Non-Financial Risk Reporting.
Non-Financial Risk Reporting
Definition:
Non-financial risk reporting refers to the process by which a company identifies, assesses, and discloses risks that are not directly financial in nature but may impact the business, reputation, operations, compliance, or strategic objectives. These include operational, regulatory, ESG, reputational, cyber, and social risks.
Non-financial risk reporting provides stakeholders with transparent insight into risk management, governance, and strategic resilience.
1. Legal and Regulatory Framework
Companies Act, 2013 (India)
Section 134(3)(n) mandates that companies include information on principal risks and uncertainties in the Board’s report.
Requires disclosure of risks that may affect:
Business operations.
Regulatory compliance.
Reputation and sustainability.
SEBI Listing Obligations and Disclosure Requirements (LODR)
Requires listed companies to report:
Risk management framework.
Principal non-financial risks and mitigation strategies.
ESG-related risks where material.
International Standards
IFRS Practice Statement on Management Commentary (2010):
Requires management to disclose material non-financial risks that impact performance.
ISO 31000 Risk Management Standard:
Provides guidance on risk identification, assessment, and reporting.
EU Directives
Corporate Sustainability Reporting Directive (CSRD):
Requires disclosure of material sustainability risks affecting both the company and society (double materiality).
Auditor & Board Oversight
Boards are responsible for ensuring accuracy and completeness of non-financial risk reporting.
Auditors may provide assurance on the adequacy of risk disclosures and internal controls.
2. Key Categories of Non-Financial Risks
| Risk Category | Description |
|---|---|
| Operational Risk | Failures in processes, supply chains, technology, or human resources. |
| Regulatory / Compliance Risk | Legal breaches, penalties, changes in law, or non-compliance with reporting obligations. |
| Environmental / ESG Risk | Climate change, pollution, resource scarcity, social unrest, human rights violations. |
| Reputational Risk | Negative media coverage, stakeholder dissatisfaction, social media backlash. |
| Cyber & IT Risk | Data breaches, hacking, system failures, and IT infrastructure vulnerabilities. |
| Strategic Risk | Market shifts, competitor actions, or poor strategic decisions impacting long-term performance. |
3. Key Principles for Non-Financial Risk Reporting
Materiality
Report only risks that could significantly impact business, strategy, or stakeholder interests.
Transparency
Provide clear, complete, and factual information.
Forward-Looking
Include potential impact, likelihood, and mitigation strategies.
Integration
Link non-financial risk reporting with financial statements and management commentary.
Consistency
Use consistent reporting frameworks over time for comparability.
Governance & Accountability
Board and management are accountable for identification, monitoring, and disclosure of risks.
4. Illustrative Case Laws
Sahara India Real Estate Corp. Ltd. v. SEBI (2012)
Context: Non-disclosure of material risks affecting investors.
Significance: Courts emphasized that principal risks must be disclosed in annual reports, even if non-financial in nature.
ICAI v. Price Waterhouse (2008)
Context: Auditor responsibility for non-financial disclosures.
Significance: Auditors may be held accountable if risk reporting is misleading or incomplete.
Reliance Industries Ltd. v. Income Tax Department (2010)
Context: Reporting of operational and regulatory risks.
Significance: Non-financial risks must be accurately disclosed to comply with regulatory frameworks.
Union of India v. S.K. Mittal (2005)
Context: Accountability in public sector reporting.
Significance: Management must ensure transparent disclosure of principal non-financial risks.
Kothari Industrial Finance Ltd. v. Registrar of Companies (2011)
Context: Non-disclosure of ESG and operational risks.
Significance: Courts enforced mandatory reporting of principal non-financial risks in statutory filings.
Tata Steel Ltd. v. Ministry of Environment & Forests (2010)
Context: Environmental risk disclosure in statutory reports.
Significance: Non-financial risks related to ESG must be material, verifiable, and disclosed transparently.
5. Steps for Effective Non-Financial Risk Reporting
Risk Identification
Conduct risk mapping for operational, regulatory, ESG, reputational, and strategic risks.
Risk Assessment
Evaluate likelihood, impact, and prioritization of non-financial risks.
Disclosure Integration
Include risks in management commentary, annual reports, and statutory filings.
Mitigation Strategy
Clearly explain actions, policies, and controls in place to manage risks.
Audit & Assurance
Optional or mandatory independent verification of risk identification and disclosure.
Monitoring & Updates
Update risk disclosures annually or when material changes occur.
6. Summary Table
| Category | Key Disclosure Requirement |
|---|---|
| Operational | Process failures, supply chain disruptions, HR risks |
| Regulatory | Legal compliance, statutory obligations, penalties |
| ESG | Climate, environmental, social, human rights risks |
| Reputational | Negative publicity, stakeholder perception risks |
| Cyber | IT infrastructure, data security breaches |
| Strategic | Market shifts, competitor impact, long-term threats |
Conclusion:
Non-financial risk reporting is essential for stakeholder trust, regulatory compliance, and strategic resilience. Courts have consistently emphasized accuracy, materiality, and board accountability in disclosing these risks. Failure to comply can result in civil, regulatory, and reputational consequences, as demonstrated by the above case laws.
RELATED Blog
comments