TRW Law Firm – Global Header
Book Consultation

Stock aggregating startup company in Bangladesh

by Tahmidur Remura Wahid | Nov 6, 2025 | Uncategorized | 0 comments

Stock aggregating startup company in Bangladesh

Stock aggregating startup company in Bangladesh

In Bangladesh, “anyone can buy a stock of any company” via your platform only works if you sit squarely inside the capital-markets rules (or partner with someone who already does). Here’s the practical roadmap and the legal boxes you must tick.

1) Decide your regulatory posture (this drives everything else)

Model A — “Full-stack broker”

Stock aggregating startup company in Bangladesh

You obtain:

  • Stock Broker & Stock Dealer registration (with BSEC), plus a TREC with DSE and/or CSE.
  • Depository Participant (DP) status with CDBL to open BO accounts and settle client trades.

Implications

  • Highest control and revenue capture (brokerage + margin products later), but heaviest capital, tech, and compliance obligations.
  • You must build all controls: client-asset segregation, KYC/AML stack, OMS/RMS/Surveillance, DR/BCP, incident reporting.

Model B — “Aggregator via partner”

  • You do tech + marketing + KYC intake, and sign one or more introducing broker / white-label arrangements with licensed TREC brokers (who in turn have DP relationships).
  • Orders route to their OMS; custody sits with their DP; your app is the client front-end.

Implications

  • Fastest time-to-market.
  • You do not touch “dealing” or “custody” functions; you still need strong data, outsourcing, and fair-marketing compliance—plus very clear client disclosures.

Model C — “Alternative Trading Board (ATB)/SME focus”

  • Aggregate access to unlisted/alternative instruments admitted under ATB/SME frameworks through exchange rules.
  • Useful if your differentiator is private-market liquidity.
  • Still expect broker/DP engagement and exchange compliance on listing/trading/settlement rules for ATB securities.

Practical tip: Many startups begin with Model B (6–12 months), then transition into Model A once product–market fit and unit economics are de-risked.

2) Entity, capital, and core registrations

  • Company setup: Private limited company with suitable objects (capital-markets tech, brokerage, depository services, payments—keep the objects wide, but clean).
  • Tax: TIN, BIN (VAT), payroll registrations; accounting policy for brokerage income, interest on client balances, and pass-throughs (stamp duty, exchange fees).
  • Foreign investment: If you have foreign shareholders, ensure incoming FDI reporting and post-allotment filings.
  • Capital planning:
  • Paid-up capital for broker/dealer; working capital buffer to meet net capital balance rules + tech/security spend.
  • Ring-fenced client money accounts at approved banks with board-approved client money policy.

3) Licenses, memberships, and approvals (by model)

If Model A (own broker/DP)

  • BSEC Broker & Dealer Registration
  • TREC (DSE/CSE)
  • CDBL DP (incl. connectivity tests, operational readiness, SLAs)
  • Bank accounts: client money (segregated), firm operating, settlement accounts with clearing bank(s)

If Model B (aggregator)

  • No broker/DP license initially, but:
  • Formal outsourcing agreements (KYC intake, eKYC, OCR/IDV vendors, cloud), introducing-broker agreements, and tripartite client communications protocol (you ↔ broker ↔ client).
  • Bangladesh Bank permissions may be needed if you operate any wallet-like feature, pooled balances, or initiate payment instructions yourself (see Section 6).

4) Product scope and legal boundaries

  • Bangladesh-listed equity and debt: straight-through whole-share execution only.
  • Fractionalization: Avoid unless you structure a regulated collective investment scheme (CIS) or ETF-like vehicle. Otherwise you risk straying into “units” in a pooled vehicle.
  • Derivatives/margin: Offer only when explicitly allowed and your risk engine, disclosures, and capital are ready.
  • Unlisted/ATB/SME: Follow listing, disclosure, and investor-suitability rules applicable to those boards.
  • Foreign securities for residents: Plan conservatively. Cross-border equity investment by retail residents typically requires prior permissions under foreign-exchange controls. Viable pathways involve authorized dealer banks and specific approvals. A common sequencing is: launch domestic first → add research/education on foreign markets → later apply for cross-border permissions.

5) End-to-end client journey (what must be in place legally & operationally)

5.1 Onboarding & KYC/AML

  • Account types: Individual (Resident), Joint, Minor (via guardian), NRB (if permitted), Corporate.
  • Identity: NID/Passport capture, liveness + face match, name screening (sanctions, PEP, adverse media).
  • KYC forms: FATCA/CRS (if applicable to your structure), occupation, income band, source of funds, risk profile.
  • BO Account: Either (i) opened directly with your DP (Model A), or (ii) via partner DP (Model B). Client must acknowledge BO T&Cs.
  • Agreements:
  • Client Agreement (brokerage terms, order handling, conflict policy, client money statement)
  • Risk Disclosure Statement (volatility, outages, corporate actions, order types)
  • Privacy & Data Policy (collection, use, retention, cross-border processing if any)
  • E-Contracting Consent (clickwrap enforceability, records retention)
  • Omnibus disclosure, if applicable (how beneficial ownership is tracked and reported)

5.2 Funding & withdrawals

  • Client money segregation from day one.
  • Fund flow options:
  • Direct bank transfers into broker client money accounts (cleanest).
  • If you add a wallet interface or load funds into a stored balance, see Section 6 on PSP/PSO.
  • Withdrawal controls: beneficiary name match, cooling-off for first withdrawal, fraud monitoring, T+ cut-offs.

5.3 Orders, execution, and settlement

  • OMS/RMS: throttle, pre-trade checks (sufficient cash/holdings), circuit breakers, exchange throttles.
  • Best execution policy: define venues (DSE/CSE), order types supported, outages/incident playbooks.
  • Settlement: DVP through CDBL. Corporate actions flow (dividends, rights, bonus) must reconcile to each BO.

5.4 Communications & conduct rules

  • Fair, clear, not misleading: all marketing, push notifications, and in-app “nudges” must avoid promissory language or implied guarantees.
  • Research vs. marketing: If you push analyst notes, separate research from sales, disclose conflicts and methodologies.

6) Payments, wallets, and Bangladesh Bank perimeter

If your app creates a stored balance, allows peer-to-peer transfers, or operates rails beyond simple bank transfer into broker client accounts, you may fall into PSP (Payment Service Provider) and/or PSO (Payment System Operator) regimes. That means:

  • Licensing/approval with Bangladesh Bank,
  • Settlement accounts, reconciliation and float management rules,
  • Consumer fund safeguards, chargeback/error resolution processes,
  • Cybersecurity and incident reporting aligned to BB standards.

Low-friction path: avoid wallets early on—use bank transfers straight to the broker client money account, and show real-time balance fetched from broker back-office APIs. Add PSP/PSO later when you’re ready.

7) Governance, risk, and compliance (what good looks like)

  • Board-approved policies:
  • Client Money & Asset Protection
  • KYC/AML/CFT (with screening SOPs and alert handling)
  • Best Execution & Order Handling
  • Conflicts of Interest & Inducements
  • Outsourcing & Vendor Risk (cloud, KYC, analytics)
  • Information Security (ISO 27001-aligned controls; encryption at rest/in transit; key management; secrets rotation)
  • Incident Response & Cyber Reporting
  • Business Continuity & Disaster Recovery (e.g., RTO ≤ 2h for trading; tested quarterly)
  • Complaints Handling & Investor Grievance Redressal
  • Record Retention & Audit Trails (orders, quotes, fills, allocations, corporate actions)
  • Functions:
  • Compliance Officer (regulatory liaison; reporting calendar)
  • Risk Management (market, liquidity, operational, vendor)
  • Internal Audit (annual plan; sample testing of client files, reconciliations)
  • IT Security Lead (or vCISO) with SOC logging, SIEM, and periodic penetration tests
  • Training: annual staff certifications on AML, privacy, conduct, and cyber hygiene.

8) Tech architecture that passes due-diligence

  • Core: Mobile apps + web, API gateway, OMS/RMS integration with exchange member systems, DP back-office bridge, reporting warehouse.
  • Availability: Active-active or active-passive infra across zones; DR drill records.
  • Security:
  • Identity: SSO for ops staff; MFA everywhere; role-based permissions; break-glass access.
  • Data: PII vaulting; field-level encryption for NID/TIN; tokenization for bank details.
  • Logging: immutable audit logs for trade lifecycle events; clock sync (NTP) to support forensic replay.
  • Vendor stack:
  • eKYC (OCR, face match, liveness)
  • Sanctions/PEP screening
  • Fraud analytics (device fingerprinting, velocity checks)
  • SMS/email providers with OTP throttling and sender ID controls
  • Regulatory reporting: daily client fund reconciliation, trade blotters, complaint dashboards, outage registers.

9) Legal documents you’ll need (pack to draft now)

  1. Memorandum & Articles (wide objects, transfer restrictions, founder governance)
  2. Client Onboarding Pack:
  • Account Opening Form (with BO annex)
  • Client Agreement (brokerage terms)
  • Risk Disclosure Statement
  • Privacy Notice & Consent
  • E-Contracting/ESign Consent
  • Fee & Charge Schedule (brokerage, exchange, CDBL, stamp duty—clearly itemized)
  1. Operational Policies (listed above)
  2. Vendor/Outsourcing Agreements (KYC, cloud, analytics) with SLA, data processing addendum, sub-processor disclosures, audit rights, breach notification
  3. Introducing-Broker/White-Label Agreement (if Model B)
  4. Bank Mandate & Client Money Controls (named accounts, dual authorization)
  5. Data Protection & Cross-Border Processing Addendum (if using foreign cloud regions)
  6. Marketing & Influencer Guidelines (review workflow; banned phrases)

10) Taxes, fees, and reporting (client-facing clarity)

  • Fee schedule should break out:
  • Brokerage commission (your fee)
  • Exchange fees, CDBL charges
  • Stamp duty/levies
  • Tax certificates: Integrate a module for annual gain/loss reports and any required tax withholding certificates (where applicable).
  • Disclosure cadence: trade confirms (T+0), monthly statements, corporate action notices, pricing methodology for illiquids or ATB instruments.

11) Marketing, growth, and compliance guardrails

  • Claims: no back-tested returns shown without methodology and warnings; no “guaranteed” or “risk-free” language; avoid gamified prompts that could be construed as inducing excessive trading.
  • Onboarding funnels: require users to complete risk disclosure acknowledgement before first order.
  • Promotions: referral bonuses only in compliance with inducement rules; no payment for order flow that conflicts with best execution (if any such arrangement exists, disclose and obtain explicit consent).

12) Common pitfalls (and how to avoid them)

  • Fractional shares without a CIS → restructure as whole-share only or create a regulated vehicle.
  • Wallet balances held on your books without PSP/PSO approval → keep funds at broker client money accounts; you show balances via API.
  • Ambiguous role in Model B → sign robust tri-party terms and make it crystal-clear to users who holds custody, who executes, and who they complain to for trade errors.
  • Vendor sprawl → keep a vendor register; run DPIAs (data protection impact assessments); contractually cap sub-processors.
  • Underinvesting in surveillance → build post-trade surveillance for wash trades, spoofing patterns, front-running flags for staff accounts.

13) 180-day execution timeline (practical)

Days 0–30

  • Incorporate; founders’ agreement.
  • Pick Model B partner(s); align on APIs, fee split, service levels.
  • Draft client documents and core policies; choose KYC and screening vendors.
  • Begin app/OMS integrations; design data model for orders, allocations, and BO holdings.

Days 31–60

  • Finish KYC flow (NID/face, screening, BO data capture).
  • Implement client money screens (only bank transfers into broker client account).
  • Build risk disclosures and acknowledgements into onboarding.
  • Prep compliance registers: complaints, incidents, outages, conflicts.

Days 61–90

  • End-to-end UAT: onboarding → deposit → place order → fill → settle → statement.
  • DR/BCP tabletop and failover test; pen test remediation.
  • Staff training (KYC/AML, conduct).
  • Sign data-processing and outsourcing addenda with all vendors.

Days 91–120

  • Soft launch with limited users; run surveillance tuning.
  • Formalize grievance handling SLAs; open helpdesk channels (ticketing + IVR script).
  • Start investor-education content (neutral, risk-aware).

Days 121–180

  • Expand marketing; add ATB/SME instruments if part of roadmap.
  • Start feasibility for Model A (if you plan to internalize broker/DP).
  • PSP/PSO scoping (only if you truly need wallet features).

14) Compliance calendar (simple starter)

  • Daily: client money reconciliation; trade blotter review; failed settlement report; KYC hit triage.
  • Weekly: complaints summary; outage/incidents review; vendor SLA checks.
  • Monthly: internal audit sample checks on onboarding files; access review (least-privilege).
  • Quarterly: DR drill; penetration test (or at least rescans); policy refresh if regulations updated.
  • Annually: board attestation on client asset protection; staff certifications; vendor re-assessments.

15) Your “legal stack” (at a glance)

  • Core permissions: Broker/Dealer + TREC; DP (if Model A).
  • If wallet-like: PSP/PSO approval.
  • Foreign securities: prior permissions via authorized dealer pathways.
  • Mandatory documentation: client agreements, risk disclosures, privacy, outsourcing, incident/complaints playbooks.
  • Controls: segregation of client assets; KYC/AML; surveillance; cyber; record-keeping; DR/BCP.
  • Conduct: fair communications; conflicts policy; research independence (if applicable).

16) Sample clause ideas (you can lift into your documents)

Client money & asset clause (plain English)

Your cash and securities are held in segregated client accounts with approved institutions. We will not use your assets for our own purposes. You may withdraw free funds at any time, subject to settlement cycles, security checks and any legal restrictions.

Best execution summary

We execute orders on recognized exchanges. We aim for the best possible result considering price, costs, speed, likelihood of execution and settlement, and market impact. You may set specific instructions; however, doing so may prevent us from achieving best execution on other factors.

Outage & incident notice

Trading systems may occasionally be unavailable due to maintenance or external events. If that occurs, we will notify you in-app and by email/SMS and provide alternative order channels where feasible. We are not liable for market movements during outages, except as required by law.

Conflict of interest

Our staff must not front-run client orders or misuse confidential information. Staff dealing is monitored and subject to pre-approval and post-trade surveillance.

17) Hiring plan (minimum team to run cleanly)

  • Compliance Officer (reg liaison + AMLCO function)
  • Ops Lead (settlement, reconciliations, corporate actions)
  • Engineering Lead (API, OMS integration, security)
  • QA/Support (complaints desk; TAT 24–48h)
  • Finance/Reporting (client money recon; tax certificates)
  • Product/Design (UX for disclosures, risk prompts)

18) What to decide this week

  1. Model: Full-stack vs. Partnered (and with whom).
  2. Scope: Domestic listed only at launch; no fractionalization; no wallet.
  3. Vendors: Shortlist eKYC, screening, cloud, and analytics.
  4. Docs: Kick off drafting—Client Agreement, Risk Disclosure, Privacy, Outsourcing.
  5. Banking: Open client money and operations accounts; define approval matrix.
  6. Roadmap: 180-day plan owner + milestones; governance calendar.

Loading…

Loading… | 5 MIN READ | BY TAHMIDUR REMURA WAHID