POLICY ON RISK MANAGEMENT
As per the Regulation 17(9)(a) &(b) of the Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) Regulations, 2015 (“Listing Regulations”), the listed entity shall lay down procedures about risk assessment and minimization procedures. The Board of directors shall be responsible for framing, implementing, and monitoring the risk management plan of the Company.
Section 134(3)(n) of the Companies Act, 2013 (“Act”) states that there shall be attached to statements (i.e. financial statements) laid before a company in general meeting, a report by its Board of Directors, which shall include - “a statement indicating development and implementation of a risk management policy for the company including identification therein of elements of risk, if any, which in the opinion of the Board may threaten the existence of the company”.
The objective of the risk management policy document is to ensure that the company has proper risk identification and management process in place and promote a pro-active approach in reporting, evaluating, and resolving risks associated with the Company’s business. To achieve this objective, this Policy establishes a structured and disciplined approach to Risk Management, to guide decisions on risk related issues.
III. Risk Framework
The risk management process consists of the following main elements:
- Risk Governance:
The Functional / Business Heads of various departments of the Company are responsible towards identifying and managing risks and implementing risk mitigation measures.
- Risk Identification:
To identify and analyse key risk. All the factors whether external or internal which can affect the business operations adversely to be identified so that they can be managed. An identification risk may be classified as Strategic, Operational, financial, cyber & system security, regulatory or environmental / Hazardous.
- Risk Assessment:
The risk identified to be estimated on the likely probability of a risk occurrence and its likely severity, categorization of risk, rating of risk and residual impact after considering mitigation measures if any.
- Risk Response:
On a periodic basis, risks are assessed by responsible managers across the organisation and action plan if any to mitigate the risks.
- Risk Reporting:
The risks along with mitigation of the risk are formally reported through mechanisms such and operation reviews and committee meetings.
- Risk Communication:
Periodically the risk update is communicated to Risk Management Committee / Board.
IV. Risk Management Committee
Pursuant to the provisions of Regulation 21 of the Listing Regulations, the Board of Directors at its 310th Meeting held on 29th May, 2021 constituted the Risk Management Committee of Directors comprising of members of the Board. The Risk Management Committee of Directors shall review and monitor the various risks concerning the Company and its mitigation plan and such other functions as required under the Listing Regulations or other applicable laws, as amended from time to time.
The Risk Management Committee shall meet at least twice in a year or in such a manner as defined under the Listing Regulations.
V. Risk Management Framework
- To formulate a risk management framework which shall include:
- A framework for identification of internal and external risks specifically faced by the Company, including financial, operational, sectoral, sustainability (particularly, ESG related risks), IT system, cyber security risks or any other risk as may be determined by the Committee
- Measures for risk mitigation including systems and processes for internal control of identified risks
- Business continuity plan
- To ensure that appropriate methodology, processes and systems are in place to monitor and evaluate risks associated with the business of the Company.
- To monitor and oversee implementation of the risk management policy, including evaluating the adequacy of risk management systems.
- To periodically review the risk management policy, at least once in two years, including by considering the changing industry dynamics and evolving complexity.
- To keep the Board of Directors informed about the nature and content of its discussions, recommendations and actions to be taken.
- The Risk Management Committee shall coordinate its activities with other committees, in instances where there is any overlap with activities of such committees, as per the framework laid down by the Board of Directors.
- The Committee shall have access to any internal information necessary to fulfil its oversight role. The risk management committee shall also have authority to obtain advice and assistance from internal or external legal or other experts.
- The role and responsibilities of the Committee shall include such other items as may be prescribed in compliance with applicable law, from time to time.
The Committee / Board to be adequately informed of significant risk management issues and the actions undertaken to manage risks.
VII. Modification / Amendment
In case of any amendment(s), clarification(s), circular(s) etc. in the Listing Regulations / Companies Act, 2013 not being consistent with the provisions laid down under this Policy, then such amendment(s), clarification(s), circular(s) etc. shall prevail upon the provisions hereunder and this Policy shall stand amended accordingly from the effective date as laid down under such amendment(s), clarification(s), circular(s) etc.
This Policy can be modified at any time by the Board of Directors of the Company.