IndiaSEBI Compliance

SEBI RA Outsourcing Rules (2026)

A solo Research Analyst cannot do everything alone, and SEBI does not expect that. You can buy data, use software to deliver notes, run KYC through a registered intermediary, and pay a designer to lay out a report. What you cannot do is hand off the research judgment. This guide draws the line: what counts as support you may outsource, what counts as core research you must keep, and the responsibility, due-diligence, contract, and record rules that apply when you outsource.

June 7, 2026 ยท 8 min read ยท By Aktai Team

Note: General information for Research Analysts, not legal or compliance advice. SEBI's outsourcing rules and the Research Analyst Regulations 2014 are amended from time to time. Confirm the current requirements against SEBI's circulars and your compliance professional before relying on this.

The core principle: you stay responsible

Start with the one rule that governs everything else. When a Research Analyst outsources a function, the RA remains fully responsible for that function, exactly as if it were done in-house. SEBI's outsourcing guidance for intermediaries is built around this idea: outsourcing must not reduce the obligations the regulated entity owes to its clients and to the regulator.

In plain terms, the vendor does the work but you carry the risk. If a delivery platform fails to send a note, if a data feed is wrong, if a KYC step is skipped, if a record is not retained, SEBI looks to you, the registered RA, not the vendor. There is no "the software did it" defence. This is why the rest of the rules, the due diligence, the contract, the records, exist: they are how you discharge a responsibility you cannot give away.

Core activity vs support function

SEBI's framework distinguishes the core activity of an intermediary from support functions around it. The core activity cannot be outsourced. Support functions can, under a proper arrangement. For a Research Analyst, the core activity is the research itself: forming the view, doing the analysis, deciding the recommendation, the rating, and the target. That is what your registration certifies you to do, and it is what your registration number stands behind on every note.

Everything that surrounds that decision but is not the decision is, broadly, a support function. The table below splits the common ones. Treat it as the shape of the rule, not an exhaustive list, and check anything borderline with your compliance professional.

โœ“

Technology and hosting

Outsourceable

Servers, cloud hosting, the CRM, the software you use to draft and send notes. These are tools. The RA decides what gets sent; the platform moves it.

Example: Hosting your research archive on a cloud provider, or using a SaaS tool to deliver alerts

โœ“

Delivery and messaging

Outsourceable

Sending notes over WhatsApp, Telegram, email, or SMS through a third-party platform. The channel and the dispatch can be outsourced, the content and the decision cannot.

Example: A delivery platform that sends your approved note to the clients who hold that stock

โœ“

KYC processing

Outsourceable

The mechanics of collecting and verifying KYC through a KRA or registered intermediary. The RA remains responsible for the onboarding being compliant and the records being kept.

Example: Running client KYC through a registered KRA rather than building the verification yourself

โœ“

Market data and feeds

Outsourceable

Exchange data, filing feeds, price and fundamentals data from a vendor. Inputs to your analysis can be bought. The analysis itself is yours.

Example: Subscribing to a BSE/NSE filing feed instead of scraping the exchange sites by hand

โœ“

Report production and design

Outsourceable

Formatting, layout, charts, language editing, translation. The look and readability of the report can be outsourced once you have written and approved the substance.

Example: A designer who lays out your finished research into a branded PDF template

โœ—

The research judgment

Cannot outsource

The analysis, the view, the recommendation, the target, the rating. This is the core activity of a Research Analyst and must stay with the registered RA or persons associated with research under the RA.

Example: Paying an unregistered third party to pick the stocks and write the call that goes out under your registration

The line where outsourcing becomes prohibited delegation

The dividing line is the research judgment. Below the line, you control a support task and remain answerable for it: that is outsourcing, and it is allowed. Above the line, someone else forms the view while it goes out under your name and registration number: that is delegation of the core activity, and it is not.

Three arrangements that look like outsourcing but cross the line:

Ghostwritten calls

Paying an unregistered person to pick stocks and write the recommendation, then sending it out under your registration. The judgment is theirs, the liability is yours, and the arrangement is a delegation of the core activity dressed up as a service contract.

White-labelled tips you did not analyse

Buying a feed of ready-made buy or sell calls and rebroadcasting them to your clients with your disclaimer attached. Reselling someone else's recommendation as your own research is not outsourcing the layout, it is outsourcing the call.

An unregistered partner running the research

Lending your registration to a practice where the analysis is actually done by people who are not registered and not associated with research under you. The registration is personal to the work; it cannot be a front for someone else's calls.

The common thread: in each case the research decision sits with someone other than the registered RA and the persons working under that RA. That is the test. If you outsource the formatting, you are fine. If you outsource the formation of the view, you are not.

Due diligence before you outsource

Because the responsibility stays with you, picking a vendor is a compliance decision, not just a procurement one. The point of due diligence is simple: you need reasonable confidence the provider can do the work to the standard SEBI expects of you, and keep doing it. A short, documented assessment before you sign is what an auditor will look for later.

Capability and track recordCan the vendor actually deliver the function reliably, and have they done it for other regulated clients?
Data security and confidentialityHow is your client data stored, who can access it, and is it kept within the agreed scope?
Continuity and exitWhat happens if the vendor fails or you switch? Can you get your records and data back in a usable form?
Compliance postureDoes the provider understand the SEBI obligations the function touches, especially record retention and delivery proof?

The outsourcing contract

An outsourcing arrangement should be in writing. A handshake with a freelancer is not enough when the function touches client data or your record-keeping obligations. The agreement is where you pin down scope, confidentiality, and your right to get the records back, the three things that protect you when something goes wrong.

  • Scope: exactly which function is outsourced, so it is clear the research judgment is not part of the deal.
  • Confidentiality: the vendor must protect client data and not use it beyond the agreed purpose.
  • Access to records: you can retrieve the underlying records, on demand and on exit, in a usable format.
  • Regulatory access: nothing in the arrangement blocks you from producing records for SEBI inspection.
  • Monitoring and termination: a way to oversee performance and exit if the vendor falls short.

Record-keeping for outsourced functions

Outsourcing a function does not outsource the duty to keep its records. The obligation under Regulation 25 to retain research communications for at least 5 years sits with you regardless of who sends them. If anything, outsourcing makes records more important, because you need to be able to show what the vendor did on your behalf.

Two examples make this concrete. If you outsource delivery, the timestamped log of every note (what was sent, to which client, on which channel, when) must still exist and be retrievable for SEBI, just as if you had sent each message by hand. If you outsource KYC processing to a registered intermediary, the KYC records must still be available for inspection; running them through a third party does not let you point at the third party when they are asked for.

The practical risk with outsourced delivery is the one most RAs miss: if the tool you use to send notes keeps no durable, tamper-evident log, you have outsourced the work and lost the record at the same time. That is the worst of both worlds at audit time.

Aktai for Research Analysts: outsource the delivery, keep the record

What you outsource
Delivery, channels, and the audit logYou still write and approve every note
What stays with you
The research judgment, alwaysAktai never generates the call for you
The record
Every sent note timestamped and retained 5 yearsExportable to CSV for the auditor or SEBI

Request access at aktai.app/for-research-analysts or email [email protected].

The right way to use any RA tooling is as outsourced support that leaves the judgment with you and hands you back a cleaner record than you would keep by hand. A delivery platform that sends your approved note to the clients who hold that stock, and logs it, is outsourcing done correctly. A feed of ready-made calls you rebroadcast is not.

FAQ

Can a SEBI Research Analyst outsource the writing of research reports?

No. The research judgment is the core activity of a Research Analyst and cannot be outsourced. The analysis, the conclusion, and the recommendation must come from the registered RA or persons associated with research who work under the RA. You can outsource support around the report (formatting, design, language editing, delivery, hosting), but not the analytical decision itself. Outsourcing the judgment is a prohibited delegation, not outsourcing.

What can a SEBI Research Analyst outsource?

Support and back-office functions. Common examples are IT and hosting, data feeds and market-data sources, the software used to send notes, message delivery over WhatsApp or Telegram, KYC processing through a registered intermediary, accounting, and design or language editing of reports. The test is whether the function involves the research decision. If it does, it stays in-house. If it is purely operational support, it can be outsourced under a proper arrangement.

Does outsourcing reduce a Research Analystโ€™s responsibility to SEBI?

No. The RA stays fully responsible for any outsourced activity, exactly as if it were done in-house. A failure by a vendor (a missed delivery, a data error, a KYC lapse, a record that was not retained) is the RAโ€™s failure as far as SEBI is concerned. Outsourcing moves the work, not the accountability. This is why due diligence on the vendor and a clear written contract matter.

What records must a Research Analyst keep for outsourced functions?

You should keep the written agreement with the service provider, your due-diligence assessment of the vendor, and the underlying records the function produces. If delivery is outsourced, the timestamped log of what was sent to which client must still exist and be retained for 5 years under Regulation 25. If KYC is processed by a third party, the KYC records must still be retrievable for SEBI inspection. The duty to keep the records does not transfer to the vendor.

Where is the line between outsourcing and prohibited delegation?

The line is the research judgment. Outsourcing is handing a vendor a support task you control and remain responsible for. Prohibited delegation is letting someone else form the view, pick the stock, or decide the recommendation while it goes out under your registration number. Ghostwritten calls, white-labelled tips you did not analyse, and an unregistered partner running the research are over the line, regardless of what the contract calls them.

Related reads

For SEBI-registered Research Analysts

Run your research desk on Aktai.

Track filings across your client book, draft factual notes with AI, deliver them white-label over WhatsApp and email, and keep a 5-year audit trail. One tool.

โœฆ Filing to note in under 10 secondsโšก White-label WhatsApp delivery๐Ÿ”’ Regulation 25 audit trail
Get started โ†’See pricing โ†’

For SEBI-registered Research Analysts ยท Start in minutes

What AKTAI stands for

A

Always

K

Knowing

T

Trusted

A

Actionable

I

Instant

โš ๏ธ

Not financial advice. Aktai is software for SEBI-registered Research Analysts. It is not a financial adviser, broker, Investment Adviser, or Research Analyst, and is not registered with SEBI or any other financial regulator. It surfaces public filings and news and drafts factual notes for the registered analyst to review, edit, and sign. Aktai does not author research, make recommendations, or decide what any security is worth. The view, the recommendation, and the regulatory responsibility stay with the registered analyst who sends the note. Full disclaimer โ†’