In a long awaited move, SEBI is in the process of introducing norms for disclosure of fraud information for listed companies.
According to the guidelines likely to be announced by the Securities and Exchange Board of India (Sebi) on Monday, companies will have to make public any fraud committed by directors and employees, litigation against them and the impact of this on financials, reveal details about shareholders and loan agreements besides providing estimates of losses caused by natural calamities.
While the move is welcome, it appears to fall short of the requirements of the share holders since the information now available appears to require only frauds committed by insiders and those which result in litigation.
There is a need for companies to also share information on their losses arising out of security breaches so that shareholders are aware of the IT risks that the organizations face as part of their operational risks.
Presently, under Clause 49 in India, a declaration to the effect that necessary controls are in place is required. May be this can be extended to the declaration of “Estimated Financial Risk arising out of Information Security Risks”. In the case of Banking institutions here is already a fraud report being submitted to RBI and an NPA figure is also declared which indicates the financial risks in respect of loan assets. However presently there is no information available on the financial risks that are quantified from the information security risks. If SEBI gives a thought to this it should be useful.