The SEBI Listing Obligations and Disclosure Requirements (LODR) Regulations, 2015, specifically Regulation 21, require the top 500 listed companies by market capitalisation to establish a Risk Management Committee. At least two-thirds of the committee members must be Board directors, with at least one being an independent director. The committee evaluates the company's risk management framework, monitors cyber security risks, reviews risk appetite, and ensures proper risk mitigation strategies are in place across operational, financial, strategic, and ESG dimensions.

• Provides structured governance oversight of enterprise risks including operational, financial, strategic, cyber security, and ESG risks through Board-level accountability
• Enhances investor confidence by demonstrating proactive risk identification and mitigation mechanisms, particularly critical for systemically important large-cap companies
• Enables early warning signals for emerging risks through periodic assessments, preventing value erosion incidents like those seen in IL&FS or DHFL collapses
• Facilitates better capital allocation decisions by integrating risk assessment into strategic planning and business expansion initiatives
• Strengthens compliance culture through regular Board engagement with risk officers and functional heads on material risk exposures

• Many companies treat Risk Management Committee as a compliance checkbox exercise with infrequent meetings and limited substantive risk discussions beyond scripted presentations
• Inadequate integration between Risk Management Committee and Audit Committee leading to siloed risk oversight, particularly on financial reporting and internal control risks
• Lack of specialized expertise in committee composition, with members often lacking domain knowledge in critical areas like cyber security, climate risk, or complex derivative exposures
• Insufficient focus on forward-looking and emerging risks such as climate change, supply chain disruptions, and regulatory changes, with excessive emphasis on backward-looking metrics
• Poor quality of risk reporting with generic heat maps and risk registers that fail to quantify potential financial impact or likelihood with adequate granularity

• Yes Bank's collapse in 2020 exposed significant gaps in risk committee oversight, where concentrated exposure to stressed real estate and NBFC sectors exceeded prudent limits without adequate Board-level escalation or intervention despite deteriorating asset quality indicators.
• Infosys faced significant governance concerns in 2019 when whistleblowers alleged unethical accounting practices, highlighting the need for Risk Management Committees to assess integrity risks and whistleblower mechanisms alongside traditional financial and operational risks.
• Future Retail's default and subsequent Reliance deal complications in 2020-21 demonstrated inadequate assessment of contractual risks, vendor concentration, and strategic risks by the risk committee during rapid expansion phases and Amazon partnership negotiations.

• Enhance committee composition with independent risk experts having specialized knowledge in cyber security, ESG, fintech disruption, and geopolitical risks rather than relying solely on generalist Board members
• Implement robust risk appetite frameworks with quantified tolerance limits across key risk categories, integrated with performance management and compensation structures for senior management
• Strengthen cyber security and data privacy oversight through dedicated deep-dives, third-party security audits, and scenario-based crisis simulations reviewed quarterly by the committee
• Adopt forward-looking risk assessment methodologies including climate scenario analysis, stress testing for black swan events, and supply chain resilience mapping especially post-COVID disruptions