My name is Satheesh Sangaraju, and I am writing this article on the topic “A Design Issue of MCA (Ministry of Corporate Affairs)” with the purpose of raising public awareness about a serious concern that has come to light through our experience.
The background
We had appointed P. Kalyan Kumar as our company’s auditor. However, after observing certain unusual activities and questionable conduct on his part, we took the decision to terminate his services. Following his resignation, he promptly submitted the ADT-3 form (the formal resignation document of an auditor) through the MCA portal. What deeply disturbed us was that, after a few weeks — approximately a couple of months — we discovered that this submitted document had been either corrupted or overridden in the MCA system. To this day, we have no clarity on how such a critical document could have been altered once it was formally filed on the government’s platform.
This incident has raised serious concerns about the design and security architecture of the MCA portal. How could the system allow an existing, submitted, and officially recorded document to be overwritten or modified? In the field of software development, implementing version control or revision history is a fundamental practice. Any well-designed document management system, particularly one entrusted with storing and safeguarding vital corporate records, should maintain every version of a document. This ensures transparency and accountability by allowing users and authorities to review the history of all submissions and changes. Given that MCA is a premier institution responsible for managing corporate filings in India, it is alarming that the system appears to permit such document overrides instead of preserving each version as part of a tamper-proof historical record.
The following is original ADT-3 document filed by CA P Kalyan Kumar. Currently which is corrupted in MCA System, we do not aware how it’s corrupted and how MCA system allowed.
A very serious design issue
Isn’t the ability to override or replace an existing document on such a critical platform a very serious design issue? Let’s consider a simple but important example: suppose a company has submitted two key documents — MGT-7A (annual return) and AOC-4 (financial statements). These filings contain sensitive and essential financial information about the company. Now, imagine if these documents could somehow be overridden or replaced with false or manipulated information after submission. Wouldn’t that pose a serious risk, not just to the company’s owners, but also to regulators, shareholders, creditors, and other stakeholders who rely on the accuracy of these records?
If at any point a revision or correction is genuinely required, why shouldn’t the system simply allow the submission of a new document as a new version, instead of replacing the original? That way, there would be a clear version history — preserving the original document for transparency and accountability, while also allowing necessary updates. This is a standard practice in document management and version control systems, especially when handling official records and financial data that have legal significance.
The absence of such a versioning mechanism in a platform as critical as the MCA portal exposes businesses to significant risks and creates opportunities for fraud and misuse. It is essential that the system be designed in a way that protects the integrity of corporate data and ensures that no historical document can be tampered with or erased without leaving a trace.
issue source
This design gap leads to many unanswered questions: Who is involved in the design, development, and maintenance of the MCA portal? How could such a basic but critical feature be overlooked in a system that handles sensitive corporate data? Our analysis suggests that this flaw creates multiple avenues for financial fraud, document manipulation, and corruption. We have observed that certain company secretaries (CS professionals), online service providers, and professional practitioners may be misusing this weakness to their advantage, which further threatens the integrity of corporate governance processes. We also believe that at the Registrar of Companies (ROC) level, stronger restrictions, enhanced verification, and tighter security protocols are urgently needed to prevent such misuse.
Why the Emphasis on System Design?
The design of a regulatory platform like MCA21 is not merely a matter of user interface—it determines the integrity, transparency, and security of the entire corporate compliance ecosystem. A well-structured and secure system can ensure that legal processes are followed as intended, whereas design flaws or lack of access control may open the door for misuse and manipulation.
The Institute of Company Secretaries of India (ICSI) plays a critical role in shaping the compliance framework and system design of the MCA portal. Based on certain recent incidents, it has come to light that Company Secretary (CS) professionals, who are intimately familiar with the inner workings of MCA21, often have prior knowledge of upcoming changes or system updates on the portal.
In several cases, we have observed patterns where ICSI-affiliated professionals, together with ICAI-certified individuals, appear to leverage their early access to insights about system behavior, functionalities, and loopholes. This inside knowledge is then allegedly exploited to manipulate compliance procedures, bypass critical checkpoints, or create undue delays and confusion in legitimate corporate filings.
Such activities not only undermine trust in the digital governance framework but also raise serious concerns about conflict of interest, transparency, and potential collusion between those who design and those who operate within the system. These concerns highlight the urgent need to review the MCA21 platform’s design principles, access protocols, and change management policies, ensuring that no group—no matter how professionally certified—can use their position to influence or exploit the system to their advantage.
does mca identify and fix this design issue?
In today’s age of rapidly advancing technologies, it is essential that the design and functionalities of the MCA portal are thoroughly revisited and overhauled. This task should be led by cybersecurity specialists, data protection experts, and cyber law professionals who can identify vulnerabilities, recommend security enhancements, and help build a platform that is robust, transparent, and secure. The need of the hour is a system that not only facilitates ease of doing business but also ensures that the trust placed in it by companies and the public is never compromised.
A Cautionary Note for Business Owners: When discussing your company’s financial affairs with auditors, bank managers, or other professional service providers, exercise discretion and healthy skepticism. Relying too heavily on—or sharing more detail than necessary with—these advisors can expose you to unnecessary risks.
CAUTION
Read very interesting facts about Digital Audio Forgery
I understand that fear often prevents people from openly sharing information about such large fraud networks. Many individuals hesitate to speak out because they worry about potential consequences, influence, or retaliation from powerful groups behind these operations. However, staying silent only allows these networks to grow stronger and continue exploiting unsuspecting citizens. By bringing these issues to light and raising collective awareness, we can break the cycle of fear, protect others from falling victim, and push for accountability against those who misuse their power for fraudulent purposes.
My purpose in sharing this is to create awareness among the public about how fraud networks operate and engage with individuals without their knowledge. Many people may not even realize they are interacting with fake callers or fraudsters until it is too late, by which time their personal information or recorded responses may already have been misused. It is therefore essential to remain vigilant, verify every communication, and recognize these deceptive tactics before falling victim. Such networks may be supported by powerful interests, including political groups or large companies engaged in malpractice. Only widespread public awareness and caution can help put an end to these practices.