered address, contact email/phone.
  2. SEBI RA Registration No. and BSE RAASB Enlistment No.
  3. Standard risk warning: "Investments in securities market are subject to market risks. Read all the related documents carefully before investing."
  4. RA statutory disclaimer (client communication): "Registration granted by SEBI, enlistment with BSE and certification from NISM in no way guarantee performance of the intermediary or provide any assurance of returns to investors."
  5. Investor Charter / grievance redressal flow (including SCORES/ODR pathway) in a visible section.
  6. Complaint status / complaint disclosure table published on the website and updated monthly.
  7. Policies section containing: Privacy, Data retention, Refunds, Terms & Conditions, Conflict disclosures framework, Advertisement policy.

Procedure: Compliance Officer checks these items on the 1st working day of every month and logs the check.

6) Website Content Controls

6.1 Allowed content

  • Educational content, market concepts, risk education, methodology explainers.
  • Impersonal research distribution to authenticated subscribers inside dashboard.

6.2 Prohibited content (website)

  • Guaranteed/assured returns, target returns, "best", "No.1", "accuracy %", selective performance claims.
  • Misleading claims (e.g., "SEBI approved" research).
  • Any content implying SEBI endorsement.
  • Direct or indirect execution/broking solicitation (unless clearly segregated and compliant).

6.3 Research vs Advertisement separation

  • Blog/research education: No subscription CTAs embedded into content paragraphs; if required, keep a neutral footer button ("Membership details") routed to a compliant landing page.
  • Promotional pages (plans/app launch): must follow Advertisement Policy (Section 10) including RAASB approval where required.

7) Client Onboarding & Access Control (Website + App)

7.1 Access restriction

All actionable recommendations/research that could be construed as advisory must be accessible only after login (membership dashboard).

7.2 Terms acceptance

Before payment and before first access, client must accept:

  • Research Services Terms (MITC),
  • Refund policy,
  • Data privacy/consent,
  • Communication consent (email/app/WhatsApp if used),
  • Risk disclaimer and "impersonal research" declaration.

7.3 KYC/KRA status verification (records)

  • Client must provide PAN (minimum).
  • Compliance Officer obtains KRA status evidence (screenshot/PDF) and stores it in archives.
  • If KRA status is not validated/available, follow internal onboarding escalation (request additional KYC docs and/or complete KYC process through intermediary route as applicable).

7.4 Payment controls

  • Accept payments only via banking channels (NEFT/RTGS/UPI/cheque/PG). No cash.
  • Auto-generate invoice with identifiers + disclaimers.

8) Refunds, Cancellation, and Pro-Rata Policy (Website disclosure)

  • Fees may be collected up to 12 months as permitted.
  • Refunds on early termination: pro-rata unexpired period, processed within 15 business days, net of statutory dues and services already delivered (exact rule to match your signed agreement).
  • Publish refund policy clearly on website and link it at checkout.

9) Complaint Handling & Website Complaint Table

9.1 Complaint channels

9.2 Complaint register (internal)

Maintain: Date received, category, medium, client ID, summary, status, closure date, resolution note.

9.3 Monthly website complaint table (public)

  • Compliance Officer prepares monthly table in prescribed format and publishes on website by the 7th of every month (or earlier).
  • Archive each monthly table PDF/screenshot.

10) Advertisement & Marketing Policy (Website + Social + App)

10.1 Classification

Treat as Advertisement if it:

  • Promotes plans/app/subscription,
  • Contains CTA (download/subscribe/limited offer),
  • Is targeted at prospects/general public,
  • Could influence investment decisions.

10.2 Mandatory process

  • No ad goes live without RAASB pre-approval where applicable.
  • Maintain Ad-Approval Register: Ad-ID, creative, channel, date submitted, approval received, go-live date, screenshots, landing page version.

10.3 Short-format rule

For banners/pop-ups/push notifications where disclaimers cannot fit:

  • Add link to a landing page that displays all required disclosures and disclaimers clearly.

10.4 Record retention

Maintain advertisement records for at least 5 years in a retrievable format.

11) Record-Keeping & Retention

Maintain the following archives (digital folder with access control):

  1. Website versions / policy versions (PDF snapshots)
  2. Client onboarding: agreements, invoices, payment proofs, KRA/KYC status evidence
  3. Client communications logs (email/push updates)
  4. Advertisement approvals, creatives, Ad-IDs
  5. Complaint register + published complaint tables
  6. Vendor contracts + change logs

Retention: minimum 5 years (or longer if required by any updated circular).

12) SaaS / Cloud / Cyber Controls (Website Operations)

12.1 SaaS data residency & control

  • Critical compliance data (KYC evidence, ad approvals, complaints, audit packs) should be stored in repositories with strong access controls; document the vendor, location, and admin controls.
  • Maintain a "SaaS Inventory Register" with risk classification.

12.2 Access management

  • Admin access only to Proprietor + Compliance Officer.
  • MFA mandatory for hosting panel, payment gateway, and email accounts.
  • Quarterly password rotation; immediate rotation on staff/vendor changes.

12.3 Backups & incident response

  • Daily backups (automated) + monthly offline archive.
  • Incident playbook: detect → isolate → notify → restore → log.

13) Change Management (Website)

13.1 Change request workflow

  1. Request raised (ticket/email) by Proprietor or Compliance Officer
  2. Draft prepared by maker
  3. Checker validates against this policy
  4. Approver signs off
  5. Go-live + post-change snapshot saved

13.2 Emergency changes

Allowed only for security/critical outage. Must be documented within 24 hours and reviewed next business day.

14) Audit & Review

  • Quarterly internal compliance check of website disclosures, onboarding flows, and content.
  • Annual audit pack readiness (website artifacts, complaint table archive, ad approvals, KYC proof archive).
Investor Charter|Grievance Redressal|Complaints Data|SEBI Disclosures