First published by Lexology.
Authors: Safir Anand, Mudit Kaushik and Sehr Anand
The handling of price sensitive corporate information has become increasingly exposed to informal digital conduct. This issue came into focus in January 2026, when ICICI Lombard General Insurance Company Limited informed stock exchanges that draft, unaudited financial results for the third quarter of FY26 had been uploaded on a personal WhatsApp status by a designated employee. Although the content was deleted within a short period and no trading linkage has been publicly identified, the incident carries clear regulatory consequences under Indian securities law.
The episode reflects a broader compliance concern. Securities regulation depends upon controlled dissemination and equality of access to information. Once those principles are disturbed, regulatory consequences arise regardless of intention or duration of disclosure.
Classification of the Information Disclosed
Quarterly financial results fall squarely within the statutory definition of Unpublished Price Sensitive Information. Regulation 2(1)(n) of the SEBI Prohibition of Insider Trading Regulations, 2015 expressly includes financial results within UPSI. The provision makes no distinction between audited and unaudited figures.
Draft financial data can influence market expectations regarding profitability, underwriting performance, and future guidance. From a regulatory standpoint, the decisive factor is informational relevance rather than procedural completeness. Until results are formally released through recognised stock exchange mechanisms, they remain unpublished and price sensitive.
The medium of disclosure does not alter this position. Communication occurs once information becomes accessible beyond authorised corporate channels. A WhatsApp status therefore attracts the same regulatory assessment as any other mode of transmission.
Prohibition on Communication Under Insider Trading Law
Regulation 3 of the Insider Trading Regulations prohibits communication of UPSI except for legitimate corporate purposes, discharge of legal obligations, or performance of duties within defined limits. Uploading draft results on a personal social media platform does not fall within any recognised exception.
Importantly, enforcement under insider trading law does not depend upon proof of trading activity. Indian securities jurisprudence treats unauthorised communication as a standalone compliance failure. Market integrity depends upon disciplined information control rather than proof of advantage derived from disclosure.
This position is reinforced by Section 15G of the SEBI Act, 1992, which empowers the regulator to impose monetary penalties for communicating UPSI. The statutory provision does not require gain, loss, or transactional conduct as a prerequisite.
Responsibility of the Listed Entity
Although the disclosure originated from an individual employee, regulatory scrutiny extends to the listed entity. SEBI expects companies to maintain effective systems governing access to UPSI, designation of insiders, and circulation of draft financial material.
An inadvertent lapse may still prompt examination of internal arrangements. Training protocols, access restrictions, and supervision of designated persons form part of this review. The focus remains on whether the company had taken reasonable steps to prevent unauthorised dissemination.
Internal inquiries and audit committee reviews therefore serve an important function. They assist in identifying individual conduct while also assessing organisational preparedness. Prompt disclosure to stock exchanges further reflects procedural discipline and regulatory awareness.
Disclosure Duties Under the LODR Regulations
The SEBI Listing Obligations and Disclosure Requirements Regulations, 2015 require listed companies to ensure orderly and timely dissemination of material information. Where financial data enters the public domain through unauthorised means, the incident itself becomes relevant for disclosure.
The regulatory concern extends beyond numerical accuracy. Investors rely on the expectation that results are released through structured exchange processes. Any deviation from this expectation affects informational parity across the market.
By informing stock exchanges promptly, the company addressed the risk of misinformation and speculation. Such disclosures assist in restoring balance and transparency.
Limited Role of Information Technology Law
Although references are sometimes made to the Information Technology Act, 2000 in cases of digital disclosure, its role here remains limited. Provisions relating to breach of confidentiality typically contemplate unauthorised access or disclosure accompanied by intent.
In cases involving inadvertent communication without demonstrable misuse, securities regulation provides the more appropriate basis for analysis. Regulatory attention therefore remains centred on insider trading and disclosure obligations.
Privacy and Employment Considerations
Corporate financial results do not constitute personal data under Indian data protection law. The Digital Personal Data Protection Act, 2023 does not apply to the information disclosed in this incident.
Separate employment consequences may nonetheless arise under confidentiality clauses and internal codes of conduct. Designated persons are subject to heightened duties in relation to UPSI handling. Disciplinary action, where warranted, serves corrective and signalling purposes, subject to proportionality.
The Way Forward
The ICICI Lombard WhatsApp episode demonstrates how informal communication practices can intersect with strict disclosure obligations. Indian securities law places emphasis on control and equality of access rather than subjective intent.
The company’s prompt disclosure and initiation of internal review reflect regulatory awareness. At the same time, the incident highlights the need for sustained attention to information handling practices as communication becomes faster and more informal.
For listed companies, control over price sensitive information remains a central obligation, irrespective of platform or circumstance.
etc. whilst wrongfully claiming to be part of our firm and making false claims and allegations.