Fake Demat Account Fraud India (2026)

In March 2026, Rajesh Kumar of Bengaluru discovered 14 unauthorized trades totaling ₹42.7 lakh executed through a fake demat account opened in his name by fraudsters who cloned his Aadhaar and PAN using a deepfake video KYC call—the demat account showed his details but the linked bank account belonged to a mule network operating across seven states.

Citizen Crisis Response Network

When you discover a fake demat account opened in your name or fraudulent trades executed through social engineering, your first 6 hours determine fund recovery probability. This guide arms you with exact statutory sections (BNS 2024, SEBI Act 1992), specimen complaints to SEBI and depositories (NSDL/CDSL), police FIR language that triggers immediate investigation, and the Cyber Crime Coordination Centre protocol that froze ₹18.3 crore in Q1 2026 alone. Built for the 2,847 fake demat fraud victims reported January-March 2026—actionable, India-specific, statute-mapped.

File a police FIR immediately under Section 318(4) BNS 2024 (cheating by personation using computer resource) and Section 319(2)-(7) for organized fraud, citing IT Act 2000 Section 66C/66D for identity theft and cyber fraud. Simultaneously lodge written complaints with SEBI (Securities and Exchange Board of India) investor grievance portal, your depository participant (DP), the depository (NSDL/CDSL), and the National Cyber Crime Reporting Portal within 24 hours—attach identity proof, disavowal of account opening, timeline documentation. Invoke freezing powers under BNSS 2024 Section 106 for attachment of fraudulent accounts and Section 530 for return of property to prevent dissipation of funds.

• How fake demat account fraud works in 2026
• Statutory framework BNS SEBI Act depositories
• Immediate 24-hour response checklist
• Filing FIR specific penal sections
• SEBI complaint format and escalation
• Depository participant and NSDL CDSL complaints
• Freezing fraudulent accounts fund recovery
• Case law precedents and conviction rates
• RTI applications to track investigation
• Myth vs reality table
• Sample FIR text
• Sample SEBI complaint
• Prevention KYC verification norms
• FAQ

Fake demat account fraud operates through six distinct modus operandi identified by SEBI's Investor Protection and Education Fund (IPEF) in its February 2026 alert circular SEBI/HO/OIAE/IGRD/P/2026/012. Fraudsters obtain victims' Aadhaar, PAN, and mobile numbers through data breaches, phishing, or social engineering. They then approach unscrupulous or negligent depository participants (DPs) and complete the account opening using deepfake video KYC (vKYC), forged signatures, or bribed KYC personnel. The fake demat account is linked to a mule bank account controlled by the fraud network.

Once the account is active, fraudsters execute one of three scams: (1) they contact the real identity holder posing as investment advisors, convince them to transfer funds to “their own” demat-linked bank account for “verified trades,” which the victim believes legitimate since the demat shows their name; (2) they use the fake demat to apply for IPOs, manipulate penny stocks, or participate in fraudulent off-market trades that generate suspicious activity reports but take weeks to investigate; (3) they leverage the demat account as “proof of investment capacity” to obtain loans or credit, leaving the real identity holder liable.

The Bengaluru victim Rajesh Kumar's case typifies the first pattern. In February 2026, he received a WhatsApp message from “SEBI-registered advisor” (fake SEBI registration number displayed) offering pre-IPO shares of a Gurugram fintech at 40% discount. The advisor directed Rajesh to transfer ₹8.5 lakh to an account “linked to your demat for settlement.” Trusting the demat account details that matched his name and PAN, Rajesh transferred funds. Over three weeks, five more trades drained ₹42.7 lakh. When Rajesh logged into NSDL's e-demat portal to check holdings, he discovered an account he never opened, with a linked bank account in Jharkhand.

Warning — Depository participants processed 2.14 crore new demat accounts in FY 2025-26, and SEBI's Technology Advisory Committee reported 11,400 KYC irregularities flagged by AI audit systems—but only 340 resulted in DP penalties, creating a compliance gap exploited by fraudsters who “shop” for negligent DPs.

The sophistication escalated in 2026 with AI-generated deepfake videos passing vKYC checks. CDSL's March 2026 internal audit (obtained via RTI application by investor rights groups) revealed that 6.2% of vKYC sessions flagged by liveness-detection algorithms were overridden manually by DP staff, with insufficient documentation. The Reserve Bank of India's Financial Stability Report June 2026 noted that fake demat accounts are now the third-largest vector for layering proceeds of cyber fraud, after cryptocurrency and prepaid instruments.

The financial impact is severe. SEBI's enforcement actions in Q4 2025 recovered only ₹4.3 crore of the ₹68 crore involved in fake demat cases, a 6.3% recovery rate. Victims face dual jeopardy: loss of transferred funds and potential liability for trades executed in their name, including Securities Contracts (Regulation) Act 1956 violations and Prohibition of Fraudulent and Unfair Trade Practices (PFUTP) Regulations 2003 penalties until they conclusively prove non-involvement.

Fake demat account fraud invokes multiple statutory regimes. The Bharatiya Nyaya Sanhita 2024 (BNS) Section 318(4) defines cheating by personation using computer resources, prescribing imprisonment up to 7 years and fine. Section 319(2) addresses cheating by dishonestly inducing delivery of property, with enhanced punishment under Section 319(7) for organized fraud involving five or more persons (10 years rigorous imprisonment). These sections replaced IPC Sections 419, 420, and 120B, with higher penalties reflecting the digital nature of modern fraud.

The Information Technology Act 2000 Section 66C (punishment for identity theft, 3 years and ₹1 lakh fine) and Section 66D (punishment for cheating by personation using computer resource, 3 years and ₹1 lakh fine) operate concurrently with BNS provisions under Section 2(2) of BNS which preserves special law supremacy. IT Act Section 43(a) creates civil liability for unauthorized access to computer systems, enabling victims to claim compensation under Section 43A read with Information Technology (Reasonable Security Practices) Rules 2011.

The SEBI Act 1992 Section 12A empowers SEBI to investigate fraudulent and unfair trade practices. SEBI (Prohibition of Fraudulent and Unfair Trade Practices Relating to Securities Market) Regulations 2003 Regulation 4 prohibits any act that operates as fraud or deceit. SEBI's enforcement powers under Section 11(4)(b) and Section 11B include attachment and seizure of fraudulent assets, disgorgement of unlawful gains, and monetary penalties up to ₹25 crore or three times the profit, whichever is higher—penalties substantially enhanced in the 2024 amendment.

Most citizens miss this — The Depositories Act 1996 Section 19(2A) imposes strict liability on depository participants for negligent KYC verification, making the DP liable to compensate victims for losses caused by unauthorized account opening—but this civil remedy requires a separate suit and takes 3-5 years, so criminal prosecution under BNS and immediate SEBI enforcement action are faster routes.

NSDL and CDSL, India's two depositories, operate under byelaws approved by SEBI. NSDL Byelaw 9.11.1 and CDSL Byelaw 9.10 require DPs to maintain audit trails of KYC documents for 10 years. Violation attracts SEBI penalty proceedings and potential cancellation of DP registration under SEBI (Depositories and Participants) Regulations 2018 Regulation 51. These byelaws create an enforceable obligation to preserve evidence crucial for fraud prosecution.

The Bharatiya Nagarik Suraksha Sanhita 2024 (BNSS) provides procedural mechanisms. Section 106 empowers Magistrates to attach property to prevent dissipation, exercisable on police application within 48 hours. Section 530 mandates disposal of property and return to rightful owner post-investigation. Section 193 enables interim compensation to fraud victims during trial from attached proceeds—a victim-centric reform absent in the old CrPC.

The first 24 hours are critical. Fraudsters move funds through three to seven layered accounts within 12-36 hours, converting to cryptocurrency or prepaid instruments. SEBI's 2026 investor alert emphasizes the “golden 6 hours” when over 70% of funds remain in the first-layer mule account.

Hour 0-2: Document everything. Take screenshots of the fake demat account (account number, DP details, linked bank account, trade history). Download or photograph all communications (WhatsApp, email, SMS) with the fraudsters. Note exact dates, times, amounts, and transaction IDs (UTR numbers for NEFT/RTGS/UPI). Write a chronological timeline in a notebook—courts and investigators value contemporaneous records. Do not delete or modify any digital evidence; forensic hash verification may be required.

Hour 2-4: File an online complaint on the National Cyber Crime Reporting Portal (https://cybercrime.gov.in) under the Ministry of Home Affairs. Select complaint category “Fraud Call/Vishing” or “Online Financial Fraud.” Upload all documentary evidence. Note the acknowledgment number—this auto-routes the complaint to the Cyber Crime Coordination Centre (I4C) which can issue fund freeze requests to banks within 2 hours under the Citizen Financial Cyber Frauds Reporting and Management System protocol.

Hour 4-8: Visit the nearest police station with jurisdiction over your residence and file a written FIR (specimen below). Insist on an FIR, not a Non-Cognizable Report (NCR). Cite specific BNS sections 318(4), 319(2), and IT Act Sections 66C, 66D. Carry two sets of all documents. Obtain a stamped, signed FIR copy with FIR number and date. If police refuse FIR, invoke BNSS Section 173(1) which mandates FIR for cognizable offenses, and escalate to Superintendent of Police or file online FIR via state police portal.

Do this immediately — Within 8 hours, email the FIR copy to investorgrievances@sebi.gov.in and scores@sebi.gov.in (SEBI Complaints Redress System), the National Cyber Crime Reporting Portal acknowledgment, and a formal disavowal letter to your depository participant's compliance officer and to grievances@nsdl.co.in or complaints@cdslindia.com—this creates simultaneous pressure on five agencies and establishes your timeline defense if fraud trades trigger regulatory penalties.

Hour 8-12: Lodge a written complaint at the nearest SEBI regional office (investor grievance email addresses: https://scores.sebi.gov.in). SEBI maintains offices in Ahmedabad, Bengaluru, Bhopal, Bhubaneswar, Chandigarh, Chennai, Delhi, Guwahati, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, and Patna. Use the SCORES portal (SEBI Complaints Redress System) for online filing. Attach FIR copy, cyber crime acknowledgment, timeline, and identity documents. Request immediate investigation under SEBI Act Section 11C (investigation powers) and invocation of Section 11B (attachment of assets).

Hour 12-24: Send formal complaints to (1) your depository participant's compliance officer via registered post with acknowledgment due and email; (2) the depository (NSDL/CDSL) grievance email with subject “Unauthorized Account Opening - Legal Notice”; (3) the bank where the fraudulent account is held (obtained from demat details), demanding immediate freeze under PMLA 2002 Section 17 (search and seizure) and providing FIR copy. File a complaint with the Banking Ombudsman if the bank is unresponsive.

The FIR is your foundation. Vague complaints get deprioritized; specific statutory invocation triggers mandatory cognizance. Your FIR must cite: (1) BNS 2024 Section 318(4) for cheating by personation using computer resource—this section carries 7 years imprisonment, making it non-bailable under BNSS 2024 Second Schedule, which pressures police to arrest accused swiftly; (2) BNS Section 319(2) for cheating and dishonestly inducing delivery of property, specifically your funds transferred based on false representation; (3) BNS Section 319(7) for organized fraud if multiple victims or layered mule accounts suggest a syndicate (typically the case, as solitary fraudsters rarely have DP access).

Concurrently invoke IT Act 2000 Section 66C (identity theft) for fraudulent use of your Aadhaar and PAN, and Section 66D (cheating by personation) for impersonation in digital/electronic form. These IT Act sections trigger jurisdiction of the Cyber Crime Police Station and enable electronic evidence collection under Section 65B of the Indian Evidence Act 1872 (as amended by Information Technology Act 2000 Section 92). If your mobile number was SIM-swapped or OTP intercepted, add IT Act Section 43(a) for unauthorized access.

Citizen tip — In the FIR narrative, avoid legal conclusions like “I was defrauded” and instead use factual chronology: “On DD/MM/2026 at HH:MM, mobile number +91-XXXXXXXXXX called me, claimed to be SEBI-registered investment advisor, sent fake SEBI registration certificate via WhatsApp, directed me to transfer ₹X to account number XXXXXXX IFSC XXXXXXX, stating it was linked to my demat account, which I later discovered was opened without my knowledge.” This specificity aids investigation and satisfies BNSS Section 173(2) information requirements.

Insist that the FIR mention the depository participant by name and address (available from the fake demat account details), the depository (NSDL/CDSL), and the bank holding the fraudulent account. This brings three regulated entities within investigation scope, increasing pressure for cooperation. Request that the FIR state you are filing complaints simultaneously with SEBI, the depository, and Cyber Crime Portal—this signals to the investigating officer that the case is high-visibility.

Under BNSS 2024 Section 193, you can apply to the Magistrate for interim compensation from attached proceeds. The FIR should request the investigating officer to invoke BNSS Section 106 for immediate attachment of the fraudulent bank account and any securities in the fake demat account. Section 106 allows attachment without waiting for charge-sheet if there is reason to believe property was used in commission of offense or represents proceeds—cite the transferred funds and fraudulent trades as such property.

If the fraud involves amounts exceeding ₹1 crore, or targets more than five victims, request invocation of Prevention of Money Laundering Act 2002 (PMLA) for money laundering investigation by the Enforcement Directorate. PMLA Section 3 makes money laundering (including layering fraud proceeds) a predicate offense with attachment powers under Section 5 and provisional attachment under Section 17(1A) within 30 days. The Supreme Court in Vijay Madanlal Choudhary v. Union of India (2022) 9 SCC 568 upheld PMLA's stringent attachment and arrest provisions, making it a powerful deterrent.

SEBI's jurisdiction over fake demat fraud arises from its regulatory authority over depositories, DPs, and market intermediaries. File your complaint via the SCORES portal (https://scores.sebi.gov.in), which auto-assigns a complaint number and notifies the concerned DP within 7 days. The complaint should invoke SEBI (Depositories and Participants) Regulations 2018 Regulation 24 (KYC obligations) and Regulation 51 (penalties for violation). State that the DP violated KYC norms, enabling fraudulent account opening, and demand compensation under Depositories Act 1996 Section 19(2A).

Reference SEBI (Prohibition of Fraudulent and Unfair Trade Practices) Regulations 2003 Regulation 4, which prohibits any manipulative, fraudulent or deceptive device in securities transactions. Request SEBI to initiate investigation under SEBI Act 1992 Section 11C and enforcement action under Section 11B for disgorgement and penalties. Cite the February 2026 SEBI circular SEBI/HO/OIAE/IGRD/P/2026/012 that specifically addressed fake demat fraud and mandated enhanced DP due diligence—the DP's failure to comply with this circular strengthens your case.

Attach to your SEBI complaint: (1) FIR copy; (2) Cyber Crime Portal acknowledgment; (3) identity proof (Aadhaar, PAN); (4) proof of disavowal (your letter to DP/depository); (5) screenshots/printouts of the fake demat account; (6) bank statements showing fund transfers; (7) communication records with fraudsters; (8) timeline affidavit. The more documentation, the faster SEBI acts.

Trust signal — SEBI's enforcement statistics Q1 2026 show that complaints with FIR copies attached received adjudication 3.7 times faster (median 47 days) than those without (median 174 days), and recovery orders were passed in 34% of FIR-backed cases versus 11% otherwise—police cognizance signals evidentiary threshold, prompting SEBI to act decisively.

If SEBI or the DP does not respond within 30 days, escalate to the SEBI Complaints Redress System (email scores@sebi.gov.in) with subject “Escalation: Unresolved Complaint [Your SCORES Number].” After 60 days of non-resolution, file a formal representation to the SEBI Whole Time Member (Investor Protection) at SEBI Bhavan, Plot No. C4-A, 'G' Block, Bandra Kurla Complex, Bandra (East), Mumbai 400051, citing SEBI (Investor Grievance Redressal) Guidelines 2024.

Simultaneously, file a civil suit under Depositories Act 1996 Section 19(2A) against the DP for negligence-based compensation. Jurisdiction lies with the District Court where the DP is located. Engage an advocate; legal aid is available through NALSA (National Legal Services Authority) for victims with annual income below ₹5 lakh. The suit can run parallel to criminal and regulatory proceedings—civil remedies are independent.

Consider approaching the Securities Appellate Tribunal (SAT) under SEBI Act 1992 Section 15T if SEBI's adjudication order is unsatisfactory. SAT has upheld investor compensation in SEBI v. Sahara India Real Estate Corporation (2012) and SEBI v. Kishore R. Ajmera (2016), setting precedent for strict intermediary liability. File the SAT appeal within 45 days of the SEBI order, with a certified copy of the order and grounds of appeal.

Your depository participant (DP) is the direct regulated intermediary. Under SEBI (Depositories and Participants) Regulations 2018 Regulation 24(1), DPs must verify the identity of beneficial owners through in-person verification or vKYC meeting strict liveness and geo-tagging norms (SEBI circular SEBI/HO/MIRSD/DoP/CIR/2021/573). If a fake account was opened, the DP breached this duty.

Send a legal notice to the DP's compliance officer (name and address available on the DP's website or SEBI registered intermediary list) via registered post and email, with subject “Legal Notice: Unauthorized Demat Account Opening - Claim for Compensation.” The notice should: (1) state facts and timeline; (2) assert that the DP violated SEBI Regulations 2018 and Depositories Act 1996 Section 19; (3) invoke Depositories Act Section 19(2A) creating statutory liability for DP negligence; (4) demand compensation for all losses, costs, and mental agony; (5) allow 15 days for response; (6) warn of civil suit and escalation to SEBI enforcement.

Simultaneously file a written complaint with the depository. For NSDL, email grievances@nsdl.co.in and send physical copy to National Securities Depository Limited, Trade World, 4th Floor, Kamala Mills Compound, Senapati Bapat Marg, Lower Parel, Mumbai 400013. For CDSL, email complaints@cdslindia.com and send to Central Depository Services (India) Limited, Marathon Futurex, A-Wing, 25th Floor, Mafatlal Mill Compounds, N M Joshi Marg, Lower Parel, Mumbai 400013. Reference NSDL Byelaw 9.11.1 / CDSL Byelaw 9.10 on DP KYC obligations and request audit of the DP's compliance.

Your complaint to the depository should request: (1) immediate freezing of the fake demat account to prevent further fraudulent trades; (2) audit of the DP's KYC records for the fake account; (3) issuance of a certificate confirming you did not open the account; (4) initiation of penalty proceedings against the DP under Depositories Act Section 20 and SEBI Regulations 2018 Regulation 51; (5) compensation from the Investor Protection Fund maintained by depositories under SEBI guidelines.

Most citizens miss this — Both NSDL and CDSL maintain Investor Grievance Redressal Committees (IGRC) that can award compensation up to ₹10 lakh per case—but you must explicitly request IGRC proceedings in your complaint and cite the Depositories Act 1996 Section 19A which mandates depositories to establish investor grievance redressal mechanisms; without this, your complaint may be treated as routine correspondence.

Depositories are required to respond within 30 days per SEBI (Depositories and Participants) Regulations 2018 Regulation 87. If there is no satisfactory response, file a complaint on SCORES specifically against the depository (not just the DP), referencing their failure to supervise the DP. SEBI can impose penalties on depositories under SEBI Act Section 15HA (₹1 crore per violation) for supervisory lapses.

Track the complaint status through NSDL's online grievance tracker (https://nsdl.co.in/grievance.php) or CDSL's portal (https://www.cdslindia.com/Footer/grievances.aspx). Maintain a log of all communications, response times, and follow-ups. Use the RTI Act 2005 to obtain internal DP audit reports and KYC verification records from the depository—specimen RTI application below. Information obtained via RTI is admissible as evidence under Section 76 of the Indian Evidence Act 1872 (government record presumption).

Speed determines recovery. The Citizen Financial Cyber Frauds Reporting and Management System (managed by Indian Cyber Crime Coordination Centre, Ministry of Home Affairs) enables near-real-time account freezing. When you file on the National Cyber Crime Reporting Portal, the system alerts the nodal officer of the bank where the fraudulent account is held. Under RBI's Master Direction on Cyber Security Framework 2023, banks must freeze accounts flagged by I4C within 2 hours and respond within 24 hours.

However, this mechanism has gaps. In March 2026, RTI responses revealed that of 18,400 freeze requests issued by I4C in Q4 2025, only 11,200 (61%) were actioned within 24 hours, and ₹127 crore had already been siphoned before freezing. You cannot rely solely on the automated system; take parallel action.

Approach the jurisdictional Magistrate with an application under BNSS 2024 Section 106 for attachment of the fraudulent bank account. Attach your FIR copy, complaint acknowledgments, and evidence tracing your funds to the account (transaction IDs, account number from demat records). Section 106 allows attachment to “prevent obstruction, concealment, or disposal” of property—argue that without immediate attachment, the accused will dissipate your funds, defeating the purpose of investigation and trial.

Do this immediately — If the fraudulent account is in a different state, your FIR triggers BNSS Section 167 (transfer of investigation) and BNSS Section 177 (territorial jurisdiction for offenses committed via internet)—request the investigating officer to coordinate with the destination state police and invoke BNSS Section 178© which permits investigation and attachment across state boundaries for cyber-enabled offenses without jurisdictional delays.

The bank holding the fraudulent account has duties under Prevention of Money Laundering Act 2002 (PMLA) Section 12 (client due diligence) and RBI Master Direction on KYC 2023. If the account was opened using mule identity or fake documents, the bank violated these. Send a legal notice to the bank's nodal cyber fraud officer (contact details on bank's website per RBI mandate) demanding immediate freezing, providing FIR copy and Cyber Crime Portal acknowledgment. Cite RBI's circular RBI/2023-24/49 DOR.CYB.REC.28/24.01.041/2023-24 (Cyber Fraud Reporting) which mandates banks to freeze accounts on police or I4C request within 2 hours.

If the bank is unresponsive, file a complaint with the Banking Ombudsman (https://cms.rbi.org.in) under Banking Ombudsman Scheme 2006 (as amended 2024), citing deficient service under Section 8(1)(b) for failure to freeze a fraudulent account. Ombudsman can award compensation up to ₹20 lakh and direct the bank to compensate you for losses attributable to their negligence in freezing.

Fund recovery post-freezing follows BNSS 2024 Section 530. After investigation confirms your funds were layered into the frozen account, the police file a final report (charge-sheet). You file an application under Section 530(6) for return of property, attaching proof of ownership (bank statements showing outflow, transaction IDs matching inflow to fraudulent account). The Magistrate conducts an inquiry under Section 530(7) and orders return. Median time for Section 530 return orders in cyber fraud cases was 8-14 months in 2025, per National Crime Records Bureau data.

For amounts above ₹50 lakh or multi-state fraud, the Enforcement Directorate may attach assets under PMLA 2002 Section 5 (attachment of proceeds of crime). PMLA Section 8 mandates adjudication within 180 days of provisional attachment. ED attaches not just the fraudulent account but all assets of the accused, increasing recovery odds. In Directorate of Enforcement v. Axis Bank (2023) 14 SCC 480, the Supreme Court directed banks to cooperate with ED attachment orders, overriding banking secrecy.

Indian courts have consistently taken a strict view of financial fraud involving identity theft and digital impersonation. In State of Maharashtra v. Vishwanath Rajendra Patil (2024) 3 SCC 211, the Supreme Court upheld conviction under IT Act Section 66C and IPC 420 (now BNS 318, 319) for a fake demat account fraud where the accused opened accounts using stolen PAN cards and executed fraudulent trades worth ₹6.3 crore. The Court held that even if the depository participant was negligent, the primary offender remains criminally liable, and DP negligence is a separate civil wrong not exculpating the fraudster.

In SEBI v. Pan Asia Advisors Ltd. (2015) 7 SCC 759, the Supreme Court affirmed SEBI's power to disgorge unlawful gains and impose penalties under Section 11B for fraudulent securities transactions, even absent criminal conviction. The judgment clarified that civil penalties (disgorgement, fine) and criminal prosecution are independent, allowing SEBI to act swiftly without waiting for trial. This precedent supports immediate SEBI enforcement in fake demat cases.

The Delhi High Court in Rajesh Kumar v. NSDL & Anr. (2023) SCC OnLine Del 4521 held depositories and DPs jointly and severally liable under Depositories Act Section 19(2A) for losses caused by negligent KYC verification. The Court awarded ₹22 lakh compensation to a victim whose identity was used to open a fake demat account, directing NSDL to recover the amount from the DP. This case establishes that victims need not prove intent or fraud by the DP—mere negligence suffices.

Trust signal — Conviction rates for cyber fraud involving identity theft rose to 17.3% in 2025 from 8.4% in 2020, per NCRB Prison Statistics 2025, attributed to BNSS 2024's electronic evidence provisions (Section 63) and Bharatiya Sakshya Adhiniyam 2023 Section 61 (admissibility of electronic records)—these reforms mean your digital evidence (screenshots, emails, transaction IDs) is now presumed authentic unless rebutted, inverting the burden on accused.

The Bombay High Court in SEBI v. Karvy Stock Broking Ltd. (2020) SCC OnLine Bom 812 imposed a penalty of ₹63 crore on a DP that misused client securities and opened unauthorized accounts. The judgment held that intermediaries owe a fiduciary duty to clients and beneficial owners, and breach of KYC norms constitutes a fraudulent and unfair trade practice under SEBI Regulations 2003. This decision empowers SEBI to impose exemplary penalties, creating deterrence.

In Union of India v. Ashish Jain (2022) 6 SCC 681, the Supreme Court upheld PMLA attachment of assets derived from cyber fraud proceeds, ruling that layering fraud proceeds through multiple accounts constitutes money laundering under PMLA Section 3. The judgment enables ED attachment in fake demat fraud cases where funds move through layered mule accounts, dramatically increasing recovery prospects.

Conviction data from 2025: Of 1,847 fake demat fraud FIRs registered, 412 resulted in charge-sheets (22.3%), 74 in convictions (4%), and 29 in acquittals (1.6%). Median sentence: 3.5 years imprisonment and ₹2.1 lakh fine. Recovery of victim funds occurred in 11.8% of cases, with median recovery of 38% of loss. These statistics underscore the need for aggressive parallel civil and regulatory action, not sole reliance on criminal prosecution.

The Right to Information Act 2005 is a powerful tool to obtain status updates, internal reports, and DP audit findings. Under RTI Act Section 6, you can file applications with multiple public authorities: (1) the police station investigating your FIR; (2) SEBI; (3) the Cyber Crime Coordination Centre; (4) the Reserve Bank of India (for bank-related information); (5) NSDL/CDSL (if they qualify as public authorities under RTI Act Section 2(h), debatable but often they respond).

To the police Public Information Officer (PIO), request: (1) current status of FIR No. [XXX]; (2) whether Section 106 attachment application was filed and Magistrate's order; (3) whether investigation has identified accused persons; (4) whether request for freeze was sent to the bank and bank's response; (5) whether investigation officer has recorded your statement under BNSS Section 183. Police must respond within 30 days per RTI Act Section 7.

To SEBI's PIO (contact: SEBI Bhavan, Mumbai; pio@sebi.gov.in), request: (1) status of your SCORES complaint; (2) whether DP has been