Internal Audit for Broker Dealers in GIFT IFSC: An Explainer for NSE IX & India INX Members
Introduction: Why Internal Audit Matters in GIFT IFSC
GIFT IFSC has rapidly evolved into a globally competitive financial centre with internationally active exchanges—NSE International Exchange (NSE IX) and India International Exchange (India INX)—offering multi-asset cross-border products.
To maintain regulatory integrity and investor confidence, both exchanges mandate a robust half-yearly internal audit for all registered broker-dealers, regardless of whether they remained active or inactive during the period.
The internal audit framework is not a mere compliance formality—it is a core governance requirement under the IFSCA regulations. It ensures disciplined controls around client onboarding, trading operations, funds and securities management, PMLA compliance, technology controls, and exchange-specific rules.
Half-Yearly Internal Audit Requirement (NSE IX & India INX)
Both international exchanges in GIFT IFSC follow a structured internal audit cycle, requiring broker-dealers to undergo independent audits every half year.
As per NSEIFSC/REG/2336 dated 20 October 2025, all broker dealers must:
- Conduct internal audits for each half-year ending March 31 and September 30.
- Appoint an independent CA/CS/CMA (or foreign equivalent) with no conflict of interest.
- Submit the internal audit report through the ENIT portal by the prescribed deadline.
- Maintain audit working papers for exchange verification.
- Ensure compliance with actions prescribed under the earlier circular NSEIFSC/REG/2296 dated 17 September 2025.
Sample Size: Minimum sample sizes depend on the number of active/registered clients, ranging between 15–75 clients, and additional samples for margin, turnover and risk-based selections. (Detailed methodology is prescribed in Annexure-III).
Scope of Internal Audit for IFSC Broker-Dealers
The audit framework mirrors global brokerage audit standards and covers four broad compliance pillars:
-
Client Onboarding, KYC & AML
Auditors verify whether:
- All onboarding documents comply with IFSCA’s CMI Regulations and AML/CFT guidelines.
- UCC details are correctly uploaded.
- IPV/online KYC norms are followed.
- Risk-profiling, beneficial ownership verification, PEP controls, and periodic KYC reviews are in place.
- CSCs (Clients of Special Category) are properly identified.
-
Order Management & Risk Management
Critical aspects include:
- Proper risk-management policy and margin framework.
- No unauthorized or third-party funding of clients.
- Adequate controls for order placement—telephone recording, client identification, dormant account reactivation, limit controls, and prevention of non-genuine trades.
- Monitoring of MTM losses, debit balances, and recovery mechanisms.
-
Contract Notes, Statements & Reporting
The auditor examines whether:
- Contract notes and margin statements are issued within timelines.
- Prescribed disclosures appear on all client communications.
- Bounce-mail protocols and physical reissuance (if needed) are followed.
- Quarterly statements of accounts are accurate and complete.
-
Handling of Client Funds & Securities
Key checks include:
- Segregation of client and proprietary funds.
- No use of client funds for proprietary obligations.
- Timely settlement and payout.
- Proper running-account authorisations.
- Correct computation of statutory levies and avoidance of excess charges.
Key Thematic Areas Based on Internal Audit Format (Annexure-II)
The internal audit report format issued by the exchanges broadly evaluates:
- Client Registration & AML Compliance
- Order Management & Risk Management
- Contract Notes & Client Statements
- Funds and Securities Handling
- Banking and Demat Operations
- Terminal Operations & System Controls
- Authorised Persons & Internal Controls
- Investor Grievance Redressal
- Books of Accounts Compliance
- PMLA Systems & AML Checks
- Client Code Modifications & Trade Transfers
- Proprietary Trading Controls
- Internet Trading Compliance
- Power of Attorney Controls
- Direct Market Access / Sponsored Access Compliance
- Clearing Operations (where applicable)
- Status of Previous Inspection Observations
These sections ensure that internal auditors examine all areas relevant to operational, compliance, and financial risks of an IFSC broker-dealer.
Exchange-Specific Compliance Requirements
The circular NSEIFSC/REG/2336 outlines a clear audit submission framework:
- Mandatory half-year audit for all broker-dealers.
- Use of structured annexures (Internal Audit Certificate, Audit Report Format, Sample Size, Checklist, User Manual).
- Submission on ENIT portal by 30 November or 31 May, depending on the half-year.
- Obligations apply irrespective of active or inactive membership.
- Audit findings are subject to enforcement action under NSEIFSC/REG/2296 for non-compliance.
Both exchanges:
- Require adherence to identical internal-audit themes.
- Impose similar enforcement mechanisms for non-compliance.
- Mandate sample-based verification of client accounts, margin reporting, fund flows, and contract notes.
Thus, broker-dealers operating on both exchanges must align processes to one unified compliance framework, simplifying but strengthening governance.
Conclusion: Internal Audit as a Governance Advantage
The internal audit requirement for broker-dealers in GIFT IFSC—across NSE IX and India INX—is more than a compliance activity. It is a structured governance mechanism ensuring that entities maintain international best practices, robust systems, and a strong compliance culture.
With clear frameworks prescribed by the exchanges and IFSCA, broker-dealers must treat internal audit as a strategic tool to strengthen transparency, client trust, and operational resilience.
Need expert support with Internal Audit or IFSC compliance? Get in touch today.
