1. To formulate a detailed risk management policy which shall include:
(a). A framework for identification of internal and external risks specifically faced by the listed entity, in particular including financial, operational, sectoral, sustainability (particularly, ESG related risks), information, cyber security risks or any other risk as may be determined by the Risk Management Committee;
(b). Measures for risk mitigation including systems and processes for internal control of identified risks; and
2. Business continuity plan.
3. To ensure that appropriate methodology, processes and systems are in place to monitor and evaluate risks associated with the business of the Company;
4. To monitor and oversee implementation of the risk management policy, including evaluating the adequacy of risk management systems;
5. To periodically review the risk management policy, at least once in two years, including by considering the changing industry dynamics and evolving complexity;
6. To keep the board of directors informed about the nature and content of its discussions, recommendations and actions to be taken;
7. The appointment, removal and terms of remuneration of the chief risk officer (if any) shall be subject to review by the Risk Management Committee;
8. To attend to such other matters and functions as may be prescribed by the Board from time to time; and
9. Such other terms of reference as may be prescribed under the Companies Act, 2013 as amended and the Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) Regulations, 2015, as amended.
10. The Risk Management Committee shall coordinate its activities with other committees, in instances where there is any overlap with activities of such committees, as per the framework laid down by the board of directors.”