SAT’s WhatsApp Leaks Order – Undue Interpretation of the PIT Regulations? Commentary
SAT’s WhatsApp Leaks Order – Undue Interpretation of the PIT Regulations?

In its order dated March 22, 2021, the Securities Appellate Tribunal (“SAT”), as a huge precedent, significantly raised the threshold concerning unpublished price sensitive information (“UPSI”) in the WhatsApp leak case. Setting aside the previous penalizing three orders – 1, 2 and 3 of the Adjudicating Officer (“AO”) of the Securities Exchange Board of India (“SEBI”), it answered the legal questions adversely per SEBI’s evaluation. This takes us a step back in the evolution of Insider Trading law in India and perhaps raised the curtain on any future efforts to investigate similar affairs unless SEBI’s investigatory powers are extensively revised.

The Regulatory Landscape in India

India’s insider trading regulation regime is governed by the SEBI (Prohibition of Insider Trading) Regulations, 2015 (“Regulations”) as amended in 2019 (“2019 Amendments”) with its predecessor being the SEBI (Prohibition of Insider Trading) Regulations, 1992 (“1992 PIT Regulations”). The genesis of all this legislation can be traced back to the 1948 PJ. Thomas Committee Report on the Regulation of the Stock Market in India, whose suggestions were incorporated into the Companies Act, 1956 as Sections 307 and 308. Delving into concepts such as “inspired operators”, the shortcomings of the law were, however, examined by various committees over the years.  It has been subject to extensive amendments in relation to surveillance, investigation, and enforcement process by the 2019 Amendments, at the behest of the 2018 TK Vishwanathan Report, especially with respect to the crux of the present order – UPSI.

Background of the SAT Order

The present facts can be traced back to November 2017, with a Reuters report on the circulation of UPSI including specific metrics such as net profits, revenues, and operating margins in various private WhatsApp groups regarding the performance of 12 Indian Companies, ahead of their official announcements to the stock exchanges. This resulted in the initiation of SEBI investigation, leading to search and seizure operations, where about 190 devices and records were seized, enquiries in relation to the process of preparation of the financial results, and the personnel involved in the same as the burden is on SEBI to fixate that the person was an insider. This culminated in the orders of the AO, to penalize the individuals. These individuals moved SAT in appeals, arguing that they were not the originator of any of the messages mined by SEBI from the devices but had merely forwarded the messages as received from some other indeterminate sources. Nevertheless, SAT allowed the appeal as SEBI could not establish a preponderance of probabilities.


To establish whether the information communicated amounts to insider trading, there are three things to analyze.

Firstly, it has to be ascertained whether the information amounts to UPSI under Regulation 2(n) of the Regulations. UPSI, such as financial reports, is generally not public and is likely to affect the prices of the company’s securities if made public. The AO, in this case, believed that the information in the messages matched the financial results that were published later. However, due to a lack of resources, SEBI could not trace the information back to the originator due to the end-to-end encryption feature that WhatsApp offers. Resulting in SAT considering that the message could have originated from Brokerage Houses or estimates from the platform of Bloomberg, all of which can be found in the public domain, making it generally available information.

The Insider Trading regulations draw inspiration from the United States’ fair dealing principle. Therefore, in such a roadblock, SAT could have relied on the case of Dirks v. SEC, which set the blueprint to evaluate insider trading with the Personal Benefit test. The court ruled, in this case, a person would be guilty if that the person has committed a breach of fiduciary duty with an element of personal gain behind the disclosure. Some of the figures in the present case were found to be the same as the financial reports and were sent before their release, which was prominent enough to make the information UPSI at that time. This, in our opinion, is sufficient to be a breach of fiduciary duty and a disclosure for personal gain when the Appellants forwarded the messages.

Second, SEBI had to establish that the person communicating the UPSI was a connected person as defined in Regulation 2(d). The AO had reasoned that the Appellants were involved as employees, but their duties did not extend to sending sensitive information. To establish whether the person is a connected person, the classical theory laid down in the case of In re Cady, Roberts & Co is a well-established point of reference. This applies to officers, directors and other permanent insiders of a corporation as well as to attorneys, accountants and consultants or anyone acting on behalf of the corporation where they disclose the fact that they have access to the UPSI and abstain from trading.

However, the problem with the classical theory is that it applies only in the narrowest of the cases, which, when applied here, would acquit the Appellants as also the messages’ originators if they were not too related to the companies. This points us to the second theory of misappropriation, which broadens the classical theory in order to determine a connected person. The dissenting opinion of Chief Justice Burger in Chiarella v. United States paved the way for this theory by extending it beyond the scope of corporate insiders. It puts a fiduciary duty on the person not to use the UPSI for his/her own benefit whether or not the trader owes an independent duty of disclosure to those with whom he transacts. While Regulation 2(d) allows for an indirect association through which there is access to UPSI, the legislative note further states that the degrees of separation is irrelevant as long as it brings in the ambit those who have access to UPSI by virtue of any connection to, therefore making that person a connected person. Thus any person who had the necessary wherewithal and information about the financial results on WhatsApp would become a connected person under Regulation 2(d) and therefore an insider under Regulation 2(g) for having access to it so as to allow the SAT to convict the Appellants.

Lastly, it has to be established that there is a violation of Regulation 3 and 4 to amount to insider trading. If one were to analyze the current fact scenario, the SAT failed to deliberate on the fact that under Regulation 3(1), both the person who has communicated the information and the outsider who received such information, would be liable and because of this reason, the Appellants could have been held liable. Furthermore, under Regulation 3(5), it is now mandatory for the board of directors to maintain a structured digital database containing the names of all the persons and entities with whom UPSI is being shared.  While there is no mention of this in the current case, possibly owing to the fact that the law has just been implemented, the AO could have focused on this rather than breaking the encryption. Moreover, the Appellants, while forwarding the information, were not doing it as a performance of duties or as a discharge of legal obligations or as a legitimate purpose to be allowed. Further, under Regulation 4(1), any insider is prohibited from trading while in possession of UPSI due to the presumption that the insider would be motivated by the UPSI. Therefore, while analyzing the facts of the case, the Appellants did forward the information for personal gain and did not restrain themselves from trading. We feel the SAT did not take all of these factors into consideration while deciding the case, which is alarming as it has paved the way for insider trading to now take place via online encrypted messaging apps since a very high threshold has been set by the SAT for the market regulator.


The Indian laws are well equipped to penalize such instances but often lose out to various structural complications. The SEBI officials, unlike the SEC, is not allowed to tap phone calls under the Indian Telegraph Act, 1885 on the grounds of misuse. SEBI has time and again tried to submit a proposal to the government to attain such powers, and now with this defeat, some relaxations may be considered for SEBI. Yet, the ramifications of this could lead to violations of the Right to Privacy and raise data protection concerns. While the potential expansion of SEBI’s powers can be justified as in the pursuance of a ‘specific and lawful purpose’ under the Justice Srikrishna’s Committee Report on Data Protection, it cannot be in the form of a draconian law.

With the rise of technology, this is just the start of SEBI interacting with and traversing the complex landscape of encrypted data in relation to insider trading, making it absolutely necessary to expand SEBI’s powers that are tempered by reciprocal duties along with strict guidelines in relation to the exercise of such power while establishing middle ground in relation to privacy concerns.


Anushka Agarwal and Sushmit Mandal are 4th year B.B.A. LL.B. (Hons.) students at Jindal Global Law University and National Law University Odisha, Cuttack respectively.


Suggested citation: Anushka Agarwal and Sushmit Mandal, SAT’s WhatsApp Leaks Order – Undue Interpretation of the PIT Regulations, JURIST – Student Commentary, June 6, 2021,

This article was prepared for publication by Giri Aravind, a JURIST staff editor. Please direct any questions or comments to him at

Opinions expressed in JURIST Commentary are the sole responsibility of the author and do not necessarily reflect the views of JURIST's editors, staff, donors or the University of Pittsburgh.