Portfolio Review Automation: SEBI PM Compliance + AML/CFT + DPDP Matrix
Source-linked portfolio tabulation delivers on-call comparative analytics while strengthening SEBI reporting, AML/CFT monitoring, and data-protection compliance.
"It instantly generated a table contrasting the performance across different portfolios as well as highlighting the best quarter and the growth over time. Suit was also able to generate the debt‑equity ratio within the portfolio."
Sunil Nahar
Founder
Common Wealth Advisors
Instant
On-Call Analytics
100%
Source-Linked
SEBI
Compliant
The result: Fragmented portfolio documents—FD statements, PF passbooks, brokerage reports—converted into instant, source-linked analytics tables. Debt-equity ratios, quarterly performance, and best-quarter highlights extracted in minutes. Full regulatory compliance trail.
How to Run Portfolio Reviews on Suit
Running a portfolio review on jhana Suit takes three steps. Upload your documents, let the system extract the key figures and dates, and receive comparative tables with source-linked citations. Each conclusion is one click away from the underlying source page.
Upload Documents As-Is
Upload PDFs and spreadsheets — FD statements, PF passbooks, insurance policies, brokerage reports. Suit parses tables, dates, and securities/allocations automatically. No reformatting required.
Automatic Extraction & Tabulation
The system extracts portfolio values, dates, and allocations. Tabulate builds comparative tables by portfolio and quarter, computes deltas, and surfaces the best quarter automatically.
Source-Linked Notes & Ratios
Every figure is anchored to page and paragraph with a traceable link. Debt-equity ratios, growth over time, and top-performing quarters — all with pinpoint citations for quick, confident client answers.
Notes
Inline date recognition and portfolio mapping with page-linked citations — ideal for quick, confident answers during client calls
Tabulate
Per-portfolio grid showing: quarter, value, delta, growth %, debt-equity ratio, best quarter highlight
Preview
Verify against the original document with synchronized highlighting — click any footnote to jump to source
Legal Framework: IRAC Analysis
Issue
Wealth management teams face fragmented artifacts — FD statements, PF passbooks, insurance policies, brokerage reports — making on-call consolidation slow and error-prone. Regulatory exposure arises across multiple dimensions:
- Client reporting cadence and completeness
- Record-keeping and audit-readiness
- AML/KYC traceability
- Cyber security and resilience
- Personal data handling and breach response
Rule
Regulatory Framework
1. SEBI (Portfolio Managers) Regulatory Duties
Portfolio managers must maintain client-wise accounts, furnish periodic reports (not exceeding six months), preserve records for minimum five years, and submit to inspections with compliance officer oversight.[1]
Reg. 17, 19, 21 — SEBI (Portfolio Managers) Regulations
"The portfolio manager shall furnish… a report to the client… not exceeding a period of six months."
2. SEBI Master Circular for Portfolio Managers (7 June 2024)
Consolidates obligations on reporting, disclosures, audit of firm-level performance data, and operational controls. Supersedes the March 20, 2023 circular.[5]
3. Cybersecurity and Cyber Resilience Framework (CSCRF)
SEBI mandates a robust CSCRF for Portfolio Managers (Mar 29, 2023) and issues an umbrella CSCRF for SEBI Regulated Entities (Aug 20, 2024) spanning governance, protection, detection, response, and recovery.[6][7]
4. AML/CFT Obligations
SEBI Master Circular (6 June 2024) prescribes CDD/KYC, ongoing monitoring, suspicious transaction reporting, and record-keeping obligations for intermediaries including portfolio managers.[8]
5. Personal Data and Security
Section 43A — IT Act, 2000
Section 8(5)-(6) — DPDP Act, 2023
Rules 3-4 — SPDI Rules, 2011
6. Electronic Traceability and Evidentiary Integrity
Courts require authenticity and, where applicable, Section 65B certification for electronic records. Audit trails and tamper-evident provenance improve admissibility and reliability.
Key Supreme Court Authorities
The following judgments establish the evidentiary framework for electronic records — critical for any AI-generated portfolio analysis that may be produced in proceedings.
Anvar P.V. v. P.K. Basheer
65A/65B is the special code for electronic records; general secondary-evidence provisions (including Section 63) yield to this regime. Any electronic record sought to be admitted must comply with Section 65B.
Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal
65B certificate is mandatory unless the original device/primary electronic record is produced. Clarifies exceptions for when the device is not under the party's control, and allows timing flexibility for certification.
Shafhi Mohammad v. State of H.P.
Procedural flexibility was suggested to avoid denial of justice; later clarified by Arjun Panditrao. Courts focus on authenticity over formalism.
Privacy Proportionality
K.S. Puttaswamy (Aadhaar-5J.), (2019) 1 SCC 1 — establishes privacy and data-protection proportionality: purpose limitation, necessity, safeguards, retention limits, and informational self-determination. Any portfolio analytics system must demonstrate proportionality in data processing.
Application
Application: Common Wealth Advisors Workflow
Here's how the jhana platform operationalises regulatory compliance while delivering instant portfolio analytics for wealth advisory teams.
Upload Client Documents
Upload PDFs and spreadsheets as-is — FD statements, PF passbooks, insurance policies, brokerage reports. No reformatting needed.
Automatic Parsing & Extraction
Suit parses tables, dates, and securities/allocations. Each extraction links to its source page for verification.
Comparative Tabulation
Automated tables by portfolio and quarter. Delta computation identifies the "best quarter." Debt-equity ratios computed automatically.
Source-Linked Notes
Each figure is anchored to page and paragraph with a traceable link. Every conclusion is one click away from the underlying source document.
On-Call Client Delivery
Growth over time, top-performing quarters, and current debt-equity ratios — delivered live during client calls with full auditability.
Regulatory Compliance Mapping
The source-linked workflow maps directly to regulatory obligations:
- SEBI Reg. 21 client reporting: Completeness and clarity in composition, transactions, cash balance, and risk disclosures[1]
- SEBI Reg. 17/19 record-keeping: Structured, searchable preservation for ≥5 years[1]
- Master Circular audit-readiness: Performance benchmarking and firm-level audit consistency[5]
- AML/KYC trails: Evidence of origin, completeness, and monitoring; simplifies responding to AML/CFT reviews[8]
- Cyber & CSCRF alignment: Provenance, role-based access, and defensible processes mapping to governance, detection, response, and recovery controls[6]
- Data protection: DPDP/IT/SPDI compliance aided by data-minimisation workflows, retention tags, and breach-notice readiness[2]
- Evidentiary posture: Consistent 65B-friendly exports and integrity logs bolster admissibility paths outlined in Anvar/Arjun Panditrao/Shafhi[9]
Before vs After: Compliance and Audit Posture
| Area | Legacy Process | AI-Powered (jhana) | Regulatory Tie-in |
|---|---|---|---|
| Client Reporting | Manual collation; inconsistencies; delays | Automated quarterly tables, deltas, best quarter, D/E ratio; live on-call | [1] SEBI PM Reg. 21 |
| Record-keeping | Scattered files; weak provenance | Source-linked entries; page/para anchors; exportable logs | [1] Reg. 17, 19 |
| Performance Audit | Ad hoc spreadsheets; reconciliation risk | Consistent firm-level metrics; audit-ready views | [5] MC 2024 |
| AML/KYC | Fragmented evidence of monitoring | Traceable document lineage and checks | [8] AML/CFT MC |
| Cyber/Resilience | Unstructured controls | Process-embedded governance, response, recovery artifacts | [6] CSCRF 2024 |
| Data Protection | Undefined retention; unclear breach posture | Retention tagging; security safeguards; breach-notice readiness | [2] DPDP Act |
| Evidence | Non-standard exports; admission risk | 65B-ready outputs; integrity trails | [9] Anvar/Arjun |
Conclusion
KEY TAKEAWAY
Immediate, on-call clarity: Growth over time, top-performing quarters, and current debt-equity ratios — delivered with source-linked citations that satisfy SEBI reporting requirements, support AML/CFT audit trails, and produce 65B-compliant electronic evidence.
Compliance Checklist for AI-Driven Tabulation in Wealth/Portfolio Management
Map client reporting artifacts to SEBI PM Reg. 21 fields and maintain ≤ six-month reporting cadence.[1]
Preserve books/records and investment decision-support materials for ≥ five years; log storage locations.[1]
Adopt SEBI Master Circular (2024) firm-level performance audit terms; standardise metrics and exports.[5]
Implement CSCRF controls: governance (policy/board oversight), protection (access/segregation), detection (monitoring), response/recovery (playbooks/testing).[6]
Operationalise AML/CFT — CDD/KYC, ongoing monitoring evidence, STR/SAR workflows, and retention.[8]
Data protection: publish privacy policy; minimise/limit retention; apply reasonable security practices; institute breach notification processes (DPDP + IT/43A + SPDI).[2]
Evidentiary readiness: maintain integrity logs; produce 65B certificates when needed; document system/process reliability.[9]
Inspection-ready posture: maintain compliance officer oversight and inspection packs for SEBI requests.[1]
“It instantly generated a table contrasting the performance across different portfolios as well as highlighting the best quarter and the growth over time. Suit was also able to generate the debt-equity ratio within the portfolio.”
— Sunil Nahar, Founder, Common Wealth Advisors
Sources & Further Reading
[1]
SEBI (Portfolio Managers) Regulations — Books, Records, Reports, Preservation
Reg. 17, 19, 21 — record-keeping, client reporting, inspection obligations
[View]
[2]
Digital Personal Data Protection Act, 2023
Security safeguards, accuracy, breach intimation (s.8)
[View]
[3]
IT Act, 2000 Section 43A
Reasonable security practices; compensation for negligence
[View]
[4]
SPDI Rules, 2011
Sensitive personal data categories, privacy policy, retention
[View]
[5]
SEBI Master Circular for Portfolio Managers (7 Jun 2024)
Consolidates reporting, disclosures, audit, and operational controls
[View]
[6]
SEBI Cyber Security and Cyber Resilience Framework for Portfolio Managers (29 Mar 2023)
Governance, protection, detection, response, and recovery requirements
[View]
[7]
SEBI CSCRF for Regulated Entities (20 Aug 2024)
Umbrella framework spanning all SEBI-regulated entities
[View]
[8]
SEBI Master Circular — AML/CFT Obligations (6 Jun 2024)
CDD, KYC, ongoing monitoring, STR/SAR, and record-keeping
[View]
[9]
Anvar P.V. v. P.K. Basheer (2014) 10 SCC 473
Section 65B is the special code for electronic records
[View]
[10]
Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal (2020) 7 SCC 1
65B certificate mandatory unless original device produced
[View]
[11]
Shafhi Mohammad v. State of H.P. (2018) 2 SCC 801
Procedural flexibility; focus on authenticity
[View]
Run Your Portfolio Reviews Now
Upload your client documents and see instant, source-linked portfolio analytics with built-in regulatory compliance.
Contents
Topics
Continue Reading
Discussion
Comments • Share your thoughts and questions below