Indian regulator expands corporate risk controls to include ESG

Regulation in India may soon require the boards of large Indian companies to assess their ESG risk at least twice a year.

According to proposals being considered by the Securities and Exchange Board of India (SEBI), domestic listing rules would be amended to require board-level Risk Management Committees to formulate policies for monitoring and mitigating a range of ESG risks – including information and cyber security.

The Committees would be given additional powers, in line with those of board Audit Committees, to “seek information from any employee, obtain outside legal or other professional advice and secure attendance of outsiders with relevant expertise”. 

The regulatory changes would also see risk committees meeting at least twice every year – double the current requirements – and having a say over the appointment, removal and remuneration of company Chief Risk Officers.

Lastly, the amendments would compel India’s largest 1,000 companies by market cap to form their own Risk Management Committees; a requirement that currently covers just the 500 largest listed firms.

In its current guise, the country’s listing regulations does not specify the roles and responsibilities of Risk Management Committees, leaving it up to individual company boards to do so.

According to SEBI, the proposals came about after Covid-19-linked disruption “reinforced the need for a robust risk management framework”.

SEBI has opened a month-long consultation period to seek feedback on the proposals ending December 10.

The move comes just a few months after the regulator formally adopted a revised Stewardship Code which introduced stricter regulatory expectations on corporate engagement by investors.