HomeServicesAudit & AssuranceStock / Commodity Broker Audit (NSE, BSE, MCX)

Audit & Assurance · Capital Market & SEBI Audit

Stock / Commodity Broker Audit (NSE, BSE, MCX)

Stock and commodity brokers registered with SEBI and trading on NSE, BSE, or MCX operate under one of the most tightly supervised compliance regimes in Indian financial services — half-yearly internal audits, periodic system audits, client fund segregation rules, net worth certification, and constant exchange-level inspection.

Chartered Accountants · Chennai · Hyderabad · Bangalore · Dubai · Since 1986

2,000+Clients since 1986
42 yrsCA practice
4Offices · India & UAE
24 hrsResponse time

Stock and commodity brokers registered with SEBI and trading on NSE, BSE, or MCX operate under one of the most tightly supervised compliance regimes in Indian financial services — half-yearly internal audits, periodic system audits, client fund segregation rules, net worth certification, and constant exchange-level inspection. A missed internal audit filing, a client-fund segregation lapse, or a weak system audit report can trigger exchange penalties, SEBI show-cause proceedings, or in serious cases suspension of trading membership. PNPC Global has served broking and commodity trading members across NSE, BSE, and MCX since 1986, conducting the internal audits, net worth certifications, and regulatory compliance reviews that exchanges and SEBI require — with the depth that protects your membership, not just a signed certificate that ticks a box.

What it costs

Govt. feesGovernment & statutory fees as applicable to your case
Professional feeFixed professional fee — confirmed in writing before we start

No hidden charges. The exact figure is set in your engagement letter.

What Stock / Commodity Broker Audit (NSE, BSE, MCX) is

A Stock or Commodity Broker Audit refers to the set of mandatory audit and assurance engagements that SEBI-registered trading members and clearing members of NSE, BSE, and MCX must undergo as a condition of holding and retaining their exchange membership. Unlike a Companies Act statutory audit, which is an annual, entity-wide opinion on financial statements, broker audits are exchange-and-regulator-mandated, activity-specific reviews conducted at defined intervals — most centrally, the half-yearly Internal Audit prescribed by SEBI for all stock brokers and depository participants, covering areas such as client registration (KYC), Unique Client Code (UCC) usage, order and trade management, margin collection and reporting, client fund and securities segregation, brokerage and contract note compliance, risk management systems, and grievance redressal. The internal audit must be conducted by a practising Chartered Accountant, Company Secretary, or Cost Accountant who is independent of the broking entity's day-to-day operations and, under the exchanges' revised empanelment framework applicable from the half-year ended March 2024 onwards, formally empanelled with an exchange and meeting the prescribed minimum audit-experience and securities-market certification criteria — exchanges no longer accept internal audit reports from auditors outside this empanelled list. The auditor's report and follow-up action taken on observations must be placed before the broker's Board or the equivalent governing body and, in prescribed form, reported to the exchange.

Beyond the half-yearly internal audit, brokers face several other recurring audit and certification obligations. A System Audit — examining the broker's trading technology, algo-trading controls, cybersecurity and cyber-resilience framework, data centre and disaster recovery arrangements, and API/access controls — is mandated periodically for brokers meeting SEBI's specified criteria (based on factors such as trading turnover, number of algo strategies deployed, or colocation access), and must be performed by an auditor empanelled with the relevant exchange holding the prescribed information-systems qualification (such as CISA, DISA, CISM, or CISSP), consistent with SEBI's technical qualification criteria for system audits. A Net Worth Certificate, certified by a practising Chartered Accountant, must be furnished periodically to demonstrate that the broker continues to meet the minimum net worth prescribed by the exchange and SEBI for its category of membership (which differs for cash, F&O, and commodity segments, and for trading versus clearing members). Depository Participants operating under NSDL or CDSL face a parallel, separately-mandated half-yearly Internal Audit of DP operations under the respective depository's byelaws — distinct from, though often coordinated alongside, the broking-side internal audit.

Commodity brokers trading on MCX operate under a closely analogous framework, since SEBI has regulated commodity derivatives exchanges since the erstwhile Forward Markets Commission was merged into SEBI in 2015 — bringing commodity broking members under materially the same internal audit, net worth, risk management, and client-fund segregation discipline that applies to equity and F&O brokers on NSE and BSE, with MCX-specific circulars governing the exact reporting formats and timelines. A member operating across multiple exchanges and segments — say, NSE cash and F&O plus MCX commodities — typically consolidates these audits under a single audit firm engagement for consistency, even though each exchange requires its own report submission in its own prescribed format and window.

The reason this audit family carries real consequence — beyond the professional discipline of any audit — is the client-money dimension. Brokers hold client funds and client securities in a fiduciary capacity, and SEBI's client fund and securities segregation and monitoring framework (including the requirement to run client accounts on a designated 'client bank/demat account' basis, upstreaming/downstreaming of client funds to clearing corporations, and periodic settlement of running accounts) exists specifically to prevent commingling of client money with the broker's own funds or its use to fund the broker's proprietary trading or another client's shortfall. The internal audit is one of the principal mechanisms SEBI and the exchanges rely on to detect segregation breaches, UCC misuse, unauthorised trading, and margin-reporting misstatements before they escalate into investor-harm events — which is why exchanges review internal audit reports and follow-up compliance status as part of their own periodic inspection of trading members.

When a broker/commodity member audit applies

Every entity holding trading membership, clearing membership, or both, with NSE, BSE, or MCX — the half-yearly SEBI-mandated Internal Audit applies irrespective of the member's turnover, profitability, or number of active clients

Depository Participants registered with NSDL and/or CDSL — a parallel, separately-mandated half-yearly Internal Audit of DP operations is required under the depositories' byelaws, alongside the broking-side internal audit

Brokers offering algorithmic trading, co-location/proximity hosting, Direct Market Access (DMA), or API-based trading access to clients — System Audit obligations under SEBI's algo-trading and cybersecurity/cyber-resilience circulars apply with particular emphasis for these members

Members renewing or upgrading exchange membership category (e.g., trading member to clearing member, or adding a new segment such as commodity derivatives to an existing equity membership) — a fresh or updated Net Worth Certificate and eligibility documentation is required

Members undergoing an exchange inspection or a SEBI-directed special audit following a client complaint, a margin-reporting discrepancy, or an identified segregation lapse — an independent audit response is often required within a tight regulatory timeline

Sub-brokers, Authorised Persons (APs), and franchise arrangements operating under a broker's registration — while the primary audit obligation rests with the registered trading member, the internal audit scope typically extends to reviewing AP-level client onboarding, order routing, and brokerage-sharing compliance

Brokers preparing for a change in control, a strategic investment, or an acquisition — buyers and their advisors routinely require a review of internal audit history, exchange inspection findings, and outstanding regulatory observations as part of financial and regulatory due diligence

What this audit is not, and where it differs from other engagements

Not a substitute for the Companies Act statutory audit under Section 143 — a broker incorporated as a company still requires its own annual statutory audit of financial statements in addition to, and independent of, the exchange-mandated internal audit

Not applicable in this specific form to entities that merely trade through a broker as clients (individuals, HUFs, corporates placing orders) — the SEBI/exchange internal-audit obligation applies to the registered trading/clearing member and DP, not to the member's clients

Not the same engagement as a tax audit under Section 44AB of the Income-tax Act, which a broking entity crossing the applicable turnover threshold — including, for derivatives trading, turnover computed per the specific method prescribed for F&O transactions — separately requires

Not a one-time certification — the internal audit is a recurring half-yearly obligation for the entire period the entity holds exchange membership, with follow-up action reports typically required after each cycle, not a single annual exercise

Not identical across segments — a member active on NSE cash, NSE F&O, BSE, and MCX may face overlapping but not identical audit scope, periodicity nuances, and reporting formats across each exchange, and each exchange's specific circular governs the exact requirement for that segment

Not a service PNPC can provide on a fully independent basis where PNPC also handles the broker's day-to-day accounting or compliance function for the same period without addressing the independence expectations that SEBI and exchange circulars place on the internal auditor — we structure engagements to preserve that independence

Structure Comparison

Broker/Commodity Member Audit obligations vs other audit and assurance engagements

FeatureSEBI Internal Audit (Broker/DP)System AuditNet Worth CertificateCompanies Act Statutory AuditTax Audit (Sec 44AB)
Governing frameworkSEBI circulars on internal audit of stock brokers/DPs; exchange circulars (NSE/BSE/MCX)SEBI circulars on system audit, algo trading, cyber security & cyber resilienceSEBI (Stock Brokers) Regulations 1992 + exchange membership normsCompanies Act 2013, Section 143Income-tax Act 1961, Section 44AB
Who it applies toEvery registered trading/clearing member and Depository ParticipantMembers meeting SEBI's prescribed criteria (turnover, algo usage, colocation access)All trading/clearing members, periodically, by membership categoryEvery company registered under the Companies ActBusinesses crossing prescribed turnover/receipts thresholds
PeriodicityHalf-yearly (April–September and October–March cycles, broadly)Periodic, per applicable SEBI cycle for the member's categoryPeriodic, as prescribed by the exchange for the membership categoryEvery financial year, without exceptionEvery financial year, if threshold crossed
Who can perform itIndependent, exchange-empanelled CA, CS, or Cost Accountant meeting prescribed experience/certification criteria (empanelment mandatory from HY March 2024)Exchange-empanelled auditor holding prescribed IS-audit certification (CISA/DISA/CISM/CISSP)Practising Chartered AccountantChartered Accountant appointed under Section 139Chartered Accountant
Reported toBroker's Board/governing body, and to the relevant exchange in prescribed formatSEBI / exchange, per the applicable system audit circularExchange, as part of membership eligibility/renewal documentationRoC via AOC-4 (annexed to financial statements)Income-tax e-filing portal
Core focusKYC/UCC, order & trade management, margin, client fund/securities segregation, grievance redressalTrading technology, algo controls, cybersecurity, data centre & DR, access controlsMinimum net worth compliance for the membership category heldTrue and fair view of financial statements, Ind AS/AS complianceCompliance of accounts with Income-tax Act provisions
Consequence of defaultExchange penalty, show-cause, adverse inspection finding, risk to membership continuationRegulatory action for inadequate technology controls, especially post-incidentMembership eligibility questioned; may restrict segment-wise trading activityCompany + officers penalised under Sec 147; audit report itself may be qualifiedPenalty under Section 271B, up to prescribed limits

These are overlapping but distinct obligations, and a single broking entity typically carries several of them simultaneously. Exact periodicity, applicability thresholds, and reporting formats are governed by SEBI master circulars and exchange-specific circulars that are periodically updated — PNPC confirms the current applicable framework for your specific membership category and segment mix before scoping any engagement, rather than relying on a generic checklist.

How it works
#Stage & What PNPC DoesCA Advice Portals Never GiveTimeline
1Membership & Segment Mapping — Understanding exactly what you are registered forBefore any audit begins, we map out precisely which exchange memberships you hold — NSE cash, NSE F&O, NSE currency derivatives, BSE, MCX commodities — and whether you operate as a trading member, clearing member, or self-clearing member, and whether you also hold DP registration with NSDL/CDSL. Each combination carries its own applicable circulars and reporting windows, and getting this map wrong at the outset produces an audit scoped to the wrong requirements.Week 1
2Engagement Letter & Independence ConfirmationSEBI and exchange circulars expect the internal auditor to be independent of the broker's day-to-day dealing and back-office operations, and to be formally empanelled with the relevant exchange meeting its prescribed experience and certification criteria. We confirm our empanelment status and document our independence position before accepting the engagement — including where PNPC may already provide other services to the same broking entity — and set out the scope, the reporting period, and the deliverable format expected by the relevant exchange(s).Week 1
3KYC & Client Onboarding Review — UCC allotment and documentationWe test a sample of client registrations for KYC completeness, correct Unique Client Code (UCC) allotment and usage across all orders placed for that client, in-person verification or its permitted digital equivalent, and adherence to risk-profiling and suitability documentation — areas where exchanges frequently raise observations during their own inspections.Week 2
4Order & Trade Management Review — Unauthorised trading and modification controlsWe review order placement, modification, and cancellation logs for evidence of unauthorised trading, verify that client instructions (where not placed directly by the client through an approved trading terminal or app) are properly authorised and recorded, and check dealer-level access controls and audit trails on the trading system.Week 2–3
5Margin Collection & Reporting VerificationWe reconcile margin collected from clients against margin reported to the exchange/clearing corporation for a test period, checking for any shortfall in upfront margin collection, incorrect margin category classification, or discrepancies between the broker's internal ledger and the exchange's margin reporting file — a recurring focus area in exchange inspections and one where penalties for reporting mismatches are common.Week 3
6Client Fund & Securities Segregation TestingWe verify that client funds are maintained in designated client bank accounts separate from the broker's own accounts, that the running account settlement of client funds is carried out at the prescribed frequency chosen by each client, that client securities are held in the appropriate client-designated demat/pool accounts, and that no evidence of commingling, use of one client's funds/securities to meet another client's obligation, or use of client money for the broker's proprietary positions is found.Week 3–4
7Contract Note, Brokerage & Statement of Accounts ReviewWe test contract notes for timely issuance and completeness of prescribed disclosures, verify brokerage charged is within the rates disclosed to and agreed by the client, and check that periodic statements of accounts (funds and securities) are issued to clients within the prescribed timelines.Week 4
8Risk Management System (RMS) ReviewWe examine how the broker's Risk Management System enforces exposure limits, margin calls, and auto-square-off/liquidation triggers for clients with insufficient margin, and whether RMS parameters are properly documented, Board-approved, and consistently applied rather than manually overridden without an audit trail.Week 4–5
9Grievance Redressal & SCORES Compliance CheckWe review the broker's investor grievance register, resolution turnaround against the prescribed timelines, and reconciliation with complaints logged on SEBI's SCORES platform and the exchange's own investor grievance mechanism, to confirm nothing is being resolved informally without proper record.Week 5
10System Audit Coordination (Where Applicable)Where the broker meets SEBI's criteria for a mandatory System Audit (based on algo trading activity, colocation access, or other prescribed factors), we coordinate the technology-focused audit — cybersecurity controls, data centre and disaster recovery arrangements, algo strategy approvals and kill-switch mechanisms — either through PNPC's own qualified resources or by liaising with an exchange-empanelled system auditor holding the prescribed IS-audit certification, so that findings from both audits are read together, not in isolation.Parallel track, as applicable
11Draft Findings, Board Discussion & Management ResponseWe share draft observations with the broker's management and Board/governing body before finalising the report, giving time to provide explanations, produce missing documentation, or commit to specific corrective action — which then forms the 'action taken' component the exchange expects alongside the audit report itself.Week 5–6
12Final Report & Exchange Submission SupportWe finalise the internal audit report in the format prescribed by the relevant exchange, generate UDIN for the signed report on the ICAI portal, and support the broker's compliance team in uploading or submitting the report within the exchange's prescribed window for that half-year cycle.Week 6
13Next-Cycle Tracking & Regulatory Update MonitoringSEBI and exchange circulars on broker audit, margin, and segregation norms are updated periodically. We track your next half-yearly audit due date, any interim compliance obligations, and flag relevant regulatory circular changes that affect your scope before the next cycle begins — rather than starting each half-year's audit from a blank slate.Ongoing, every half-year cycle

Realistic timeline for a mid-sized broking/commodity trading member with organised records: 5-6 weeks from engagement letter to final report submission, timed to the exchange's half-yearly reporting window. Members with multiple exchange memberships, active algo trading, or a first-time engagement with PNPC typically need a longer runway — we recommend beginning each half-year's audit planning at least 6-8 weeks before the exchange submission deadline for that cycle.

Document Checklist
Membership & Registration Documents

SEBI Certificate of Registration as stock broker / trading member / clearing member, and any segment-specific registration (F&O, currency derivatives, commodity derivatives)

Exchange membership approval letters from NSE, BSE, and/or MCX, including details of trading member ID, clearing member ID, and Depository Participant ID where applicable

Latest Net Worth Certificate submitted to the exchange and the underlying computation working papers

Details of Authorised Persons (APs) and sub-broker/franchise arrangements operating under the member's registration, with their respective agreements

Constitution documents — Certificate of Incorporation/Partnership Deed/LLP Agreement as applicable, and any changes in shareholding, directorship, or partners during the audit period

Client Onboarding & KYC Records

Sample or complete client master data extract, including UCC allotment records for all active clients during the audit period

KYC documentation for a representative sample of clients — PAN, address proof, bank and demat account details, risk profiling/suitability assessment

Client registration agreements (Rights and Obligations documents, tariff sheets, risk disclosure documents) duly signed and acknowledged

In-person verification (IPV) or digital KYC equivalent records for the sample tested

Records of client account modifications, reactivations, or closures during the period

Trading, Order & Margin Records

Order logs, trade logs, and modification/cancellation logs for the audit period, extracted from the trading system

Margin collection records — client-wise upfront margin collected against exchange-prescribed margin requirements

Margin reporting files submitted to the exchange/clearing corporation for the corresponding period, for reconciliation against internal records

Risk Management System (RMS) parameter documentation, Board-approved exposure limits, and any manual override/exception logs

Details of any auto square-off, forced liquidation, or debit-balance client accounts during the period

Client Fund & Securities Segregation Records

Bank statements for all designated client bank accounts, separately identifiable from the broker's own operating/proprietary bank accounts

Client-wise fund ledger reconciled to the designated client bank account balances as at period-end

Running account settlement records — evidence of settlement at the frequency (monthly/quarterly, or as elected) chosen by each client

Demat/pool account statements for client securities, separately identifiable from the broker's proprietary demat holdings

Details of any pledge, re-pledge, or margin funding arrangements involving client securities, with supporting client authorisation

Contract Notes, Brokerage & Investor Grievance Records

Sample of contract notes issued during the period, for completeness and timeliness verification

Brokerage rate cards agreed with clients and a sample reconciliation of brokerage charged against the agreed rate

Periodic statements of accounts (funds and securities) issued to clients, with evidence of issuance timelines

Investor grievance register, including complaints received directly and through SCORES/exchange investor grievance mechanisms, with resolution status and turnaround time

Any arbitration references, exchange investor grievance escalations, or SEBI correspondence relating to client complaints during the period

Technology, System Audit & Governance Records

Details of trading technology architecture, including any algo trading strategies deployed, colocation/proximity hosting arrangements, and API access provided to clients or vendors

Previous System Audit report and closure status of prior observations, where a System Audit is applicable to the member

Cybersecurity and cyber-resilience policy documentation, business continuity/disaster recovery plan, and evidence of periodic testing

Minutes of Board/governing body meetings at which the previous internal audit report and compliance status were placed and discussed

Prior half-year's internal audit report, management response, and evidence of closure of previous audit observations

Ongoing obligations
PhaseTriggered ByPNPC CA GuidanceRisk If Ignored
New Membership OnboardingSEBI registration granted / exchange membership approvedNet worth certification support at registration, and structuring of the compliance calendar for the first half-yearly internal audit cycle, client fund segregation account setup, and UCC/KYC process design before the first client is onboarded.Weak onboarding-stage processes for KYC, UCC allotment, and client fund segregation create findings in the very first internal audit cycle and can attract early exchange scrutiny.
First Half-Yearly Internal AuditFirst reporting cycle after commencing trading operationsFull-scope internal audit covering KYC, order/trade management, margin, segregation, contract notes, RMS, and grievance redressal, benchmarked against the applicable SEBI and exchange circulars current at the time, with findings placed before the Board before exchange submission.A poorly scoped or superficial first audit sets a weak baseline, and issues not caught early tend to compound across subsequent half-yearly cycles.
Ongoing Half-Yearly CycleEvery April-September and October-March period (or the applicable cycle)Recurring internal audit with continuity from the prior cycle — tracking closure of earlier observations, adjusting scope for any new products, segments, or regulatory circulars introduced during the period, and timely report submission within the exchange's prescribed window.Late or superficial audit submissions accumulate as an adverse compliance pattern that exchanges weigh during their own periodic inspections and any subsequent regulatory action.
System Audit CycleMember crosses SEBI's prescribed criteria for mandatory system audit applicability (algo trading, colocation, turnover-linked criteria)Coordination of the technology-focused system audit alongside the operational internal audit, ensuring cybersecurity, algo control, and data centre/DR findings are read together with operational findings rather than treated as an unrelated exercise.Weak algo-trading controls or cybersecurity gaps identified only after an incident (unauthorised access, erroneous algo behaviour) draw materially more severe regulatory scrutiny than issues identified and remediated through a timely system audit.
Exchange InspectionRoutine or trigger-based inspection by NSE/BSE/MCXPreparation support — reconciling internal audit history, prior observation closure status, and documentation readiness before the inspection team's visit or remote review, and coordinating the broker's response to inspection queries.A poor inspection outcome, especially one inconsistent with a member's own internal audit reports, can trigger a more detailed SEBI-level review, monetary penalty, or in serious cases restriction on further client onboarding or trading activity.
Segment ExpansionAdding a new exchange membership or trading segment (e.g., adding MCX commodities to an existing NSE/BSE equity membership)Fresh net worth eligibility assessment for the new segment, mapping the additional circulars and reporting obligations that come with the new membership, and integrating the new segment into the existing half-yearly audit scope rather than running a parallel, disconnected compliance process.Treating a new segment's compliance obligations as identical to the existing one, without confirming segment-specific circulars, risks a gap in coverage that surfaces only when the new segment's own reporting deadline is missed.
Client Complaint / Regulatory Query EscalationSEBI SCORES complaint, exchange investor grievance escalation, or arbitration referenceIndependent review of the specific transaction or account at issue, supporting documentation preparation, and coordination of the broker's formal response — informed by, but distinct from, the routine half-yearly audit process.An unaddressed or poorly documented response to a client complaint can escalate from an individual grievance into a broader exchange or SEBI inquiry into the broker's overall compliance standards.
Membership Surrender / Business Wind-DownVoluntary surrender of exchange membership or cessation of broking businessFinal settlement verification of all client funds and securities, closure confirmation of client accounts, a closing net worth and compliance position, and coordination of the exchange's membership surrender formalities alongside any final statutory audit requirements for the entity.Surrendering membership with unresolved client fund balances or open grievances can result in the exchange withholding final clearances, delaying the broker's own exit and creating personal exposure for the entity's principals/directors.

The half-yearly internal audit cycle runs for the entire life of a broker's exchange membership — it does not taper off once initial onboarding issues are resolved. PNPC recommends treating each phase above as a trigger to revisit audit scope rather than assuming the prior cycle's programme automatically covers a changed business.

Frequently asked
What exactly is a 'Broker Audit' — is it one audit or several different ones?

It is a family of related but distinct audit and certification obligations that a SEBI-registered stock or commodity broker faces because of its exchange membership — principally the half-yearly Internal Audit mandated by SEBI for all trading/clearing members and Depository Participants, alongside periodic System Audit (for members meeting specified technology/algo-trading criteria), Net Worth Certification, and the entity's own Companies Act statutory audit if it is incorporated as a company. PNPC typically scopes these together for a client so the overall compliance picture is coherent, even though each has its own periodicity and reporting format to the relevant exchange or regulator.

Practitioner noteNew broking entities are often surprised that 'the audit' is not a single annual event the way a Companies Act audit is. We map out the full audit calendar — which obligation, which exchange, which window — at the very first engagement conversation, so nothing is discovered only when a deadline has already passed.
How often is the SEBI-mandated Internal Audit required for a stock broker?

The Internal Audit of stock brokers and Depository Participants is a half-yearly obligation under SEBI's applicable circulars, meaning it is conducted twice a year, with the report and follow-up compliance status typically required to be placed before the broker's Board or governing body and reported to the relevant exchange within the timeline that exchange's circular prescribes for that half-year cycle. Exact submission windows are set by exchange circulars, which PNPC confirms as current before each cycle rather than assuming a fixed calendar date applies indefinitely.

Practitioner noteWe build the half-yearly cycle into the client's compliance calendar from the first engagement, with planning starting well before the exchange's submission window opens — a rushed internal audit compressed into the final days before a deadline is where the weakest testing tends to happen.
Who is eligible to conduct a broker's internal audit — can any Chartered Accountant do it?

SEBI and exchange circulars require the internal auditor to be an independent practising professional — a Chartered Accountant, Company Secretary, or Cost Accountant holding a valid Certificate of Practice — who is not part of the broker's day-to-day dealing or back-office operations. Since the half-year ended March 2024, exchanges have also tightened this further: the audit firm must be formally empanelled with an exchange, hold a minimum prescribed audit track record, and have a partner or employee holding the relevant securities-market certification, and exchanges accept internal audit reports only from firms on this empanelled list. Not every practising CA/CS/Cost Accountant automatically qualifies any more. PNPC confirms and documents this empanelment and independence position at the engagement letter stage for every broker audit we accept.

Practitioner noteWe are occasionally approached by brokers whose existing accountant or compliance officer also 'signs off' the internal audit informally. That does not meet the independence expectation the regulatory framework is built around, and it is exactly the kind of gap an exchange inspection is designed to catch.
What does the internal auditor actually check during a broker audit?

The scope spans client onboarding and KYC/UCC compliance, order and trade management controls (including checks for unauthorised trading), margin collection and reporting accuracy against exchange records, client fund and securities segregation, contract note and brokerage compliance, Risk Management System (RMS) functioning, and investor grievance redressal turnaround including reconciliation with SCORES complaints. The precise checklist and its emphasis areas are periodically updated by SEBI and the exchanges, and PNPC scopes each cycle against the currently applicable framework for the member's specific segment mix.

Practitioner noteMargin reporting reconciliation and client fund segregation are consistently where we find the most substantive issues in our experience — not because brokers are being deliberately non-compliant, but because these areas involve daily reconciliation discipline that is easy to let slip during high-volume trading periods.
What is client fund and securities segregation, and why does the audit focus on it so heavily?

Segregation refers to SEBI's requirement that a broker keep client funds and client securities in designated accounts that are legally and operationally distinct from the broker's own (proprietary) funds and securities, so that client money cannot be commingled with, or used to meet, the broker's own obligations or another client's shortfall. This is the single most important investor-protection mechanism in the broking framework, because a broker in financial difficulty that has kept segregation intact leaves client assets largely unaffected, whereas commingling can expose client money directly to the broker's own solvency risk. The internal audit specifically tests bank and demat account segregation, running account settlement discipline, and the absence of any client-to-client or client-to-proprietary fund movement.

Practitioner noteThis is the area where we recommend zero tolerance for informal exceptions — even a temporary, well-intentioned use of one client's surplus to cover another's shortfall for a day is exactly the pattern regulatory frameworks are built to prevent, and it is the first thing exchange inspection teams test for.
What is a Unique Client Code (UCC) and what happens if it is used incorrectly?

The UCC is the unique identifier every client must have, allotted before any order is placed on their behalf, so that every trade on the exchange can be traced to the specific client for whom it was executed. Placing an order under the wrong UCC, using a UCC that has not been properly KYC-verified, or allowing trades to be modified between client codes after execution without proper authorisation are all treated as serious compliance failures, because they undermine the exchange's ability to attribute trades correctly and can be a vector for unauthorised proprietary trading dressed up as client activity. The internal audit specifically tests UCC allotment records and order-level UCC usage.

Practitioner noteUCC modification/client code modification after trade execution is one of the most closely watched areas by exchanges precisely because it has historically been misused. We review any post-trade client code modifications with particular scrutiny and expect a clear, documented, client-authorised reason for each one found.
What is a System Audit, and does every broker need one?

A System Audit is a technology-focused examination of a broker's trading systems, cybersecurity controls, data centre and disaster recovery arrangements, and — where applicable — algorithmic trading controls (strategy approval process, risk controls, kill-switch mechanisms). It is mandated by SEBI for brokers meeting specified criteria, which can include factors such as offering algo trading facilities, holding colocation/proximity hosting access, or crossing prescribed turnover thresholds — it is not universally required for every broker regardless of scale and technology footprint. PNPC confirms applicability for each client against the current SEBI framework rather than assuming either that it is or is not required.

Practitioner noteBrokers offering even a modest algo trading facility to clients are often unaware that this alone can trigger system audit applicability. We flag this specifically when reviewing a broker's product offering, not just their turnover, because the algo/colocation trigger is easy to miss if you are only looking at revenue scale.
What is a Net Worth Certificate, and how often does it need to be renewed?

A Net Worth Certificate is a Chartered Accountant's certification of the broker's computed net worth as at a specific date, submitted to the exchange to demonstrate continued compliance with the minimum net worth prescribed for the member's specific category — which differs by segment (cash, F&O, currency derivatives, commodity derivatives) and by whether the member is a trading member, self-clearing member, or professional clearing member. Exchanges prescribe the periodicity at which an updated certificate must be filed, and additional certification is typically required when a member applies for a new segment or membership category.

Practitioner noteWe compute net worth using the specific formula prescribed by the exchange for the member's category — which excludes certain assets and includes specific adjustments — rather than simply certifying the accounting net worth from the balance sheet. The two figures are often meaningfully different, and using the wrong one is a common error we catch when reviewing a broker's prior certificates.
Do commodity brokers on MCX face the same audit requirements as equity/F&O brokers on NSE and BSE?

Broadly yes, in framework — since commodity derivatives exchanges came under SEBI's direct regulation, MCX members are subject to materially the same internal audit, net worth, risk management, and client-fund segregation discipline that applies to NSE and BSE members, with MCX's own circulars governing the exact reporting formats, timelines, and any commodity-specific nuances (such as delivery-related processes for physically settled commodity contracts). A member active across NSE, BSE, and MCX typically needs a coordinated audit approach that respects each exchange's specific submission requirements rather than a single generic report.

Practitioner noteDelivery-based settlement in commodities introduces operational checks that don't arise in a purely cash-settled equity/F&O business — warehouse receipt handling, delivery margin, and physical settlement reconciliation, where applicable. We scope the MCX-specific elements of the audit separately rather than treating it as identical to the equity-segment audit.
What happens if the internal audit report is submitted late to the exchange?

Late or non-submission of the mandated internal audit report is treated by exchanges as a compliance default, and depending on the exchange's specific enforcement framework and the extent of the delay, can attract a monetary penalty, a formal notice, or be factored into the exchange's broader risk assessment of the member during subsequent inspections. Repeated defaults across cycles compound the member's compliance risk profile with the exchange. PNPC builds in enough runway before each submission window specifically to avoid this outcome.

Practitioner noteThe exact penalty structure for late submission is set and periodically revised by each exchange's own circulars, so we always confirm the current applicable consequence with the client rather than quoting a figure that may have since changed — what does not change is that late submission is treated as a compliance default worth actively avoiding.
Can the same CA firm that handles our accounting also perform our internal audit?

This needs to be approached carefully, in the same spirit as the independence expectations under the Companies Act framework for statutory auditors. SEBI and exchange circulars expect the internal auditor to be independent of the broker's day-to-day operations, so PNPC structures engagements — where we also provide accounting or other advisory services to a broking client — to preserve that independence, including by using a separate, appropriately independent engagement team, or recommending a different independent firm for the internal audit where that better protects the credibility of the audit for the client's own regulatory standing.

Practitioner noteWe take this seriously because an exchange or SEBI review of an internal audit report from a firm with an obvious independence conflict carries materially less weight — and in some circumstances can itself become an adverse finding for the broker.
Our brokerage firm is a partnership, not a company. Does the internal audit still apply?

Yes. The SEBI/exchange internal audit obligation attaches to the trading/clearing membership itself, not to the legal form of the entity holding it — partnership firms, LLPs, and companies that hold SEBI registration and exchange membership are all subject to the same half-yearly internal audit requirement. The entity's legal form does, however, affect which other audits apply — for instance, a company additionally requires a Companies Act statutory audit, while a partnership firm does not, though it may still require a tax audit under Section 44AB depending on turnover.

Practitioner noteWe map the full audit obligation set against the entity's actual legal structure at the start of every broker engagement, because assuming a partnership firm's obligations mirror a company's (or vice versa) leads to either unnecessary work or, worse, a missed requirement.
What are Authorised Persons (APs), and does the internal audit cover them too?

An Authorised Person is an individual or entity engaged by a registered trading member to provide broking-related services to clients on the member's behalf — effectively an extension of the broker's distribution — operating under an agreement with, and under the regulatory umbrella of, the principal trading member's registration. While APs are not separately SEBI-registered as brokers in their own right, the internal audit of the principal trading member typically extends to reviewing AP-level client onboarding practices, order routing arrangements, and brokerage-sharing compliance, because the principal member remains responsible for the AP's conduct under exchange rules.

Practitioner noteWe recommend brokers with a significant AP/franchise network build AP-level sampling into every internal audit cycle rather than testing only head-office activity — a large share of onboarding and grievance issues we encounter originate at the AP level, not at the broker's own branch operations.
What is 'running account settlement' and why does the internal audit test it?

Running account settlement refers to the periodic settlement of the credit balance in a client's trading account back to the client, at a frequency the client has elected (commonly monthly or quarterly, subject to the prescribed maximum interval), rather than the broker holding client funds indefinitely. SEBI's framework is designed to prevent brokers from retaining client credit balances beyond what is operationally necessary, since prolonged retention increases the client's exposure to the broker's own financial health. The internal audit tests whether settlements are actually occurring at the elected frequency and whether any client's running account shows an unexplained pattern of retained balances.

Practitioner noteWe flag any client account showing a consistently high, un-settled credit balance across multiple cycles for specific review — it is one of the clearer red flags of either a process breakdown or, in a worse case, funds being used for purposes other than that specific client's benefit.
How does PNPC handle a broker with membership across multiple exchanges and segments — NSE, BSE, and MCX together?

We first map the complete membership and segment matrix — trading member/clearing member status on each exchange, each segment (cash, F&O, currency derivatives, commodity derivatives), and any DP registration — and identify the specific circular framework applicable to each. We then run a coordinated audit programme that tests common control areas (KYC, segregation, RMS, grievance redressal) once across the entity while still producing the segment-specific and exchange-specific reports each exchange separately requires in its own prescribed format and submission window.

Practitioner noteRunning genuinely separate, disconnected audits for each exchange when a single entity holds multiple memberships wastes both the client's time and ours, and risks inconsistent findings across reports covering the same underlying operations. A coordinated approach, with exchange-specific reporting at the end, is more efficient and produces a more coherent overall compliance picture.
What documentation should we start preparing before engaging PNPC for our first broker audit?

At minimum: your SEBI registration certificate and exchange membership approvals, the prior half-year's internal audit report (if this is not your first cycle) and evidence of closure of its observations, a client master data extract with UCC details, bank statements for designated client accounts, margin reporting files submitted to the exchange for the period, and Board/governing body minutes discussing the previous audit's findings. PNPC issues a tailored document request at the engagement letter stage based on your specific membership, segment mix, and whether algo trading or DP operations are involved.

Practitioner noteThe single biggest driver of a smooth broker audit cycle is having client fund reconciliations and margin reporting files already reconciled internally before we begin fieldwork — brokers who reconcile these monthly, rather than only at half-year end, consistently get through the audit faster and with fewer findings.
Does PNPC also handle the Companies Act statutory audit for a broking company, or only the exchange-mandated internal audit?

PNPC provides both, where appropriate, structured to respect the independence expectations that apply to each. A broking entity incorporated as a company requires its Companies Act statutory audit under Section 143 in addition to the SEBI/exchange internal audit — these are separate, non-substitutable engagements with different scopes, appointing authorities, and reporting destinations. Where PNPC is engaged for both, we ensure the two engagements are properly delineated and, where independence considerations require it, staffed by separate teams within our practice.

Practitioner noteWe explain this distinction to every new broking client at the outset, because it is a common point of confusion — a signed internal audit report does not fulfil the statutory audit requirement for a company, and vice versa; both are needed where both apply.
What is the consequence of a serious segregation or margin-reporting lapse found during the audit?

Findings of this nature are reported to the broker's Board/governing body as part of the audit process and, depending on the exchange's own framework and the severity of the lapse, may need to be reported to the exchange as part of the audit submission or flagged for the exchange's separate attention. Depending on severity, exchanges can respond with monetary penalties, enhanced monitoring, additional inspection, or in serious and repeated cases, restrictions on the member's trading or client onboarding activity — the specific enforcement action is at the exchange's and SEBI's discretion based on the facts.

Practitioner noteOur approach when a genuine lapse is found is to document it clearly, help the client understand the corrective action needed, and support a transparent disclosure process rather than minimising the finding — a lapse identified and promptly corrected through the broker's own internal audit process is viewed very differently by a regulator than the same lapse discovered independently during an exchange inspection.
Are there any exemptions from the half-yearly internal audit for smaller or newly registered brokers?

The internal audit obligation is applied broadly across registered trading/clearing members and Depository Participants rather than being scaled purely on business size, though the depth and complexity of testing naturally reflects the scale and nature of the member's actual operations. A newly registered broker with a small client base still needs a properly scoped internal audit for its first applicable half-yearly cycle. PNPC confirms current applicability and any specific relief that may exist for a given category directly against the exchange's current circulars rather than assuming a blanket exemption based on size alone.

Practitioner noteWe would rather confirm the current position for a specific client's exact category against the latest circular than rely on a general assumption — exchange and SEBI frameworks in this space are updated periodically, and a rule of thumb from a few years ago can be out of date.
How does PNPC's UAE presence help a broker with cross-border clients or a related entity in Dubai?

For India-registered brokers with NRI clients based in the UAE, or a broking group that also operates a related entity in Dubai (for instance, under DFSA or other UAE regulatory frameworks for financial services), PNPC's Dubai office coordinates with our India audit team so that client onboarding for UAE-resident clients, any intercompany arrangements between the Indian and UAE entities, and cross-jurisdictional regulatory correspondence are handled consistently rather than by two disconnected advisors.

Practitioner noteNRI client onboarding carries its own additional KYC and FEMA-related documentation considerations on the Indian broking side. We flag this specifically for clients with a meaningful NRI client base, so it is tested as part of the internal audit's KYC review rather than assumed to be identical to resident client onboarding.
What is the difference between a trading member and a clearing member, and does it change the audit scope?

A trading member is registered to place orders and execute trades on the exchange on behalf of clients or itself. A clearing member additionally has the responsibility (either for itself as a self-clearing trading member, or on behalf of other trading members as a professional clearing member) for settling trades with the clearing corporation — managing margin obligations, settlement obligations, and default fund contributions at the clearing level. A clearing member's audit scope typically extends further into clearing-level margin and settlement controls, in addition to the trading-member-level scope that applies regardless.

Practitioner noteWe scope clearing-member engagements with specific attention to settlement guarantee fund contributions and margin obligations owed to the clearing corporation — an area that does not arise at all for a pure trading member that clears through another entity.
How does PNPC price a broker/commodity member audit engagement?

Fees are structured based on the number of exchange memberships and segments covered, client base size and transaction volume (which drives sample sizes for KYC, order, and margin testing), whether System Audit coordination is required, whether DP operations are also in scope, and the quality and organisation of records provided. PNPC provides a written scope and fee estimate before the engagement letter is signed for each half-yearly cycle, so there are no surprises once the engagement begins.

Practitioner noteWe do not price this as a race-to-the-bottom, box-ticking service. A properly resourced internal audit — with genuine testing of segregation, margin reporting, and UCC controls — costs more than the cheapest available signature, and it is the audit your exchange and, ultimately, your clients are relying on for protection.
What happens during an exchange inspection, and how does our internal audit history factor into it?

Exchanges conduct their own periodic or trigger-based inspections of trading members, independent of the member's own internal audit process, examining many of the same control areas — KYC, segregation, margin, RMS — often with direct access to the exchange's own trade and margin data. A member's internal audit reports and the evidence of closure of prior observations are typically reviewed by the inspection team as part of assessing the member's overall compliance culture — a consistent pattern of thorough internal audits with promptly closed findings is viewed very differently from a pattern of superficial audits or unresolved recurring observations.

Practitioner noteWe advise clients to treat the internal audit as their own early-warning system, not merely a parallel obligation to the exchange's inspection. A broker that takes internal audit findings seriously and closes them before the next cycle walks into an exchange inspection in a materially stronger position than one that treats the internal audit as a formality.
Can PNPC help with the response if SEBI or an exchange raises a show-cause notice following an inspection?

Yes. Where a broking client receives a show-cause notice or inspection finding from SEBI or an exchange, PNPC can support the preparation of the factual and documentary response — reconciling the specific transactions or periods at issue, coordinating with the client's legal counsel where the matter has legal/enforcement dimensions, and helping identify and implement the corrective action the regulator or exchange is likely to expect as part of the resolution.

Practitioner noteWe are clear with clients that PNPC's role in a show-cause response is the accounting, audit, and compliance-documentation dimension — for matters involving legal representation before SEBI or an exchange's disciplinary process, we work alongside the client's securities law counsel rather than in place of one.
Why should a broking firm choose PNPC over a firm that only offers a signature-only internal audit?

A signature-only internal audit — minimal sampling, boilerplate observations, quick turnaround to unlock the exchange submission — creates the appearance of compliance without the underlying protection the audit exists to provide. If a segregation lapse, margin misreporting, or UCC misuse is present but not caught because the audit was superficial, the broker remains fully exposed to it surfacing later through an exchange inspection or, worse, an investor complaint — at that point with the added complication of an internal audit report on file that did not flag it. PNPC's audits test the actual control environment, document findings clearly, and follow through to confirm closure before the next cycle — which is what genuinely reduces the broker's regulatory risk, not just the paperwork burden.

Practitioner noteWe have taken on brokers switching to us specifically after an exchange inspection uncovered issues their previous internal audit reports had not flagged. The gap between a genuine audit and a signature-only one is invisible until it matters — and by then, the cost of the gap is far higher than the fee difference would ever have been.
What does the PNPC broker/commodity member audit engagement include, in full?

Membership and segment mapping across all your exchanges. Engagement letter with documented auditor independence. Full-scope internal audit covering KYC/UCC, order and trade management, margin collection and reporting, client fund and securities segregation, contract notes and brokerage, RMS, and grievance redressal/SCORES reconciliation. System Audit coordination where applicable. Draft findings shared with management and your Board/governing body before finalisation. Final report in the exchange-prescribed format with UDIN generated on the ICAI portal. Submission support within the exchange's window. Tracking of your next half-yearly cycle and monitoring of relevant regulatory circular updates in between.

Practitioner noteEverything above is scoped and agreed in writing at the engagement letter stage for each half-yearly cycle. Where System Audit or DP-operations audit is separately required, we scope and quote that as a clearly identified additional component rather than bundling it invisibly into the core internal audit fee.
If we are a new broking entity that has not yet completed our first trading cycle, when should we engage PNPC?

We recommend engaging your internal auditor before your first client is onboarded, not after your first half-year cycle has already closed. Early engagement allows PNPC to review your KYC/UCC process design, client fund segregation account setup, RMS parameter documentation, and contract note templates before they go live — so the first internal audit cycle tests a properly designed control environment rather than uncovering foundational gaps after months of live trading activity.

Practitioner noteThe cost of redesigning a client onboarding or fund segregation process after several months of live operation — including any client-facing corrections that may be needed — is consistently higher than the cost of getting the design right before go-live. We treat this pre-launch review as one of the highest-value conversations we have with a new broking client.
What is a Depository Participant (DP) internal audit, and is it different from the broker internal audit?

A Depository Participant registered with NSDL and/or CDSL faces a separately mandated half-yearly internal audit of its DP operations, prescribed under the respective depository's byelaws and operating instructions — covering demat account opening (KYC), transmission and dematerialisation/rematerialisation requests, pledge and unpledge processing, delivery instruction handling, and account closure procedures. Where a broking entity is also a registered DP (a very common combination), PNPC coordinates both audits so that findings on client account handling are consistent across the broking and depository sides of the business, while still producing the two separate reports each regulator requires.

Practitioner noteWe see brokers occasionally treat DP operations as a minor add-on to the core broking audit. Given that a DP directly holds client securities, the depositories' own audit expectations are just as rigorous as the exchange's broking-side requirements, and we scope it with equal weight.
What is 'upstreaming' and 'downstreaming' of client funds, and why does it matter for the audit?

Upstreaming refers to SEBI's framework requiring brokers to place client funds collected for margin purposes with the clearing corporation (rather than holding them indefinitely with the broker or in bank fixed deposits/overnight instruments outside the clearing ecosystem), with downstreaming being the corresponding return flow of funds back to the broker or client as obligations are met or funds are no longer required as margin. This framework was specifically designed to reduce the risk of client margin funds being available for a broker to use inappropriately. The internal audit tests whether the broker's upstreaming/downstreaming practice is being followed as prescribed, rather than funds being retained outside the permitted structure.

Practitioner noteThis is an area where the specific mechanics have been refined by SEBI over time through successive circulars, so we always confirm the currently applicable upstreaming framework — including permitted instruments and timelines — before testing a broker's compliance, rather than testing against an outdated version of the rule.
What is the difference between an 'internal audit' finding and a 'statutory' compliance breach — does a finding automatically mean the broker is in trouble?

Not necessarily. An internal audit finding is simply the auditor's observation that a specific process did not operate as prescribed for the sample or period tested — it could range from a minor documentation gap (a missing signature on a KYC form) to a serious control failure (evidence of client fund commingling). The audit report itself is a diagnostic tool: findings, management's response, and the corrective action taken are what the exchange and, if escalated, SEBI actually evaluate. A broker that identifies issues through its own internal audit and closes them promptly is generally viewed far more favourably than one where the same issue is later discovered externally.

Practitioner noteWe deliberately frame findings for clients in terms of severity and required corrective action, not as a pass/fail verdict — the value of the internal audit is in surfacing issues early enough to fix them, and clients who understand this get more genuine value from the process than those who treat every finding as an alarm.
Can a broker be penalised even if no client complaint was ever received, purely based on internal audit or inspection findings?

Yes. Exchange and SEBI enforcement action is not solely complaint-driven — internal audit findings, exchange inspection observations, and system-level surveillance (such as margin reporting discrepancies detected through the exchange's own data, or UCC/order-pattern anomalies flagged by exchange surveillance systems) can independently trigger regulatory scrutiny and action, entirely apart from whether any specific client has raised a grievance. This is part of why the internal audit's testing of margin reporting accuracy and segregation, not just grievance-register review, carries real weight.

Practitioner noteWe remind clients that a clean grievance register does not by itself indicate a clean compliance position — margin reporting accuracy and segregation integrity are tested independently in our audit precisely because these can be compliant or non-compliant regardless of whether any client has complained.
What role does the Board or governing body play in the internal audit process — is it just a formality to present the report to them?

SEBI and exchange expectations treat presentation of the internal audit report to the Board (or equivalent governing body for a partnership/LLP) as a genuine governance checkpoint, not a formality — the Board is expected to discuss the findings, direct and track corrective action, and be able to demonstrate that it exercised oversight over the compliance function, not merely receive the report as an information item. This becomes particularly relevant if an issue later escalates to an exchange inspection or SEBI action, where the quality of Board-level engagement with prior audit findings is itself scrutinised.

Practitioner noteWe prepare a structured findings summary specifically for Board-level discussion — not just the full technical report — so that Board members who are not accounting specialists can meaningfully engage with the findings and document their oversight, rather than rubber-stamping a lengthy technical document they have not substantively reviewed.
How does the internal audit treat dormant or inactive client accounts?

Dormant or long-inactive client accounts are typically tested for continued KYC validity (since KYC records can lapse or require periodic re-verification), any residual credit balance that should have been settled under the running account framework, and whether any activity occurred on an account that appeared otherwise dormant — which can be a red flag for unauthorised use of an inactive client code. Brokers are expected to have a defined policy for handling and periodically reviewing dormant accounts rather than leaving them unexamined indefinitely.

Practitioner noteWe specifically request a dormant-account listing as part of our document checklist and sample from it separately, rather than only testing active, high-volume accounts — dormant accounts are exactly where irregular activity is least likely to be noticed by the broker's own day-to-day team.
What is a kill-switch mechanism in algo trading, and does the audit test it?

A kill-switch is a control mechanism — required as part of SEBI's algo trading framework for brokers offering algorithmic trading facilities — that allows an algo strategy or a client's trading activity to be immediately halted if it breaches predefined risk parameters (such as an order-rate limit, a loss threshold, or erratic order patterns suggestive of a malfunctioning algorithm). Where a broker offers algo trading, the system audit and, to the extent operationally relevant, the internal audit test whether kill-switch mechanisms are properly configured, tested periodically, and have actually been triggered and logged where warranted.

Practitioner noteWe ask specifically for evidence that the kill-switch has been tested (not just configured) during the audit period — a control that exists on paper but has never actually been exercised or verified to work is a materially weaker control than one with a documented test history.
Does PNPC's broker audit cover cybersecurity incidents that occurred during the period?

Where a cybersecurity incident (unauthorised access attempt, data breach, denial-of-service event, or similar) occurred during the audit period, it falls within the scope of the internal audit's review of the broker's cybersecurity and incident-response framework, and separately within the System Audit where one applies — including whether the incident was reported to the appropriate authority (such as CERT-In, where its reporting framework applies) within the prescribed timeline, and whether remedial action was taken and documented.

Practitioner noteCyber incident reporting timelines are typically short and non-negotiable once a reportable threshold is met. We specifically ask clients to flag any cybersecurity incident from the period at the very start of the engagement so it can be reviewed for reporting-obligation compliance, not just technical remediation.
What is the relationship between SEBI's SCORES platform and the exchange's own investor grievance mechanism?

SCORES (SEBI Complaints Redress System) is SEBI's centralised online platform through which investors can lodge complaints against SEBI-registered intermediaries, including brokers, with the complaint routed to the intermediary for response within prescribed timelines and escalated within SEBI's framework if unresolved. Exchanges separately maintain their own investor grievance redressal mechanisms (including arbitration facilities for monetary disputes). The internal audit reviews both channels together, reconciling the broker's own grievance register against complaints logged on SCORES and with the exchange, to confirm nothing is being handled informally outside these official channels.

Practitioner noteA broker's own internal grievance log showing fewer complaints than what appears on SCORES for the same period is a specific reconciliation gap we look for — it can indicate complaints are being resolved outside the formal record, which is itself a process weakness even if the underlying complaint was genuinely resolved to the client's satisfaction.
Is a stock broker required to maintain a separate audit trail for orders placed through a mobile trading app versus a desktop terminal?

The underlying regulatory expectation is that every order, regardless of the channel through which it was placed — desktop terminal, mobile app, API, or call-and-trade — must be traceable to the specific client and properly logged with a complete audit trail, rather than the channel itself dictating a different standard of record-keeping. The internal audit tests order logs across whichever channels the broker actually offers, verifying that multi-channel access has not created gaps in traceability or authorisation control.

Practitioner noteBrokers offering multiple order channels (app, web, API, call-and-trade) sometimes have inconsistent logging quality across channels — often the older or less-used channel has weaker audit trail capture. We test each channel the broker actually offers rather than assuming the primary channel's controls apply uniformly.
Why PNPC Global
FeatureSignature-Only Audit ProviderGeneric Local CA PracticePNPC Global
Audit Scope & Testing DepthMinimal sampling, boilerplate observations, fast turnaround to unlock exchange submissionReasonable coverage but often generic across broker clientsFull-scope testing of KYC/UCC, margin, segregation, RMS, and grievance redressal, tailored to your actual membership and segment mix
Independence DisciplineFrequently blurred — same person handles compliance and 'signs off' the auditVariable, depends on firm size and existing relationshipDocumented independence position at engagement, structured to meet SEBI/exchange expectations
Segregation & Margin TestingSurface-level check that accounts existReasonable but not always reconciled against exchange margin filesFull reconciliation of client fund/securities segregation and margin reporting against exchange records, tested for commingling risk
System Audit CoordinationNot offered, or referred out with no follow-throughRarely offered in-houseCoordinated alongside the operational audit, using exchange-empanelled system audit resources where required, so findings are read together
Findings CommunicationReport delivered at the last moment before the deadlineDirect but often only reactive to client queriesDraft observations shared with management and Board before finalisation, real time to respond, no last-minute surprises
Multi-Exchange CoordinationSeparate, disconnected engagements per exchangeNot typically offered as a coordinated serviceSingle coordinated audit programme across NSE, BSE, and MCX memberships, with exchange-specific reporting
Cross-Border / NRI Client SupportNot offeredNot offeredPNPC Dubai office coordination for NRI client onboarding and related-entity matters
Fee TransparencyLow headline fee, scope narrows to matchGenerally transparent but informalWritten scope and fee agreed before each half-yearly engagement letter is signed

What the PNPC package includes

  1. 01

    Full membership and segment mapping across NSE, BSE, and MCX before scoping the audit

  2. 02

    Documented auditor independence position at every engagement, structured to meet SEBI and exchange expectations

  3. 03

    Complete half-yearly Internal Audit — KYC/UCC, order and trade management, margin collection and reporting, client fund and securities segregation, contract notes and brokerage, RMS, grievance redressal and SCORES reconciliation

  4. 04

    System Audit coordination for members meeting SEBI's algo-trading, colocation, or turnover-linked criteria

  5. 05

    Net Worth Certificate preparation using the exchange-prescribed computation method for your specific membership category

  6. 06

    Client fund and securities segregation testing specifically focused on commingling and running-account settlement discipline

  7. 07

    Draft findings shared with management and your Board/governing body well before finalisation, with real time to respond

  8. 08

    Final report in the exchange-prescribed format with UDIN generated on the ICAI portal for every signed report

  9. 09

    Coordinated multi-exchange reporting for members active across NSE, BSE, and MCX under a single engagement

  10. 10

    Prior-cycle observation tracking, so closure status is verified rather than assumed at the start of each new half-year

  11. 11

    India-UAE coordination through PNPC's Dubai office for brokers with NRI clients or a related UAE entity

  12. 12

    Support preparing responses to exchange inspection queries or SEBI show-cause notices, alongside your legal counsel where required

Speak directly with a PNPC Chartered Accountant about your broker or commodity member audit. Not a signature-only provider racing to unlock your exchange submission — a practising CA firm that has served broking and commodity trading members since 1986, and that treats client fund segregation, margin integrity, and UCC discipline as the real substance behind the report, not a formality to get past.

← Back to Audit & Assurance
Talk to a CA