IndiaSEBI Compliance

SEBI Annual Compliance Audit for Research Analysts: Regulation 25(3) Guide (2026)

Once a year, every SEBI-registered Research Analyst has to be audited for compliance by an external professional and report the result to RAASB. Miss the 31 October deadline, or hand the auditor a shoebox of WhatsApp screenshots, and a routine audit turns into a problem. Here is who can audit you, the deadlines that matter, what the auditor checks, and how to prepare so the report comes back clean.

June 1, 2026 ยท 9 min read ยท By Aaradhya M

Note: General information for Research Analysts, not legal or audit advice. SEBI rules and deadlines change. Confirm the current requirements with your auditor and the SEBI circulars before relying on them.

What the audit is

Regulation 25(3) of the SEBI (Research Analysts) Regulations, 2014 requires every RA to conduct an annual audit of compliance with the regulations. It is an independent check, by an outside professional, that you are doing what the rules require: keeping records, making disclosures, charging fees within the cap, and handling clients and complaints correctly. It is not the same as your annual return, which is a separate filing.

Who can audit you

The audit must be done by a member of one of these professional bodies:

  • The Institute of Chartered Accountants of India (ICAI), a practising CA.
  • The Institute of Company Secretaries of India (ICSI), a practising CS.
  • The Institute of Cost Accountants of India (ICMAI), added by a SEBI circular dated 25 March 2026.

The auditor should be independent of you. Many solo RAs use the same professional who handles their company filings, which is fine as long as that person is genuinely independent of the research function being audited.

The deadlines that matter

  • Within 6 months of financial year-end: complete the audit. For a year ending 31 March, that means by 30 September.
  • Within 1 month of the audit report: submit the report to RAASB, and in any case not later than 31 October for the preceding financial year.
  • After the report: publish the audit status on your website and disclose any adverse findings with the corrective action taken, and share the report with your clients.

The 31 October date is the one to anchor your calendar to. Working backwards, brief your auditor by August so there is time to fix anything before the report is finalised.

What the auditor checks

Registration and certification

Your SEBI RA registration, the deposit requirement, and a valid NISM Series XV (or applicable) certification for you and any persons associated with research.

Client KYC and agreements

KYC records, the signed RA-client agreement, the Most Important Terms and Conditions (MITC), and risk profiling where applicable.

Regulation 25 records

Research reports signed and dated, recommendation rationale, public-appearance records, and proof they are retained for 5 years in a tamper-evident form.

Disclosures and conflicts

Mandatory research-report disclosures, financial-interest and 1%-ownership disclosures, and the AI-use disclosure where you use AI tools.

Fees

Fees charged within the SEBI cap and only through permitted modes, with receipts and records.

Complaints

The complaint register, SCORES and ODR handling, and the periodic complaints disclosure on your website.

Advertising

Advertisement-code compliance across your website and social media, including the registered-name and registration-number display.

How to prepare a clean report

The audit is only painful when the records are scattered. The analysts who breeze through it have one thing in common: a single, tamper-evident trail of what they sent each client and when. If your research notes live in WhatsApp chats and a folder of PDFs with editable timestamps, the auditor cannot easily verify when a recommendation was first made, which is exactly the point of Regulation 25.

Aktai keeps that trail automatically: every note you mark as sent is SHA-256 hashed and stored for five years, with date, recipient and content, and you can export the full log as a CSV to hand straight to the auditor. The complaint register, KYC records and disclosures still need to be in order, but the heaviest piece, the research-report record, is already audit-ready.

FAQ

Who can conduct a SEBI Research Analyst compliance audit?

A member of the Institute of Chartered Accountants of India (ICAI) or the Institute of Company Secretaries of India (ICSI). By a SEBI circular dated 25 March 2026, members of the Institute of Cost Accountants of India (ICMAI) are also eligible. The auditor should be independent of the RA being audited.

What is the deadline for the RA annual compliance audit?

The audit must be completed within six months of the end of the financial year, and the audit report submitted to RAASB within one month of the audit report date, but in any case not later than 31 October for the preceding financial year.

Do I have to publish the audit result?

Yes. You must publish the status of the compliance audit on your website, disclose any adverse findings together with the corrective action you took, and share the report with your clients. The point is transparency, not just filing.

What do auditors actually check?

Your registration and NISM certification status, the client KYC and agreement records, the Regulation 25 record-keeping (signed and dated research reports, recommendation rationale, retention for 5 years), conflict-of-interest and disclosure compliance, fee compliance against the cap, the complaint register, and your advertisement and social-media compliance. Clean, tamper-evident records make the audit short.

Is the annual compliance audit the same as the annual return?

No. They are two separate obligations. The compliance audit under Regulation 25(3) is conducted by an external CA, CS or Cost Accountant and reported to RAASB. The annual return is a separate filing. You have to do both.

Related reads

For SEBI-registered Research Analysts

Run your research desk on Aktai.

Track filings across your client book, draft factual notes with AI, deliver them white-label over WhatsApp and email, and keep a 5-year audit trail. One tool.

โœฆ Filing to note in under 10 secondsโšก White-label WhatsApp delivery๐Ÿ”’ Regulation 25 audit trail
Get started โ†’See pricing โ†’

For SEBI-registered Research Analysts ยท Start in minutes

What AKTAI stands for

A

Always

K

Knowing

T

Trusted

A

Actionable

I

Instant

โš ๏ธ

Not financial advice. Aktai is software for SEBI-registered Research Analysts. It is not a financial adviser, broker, Investment Adviser, or Research Analyst, and is not registered with SEBI or any other financial regulator. It surfaces public filings and news and drafts factual notes for the registered analyst to review, edit, and sign. Aktai does not author research, make recommendations, or decide what any security is worth. The view, the recommendation, and the regulatory responsibility stay with the registered analyst who sends the note. Full disclaimer โ†’