BACKGROUND

This document lays down the framework of Risk Management at Berger Paints India Limited (hereinafter referred to as the 'Company') and defines the policy for the same. This document shall be under the authority of the Board of Directors of the Company. It seeks to identify risks inherent in any business operations of the Company and lays down the mitigation methods which are periodically reviewed and modified in a manner commensurate with the size and complexity of the business.

OBJECTIVE

The objective of Risk Management task at Berger Paints India Limited is to preserve shareholder value to the extent practically feasible by identifying and mitigating major operating, and external business risk. An enterprise-wide risk management framework is applied in a manner such that the effective management of risks at different levels and different functions is an integral part of every employee's job.

Regulatory

Risk Management Policy is framed as per the following regulatory requirements:

1. Companies Act, 2013:

   1. Provisions of the Section 134(3)

      "There shall be attached to financial statements laid before a company in general meeting, a report by its Board of Directors, which shall include—

      (n) a statement indicating development and implementation of a risk management policy for the company including identification therein of elements of risk, if any, which in the opinion of the Board may threaten the existence of the company."

   2. Section 177(4) stipulates:

      "Every Audit Committee shall act in accordance with the terms of reference specified in writing by the Board which shall, inter alia, include,

      (vii) evaluation of internal financial controls and risk management systems.

   3. Schedule IV [Section 149(8)] :

      Code for Independent Directors:

      II. Role and functions:

      "The independent directors shall:

      (1) help in bringing an independent judgment to bear on the Board's deliberations especially on issues of......risk management....

      (4) satisfy themselves that the .....systems of risk management are robust and defensible."

   4. Regulation 4 of the SEBI (Listing Obligations and Disclosure Requirements), 2015:

      Key functions of the Board

      The board should fulfil certain key functions, including:

      a. Reviewing and guiding risk policy

RISK MANAGEMENT

1. The Company shall lay down procedures to inform Board members about the risk assessment and minimization procedures.
2. The Board shall be responsible for framing, implementing and monitoring the risk Management policy for the company.
3. The Board shall define the roles and responsibilities of the Business Process and Risk Management and Audit Committees and may delegate monitoring and reviewing of the risk management plan to the committee and such other functions as it may deem fit. Such functions shall specifically cover cyber security. An exposure to any particular commodity will be considered material if the receivable or payable during a financial year on account of a commodity exceeds 20% of the total receivables or payables of the Company during that financial year.

APPLICABILITY

This Policy shall come into force with effect from 15th May, 2015.

DEFINITIONS

"Business Process and Risk Management Committee" means Committee of Board of Directors of the Company constituted under the provisions of Companies Act, 2013 and The SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015. The Committee may include such advisors and members of the management, as may be required.

POLICY

Broad Principles

The Board has to review the business plan at regular intervals and develop the Risk Management Policy which shall encompass laying down guiding principles on proactive planning for identifying, analyzing and mitigating all the material risks, both external and internal. The Company has sought to classify the types of risk as external business and operational.

Communication of Risk Management Strategy to various levels of management for effective implementation is essential.

Risk Identification is obligatory on all vertical and functional heads who with the inputs from their team members are required to report the material risks to the Business Process and Risk Management Committee along with their considered views and recommendations for risk mitigation.

Analysis of all the risks thus identified shall be carried out by an empowered management committee under the leadership of the MD (MD, CFO, Company Secretary and Chief Internal Auditor) through participation of the vertical/functional heads and a preliminary report thus finalized shall be placed before the Business Process and Risk Management Committee.

Risk Description: To display the identified risks in a structured format

• Name of Risk
• Scope of Risk
• Qualitative description of events
• Nature of Risk
• External Business, Operational
• Quantification of Risk
• Significance and Probability
• Risk Treatment and Control Mechanism
• a) Primary Means b) Monitoring and Review
• Potential Action for Improvement
• Recommendations to Reduce Risk

ROLE OF BUSINESS PROCESS AND RISK MANAGEMENT COMMITTEE

The role of the Business Process and Risk Management Committee shall include the evaluation of risk management systems including those relating to cyber security, the examination of the risk matrix, assessing the mitigation measures and suggesting improvements and greater risk mitigation measures, and examination in detail the business processes which may carry risks.

The minutes shall be placed before all directors including members of the Audit Committee, who will evaluate the same and take action, if required.

REVIEW

This policy shall evolve by review by the Business Process and Risk Management Committee and the Board from time to time as may be necessary.

COMMUNICATION

This policy will be communicated to all vertical/functional heads and other concerned persons of the Company.