7 Steps to Build a SEBI-Compliant Digital Onboarding Process

Stay Audit-Ready, Save Time, and Protect Your RIA License

As a SEBI-registered Investment Advisor (RIA), compliance is not a box you tick once — it’s an ongoing process. Between client onboarding, documentation, disclosures, and audits, it’s easy to miss a step and risk penalties or worse — suspension of your license.

This guide brings you the ultimate compliance checklist, tailored for solo advisors and small firms managing under ₹100Cr AUM. Whether you’re preparing for an audit or just tightening your internal processes, this checklist will help you stay ahead.

1. Client Onboarding Documentation

• PAN & Aadhaar validation
• Signed Investment Advisory Agreement
• Timestamped Risk Profiling
• KYC and CKYC verification
• Client Risk Category Mapping
• Fee Structure Disclosure with client signature
• Welcome Email with grievance redressal officer details

Pro Tip: Use automation tools to collect and timestamp onboarding documents. Manual tracking leads to audit gaps.

2. Client Risk Profiling & Suitability

• Use a structured, SEBI-compliant risk profiling questionnaire
• Document client’s financial goals and constraints
• Maintain records of why each recommendation suits the client
• Update risk profile at least once every 12 months

Most Missed: Not timestamping the risk profile or failing to link it to portfolio suggestions.

4. Disclosures & Recordkeeping

• Disclosure of conflicts of interest
• Fees disclosed in writing (and accepted) before rendering advice
• Maintain logs of every email, WhatsApp chat, and call summary
• Quarterly report of advice given and portfolio summary

Quick Win: Use CRM systems or onboarding tools like ITmines to log every client interaction automatically.

4. SEBI Reporting & Internal Audit

• File SEBI half-yearly reports (Form A, B) on time
• Maintain internal audit report every 6 months
• Keep record of fees collected vs fees disclosed
• Backup all client documentation digitally

Risk Alert: Inconsistency between your invoices and disclosed fees is a major audit red flag.

5. Business Continuity & Grievance Redressal

• Appoint a dedicated grievance redressal officer
• Maintain logs of complaints and resolution timelines
• Display complaint escalation matrix on website
• Have a documented business continuity plan

Small firms often miss: Grievance officer details not being shared in the onboarding stage or publicly.

6. Marketing & Communication Disclaimers

• Include “SEBI does not approve investment advice” disclaimer
• No performance promises in public content
• Avoid testimonials unless backed by proper disclaimers
• Archive all social media communication for at least 5 years

Hot Tip: If you’re running ads or sharing advice online, ensure every post meets SEBI advertising norms.

7. Tech, Access & Security Controls

• All client documents password protected
• Limit access to sensitive files internally
• Encrypted storage (preferably Indian servers)
• Two-factor authentication for staff logins

Tool Tip: If you’re using third-party tools, ensure they’re compliant with Indian data protection laws.

Final Thoughts

Compliance doesn’t need to be a burden. With the right structure and tools, even a one-person advisory firm can be fully SEBI-ready and audit-proof.

If you want to digitize your onboarding, automate documentation, and stay on top of compliance without hiring a team, ITmines can help.

Let’s make compliance your growth edge — not your bottleneck.