Governance, Risk and Compliance – An Integrated Approach

By Piyush Chourasia, Chief Risk Officer & Head Strategy, BSEIndia

Since the advent of limited liability companies, there has been an asymmetry of information between Insiders and Outsiders. By nature, “Insiders” are those whom we know as promoters or managers or promoter managers who have more information vis-à-vis other shareholders; whom we will call “Outsiders” in this article. Outsiders are the legitimate owners but unfortunately, they have much less information access to them.

Governance typically deals with how well the Outsiders are treated by the Insiders – this may include a strong board with Independent Directors to protect the interests of the minority shareholders by ensuring that the majority shareholders do not infringe upon the rights of the minority shareholders. Governance also includes a robust disclosure framework, through which the shareholders, as well as the public at large, get the maximum amount of information with the minimal delay.

Compliance aims to do all that Governance does and more, through adhering to rules set by the regulators as well as internal rules. Compliance, while ensuring that the Company does not indulge itself in activities not permitted by law; also ensures that the Company deals with all the entities and the situations in a transparent, non-discriminatory and non-discretionary manner. Finally, we come to the more recent and least understood piece of the framework – Risk. Risk is generally understood to stand for Business Risk. However, a comprehensive Risk Framework identifies, monitors and mitigates the various risks which a company undertakes, and it may include – credit risk, liquidity risk, investment risk, governance risk, systemic risk, market risk, operational risk, reputational risk, legal risk, interdependency risk, compliance risk, to name a few, other than the aforementioned general business risk. It has become extremely difficult to separate Governance, Risk and Compliance from each other: nor is it desirable.

Over a period, regulations (SEBI through Listing Agreement for listed companies; Ministry of Corporate Affairs through Companies Act, 2013 for listed as well as unlisted companies) and pressure from Outsiders, periodicity, as well as quality of the disclosures has improved. Technology has also played an important role in ensuring such requests for faster and in depth disclosures which have been fulfilled –includes near real time disclosure by listed companies through stock exchanges, as well as uniformity in disclosures (for example XBRL format for financial statements) Regulators have played a very important role in creating a level playing field and also to reduce asymmetry.

The Companies Act has, for instance, mandated the constitution with three very strategic statutory committees, viz. Nomination and Remuneration Committee which is expected to ensure that remuneration is commensurate with performance and for nominating and evaluating board members, Corporate Social Responsibility Committee which is responsible for formulating the Corporate Social Responsibility policy of the company, qualifying and monitoring the expenditure that may be deemed to be towards Corporate Social Responsibility and the Stakeholders Relationship Committee to resolve the grievances of various security holders, a committee which is similar in form and mandate, to the Shareholders/Investors Grievance Committee which was earlier required to be constituted only for listed companies under Clause 49 of the Listing Agreement.

The Board and the Management have the most critical role in creating and executing a comprehensive GRC framework. While a Company Secretary is responsible for earlier responsibilities for Governance and Compliance (while Risk, as discussed earlier, was non-existent in the framework), now most companies boast of a Chief Compliance Officer (who may or may not be the Company Secretary of that company) and even Chief Risk Officer, a role, that erstwhile only existed in Foreign institutions, banks and other lending organisations carrying credit risk. Similarly, earlier, while Audit Committee used unofficial monitor of certain risk functions – ERM, Treasury, among others, the Companies Act now requires an independent Risk Committee to be constituted.

The responsibility of the Independent Directors in the new Companies Act has also grown manifold, and they are now tasked with ensuring the management which provides adequate and timely information to them to enable them to take decisions. The Companies Act has also put a lot of onus, responsibility, as well as liability on the Directors and the Directors, even in promoter driven companies can no longer afford to continue to be nodding mechanisms.

Quarterly results and other disclosure requirements have helped the corporates to reduce the asymmetry of information to some extent. It is in human nature to ask for more, and as technology evolves and becomes an enabler, some progressive companies might be able to provide even faster and more frequent disclosures. The Outsiders will continue to expect a deeper look into the operations and strategies of the companies. Insiders would also want to reduce asymmetry without compromising on the company's strategic and tactical frameworks. In today’s marketplace, there is an insatiable demand for real time information.

Thus, the role of technology becomes so critical. Technology has enabled availability of a bouquet of services on our fingertips. It has also provided a link between customers, regulators and other institutions to transact faster and in a secured manner. GRC, enabled by technology, will continue to see rapid change in the way companies conduct business and interact with their board, regulators, customers and other stakeholders, including their competition. While the current thrust of more stringent disclosure norms is for financial companies, we can expect similar norms to be applied first to the listed companies and eventually to all companies, in a form which is easily understandable by the lay investors as well.

Current Issue