Risk Management Committee is a committee formed to oversee the risk management policy and global risk management framework of a company. This committee helps the Board in identifying the risk exposure of the company and ensuring that proper framework relating to risk identification and its mitigation is in place. Under SEBI (LODR) As of now constitution of Risk Management Committee is mandatory for certain listed entities only. Regulation 21 of SEBI (LODR) provides for the constitution of a Risk Management Committee by a listed company. Clause (1) provides that the board of directors of such company shall constitute a Risk Management Committee. Applicability Clause (5) provides that constitution of such committee is mandatory for the following:
Top 1000 listed entities on the basis of market capitalization as at the end of the immediate preceding financial year and
a ‘high value debt listed entity’.
It may be noted that initially the regulation was applicable to only the top 100 companies and later to the top 500 companies. Composition The Committee is required to have a minimum of 3 members, majority of them being directors including at least one independent director, and in case of a listed entity having outstanding SR equity shares, at least two thirds of the Risk Management Committee is required to comprise of independent directors. This implies that not all the members of the committee are required to be directors of the company and even senior executives of the listed entity may be members of the committee. However, the Chairperson of the committee has to be a director. Meeting of the committee While the earlier requirement was of a minimum of one meeting every year, at present, the risk management committee is required to meet at least twice a year. On a continuous basis not more than 180 days shall elapse between any two consecutive meetings of the committee. The quorum for the meeting is either two members or one third of the total members of the committee, whichever is higher, including at least one member of the board of directors in attendance. Role & responsibilities The board of directors of the listed entity is required to define the role and responsibility of the Risk Management Committee and may delegate monitoring and reviewing of the risk management plan to the committee and such other functions as it may deem fit such function shall specifically cover cyber security. Part D of Schedule II of SEBI (LODR) Regulations, 2015 requires the Risk Management Committee to formulate framework for identifying risks faced by entity, suggest measures for risk mitigation, overseeing implementation of scheme, evaluating adequacy of risk management systems. Under Companies Act, 2013 The Company Law Committee Report of 2022 has recommended many changes to the Companies Act, 2013 that are aimed at promoting greater ease of doing business in India. These include introducing many new concepts, structural changes, streamlining the process for audits, mergers etc., removal of ambiguities, improving the corporate processes as well as improving compliance procedures. Of the many recommendations of the Company Law Committee for Companies Act, 2013 one is for the constitution of Risk Management Committee by certain companies. One may note here that u/s 134(3)(n) of the Companies Act, 2013, the Board Report must contain a statement indicating the development and implementation of a Risk Management Policy for the company, including the identification of risks that may pose a threat to the existence of company. Further u/s 177(4)(vii) of the Companies Act, 2013 the Audit Committee has an obligation to evaluate the company’s internal financial controls and risk management systems. In addition to this, Part II of Schedule IV of the Companies Act, 2013 requires an Independent director of a company to bring an independent judgment to the board deliberations regarding the risk management systems of the company. So the CA, 2013 does not specifically contain any provisions with respect to constitution of a Risk Management Committee. In the light of the COVID-19 pandemic, it was felt that proper risk management allows a company to function efficiently and facilitates its development. Therefore, the Company Law Committee has recommended the inclusion of new provisions in the Companies Act, 2013 with respect to constitution of Risk Management Committee, as a separate committee of the board, for certain class of companies as may be prescribed by the Central Government. It will be interesting to follow further developments in this regard.