POLICY ON RISK MANAGEMENT
I. INTRODUCTION:
As per Regulation 17(9)(a) &(b) of the Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) Regulations, 2015 (“Listing Regulations”), the listed entity shall lay down procedures for risk assessment and minimization procedures. The Board of Directors shall be responsible for framing, implementing, and monitoring the risk management plan of the Company.
Section 134(3)(n) of the Companies Act, 2013 (“Act”) states that there shall be attached to statements (i.e. financial statements) laid before a company in a general meeting, a report by its Board of Directors, which shall include - “a statement indicating development and implementation of a risk management policy for the company including identification therein of elements of risk, if any, which in the opinion of the Board may threaten the existence of the company”.
II. Objective
The objective of the risk management policy document is to ensure that the company has proper risk identification and management processes in place and promote a proactive approach in reporting, evaluating, and resolving risks associated with the Company’s business. To achieve this objective, this Policy establishes a structured and disciplined approach to Risk Management, to guide decisions on risk-related issues.
III. Risk Framework
The risk management process consists of the following main elements:
- Risk Governance:
The Functional / Business Heads of various departments of the Company are responsible towards identifying and managing risks and implementing risk mitigation measures. - Risk Identification:
To identify and analyse key risks. All the factors whether external or internal which can affect business operations adversely to be identified so that they can be managed. An identification risk may be classified as Strategic, Operational, financial, cyber & system security, regulatory or environmental / Hazardous. - Risk Assessment:
The Core Management Team (CMT) shall identify controls, which are existing, to mitigate identified risks. For this purpose CMT would interview management personnel and review operations/documents, as may be necessary, to identify and evaluate existing controls.
Existing controls will be validated for existence and effectiveness and will be matched against specific risk, to ascertain residual risk. If the residual risk is beyond the risk appetite, action points for reducing residual risk to an acceptable level will be developed. - Risk Response:
Periodically, risks are assessed by responsible managers across the organisation and action plans if any to mitigate the risks. - Risk Reporting:
The risks along with mitigation of the risk are formally reported through mechanisms such as operation reviews and committee meetings. - Review of Risk Policy:
The risk policy is to be reviewed & recommended to the Board by the Risk Management Committee once in two years.
IV. Risk Management Committee
Under the provisions of Regulation 21 of the Listing Regulations, the Board of Directors at its 310th Meeting held on 29th May 2021 constituted the Risk Management Committee of Directors comprising members of the Board. The Risk Management Committee of Directors shall review and monitor the various risks concerning the Company and its mitigation plan and such other functions as required under the Listing Regulations or other applicable laws, as amended from time to time.
The Risk Management Committee shall meet at least twice in a year or in such a manner as defined under the Listing Regulations.
V. Risk Management Framework
- To formulate a risk management framework which shall include:
- A framework for identification of internal and external risks specifically faced by the Company, including financial, operational, sectoral, sustainability (particularly, ESG-related risks), IT system, cyber security risks or any other risk as may be determined by the Committee.
- MeasuresMeasures for risk mitigation including systems and processes for internal control of identified risks.
- Business continuity plan
- To ensure that appropriate methodology, processes and systems are in place to monitor and evaluate risks associated with the business of the Company.
- To monitor and oversee the implementation of the risk management policy, including evaluating the adequacy of risk management systems.
- To periodically review the risk management policy, at least once in two years, including by considering the changing industry dynamics and evolving complexity.
- To keep the Board of Directors informed about the nature and content of its discussions, recommendations and actions to be taken.
- The Risk Management Committee shall coordinate its activities with other committees, in instances where there is any overlap with the activities of such committees, as per the framework laid down by the Board of Directors.
- The Committee shall have access to any internal information necessary to fulfil its oversight role. The risk management committee shall also have the authority to obtain advice and assistance from internal or external legal or other experts.
- The role and responsibilities of the Committee shall include such other items as may be prescribed in compliance with applicable law, from time to time.
VI. Reporting
The Committee / Board is to be adequately informed of significant risk management issues and the actions undertaken to manage risks.
VII. Modification / Amendment
In case of any amendment(s), clarification(s), circular(s) etc. in the Listing Regulations / Companies Act, 2013 not being consistent with the provisions laid down under this Policy, then such amendment(s), clarification(s), circular(s) etc. shall prevail upon the provisions hereunder. This Policy shall stand amended accordingly from the effective date as laid down under such amendment(s), clarification(s), circular(s) etc.
This Policy can be modified at any time by the Board of Directors of the Company.