Purpose

The purpose of this document is to encapsulate the Risk Management Policy of Daily MinesLimited (‘the Company’) towards risk management and the guidelines and procedures to be followed by the Risk Management department for achieving the following objectives:
a. To enumerate the key risks in the business and lay down steps on how they are managed and mitigated.
b. To define a clear and simple procedure for risk management relating to equity and derivative trades.
c. To ensure consistency, uniformity, zero errors and transparency in various risk related activities.
d. To assist in faster turnaround time thereby ensuring higher customer satisfaction and higher revenues
e. Business Compensation Plan

Background

Given the diversity of the business, the Company is exposed to various risks like Credit Risk, Market Risk, Liquidity Risk, Compliance Risk, Technology Risk, amongst others.
For the Company, Risk Management is a discipline that forms its core and encompasses all the activities that affect the Company’s risk profile. It involves identification, measurement, monitoring and controlling risks to ensure that:
a. The individuals that have key decision making authority clearly understand the risks involved.
b. The Company’s risk exposure is within the limits established by the Regulator and the Board of Directors.
c. Key decisions are in line with the business strategy and objectives set by the Board.
d. Sufficient capital available, at all times.
e. There is a continuous monitoring process that evaluates and controls the risks.

The acceptance and management of various risks is inherent to the Company’s business and its role as a financial intermediary.

Risk Management Philosophy

The Company has laid down a few guiding principles to ensure that each employee is guided by a common vision and values that define the Company. “We will respect risk” has been laid down as one of the key Guiding Principles to ensure Risk Management is embedded in the culture of the Company. The Company’s philosophy is that Risk Management is an “individual and collective responsibility” and each employee should believe in “owning the risk”.

Risk Management Strategy

The Company’s risk management strategy starts with evaluating all the decisions based on the following two questions that we put to ourselves. “Is it worth it?” and “Can we afford it?”
The strategy at an execution level is supported by -
a. Four-tiered risk management structure to manage and oversee risks
b. Risk Management framework to ensure each risk the Company is exposed to is given due importance and is effectively managed
c. Defined exposure limits and thresholds for businesses to operate
d. Well-defined Standard Operating Procedures and service approval framework to ensure risks are mitigated at operational level
e. Adequate segregation of duties to ensure multi-layered checks and balances
f. Exception reporting framework to ensure process and policy deviations are adequately addressed

Risk Management Structure

To support the risk strategy and effective risk management, the Company has in place a “Four-tiered risk management structure”. The risk structure is enumerated below:
a. Three Lines of Defence - for accountability, oversight, and assurance
b. Risk Department – owns and manages the risks and are responsible for implementation of the risk management framework
c. Risk Head + Business Head – is responsible for risk culture and risk aggregation, monitoring, oversight, provide assurance on effective risk management
d. Credit Team – is responsible for ensuring that company adheres to defined risk framework and reviews certain high impact risk events
e. Investment Committee - is responsible for defining Company risk framework and reviewing high impact risk events.
f. Board of Directors and Risk Committees – for overseeing the effective risk management across the business of the Company, the current governance structure is set out below:
• Credit Team
• Investment Committee
• Risk Management Committee

Roles and Responsibilities

Risk Department

The Risk Department is the first line of defence and reports into the Chief Operating Officer. The following are its roles and responsibilities:
• Implementation of risk framework
• Defining risk policies and limits for various products
• Continuous monitoring of risks and ensuring adherence to policies

Board and Risk Committees

The Board and the various Risk Committees which comprise of the following Committees serve as the key risk bodies of the Company

Investment Committee and Credit Team

The Investment Committee and Credit Team takes all relevant credit related decisions. These are business specific committees/teams with defined parameters ala participation quorum, exposure threshold and oversight by central teams.

Asset Liability Management Committee

The Asset Liability Management Committee (ALCO) has been constituted to monitor the asset liability gap and strategize action to mitigate the risk associated and ensure availability of adequate liquid resources with a view to keep maturity mismatches in the Balance Sheet of the Company within desired levels

Risk Management Committee

The Risk Management Committee is the overseeing body for Risk Management at the Board level comprising the majority of the Directors of the Company.

Risk Management Framework

The Company has adopted the following “Eleven Key Risk Framework” in line with its strategy and external environment:

Business Risk

Business risk is defined as potential of value erosion because of failure of strategy, execution or adverse change in environment and it includes strategy/execution risk and external environment risks.

Credit Risk

Credit risk is defined as the risk of loss arising due to current/potential inability or unwillingness of a customer or counterparty to meet financial / contractual obligations. It includes Credit Quality, Collateral and Cash Flow risks as its principal categories.

Market Risk

Market risk is defined as the risk of loss in trading books resulting from adverse movements in market variables and instruments. It includes Underlying Price risk, Volatility risk and Impact Cost risk as its principal categories.

Liquidity Risk

Liquidity Risk is defined as the risk of not being able to meet financial obligations and it includes AssetLiquidity risk and Liability refinancing risk as its principal categories.

Regulatory Risk

Regulatory risk is defined as the risk of not adhering to the letter and spirit of laws and regulations leading to fines or other penal action. It includes Legal, Governance, Vigilance, Fiduciary, and Data Integrity as its principal categories.

Reputation Risk

Reputation risk is defined as the risk arising from negative perception about the Group on the part of stakeholders that can adversely affect the ability to maintain existing or establish new business relationships.

Technology Risk

Technology risk is defined as the risk of loss due to technology failures such as information security incidents or service outrages that can disrupt business. It includes Cyber Security Risk, Resilience, Scalability and Project risks as its principal categories.

Operational and Process Risk

Operational and Process risk is defined as the risk of loss resulting from inadequate or failed processes,system controls or human negligence. It includes process risk, human error, system error and outsourcing risks as its principal categories.

Fraud Risk

Fraud risk is defined as the activities undertaken by an external/internal individual or entity that are done in a dishonest or illegal manner and is designed to give an advantage to the perpetrating internal/external individual or entity. It includes Employee Fraud, Customer Fraud and Third-Party Fraud as its principal categories.

People Risk

People risk is defined as the risk that will arise as a consequence of not having the right people with the right skills/competencies at the right time to deliver business strategies aligned for current and future growth as per the organisations, values, work ethics and culture. It includes talent and availability, people capability, ethics, and culture as its principal categories.

Physical and Infrastructure Risk

Physical and Infrastructure risk is defined as the risk of loss due to failures and/ or disruption of basic services, infrastructure, and facilities on account of natural calamity or man made disaster, including safety of employees. It includes Safety of Employees and Damage to Physical Assets as its principal categories.

Each of the above risks have clearly defined risk categories and sub-categories

Risk Management Process

Risk Management is an essential component of our daily business activities. Hence, the Company has adopted an effective risk management process to ensure all key risks are identified. The Company has adopted both top to bottom and bottom to top approach for risk identification -

• Top to bottom approach - Discussions, surveys, and interview sessions with the Senior Management
• Bottom to top approach - Process reviews, incident reporting and other meetings and discussions at execution and mid management level.

The Company also conducts “Unknown Risk” workshops, on a need basis, to identify low probability high impact risks and formulate appropriate mitigation plans to control these risks. Each risk event is mapped to the risk category, sub-category, and primary risk vector. The risk event passes through the risk management lifecycle covering assess, avoid, mitigate, and manage. Details mentioned below:

Assess
Risk events identified are assessed at an inherent risk. Depending upon the criticality and impact is classified as High, Medium, and Low. The impact assessment will consider various factors like financial impact, regulatory impact, reputation impact etc. and may vary from business to business.

Avoid

The Company avoids risks which are not in alignment to its risk philosophy. For example:

• Financial risks – The Company avoids taking exposures in the individuals and companies who are in the negative list.
The negative list will comprise of companies and individuals who are in regulatory debarred list, internal or external defaulter list and/or involved in fraudulent activities etc. The list is updated on a periodic basis.
• Non-financial risks – The Company avoid dealings which are in violation to laws of the land both in letter and spirit and detrimental to its reputation

Mitigate
Depending upon the type of risk and its quantum, the Company uses different types of tools and techniques for mitigation of risks viz. Governing Controls, Preventive Controls & Detective Controls. For example:

• Financial risks are mitigated through counterparty/client assessment before any exposure is taken, and defined product/program level risk limits to ensure exposure does not exceed risk appetite.
• Non-financial risks viz technology, operational, fraud etc. is mitigated through process documentation defining clear ownership for each activity, having adequate system/process level controls like maker-checker, reconciliation, testing and reviews.
• Enterprise level risks viz. technology, compliance, regulatory, etc is controlled through policies and framework, educating employees through training and risk socialisation sessions.

Manage
The Company ensures there is adequate reporting and escalation mechanism put in place to ensure risks events which get materialised or have the high possibility of getting materialised are effectively managed and in a time bound manner, so that the impact can be curtailed.
To ensure effective management of risk events, the Company performs daily monitoring of various risk exposures so that necessary actions can be taken as per need. Also, breaches to the process and policies are monitored in the form of exceptions. The monitoring is across levels ala client, product under all risk scenarios.

Risk Culture

Risk Culture is of paramount importance to the Company. The Company believes that culture protects when policies and processes fail. The Company periodically evaluates its risk culture through various means like conducting surveys and employee engagement programs. The Company takes multiple initiatives to improve and maintain Risk Culture through Risk Education and Awareness Programs on a continuous basis. Appropriate risk behaviour is recognized and applauded through specific reward and recognition programs.

Review of the Policy

The Board shall review and amend the Policy periodically as may be deemed necessary, keeping in view the business environment, the performance of the Company, regulatory requirements, and other relevant external factors.