Regulation 30 of the SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 (LODR Regulations) requires listed entities to disclose material events and information to the stock exchanges. Events specified in Para A of Part A of Schedule III of LODR Regulations (Para A / Mandatory Disclosures) are deemed to be material events which listed entities are required to disclose. Events enumerated in Para B of Part A of Schedule III of LODR Regulations (Para B / Discretionary Disclosures) are required to be disclosed based on application of the guidelines for materiality, which the listed entities are required to frame (Materiality Policy) based on the criteria specified in regulation 30(4) of LODR Regulations.
Further, Annexure I to SEBI circular no. CIR/CFD/CMD/4/2015 dated September 09, 2015 ( available here) on 'Continuous Disclosure Requirements for Listed Entities' (Circular) specifies the details which a listed entity needs to disclose for the events specified under Para A and Para B.
With a view to streamline the disclosure requirements for material events and information under Regulation 30 of the LODR Regulations, SEBI has issued a consultation paper (Consultation Paper) to review various aspects of the disclosure requirements prescribed under the LODR Regulations and propose modifications/ amendments to the same. Key proposals include:
A. Amendments to Regulation 30 of LODR Regulations:
B. Amendments to Para A and Para B – Additional events proposed to be added:
- Mandatory disclosure of inter alia the following events:
- Disclosure of inter alia the following events depending upon the Materilaity Policy of the listed entity:
C. Disclosures in relation to "cyber security incident" or "cyber security breaches" or loss of data / documents of the listed entity in the quarterly report on corporate governance
The above proposals have been analysed in detail below.
B. AMENDMENTS TO PARA A AND PARA B – ADDITIONAL EVENTS PROPOSED TO BE ADDED
In order to address the gaps identified, remove ambiguity and to enhance transparency and availability of information to the investors, the Consultation Paper proposes to include certain additional events and also to modify certain events specified under Para A and Para B.
C. PROPOSAL FOR DISCLOSURE OF CYBER SECURITY INCIDENTS OR BREACHES AND LOSS OF DATA / DOCUMENTS IN THE CORPORATE GOVERNANCE REPORT
With the advancements in technology and the companies adopting such newer technologies, cyber security incidents or breaches and loss of data / documents have become a major concern. Such incidents may impact the operations and/or performance of the listed entity. Disclosure of such events are necessary for investors to understand the associated risks and impact. However, immediate disclosure of such events may not be desired since the entity may be vulnerable to further attacks.
The disclosure with root cause analysis and remedial measures taken, etc. may be mandated under the quarterly compliance report on corporate governance (CG Report) required to be submitted by listed entities under Regulation 27 of LODR Regulations. It is proposed that the listed entities may be required to make disclosures in relation to "cyber security incident" or "cyber security breaches" or loss of data / documents of the listed entity in the quarterly CG Report in the format given below:
The above changes to the LODR Regulations have been proposed vide the Consultation Paper dated November 12, 2022 ( available here) and public comments are invited till November 27, 2022.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
