The introduction of the Compliance Monitoring Module (CMM) marks a major change in the compliance framework for Portfolio Managers. The framework has been introduced by the Securities and Exchange Board of India (SEBI) through the PARAS in coordination with the Association of Portfolio Managers in India (APMI). Its objective is to strengthen offsite monitoring of compliance across the PMS industry.
This is not a routine filing exercise. The CMM framework checks whether compliance processes have actually been implemented and documented within the organisation. In many cases, PMS are also required to upload supporting records such as board-approved policies, agreements, certifications, and internal documents.
FY 2025–26 is the first reporting cycle under this framework. Since there is no previous filing experience to rely on, many Portfolio Managers are approaching this process for the first time.
To whom is the CMM reporting applicable?
All Portfolio Managers, including Co-investment PMS entities, holding a valid PMS registration during FY 2025–26 are required to complete the reporting.
If your PMS registration was granted after the end of FY 2025–26, the reporting requirement will not apply for this cycle.
What needs to be submitted?
Under this framework, every Portfolio Manager is required to submit a declaration, confirmations, and supporting documents covering governance, operational controls, investor grievances, and other regulatory requirements.
What is the deadline?
The reporting must be completed within 60 days from the end of the financial year. Accordingly, the due date for FY 2025–26 is 30 May 2026.
Where should the filing be made?
The reporting must be completed on the Portal for Alerts and Reporting Analytics (PARAS).
Portfolio Managers can use the same login credentials as the APMI portal to access PARAS.
Entities that are not APMI members may need to separately coordinate with APMI and SEBI for access and onboarding.
With the deadline approaching, below are five important areas where PMS are likely to face scrutiny and where compliance gaps commonly arise.
1. All policies must be board approved
Every policy uploaded on PARAS must carry formal board approval. This includes:
- Anti-Money Laundering (AML) Policy
- Cybersecurity and Cyber Resilience Framework (CSCRF) Policies
- Business Continuity Plan and Disaster Recovery (BCP/DR) Policy
- Investor Grievance Policy
Approval by the Managing Director or an internal committee alone may not be sufficient.
If there is no separate KYC policy and the KYC process forms part of the AML policy, the AML policy may be uploaded for this requirement.
Action point:
Before uploading any policy, ensure:
- The board approval date is mentioned in the document
- The latest approved version is being uploaded
- Any missing approvals are regularised before submission
2. BCP/DR policy is mandatory even if CSCRF does not apply
Many Portfolio Managers assume that if CSCRF requirements do not apply due to lower AUM, the BCP/DR policy requirement can also be marked as “Not Applicable”. This is incorrect.
Even where CSCRF compliance is not applicable, a board-approved BCP/DR policy is still required.
Since a draft BCP/DR policy is generally submitted during the PMS registration process, you may review, update, and re-approve the same policy before uploading it on PARAS.
Action point:
- Use an internal policy or the APMI model policy with suitable modifications
- Obtain fresh board approval if required
- Upload the BCP/DR policy separately from the CSCRF response
3. Agreements and fee structures must be complete
The CMM framework specifically checks whether client agreements contain all clauses prescribed under PMS regulations and SEBI circulars.
It also checks whether every fee charged to clients is clearly disclosed in the agreement. This includes:
- Management fees
- Performance fees
- Brokerage
- Exit loads
- Custody and other charges
A generic fee clause may not be sufficient.
Additionally, you should ensure that client consent for the fee structure has been obtained in the prescribed manner.
Action point:
Review whether every fee charged during the year is specifically mentioned in the agreement and fee schedule.
If there are any gaps, they should be appropriately disclosed in the Comments section on PARAS.
4. Related party transactions require separate checks
The CMM checklist covers related party transactions at two different levels. Both need to be separately reviewed.
The first check relates to whether investments in related parties or associates were carried out in compliance with applicable regulations. This focuses on the transaction itself and whether it was properly documented and permitted.
The second check relates to client consent. The framework asks whether prior consent was obtained before making investments in associates or related entities.
Where such investments have been made, details must be disclosed in Annexure-I on PARAS.
If no such investments were made during the year, you may respond “Yes” while clearly stating in the Comments section that no related party investments were undertaken.
Action point:
Where investments in related parties were made:
- Ensure client consent records are available when investments is made in related parties
- Verify the reporting of positive consent, dissent, or cases where consent was not obtained in Annexure I.
5. Fit and proper criteria for KMPs must be reviewed annually
CMM reporting requires confirmation that all directors, Principal Officer and other Key Managerial Personnel (KMPs) satisfy the “fit and proper” criteria under Schedule II of the PMS Regulations.
This is an annual compliance requirement. It is not a one-time check completed only at the time of appointment.
A practical way to document compliance is to obtain annual declarations from the relevant individuals.
Action point:
Collect signed declarations from Directors, Principal Officers, other KMPs.
It is also advisable to mention in the Comments section that the declarations have been obtained and verified.
———————-
Portfolio Managers should avoid treating the exercise as a simple checklist-based filing. A detailed review of agreements, internal policies, governance records, related party processes, and annual declarations should ideally be completed before starting the submission process on the portal.
As the framework evolves, the scope of reporting and level of scrutiny may also increase in future years. Building proper documentation and compliance practices during the first reporting cycle itself will help PMS entities manage future filings more efficiently and reduce regulatory gaps.
If you have any questions or need assistance with the CMM reporting process, please feel free to contact us at kruti@cskruti.com.