Sebi proposes extending risk mgmt committee requirement to top 1,000 listed cos

Markets regulator Sebi on Tuesday proposed extending the requirement of constituting a risk management committee to top 1,000 listed entities from 500 at present.

The risk management committee should meet at least twice in a year from the current practice of minimum one meeting every year, Sebi said in a consultation paper.

Considering the multitude of risks faced by listed entities, the regulator said risk management has emerged as a very important function of the board.

Further, the Covid-19 pandemic has reinforced the need for a robust risk management framework, it added.

While LODR (Listing Obligations and Disclosure Requirements) norms specify the role of various board committees of listed entities, defining the role and responsibilities of the risk management committee (except for cyber-security risk) is left to individual boards of listed entities.

In view of the increasing importance of risk management function, Sebi has propsed the "requirement of constituting a risk management committee may be extended from the top 500 to the top 1,000 listed entities, on the basis of market capitalisation".

While no change has been proposed to the composition of the risk management committee, Sebi has suggested that quorum for a meeting of the committee should be either two members or one-third of the members of the panel, whichever is greater. This includes at least one member of the board of directors in attendance.

The Securities and Exchange Board of India (Sebi) has sought comments from public on the consultation paper till December 10.

According to the regulator, risk management committee would formulate a detailed risk management policy which will include a framework for identification of internal and external risks specifically faced by the listed entity.

The risks include financial, operational, sectoral, sustainability (specifically, environmental, social and governance related risks and impact), information and cybersecurity.

The committee should be responsible for taking measures for risk mitigation, business contingency plan as well as monitoring and overseeing implementation of the risk management policy, as per the watchdog.

It should also be responsible for keeping the board informed about the nature and content of its discussions, recommendations and actions to be taken.

In line with the powers of the audit committee, the regulator has suggested that risk management committee should also have powers to seek information from any employee, obtain outside legal or other professional advice and secure attendance of outsiders with relevant expertise, if it considers necessary.

The appointment, removal and terms of remuneration of the chief risk officer, if any, would be subject to review by the risk management committee, jointly with the nomination and remuneration committee.

Further, the risk management committee should coordinate its activities with the audit committee in instances where there is any overlap with audit activities.

It should ensure that appropriate methodology, processes and systems are in place to monitor and evaluate risks associated with the business of the listed entity, according to the consultation paper.