SEBI Extends Two-Factor Authentication (2FA) for Transactions in Units of Mutual Funds

Oct 01, 2022

On 31 March 2022, SEBI issued the circular for Two-factor Authentication ('2FA') for redemption in Mutual Funds. Two-factor Authentication (2FA) is a two-step security process for verification in which users verify themselves using two different authentication factors. The authentication factors can be a username, password, security questions, OTP, Fingerprint, or Face ID.

For the following online transactions such as, Redemption, Switch, Systematic Transfer Plan (STP) Registration and Systematic Withdrawal Plan (SWP), a One-Time Password (OTP) will be given to unit holders at their email/phone number registered with the AMC; this is one of the factors for the Two-factor Authentication (2FA) process.

At present, all Asset Management Companies (AMCs) are required to authenticate redemption transactions using two-factor authentication for online transactions and signature method for offline transactions.

In order to further safeguard interest of investors, capital markets regulator SEBI on Friday September 30, 2022 issued the circular which stated extension of the two-factor authentication for subscription transactions in units of mutual funds. The new framework will come into effect from April 01, 2023.

In case of subscription and redemption of units, Two-Factor Authentication (for online transactions) and signature method (for offline transactions) shall be used for authentication. One of the Factors for such Two-Factor Authentication for non-Demat transaction shall be a One-Time Password sent to the unit holder at his/her email/ phone number registered with the AMC/RTA. In case of Demat transactions, the process of two-factor authentication as laid down by the depositories will be followed.

It is mandatory for all the fund houses to follow these SEBI guidelines for subscription and redemption transactions of mutual funds. SEBI has clarified in the circular that in case of systematic transactions, the requirement of such 2FA process will be applicable only at the time of registration.