The Evolution of Risk Management Oversight by Indian Boards
33 National Law School of India Review (2021, Forthcoming)
43 Pages Posted: 29 Apr 2021 Last revised: 22 Jan 2022
Date Written: April 28, 2021
The board of directors lies at the core of effective risk management. The board plays a critical role in overseeing and guiding the risk policy of a company, and in ensuring that appropriate systems of control are in place. This Article analyses India’s evolving framework for board oversight of risk management. Over the last decade, India’s legal regime mandating board oversight of risk management has progressed to largely resemble international standards. Nevertheless, recent risk management crises at leading Indian companies highlight the importance, and challenges, of board oversight of corporate risk.
This Article examines key risk concepts and provides an overview of Enterprise Risk Management (ERM). It explains how global concepts of ERM are reflected in recent regulatory mandates in India under the Companies Act, 2013 and the SEBI (Listing Obligations and Disclosures Requirements) Regulations, 2015. The Article also compares India’s evolving regulatory approach to the legal regimes mandating board oversight of risk management in two leading jurisdictions—the United States and the United Kingdom.
While India’s legal framework for board oversight of risk is improving, two recent crises—the collapse of IL&FS and management failures at ICICI Bank—demonstrate the barriers that directors of Indian companies continue to face in overseeing increasingly complex risks. The increasing complexity of risk and the board’s critical oversight role are also highlighted by the fallout from the COVID-19 pandemic. Directors of Indian firms, particularly independent directors, continue to face a variety of barriers in effectively overseeing risk management, including promoter control, limited access to information and independent external advisors, as well as significant dependence on management for obtaining information on business plans, strategies and risk preparedness of the company. Nevertheless, such barriers are not insurmountable. This Article’s case study of how the board of Infosys, one of India’s leading technology companies, addressed red flags raised by whistleblowers, illustrates how an empowered board can respond to risk management issues effectively. Drawing lessons from these case studies, this Article concludes with suggestions on how to further enhance the board’s risk oversight function.
Keywords: India, Risk Management, Board of Directors, Oversight, ERM
JEL Classification: K22
Suggested Citation: Suggested Citation