From the reports I have read, it seems Karvy misused the POA given by clients (to enable trading) and used it to transfer client’s shares into their own account and then sold them, pocketing the cash.
Operationally, every time there is a debit/credit in my demat account, I get an sms AND email, end of day from both the depository and NSE/BSE - did this not happen with Karvy customers? or where these details changed by Karvy? if so:
How easy is it to change these details given that they are part of the elaborate cKYC process?
What safeguards have been placed by Zerodha (or other brokers / SEBI mandates) to ensure that this cannot be done at a corporate level or by a group of bad actors within an organization?
I did read the post by @nithin but it does not touch upon these likely process gaps - possibly everyone is still awaiting details of the modus operandi.
Edit: As pointed out by @Siva, alerts are only for debits.
If you’ve opened your demat account at Zerodha, we would have already enabled the SMS alert facility for you. Whenever stocks get debited from your demat account, you would receive an SMS from the Depository (CDSL). You can verify this from the CMR copy sent to you when your account was opened, you’ll find the ‘SMS register’ option to be ‘Yes’ and the number would be mentioned there:
SEBI cancels registration of stock broker Click2Trade Capital
The regulator, which initiated enquiry proceedings against Click2Trade in respect of alleged violation of stock brokers norms, found that the entity failed to segregate its own transactions from that of its clients, reported incorrect margin and used client bank accounts for other than specified purposes.
Markets regulator SEBI has cancelled the registration of Click2Trade Capital as it “grossly” failed in performing its duties as a stock broker and made serious lapses in maintaining infrastructure and did not redress investor grievances.