Securities and Exchange Board of India
Nov 10, 2020 | Reports : Reports for Public Comments
1. Objective
To solicit public comments / views on the proposed amendments to the SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 (hereinafter referred as “LODR Regulations” or “LODR”) regarding the applicability and role of the risk management committee.
2. Background and need for review
2.1. In June 2017, a committee on corporate governance headed by Shri. Uday Kotak was constituted by SEBI with an aim to improve the standards of Corporate Governance of listed entities. Based on the recommendations of the Committee, the following amendments were made to LODR Regulations with respect to the Risk Management Committee:
(1) The requirement of constitution of Risk Management Committee was extended to the top 500 listed entities on the basis of the market capitalisation, from the top 100 listed entities.
(2) In view of the increasing relevance of cyber security and related risks, it was specified that the role of Risk Management Committee shall cover this specific aspect of cyber security risk.
(3) The Risk Management Committee was mandated to meet at least once a year.
2.2. Considering the multitude of risks faced by listed entities, risk management has emerged as a very important function of the board. The Covid-19 pandemic has also reinforced the need for a robust risk management framework. While LODR Regulations specify the role of various board committees of listed entities such as Audit Committee, Nomination and Remuneration Committee and Stakeholder Relationship Committee, defining the role and responsibilities of the Risk Management Committee (except for cyber-security risk) is left to individual boards of listed entities.
2.3. In light of the increasing importance of the risk management function, a need is thus felt to:
(1) Extend the requirement of formation of a Risk Management Committee to a larger number of listed entities
(2) Define the role and responsibilities of the Risk Management Committee in the LODR Regulations and
(3) Increase the frequency and define a quorum for the meetings of the Risk Management Committee.
3. Proposal
In view of the above, the following are proposed:
3.1. The requirement of constituting a Risk Management Committee may be extended from the top 500 to the top 1000 listed entities, on the basis of market capitalization.
3.2. The role and responsibility of the Risk Management Committee may inter-alia include the following:
(1) To formulate a detailed risk management policy which shall include:
(a) A framework for identification of internal and external risks specifically faced by the listed entity, in particular including financial, operational, sectoral, sustainability (specifically, Environmental, Social and Governance related risks and impact), information and cyber security risks
(b) Measures for risk mitigation
(c) Systems for internal controls
(d) Business contingency plan
(2) To monitor and oversee implementation of the risk management policy, including evaluating the adequacy of risk management and internal control systems;
(3) Ensure that appropriate methodology, processes and systems are in place to monitor and evaluate risks associated with the business of the listed entity;
(4) To review the risk management policy on annual basis, including by considering the changing industry dynamics and evolving complexity;
(5) To keep the board informed about the nature and content of its discussions, recommendations and actions to be taken;
(6) The appointment, removal and terms of remuneration of the Chief Risk Officer (if any) shall be subject to review by the Risk Management Committee, jointly with the Nomination and Remuneration Committee.
Further, the Risk Management Committee shall coordinate its activities with the Audit Committee in instances where there is any overlap with audit activities.
3.3. In line with the powers of the Audit Committee under LODR Regulations, the Risk Management Committee shall also have powers to seek information from any employee, obtain outside legal or other professional advice and secure attendance of outsiders with relevant expertise, if it considers necessary.
3.4. The frequency of the meetings of the Risk Management Committee may be increased to at least twice in a year.
3.5. While no change is proposed to the composition1 of the Risk Management Committee, the quorum for a meeting of the Risk Management Committee may be either two members or one third of the members of the Committee, whichever is greater, including at least one member of the board of directors in attendance.
3.6. The proposed amendments to LODR Regulations are placed at Annex I.
4. Public Comments
In order to take into consideration, the views of various stakeholders, public comments are invited on the amendments to LODR Regulations, as detailed at Annex I. Comments may be sent by email, in the following format:
| Name of the person/entity proposing comments: | |||
| Sr. No. | Pertains to Regulation/ sub-regulation/schedule/clause/ sub-clause (as applicable) | Proposed/ suggested changes |
Rationale |
The comments may be sent by email to Ms. Amy Durga Menon, Deputy General Manager, at amydurga@sebi.gov.in, Ms. Ishita Sharma, Manager, at ishitas@sebi.gov.in and Ms. Sonal Pednekar, Manager at sonalp@sebi.gov.in no later than December 10, 2020.
Annexure I
| Sub-regulation/Clause/ Schedule | Current Provision in the LODR |
Proposed changes |
| 21(3A) | The risk management committee shall meet at least once in a year. | The risk management committee shall meet at least once twice in a year. |
| Insertion of new sub-regulation 21 (3B) | No specific provision | Insertion of new sub-regulation 21 (3B):
The quorum for a meeting of the Risk Management Committee shall be either two members or one third of the members of the committee, whichever is greater, including at least one member of the board of directors in attendance. |
| Proviso to regulation 21(4) | No specific provision | Insertion of proviso to sub-regulation (4):
Provided that the role and responsibilities of the Risk Management Committee shall mandatorily include the functions specified in Part D of Schedule II. |
| 21(5) | The provisions of this regulation shall be applicable to top 500 listed entities, determined on the basis of market capitalisation, as at the end of the immediate previous financial year. | The provisions of this regulation shall be applicable to top 500 1000 listed entities, determined on the basis of market capitalisation, as at the end of the immediate previous financial year. |
| 21 (6) | No specific provision | Insertion of new sub-regulation (6):
The risk management committee shall have powers to seek information from any employee, obtain outside legal or other professional advice and secure attendance of outsiders with relevant expertise, if it considers necessary. |
| Schedule II PART D – Heading | ROLE OF COMMITTEES (OTHER THAN AUDIT COMMITTEE)
[See Regulation 19(4) and 20(4)] |
ROLE OF COMMITTEES (OTHER THAN AUDIT COMMITTEE)
[See Regulation 19(4), 20(4) and 21(4)] |
| Schedule II PART D |
No specific provision | Insertion of new clause (C)
C. Risk Management Committee The role of the committee shall inter-alia include the following: (1) To formulate a detailed risk management policy which shall include: (a) A framework for identification of internal and external risks specifically faced by the listed entity, in particular including financial, operational, sectoral, sustainability (specifically, Environmental, Social and Governance related risks and impact), information and cyber security risks (b) Measures for risk mitigation (c) Systems for internal controls and (d) Business contingency plan (2) To monitor and oversee implementation of the risk management policy, including evaluating the adequacy of risk management and internal control systems; (3) Ensure that appropriate methodology, processes and systems are in place to monitor and evaluate risks associated with the business of the Company; (4) To review the risk management policy on annual basis, including by considering the changing industry dynamics and evolving complexity; (5) To keep the board informed about the nature and content of its discussions, recommendations and actions to be taken; (6) The appointment, removal and terms of remuneration of the Chief Risk Officer (if any) shall be subject to review by the risk management committee, jointly with the nomination and remuneration committee. The Risk Management Committee shall coordinate its activities with the Audit Committee in instances where there is any overlap with audit activities. |
