Prologue
From claiming phantom carbon credits to the mid-air opening of a plane door: recent instances highlight the need and role of robust corporate governance practices in preventing and identifying misconducts. Resultantly, thwarting potential regulatory actions.
This article explores recent changes in India’s regulatory regime regarding Environmental, Social, and Governance (“ESG”) disclosure requirements with a special focus on disclosures related to corporate misconduct.
Metamorphosis of ESG framework in India
Taking cognizance of the increasing focus on business responsibility globally, the Ministry of Corporate Affairs (“MCA”), in July 2011, came out with the National Voluntary Guidelines on the Social, Environmental and Economic Responsibilities of Business (“NVGs”).
The 2030 Agenda for Sustainable Development, which had 17 Sustainable Development Goals (“SDGs”) at its core, was adopted during the September 2015 United Nations (“UN”) Sustainable Development Summit. Subsequently, the MCA issued updated guidelines called the National Guidelines on Responsible Business Conduct (“NGRBC”) to align the NVGs with the SDGs adopted at the United Nations. The NGRBC set forth nine key principles (P1 to P9) of business responsibility as follows:
ESG framework under the Securities and Exchange Board of India
In August 2012, SEBI mandated the inclusion of Business Responsibility Reports (“BR reports” or “BRR”) as part of the Annual Reports for top 100 listed entities. The BR reports were in line with the NVGs issued by the MCA. Subsequently, in November 2015, SEBI issued guidelines to be adopted by companies as part of their business practices as well as a format for the business responsibility report. The format, inter alia, specified disclosures, demonstrating the steps taken by companies to implement the said principles.
In May 2021, SEBI taking cognizance of the updated NGRBC guidelines, introduced new ESG reporting requirements called the Business Responsibility and Sustainability Report (“BRS report” or “BRSR”), replacing the erstwhile BR report. Further, SEBI mandated the filing of BRS report for the top 1000 listed companies from the financial year 2022-2023. SEBI, in July 2023, introduced BRSR Core and amended the BRSR framework to incorporate the same, wherever necessary. BRSR core contains nine ESG attributes as follows:
Further, SEBI mandated listed entities to undertake reasonable assurance of the BRSR Core. The same will be applicable in a phased manner to the top 1000 listed entities by Financial Year 2026 – 2027.
Interplay between BRSR framework and financial crime
There has been a heightened focus by regulatory agencies to identify and prevent financial crime. The recent National Financial Reporting Authority (“NFRA”) circular, inter alia, mandating statutory auditors to report fraud or suspected fraud only attests to the same.
However, with the introduction of the BRSR framework, read in conjunction with the provisions of the Companies Act, 2013, it is apparent that the regulatory agencies are not only focusing on financial attributes but also a wider specter of non-financial attributes to assess the efficacy of governance.
SEBI’s BRS reporting framework prescribes certain disclosure regarding misconduct, breaches, non-compliances, and transgressions that may result in action by regulatory bodies or stakeholders. These are as follows:
Disclosures on details of complaints/grievances received:
The BRSR framework, inter alia, mandates disclosures on details of complaints/grievances received for all principles set-forth by the NGRBC for its stakeholders. It is important to note here that the principles set forth by the NGRBC are extensive and cover almost all aspects of business. Thus, entities need to disclose a count of all complaints received and resolved during the financial year. Further, the report also needs to confirm the existence of a Grievance Redressal Mechanism and provide a link to the Grievance Redressal Policy.
Coverage of NGRBC principles as part of policies:
As part of the disclosure, the report needs to confirm if the policies of the entity cover all the principles of NGRBCs. The following is an indicative policy and coverage matrix for the nine principles of NGRBC:
The report needs to confirm if the policies covering the core elements of NGRBC also apply to the value chain partners of the entity and if the entity has carried out an independent assessment of the working of these policies.
Thus, analogous to the statutory audit of financial statements, onus has been placed on external independent agencies to undertake assessment of these policies and its working.
Training and awareness programmes:
Training and awareness programmes not only assist in knowledge augmentations but also ensure that the recipients of the training are aware of what is expected of them.
The BRSR format specifically requires the report to disclose the coverage as well as the number of training and awareness programmes conducted during the financial year for the Board, Key Managerial persons, employees, and workers of the entity.
In the recent past, independent as well as non-executive directors have claimed they were not responsible for the management of affairs of the company as a defense for non-compliance by the entity. Thus, disclosure on training and awareness programmes to the Board of Directors intends to ensure that all members of the Board are aware of the requirements set forth by the NGRBCs. Thereby facilitating them to assess the compliance position of the entity.
Anti-corruption and Anti-bribery related disclosures:
The report needs to confirm if the entity has implemented an anti-corruption and anti-bribery policy and provide brief details of the same.
Further, the format mandates disclosure of any disciplinary action taken by any law enforcement agency for charges of bribery or corruption against the directors/ Key Managerial Personnels (“KMPs“)/employees or the workers of the entity.
It is important to note here that the disclosure pertains not only to the persons-in-charge but also all the personnel of the entity, which is a challenge for large organisations.
The entity also needs to disclose the corrective measures taken in response to actions initiated by regulatory/enforcement bodies for cases of corruption.This establishes an informal obligation on entities to initiate corrective action including but not limited to undertaking internal investigations, process assessments, and disciplinary actions.
Details of regulatory action:
The BRSR format mandates disclosure of any fines/penalties, etc., paid by the entity, the directors or the KMPs during the reporting period. As part of the disclosure, the report needs to provide a brief of the case pursuant to which the fine/penalty was levied.
Conflict of interest and related party transactions:
SEBI has taken note of the slew of enforcement actions initiated against listed entities for siphoning of funds by directors and KMPs, and has mandated disclosures related to conflict of interest and related party transactions. These disclosures are in addition to those mandated by SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 and the Companies Act, 2013.
The entity needs to disclose the number of complaints received with respect to conflict of interest of directors and KMPs. The entity also needs to disclose the corrective measures taken with respect to actions initiated by regulatory/enforcement bodies for instances of conflict of interest.
This establishes an informal obligation on entities to initiate corrective action including but not limited to suspension/removal of directors or KMPs, review of transactions in question, assess impact, and identify breaches of any policies.
Further, details regarding purchases, sales, loans & advances, and investments with related parties forms a part of the mandatory disclosure requirements.
Social or environmental risk emanating from products / services:
The entity needs to disclose any significant social or environmental risk arising from the production or disposal of products or services. Further, the entity is mandated to disclose the action taken to mitigate these risks.
In line with the global trends, social and environmental impact emanating from products and services needs to be disclosed. These disclosures, if not in line with the prevailing environmental laws, opens up risk of action by regulatory or enforcement agencies.
Safety incidents, human rights, sexual harassment, and labour law disclosures:
The entity needs to disclose details of all safety-related incidents that have occurred in the past year. Additionally, the corrective action taken to address these safety-related incidents also need to be elucidated.
Further, details of complaints related sexual harassment, labor right violations, and human rights right violations form a part of the mandatory disclosure requirements.
Cyber security and data breaches:
In line with the global trend of protecting customer data, the BRS report format, inter alia, mandates disclosure of instances regarding breach of data including those involving personally identifiable information of the customer.
It is important to note here that the Digital Personal Data Protection Act, 2023 provides for a penalty of upto INR 250 crore in case of breach in observing the obligation of Data Fiduciary to take reasonable security safeguards to prevent personal data breach.
SEBI’s consultation paper for facilitating Ease of Doing Business with respect to BRSR
Recognising the extensive disclosures mandated by the BRS report, SEBI issued a consultation paper in May 2024, seeking public comments on simplifying and reducing compliance costs related to BRS report.
As part of the consultation paper, SEBI has, inter alia, proposed to amend the definition of “value chain.” Currently, the BRSR core applies not only applies to reporting entities but also their value chains, which them to a massive risk by requiring compliance for both themselves and their value chain partners.
The proposed definition tightens the spectrum of value chain resultantly reducing the maximum number of upstream/downstream partners that will fall under the purview of BRS reporting.
Further, the consultation paper proposes amending the requirement of “reasonable assurance” of BRSR core to “assessment or assurance” of BRSR core. The option to undertake “assessment” rather than “assurance” will facilitate the ease of doing business as it is a more cost-effective and lenient process.
Conclusion
There has been a noticeable shift in corporate India’s stance towards prioritizing good governance over mere compliance with regulatory requirements.
The BRSR guideline are a key step towards enhancing transparency in ESG-related disclosures and compliance by companies. An increasing number of Indian organisations are voluntarily implementing policies and mechanisms in line with the BRSR requirements; these include, building robust internal controls and frameworks, affording adequate protection to whistleblowers, and monitoring compliance. Understandably, adopting these disclosures mandated by MCA and SEBI have helped mitigate the risk of business and financial crimes.
It is important to note that although BRS reporting is mandated for a sub-set of listed entities, voluntary adoption of key disclosures and requirements will showcase an entity’s commitment towards good corporate governance in line with the legislative intent.
For further information, please contact:
Sara Sundaram, Partner, Cyril Amarchand Mangaldas
sara.sundaram@cyrilshroff.com
