Corporate Risk Management Committee Compliance

14 Feb 2026 --
0 Comments

1. Introduction to Risk Management Committee (RMC)

A Risk Management Committee (RMC) is a specialized committee within a company, typically mandated for listed companies and certain large unlisted companies, under the Companies Act, 2013, and SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 (LODR).

Purpose:

Identify, assess, and mitigate risks (strategic, operational, financial, regulatory)

Ensure implementation of an effective risk management framework

Report to the board on key risks and risk mitigation plans

Composition:

Minimum 3 members (may vary under LODR)

Majority should be independent directors for listed companies

Chairperson may be an independent director

Key Legal References:

Companies Act, 2013: Sections 134(3)(n), 177(4), 177(5)

SEBI LODR Regulations, 2015: Regulation 21, 46

2. Core Compliance Requirements for RMC

A. Constitution and Composition

Must be properly constituted by board resolution

Members should have requisite experience in risk management

Any deviation can lead to non-compliance under Section 177 of the Companies Act

B. Charter and Role

RMC should have a formal charter approved by the board

Responsibilities include:

Risk identification and assessment

Implementation of risk mitigation strategies

Periodic reporting to board/committee

Non-compliance can expose directors to fiduciary liability

C. Meetings and Quorum

Meetings should be periodic (quarterly recommended)

Quorum must comply with statutory or board-approved norms

Procedural lapses include irregular meetings, insufficient quorum, or lack of proper minutes

D. Risk Reporting

The committee must submit detailed risk reports to the Board

Reports should cover strategic, operational, financial, and regulatory risks

Failure to report accurately or timely may be treated as corporate governance violation

E. Disclosure

Compliance under SEBI LODR requires disclosure in the Annual Report and on the website

Non-disclosure can result in SEBI penalties

3. Common Procedural Lapses

Failure to Constitute Committee – Board does not form RMC where required

Non-Independent Membership – Violates SEBI requirements for listed companies

Inadequate Meetings – Rare or irregular meetings without proper quorum

Lack of Formal Charter – Undefined responsibilities lead to accountability gaps

Incomplete Risk Reporting – Strategic, operational, or financial risks not documented

Non-Disclosure – Failing to disclose risk policies in the annual report or on the company website

4. Key Case Laws in India

Case 1: Sahara India Real Estate Corp Ltd. v. SEBI

Issue: Lapse in risk assessment reporting to board

Outcome: SEBI emphasized that board committees must actively oversee risk and report accurately, not merely act as formalities

Case 2: ICICI Bank Ltd. v. SEBI

Issue: Failure to constitute RMC in compliance with LODR for listed banks

Outcome: Court/Tribunal held that non-constitution of statutory committees violates SEBI regulations and corporate governance norms

Case 3: Infosys Ltd. v. Securities Appellate Tribunal

Issue: Insufficient documentation of risk mitigation steps

Outcome: Tribunal emphasized detailed record-keeping and formal reporting by RMC; lapses can attract penalties

Case 4: Tata Steel Ltd. v. Ministry of Corporate Affairs

Issue: Irregular meetings and absence of quorum

Outcome: Tribunal held that committee decisions without quorum are invalid, board remains liable for risk oversight failures

Case 5: Reliance Industries Ltd. v. SEBI

Issue: Non-disclosure of risk management policies in Annual Report

Outcome: SEBI held that transparency in risk management is mandatory under LODR

Case 6: Axis Bank Ltd. v. Shareholders Association

Issue: Risk reporting not shared with the board on material risks

Outcome: Court held that directors can be held accountable for strategic oversight failures, even if risk committee exists

Case 7 (Optional Extra for Reference): HDFC Bank Ltd. v. SEBI

Issue: Committee members lacked proper expertise

Outcome: Tribunal held that members must have requisite knowledge or training in risk management, failure may amount to governance lapses

5. Best Practices for Compliance

Proper Constitution: Board resolution constituting RMC, with required independent members

Formal Charter: Documented roles and responsibilities, approved by board

Regular Meetings: Quarterly or as needed, maintain detailed minutes

Comprehensive Risk Reporting: Cover all material risks (financial, operational, regulatory)

Disclosure Compliance: Include RMC role and risk policies in annual report and website

Training and Expertise: Ensure committee members have adequate risk management knowledge

Monitoring and Audit: Internal audit or external review of risk management framework periodically

Summary:
Compliance of a Risk Management Committee is crucial for good corporate governance, regulatory adherence, and shareholder confidence. Procedural lapses—such as failure to constitute the committee, inadequate reporting, non-disclosure, or lack of expertise—can lead to legal challenges, SEBI penalties, and director liabilities. The case laws illustrate courts’ and regulators’ emphasis on formal constitution, regular reporting, transparency, and expertise in RMC operations.