With the ongoing pandemic, the need for more robust risk management practices has intensified. SEBI earlier this week published a “Consultation Paper on the Applicability and Role of the Risk Management Committee”. It seeks to extend the requirement of having a risk management committee from the top 500 listed companies to the top 1000 listed companies. More importantly, it prescribes the role of the risk management committee more specifically. Such a detail role for the committee is lacking under the current regime. According to the consultation paper, the committee is expected to formulate a detailed risk management policy that covers both internal and external risks, including “financial, operational, sectoral, sustainability (specifically, environmental, social and governance related risks and impact), information and cyber security risks”. The policy is also proposed to contain steps for implementation of the policy, including measures for mitigation, the relevant systems and well as business contingency preparation. The paper also details the manner in which the policy will operate, including information sharing within the company and cooperation between the risk management committee and the audit committee. The consultation paper also contains details regarding the quorum requirements and frequency of meetings (which has been increased from the present one meeting a year to two meetings).
While one may quarrel with the fact that the proposal is somewhat too prescriptive, there appears to be nothing fundamentally objectionable in it. All the risks identified in the consultation paper are significant, and the Covid-19 outbreak and the ongoing risks to business and the economy only highlight the increasing uncertainty within which companies operate. The need for instituting a risk management policy to be implemented by a specific committee will compel companies to pay adequate attention to possible risks even when times are normal, and to remain in a state of preparedness to address risks that may emanate from time to time. Finally, such a detailed treatment of risk management will also enable greater transparency, especially on environmental, social and governance matters.