Sebi proposes extending risk management committee requirement to top 1K listed cos

New Delhi: Markets regulator Sebi on Tuesday proposed extending the requirement of constituting a risk management committee to top 1,000 listed entities from 500 at present.

The risk management committee should meet at least twice in a year from the current practice of minimum one meeting every year, Sebi said in a consultation paper.

Considering the multitude of risks faced by listed entities, the regulator said risk management has emerged as a very important function of the board.

Further, the COVID-19 pandemic has reinforced the need for a robust risk management framework, it added.

While LODR (Listing Obligations and Disclosure Requirements) norms specify the role of various board committees of listed entities, defining the role and responsibilities of the risk management committee (except for cyber-security risk) is left to individual boards of listed entities. In view of the increasing importance of risk management function, Sebi has propsed the "requirement of constituting a risk management committee may be extended from the top 500 to the top 1,000 listed entities, on the basis of market capitalisation".

While no change has been proposed to the composition of the risk management committee, Sebi has suggested that quorum for a meeting of the committee should be either two members or one-third of the members of the panel, whichever is greater. This includes at least one member of the board of directors in attendance.

The Securities and Exchange Board of India (Sebi) has sought comments from public on the consultation paper till December 10. According to the regulator, risk management committee would formulate a detailed risk management policy which will include a framework for identification of internal and external risks specifically faced by the listed entity. The risks include financial, operational, sectoral, sustainability (specifically, environmental, social and governance related risks and impact), information and cyber security.

The committee should be responsible for taking measures for risk mitigation, business contingency plan as well as monitoring and overseeing implementation of the risk management policy, as per the watchdog.