• +91 11 43595444-445
  • solutions@excellenceenablers.in
  1. Home »
  2. Blog »
  3. Risk Management Committee-The Board’s Early »
Risk Management Committee-The Board’s Early Warning System

Risk Management Committee (RMC) is a committee created under SEBI LODR Regulations (LODR). It was not conceived as a Board level committee under the Companies Act, 2013. Further, the applicability of RMC, while expanding, does not extend to all the listed companies in India. As risks evolve faster than ever, RMCs are becoming increasingly important. A good RMC should have a  structure around identification, assessment, mitigation and monitoring of risks. It should be proactive, and not reactive, while performing its role. 

Excellence Enablers recently published its 6th Annual Corporate Governance Survey, focussing on top 100 companies of India. 

The Survey revealed

Composition: The committee is required to have at least 3 members. Sadly, in FY 25, one company did not have even 3 members. On the other extreme, 3 companies had 9 members in the RMCs. Such a large committee, can sometimes lead to sub-optimal impact. 

RMCs with only Board Members:  In a Board level committee, there should only be Board Directors. Since RMC is not a statutory committee mandated by the Companies Act, 2013, LODR has given the liberty to companies to constitute RMC with non-Board members also. In FY 25, 63 companies have chosen to have RMCs comprising solely of Board members.  

Independent Leadership: In all the four years reviewed, 59 companies consistently had an Independent Director chairing the RMC, indicating independence of discussion and decisions.

Overlap of membership with the Audit Committee (AC): Since AC also looks at risks, it is considered a good practice to have at least 1 common member between the AC and the RMC. In FY 25, 97 companies had 1 or more common members between the 2 committees, with 85 companies continuing this practice for the previous 4 years. While this enables synergy, the Survey cautions against excessive overlap. 

Attendance: In FY 25, 89.29% of RMC members recorded full attendance, demonstrating commitment to their role. 

Meeting Frequency: LODR increased the minimum number of meetings from at least 1 to at least 2 annually. It is heartening to note that in FY 25, 68 companies had 3 or more meetings.

Key risk: The key risks identified by companies included financial risks, operational risks, IT risks and ESG related risks. 

Cyber risk: SEBI has made it mandatory for companies to disclose any cyber security incident or breach. During FY 25, 8 companies are reported to have had such incidents, down from 14 during FY 24.  

Chief Risk Officer (CRO): While not mandated, companies are increasingly seeing value in having a CRO, who focusses on risk identification and mitigation efforts of the company. While the trend of appointing a CRO is on the rise, only 55 companies are reported to have done so in FY 25. 

The RMC must be seen not as a compliance necessity, but as a strategic enabler. In a world of wide ranging and interconnected risks from cyber to climate, it should help the Board anticipate challenges and convert them into opportunities.

Explore corporate governance practices being followed by NIFTY 100 companies in our 6th Edition of Corporate Governance Survey.