1. Preamble

This Policy is formulated in accordance with the Regulation 4(2)(f), 17(9), 21 and Part D of Schedule II of SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 (“Listing Regulations”) and section 134(3), 177(4) of the Companies Act, 2013 (“Act”) read with Rules made thereunder, as amended from time to time.

2. Objective

Risk is a threat that an event or action, at a point in time will adversely affect the Company’s ability to maximize stakeholder value and to achieve its business objectives. Risk Management is a holistic, integrated, structured and disciplined approach for managing risks with the objective of maximizing shareholder’s value.

An effective Risk Management framework comprises of consistent processes for identification, evaluation, prioritization, mitigation, monitoring and communication of risk. The framework helps in creating an environment in which Risk Management is consistently practiced across the Company and where Management can take informed decisions to reduce the possibility of surprises.

The objective of this policy is to formalize and communicate approach of Jubilant Pharmova Limited (‘Jubilant Pharmova’) to the management of risk. It aims to detail the guiding principles of Risk Management at Jubilant Pharmova along with an overview of the processes and related roles and responsibilities. It is intended to increase overall awareness of risk throughout the Company and to enable managers and those responsible for risk reporting, to better identify, assess and control risks within their areas.

3. Components of Risk Management Framework

Risk Management Framework of the Company comprises of:

3.1 Risk Management Structure

The Risk Management Organization of the Company shall comprise of the following:

(a) Board of Directors (BoD)

• Shall be responsible for framing, implementing and monitoring the risk management plan. This will be achieved by review of the risk assessment and minimization procedures across the Company after review and recommendation of the Risk Management Committee (‘RMC’)

(b) Risk Management Committee

• Advise the Board on the Company's overall risk tolerance and strategy
• Oversee and advise the Board on the current risk exposures and future risk strategy of the Company
• Review the Company’s overall risk assessment processes, the parameters used in these measures and the methodology adopted
• Advise the Board on Business continuity plan

(c) Enterprise Risk Management Council (‘Council’)

• Establish key enterprise risk management objectives, strategies and guiding principles
• To ensure proper identification & prioritization of key risks. Risk identification shall include uncommon type of risks.
• Perform Sensitivity analysis and Stress testing on a need basis.
• For key risks, co-ordinate development of mitigation plans with the risk owner
• To oversee key risk management activities
• Submit the mitigation status to the RMC
• Head – Risk and Management Assurance is part of ERM Council comprising of respective business CEOs and Pharmova CFO and shall be responsible for monitoring risk management activities.
• Head – Risk and Management Assurance to provide half yearly update to Risk Management Committee on all risk mitigation efforts to achieve business objectives and goals.

(d) Risk Owners/ Mitigation Plan Owners

• Risk owners are Senior Management personnel who are responsible for monitoring of key risks and ensuring timely implementation of mitigation plans
• Mitigation plan owners are responsible for timely implementation of the mitigation plans assigned to them and periodic certification on their effectiveness

3.2 Risk Management Process

Risk Management is a continuous process of identification, prioritization, mitigation, monitoring and reporting of risk implementation status.

(a) Establishing Context

The components of Risk Management are different for different companies and are defined by the company’s business model, organizational structure and risk appetite. It is essential to align the Company’s Risk Management focus with its objectives and strategies. This shall be Half-Yearly exercise carried out by RMC which shall establish the overall risk exposure, tolerance, Risk Management strategies and governance structure.

(b) Risk Identification / Refresh

• Risk Identification is the first step in building the risk profile which captures significant risks that may have an adverse impact on the organization’s objectives. It involves creation of a Risk Library based on detailed study of business processes and inputs from Senior Management personnel. These risks may be classified into the following broader categories:
  • Strategic risks: are risks that affect or are created by an organization’s business strategy and strategic objectives. For example - Competition, Growth, Innovation, etc.
  • Operational risks: are major risks that affect an organization’s ability to execute its strategic plan. For example - Environment, Health & Safety, Cyber Security, IT Security/ Access, Procurement & Inventory, etc.
  • Compliance risks: relate to legal and regulatory compliances. For example - Ethics, Accounting Reporting and Disclosure, Tax Compliance and Audit Management, etc.
  • Financial risks: include areas such as credit risk, forex risk, interest rate risk, market, liquidity, financial reporting, etc. Financial risk management to protect the Company from certain risks such as realization of trade receivables in various foreign currencies, exposure of borrowings in difference currencies, floating and fixed rate of interest and price fluctuations on input materials and other economic conditions.
  • Commodity risks: This risk can be mitigated by defining the Policy of hedging or keeping it open based on the net exposure on account of commodity price fluctuation and if required, enter into hedging transactions based on materiality of exposure. The exposure would be considered material if its exceeds the thresholds limits provided under the Company’s Policy on Material Events and Information.
  • Sustainability risks: includes areas such as Environmental, Social and Governance risks, etc.
• Risk Refresh is a continuous activity which ensures that new emerging risks are identified & included in Risk Library for prioritization. The Risk Library shall be reviewed on Half yearly basis by Council for identification of new risks / modification of the existing risks.

(c) Risk Prioritization

Risk Prioritization is the process of rating the risks in order to identify those risks which may have the most significant impact on the achievement of the stated goals and objectives of the businesses. The identified risks shall be prioritized by Council based on the following parameters:

• Impact - Extent to which risk event might affect the company
• Likelihood - The possibility that a given risk event will occur

A risk matrix is used in the risk management process. It creates a risk score from the combination of the likelihood and the impact of the Risk.

(d) Risk Mitigation

Risk Mitigation is the process of initiating responsive action for managing the critical risks and restricts them at a tolerable level. Council shall prepare detailed plans to mitigate the identified risks. Council shall also set-up systems and processes for internal control of identified risks. Risk Mitigation process is broken down into the following activities: