Top Banner
CORPORATE GOVERNANCE AND ETHICS REPORT Voluntary Guidelines
31

Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

Jul 22, 2020

Download

Documents

dariahiddleston
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

Corporate GovernanCe and ethiCs report

voluntary Guidelines

Page 2: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

NASSCOM Corporate Governance and Ethics Report�

Copyright ©�010

International Youth Centre, Teen Murti Marg, Chanakyapuri

New Delhi - 110 0�1, India

Phone: 91-11-�3010199, Fax: 91-11-�301545�

E-mail: [email protected]

Published by

NASSCOM, New Delhi

Designed & Produced by

CREATIVE INC.

Phone: +91-11-4163 4301

Email: [email protected]

Disclaimer

The information contained herein has been obtained from sources believed to be reliable. NASSCOM disclaims all warranties

as to the accuracy, completeness or adequacy of such information. NASSCOM shall have no liability for errors, omissions

or inadequacies in the information contained herein, or for interpretations thereof.

The material in this publication is copyrighted. No part of this report can be reproduced either on paper or electronic media

without permission in writing from NASSCOM. Request for permission to reproduce any part of the report may be sent

to NASSCOM.

Page 3: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

NASSCOM Corporate Governance and Ethics Report3

In today’s volatile and globalised environment, organisations are faced with myriad

challenges and complex regulations across the globe which makes it mandatory to

reaffirm appropriate codes of ethics, conduct, and values while relentlessly pursuing

business goals. There has been a huge emphasis on “good governance” to enable

entrepreneurship, sound judgment, and high standards of transparency within a

framework of accountability. A successful economy depends on being able to build

world-class companies, built on robust governance practices, which are leaders in the

increasingly competitive global marketplace.

In India, the government has proactively strengthened the corporate governance

guidelines, mainly through the introduction of the amended Clause 49. There are

provisions aimed at vesting shareholders with greater powers, implementing stricter measures for investor protection,

creating independent director requirements and improving the quality and depth of disclosures provided in the financial

statements. The existing and ensuing legal framework in India effectively covers the fundamentals of robust corporate

governance, and India compares favourably with most developing and Asian economies in this regard.

These guidelines and best practices must be tailored to the unique facets of the Indian IT-BPO industry - world-class

firms with world-class business practices competing at a global level, based on service quality and delivery, and providing

significant value creation to its stakeholders. The internal industry governance system must exhibit a paradigm shift to

include customers, employees, vendors and society over and above the investors and regulators. We foresee the industry

being a leader in the next wave of best practices in corporate governance as it reinvents and transforms itself to achieve

its aspirations over the next decade.

NASSCOM had set up a Corporate Governance and Ethics Committee which I have the pleasure of chairing. Our objective

was to recommend ways to further improve corporate governance standards and practices, both in letter and spirit. The

committee had eleven members, who represented an excellent mix of experts and industry leaders.

The recommendations of the committee evolved over a series of roundtable sessions and are intended to serve as a

compendium of good corporate governance practices. This report enumerates a set of voluntary recommendations with

an objective to establish the highest standards of probity and corporate governance within the IT-BPO industry.

It is important to underline here that governance should not be limited to excessive focus on compliance, but should also

focus on the ethical and effective leadership of organisations. This is the spirit of the report. Embracing good governance

cannot be mandated and over regulated; it must be deeply embedded in the basic fabric of every organisation. Best in

class governance is voluntary, and stems from the values and standards which are integral to the company and which

must be upheld at all times. Whatever the regulatory framework and the overall governance structure, there are a series of

best practices which organisations should consider adopting voluntarily to generate long-term value for the corporation.

I am confident that the IT-BPO industry will adopt these recommendations and will be front-runners in creating global

benchmarks as we work together towards transforming our client’s businesses and the way we operate.

N. R. Narayana Murthy

Chairman

NASSCOM Corporate Governance and Ethics Committee

FOREWORD

Page 4: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

NASSCOM Corporate Governance and Ethics Report4

CONtENtS

NASSCOM Corporate Governance and Ethics Committee 5

Corporate Governance and Ethics Best Practices 6

Report Objective

• Board of directors 7

• Customers 16

• Competitors 18

• Employees 19

• Company as an “Employer” 21

• Vendor partners 22

ANNExuRE: Key Elements of a Whistleblower Policy 23

• Ombudsperson concept 25

• Reporting mechanisms 25

• Remediation and Investigation 27

• Appeal process 28

• Reporting in good faith 29

• Non-retaliation and non-harassment policy 29

• Record Retention 30

Page 5: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

NASSCOM Corporate Governance and Ethics Report5

COMMittEE MEMBERS

Chairman

1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor, Infosys Technologies Limited

Members

2. Dr. Omkar Goswami, Chairman, Corporate and Economic Research Group Advisory Pvt Ltd

3. Mr. Pramod Bhasin, Former Chairman, NASSCOM; President & CEO, Genpact India Pvt. Ltd

4. Mr. Ashank Desai, Member of the Board, Mastek Limited

5. Mr. Som Mittal, President, NASSCOM

6. Mr. Prithvi Haldea, Chairman & Managing Director, Prime Database

7. Mr. S. Ramadorai, Vice Chairman, Tata Consultancy Services

8. Dr. Ganesh Natarajan, Vice Chairman & CEO, Zensar Technologies Ltd

9. Mr. Deepak Satwalekar, Independent Director

10. Mr. N. Vittal, Independent Director & Former Chief Vigilance Commissioner

Page 6: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

NASSCOM Corporate Governance and Ethics Report6

The fundamental objective of “good corporate governance and ethics” is to ensure the commitment of an organisation in

managing the company in a legal and transparent manner in order to maximise the long-term value of the company for

its shareholders, customers, competitors, employees and all other partners.

It is important to understand that effective and efficient governance by the board is just one component of governance

and ethics. Robust governance practices and ethical behavior leading to a world class company not only hinges on

the functioning of the board, but is also dependent on how various interconnected building blocks of the ecosystem

work together.

Based on the above objective, the NASSCOM Corporate Governance and Ethics Committee outlined its agenda for corporate

governance to extend to the entire ecosystem. The focus of the Committee was to create a set of good practices under

the framework of existing regulations and practices that organisations in the IT-BPO sector can follow. These practices

would then set standards for governance in the industry and help to build an ethics-led framework.

The report is structured according to the different elements working together to build an effective and ethical governance

framework:

• Board of Directors

• Customers

• Competitors

• Employees

• Company as an “Employer”

• Vendor Partners

A detail whistelblower policy has also been included for the benefit of organisations that currently do not have

this framework.

CORPORAtE GOvERNANCE AND EthiCS BESt PRACtiCES

Report Objective

Page 7: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

NASSCOM Corporate Governance and Ethics Report�

Ethical Practices: Board of Directors

the Board of Directors

There has been an ongoing debate about the role of the board and how it has to evolve out of necessity from its traditional

advisory role to more of strategic oversight of company affairs, further aligned with company’s size, scale and strategy. A

strategy-led board uses regulations as a baseline: it goes beyond and influences the company strategy and guides it down

the path of sustained value creation. The role of the board is pivotal in defining the company strategy, provide strategic

direction for implementation, supervise management, build company leadership, align incentives with strategic goals,

ensure alignment of financial health and risk, strategy with vision, enhance corporate brand and positioning and develop

board structure and operations to enable strategic impact.

It is an imperative for the board to be completely transparent and diligent about its functioning to build and restore

confidence amongst all stakeholders. The board should possess the necessary knowledge, expertise and skill sets which

are linked to the company’s strategic vision. The composition of the board should be tailored to meet the needs of the

company and its stage of development, which is also one of the key reasons to invest in ongoing education programmes

for existing and new directors. Every director should be inducted formally and there is a need to ensure familiarity with

the company’s business, governance practices and external regulatory and risk environment.

◊ Role and responsibilities of the board

• Full disclosure of board activities and its committees: In addition to the composition of the board as required

under Clause 49, the functions of the board and the various committees should be fully disclosed. Committee

charters, terms of reference and other company documents outlining the duties and powers of the committee

and its members should be disclosed as well

• Companies should issue formal letters of appointment to Non-Executive Directors (NEDs) and Independent Directors

specifying the terms, expectations, fiduciary duties, provision for directors and officers insurance, list of actions

that a director should not do and the remuneration including sitting fees and stock options

• In addition to disclosures specified under Clause 49, directors should be provided information on all press releases

and presentations to analysts

Certificate of independence

• All independent Directors should provide a detailed Certificate of Independence at the time of their appointment,

and thereafter annually. Also it should disclose all past and present relationships with the company, promoters/

management, employees, vendors and customers.

◊ independent directors for foreign unlisted subsidiaries

• Clause 49 presently requires all domestic subsidiary companies of a listed company to also have Independent

Directors. Companies should voluntarily extend this requirement to foreign unlisted subsidiaries of the Indian

listed companies.

◊ Disclosure on qualifications of directors

• Clause 49 states that in case of the appointment of a new director or re-appointment of an existing director, the

shareholders must be provided with the following information:

- A brief resume of the director;

- Nature of his expertise in specific functional areas;

Page 8: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

NASSCOM Corporate Governance and Ethics Report�

- Names of companies in which the person holds directorship and membership of certain Committees of the

Board; and

- Shareholding of non-executive directors.

Disclosure should also be made about the development and training programmes that directors undergo, including

the induction programme. Companies should include a write up, in its induction programme, which would

state the powers and duties conferred upon the directors vide its Articles of Association and other statutory

enactments. The chairman of the board should provide the necessary framework for each board member to

identify his knowledge gaps and address them systematically

◊ Directors’ remuneration

Remunerations for non-executive and independent directors should reflect their time commitment, responsibilities,

skill sets and the value they add to the company. The current law on renumeration for directors in the Companies

Act, 1956 only allows for remuneration from net profits of the company, as applicable (1 per cent or 3 per cent of

the net profits). It is a good practice to de-link the remuneration from net profits, which may not be commensurate

with the efforts and time spent by the individual. Therefore, to introduce more objectivity and performance

orientation within the board, the committee recommends that the company law be amended so that companies have

both options.

• Fixed contractual remuneration to directors- Companies should be given the option to choose between a) paying

a fixed contractual remuneration to its non-executive directors (NEDs) and independent directors, subject to an

appropriate ceiling depending on the size of the company; or b) continuing with the existing practice of paying

out upto 1 per cent (or 3 per cent) of the net profits of the stand-alone entity as defined in The Companies Act,

1956. For any company, the choice should be uniform for all NEDs and independent directors, i.e. some cannot

be paid a commission of profits while others are paid a fixed amount. If option (a) is chosen, the NEDs and

independent directors will not be eligible for any commission on profits. If stock options are granted as a form

of payment to NEDs and independent directors, these must be held by the concerned director until three years

of his exit from the board.

• Board remuneration- In order to strengthen shareholder control over levels of compensation for loss of office,

it is recommended that future service contracts should not exceed 5 years without shareholder approval. Clause

49 requires the disclosure of the remuneration policy but places no restrictions as recommended here.

Directors have an obligation to ensure complete attendance at board meetings and actively

participate and brainstorm during meetings, including asking difficult questions. In order to ensure

greater participation and increase the frequency of board meetings, it is recommended that the

directors be allowed to participate though tele/video conferencing. Careful attention and diligence

is required to document the proceedings for all board meetings, including recording any divergent

view points.

◊ Board meetings

• If a director cannot be present physically but wishes to participate in the proceedings of the board and its

committees, arrangements can be made to allow their participation through tele-conferencing and video-

conferencing. However, the minutes of all such meetings and decisions taken during the proceedings, recorded

as circular resolutions, should be signed and confirmed by the directors who have attended the meeting through

alternate means.

Page 9: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

NASSCOM Corporate Governance and Ethics Report9

• Dissenting decisions involving any consideration of more than 5 per cent of the revenues should be specifically

documented in the Minutes of the Audit Committee meeting along with brief reasons of dissent.

◊ Board evaluation and succession

• The board should determine a process of evaluation that best satisfies the needs of the company.

• The board should develop and disclose to the shareholders, the frequency, mechanism and processes to evaluate

the performance of the board as a whole and the performance of each individual director. The risk of attracting

and retaining qualified talent needs to be mitigated at the management level and so there should be a carefully

considered succession plan and process in place.

• The board should disclose to the shareholders whether it has performance evaluation process in place, either for

the board as a whole or for individual members. Disclosure should be made regarding how the board has evaluated

its performance and how the results of the appraisal are being used. Under Clause 49, the performance appraisal

mechanism is not mandatory.

• The board should disclose to the shareholders whether it has established a succession plan for key executives

and other board members to ensure that there is a strategy for continuity of operations. Succession plan may

be formulated by the Remuneration Committee in consultation with the other Board of Directors and Human

Resources Department, The same should be reviewed every two years considering the overall industry position.

• A critical element of an effective board is its independence from management - not only whether a director’s

background and current activities qualify him or her as independent, but also whether that director can act

independently of management. The Committee recognises the importance of the process of selecting qualified

independent directors in ensuring an effective board of directors. Companies should have an entirely independent

Nominations Committee to enhance the independence and quality of director nominees and the transparency and

integrity of the nomination process.

◊ independent directors

• Appointment by Nominations Committee- There should be a Nominations Committee, which should be entrusted

with the responsibility of selecting and appointing independent directors, evaluation of the board and its members

on annual basis comprising largely of independent directors including it’s chairman. This committee should draw

up skill sets required on the board based on the company’s current and future strategic priorities and identify and

evaluate candidates that meet these predefined criteria.

• Clear guidelines on time commitment of the independent directors- There should be clear guidelines laid down

by the board regarding the time commitment expected of an independent director to fulfill his responsibilities.

Such time commitments should be drawn up after taking into consideration company specific requirements, the

frequency of meetings, the need for interactions within and outside board meetings and requirements with respect

of induction, training and performance evaluation.

• independent Directors Exemptions- Legal provisions should be inserted to specifically exempt non-executive

and independent directors from criminal and civil liabilities. However, independent directors should periodically

review both the legal compliance reports prepared by the company as well as the steps taken by the company to

address issues. In the event of any proceedings against an independent director in connection with the affairs

of the company, defense should not be permitted on the grounds that the independent director was unaware of

this responsibility.

Page 10: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

NASSCOM Corporate Governance and Ethics Report10

• Number of Directorships- In case an individual is a Managing Director or Whole-time Director in a listed company,

he should serve as a Non-Executive Director or Independent Director of maximum seven companies.

• Appointment of a Lead independent Director- Wherever feasible, there should be segregation between the office

of the CEO and the chairman of the board. The chairman of the board should be a non-executive independent

director. In case such segregation cannot be practically achieved, it is recommended that the company should have

a lead independent director.

- The lead independent director should play a key role in ensuring that the functions and responsibilities of the

board as outlined in the charter are reflected on the agenda. The lead independent director should work with

the chairman to set the board agenda and ensure that board priorities and areas of concern for independent

directors are appropriately featured in the board’s agenda and discussed.

- The lead independent director should ensure that all information requirements of the board (including the

agenda, board papers and background information) are circulated well in advance of meetings to facilitate

an informed discussion at meetings. The lead independent director should also work with key management

personnel to structure the board’s information requirements (reports, heat maps, dashboards etc)

- Executive session of independent directors- The independent directors should meet as a group without the

presence of promoters/management. There are two main purposes of these meetings. The first is to facilitate

an informal and transparent discussion on company matters and determine any important matters that

deserve the immediate and complete attention of the full board. The other is to discuss any performance

concerns about the company and/or its management that requires further discussions at the board level. The

concerns noted should be communicated to the management and minutes to be recorded confidentially.

Audit committee

The audit committee plays a critical and a key coordinating role in ensuring accountability on the part of management, the

internal and external auditors, and external advisors, while safeguarding the overall objectivity of the financial reporting

and internal control processes. It should continuously engage with all stakeholders, both internal and external, to ensure

integrity and accuracy in financial reporting. It must demand and continually reinforce the “direct responsibility” of the

external auditor to the board and audit committee as representatives of shareholders.

• Constitution of the committee- The Audit committee must have a minimum of three members, who are all

independent non-executive directors.

• Charter of the committee- Every listed company must publish an audit committee charter in the “Management

Discussion and Analysis” section of its Annual Report. The audit committee should have a charter in place that

sets forth guidelines for the duties of the audit committee versus those of the full board. By elaborating the basic

duties of the audit committee, the charter helps both the full board and the committee members understand their

obligations and the general boundaries within which they will operate.

• induction programme for new members- Every member of the audit committee must participate in an

induction programme specifically tailored to meet company specific requirements. Such a programme

must, at a minimum, include a thorough review of the legal and regulatory environment, planned versus

actual company performance, presentations by internal and statutory auditors on financial reporting

and internal controls, comparison of accounting policies to industry peers, and meetings with the

company’s legal counsel on matters subject to litigation. Additionally, the audit committee chairman,

in consultation with the other members on the committee, must identify topics/areas where members

Page 11: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

NASSCOM Corporate Governance and Ethics Report11

of the audit committee would benefit from learning programmes (e.g. industry specific risks, derivatives and

hedging, IFRS etc).

• Review and approval of audit plans- Both the internal and external audit plans must be explicitly approved

by the audit committee to confirm their alignment with the overall company strategies and key business risks

identified by the company. As part of this process, the audit committee must have separate discussions with the

lead partner of the statutory auditor and the Chief Audit Executive/Outsourced service provider for the internal

audit regarding their perception of risk areas and mitigation strategies. While doing so, the audit committee must

specifically evaluate whether the auditors (both internal and external) have the requisite size and skill sets to meet

the assurance requirements.

• Executive sessions with auditors- The audit committee chairman must meet with the lead partner for the statutory

audit and the Chief Audit Executive/outsourced service provider for the internal audit at least once every quarter

without the management being present. The objective is to conduct an honest and transparent discussion with

the auditors about the audit findings, management responses, the status of remedial actions, disagreements

between auditors and management, concerns about financial accounting, internal controls and code of conduct

related matters.

• Roles and responsibilities to detect fraud and other illegal acts

Primary responsibility of prevention and detection of fraud rests on the management, which is expected to give

expeditious information of such events should they occur, to the board of directors. The auditor’s responsibility

is to properly plan, perform and evaluate his audit work so that there is a reasonable expectation that material

misstatements will be detected.

- The audit committee must ensure that the company has a programme in place to periodically assess areas

susceptible to fraud. Specifically, the audit committee must review the effectiveness and adequacy of anti-

fraud programmes and controls in the identified areas, including the extent to which these are being covered

in internal and external audit plans.

- The audit committee must review whistleblowing policies and make sure the company policies are appropriate

by ensuring that a) whistleblowing facilitates independent reporting of incidents without fear of retribution, b) a

sufficiently senior and independent source is responsible for monitoring the reported incidents and determining

the course of investigation and c) the operation of the whistleblowing policies and the communication thereof

are subjected to regular checks by audit.

• Related party transactions- The audit committee should pre-approve all related party transactions which are

not in the ordinary course of business or not on an “arms length basis” or any amendment of such related party

transactions. All other related party transactions should be placed before the committee for its reference.

• Statement on discharge of duties- In addition to disclosing the names of the members and the dates/frequency

of meetings, the chairman of the audit committee must annually disclose whether and to what extent each of

the functions listed in the audit committee charter were discharged during the year. This disclosure should include

the audit committee’s views on the adequacy of internal control systems, risk perceptions, and in the event of any

qualifications, the rationale for accepting and recommending the financial statements with qualifications. The

disclosure should also clarify whether the audit committee conducted executive sessions with the auditors, and

whether such meetings revealed materially significant issues or risks.

Page 12: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

NASSCOM Corporate Governance and Ethics Report1�

Appointment and Rotation of Auditors

The committee decided to accept and propose the recommendations of the Naresh Chandra Committee relating to

appointment and rotation of auditors for adoption by companies.

• Appointment of auditors- The audit committee of the board of directors should review all information regarding

the profile of the audit firm, its responsible audit partner, his or her previous experience of handling audit for

similar sized companies, and the firm/audit partner’s assurance that the audit clerks and/or understudy chartered

accountants or paralegals appointed for discharge of audit tasks have a minimum prior experience and have

completed a a minimum number of years studying accounting principles. The audit committee shall:

- Discuss with the auditor the annual work programme and the depth and detailing of the audit plan to be

undertaken by the auditor

- Examine and review the documentation and the certificate for proof for independence of the audit firm

- Recommend to the board, with reasons, either the appointment/reappointment or removal of the statutory

auditor, along with the annual audit remuneration

• Rotation of audit partners- It is recommended that the engagement partner/s and at least 50 per cent of the

engagement team responsible for the audit be rotated every five years for listed companies, companies whose

paid-up capital and free reserves exceeds INR 50 Crore, or companies whose turnover exceeds INR 250 Crore,

whichever is less.

• Management’s certification in the event of auditors replacement- Shareholders need to pass a special resolution

to replace the auditors. The explanatory statement accompanying such a special resolution must state the

management’s explanation for seeking a replacement, and the auditor has a right to comment on this explanation.

Furthermore, the audit committee should verify that the statement is true and fair.

• internal Audit coverage- The scope of the internal audit should be expanded to include the materially significant

subsidiaries (for which we can use the definition in Clause 49) to ensure uniform application of policies and practices

throughout the group.

Additional disclosures

Besides ensuring compliance under existing or proposed rules, the board needs to evaluate the company’s disclosure

practices. A transparent disclosure approach indicates a commitment to good corporate governance and helps to build

trust with shareholders and stakeholders. It also enables informed decision making. Management has responsibility for

implementing the disclosure practices. The audit committee needs to take steps to ensure the quality, timeliness, and

accuracy of all disclosures and to ensure that they are complete, fairly represent material information, and comply with

all relevant rules and regulations.

• Disclosures on shareholding structure, control and beneficiaries

- Disclosure of the parties with whom the company, its promoter directors and the management council have

pledged the shares of the company.

- The beneficiary ownership structure should be fully disclosed to all interested parties. Changes in the

shareholdings of substantial investors should be disclosed as soon as the company becomes privy to this

information.

- The company must also disclose the control structure of the organisation and detail how shareholders or

other members of the organisation can exercise their control rights through voting or other means. Any

Page 13: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

NASSCOM Corporate Governance and Ethics Report13

arrangement under which some shareholders may have a degree of control disproportionate to their equity

ownership, whether through differential voting rights, appointment of directors or other mechanisms, should

be disclosed. Any specific procedures which are in place to protect or deter the interest of minority shareholders

should be disclosed.

• Changes in control and transactions involving significant assets.

- The rules and procedures governing the acquisition of corporate control in the capital markets should be

disclosed. Extraordinary transactions such as mergers and sales of substantial portions of corporate assets

should also be disclosed.

- It may be a good corporate governance practice to submit extraordinary transactions (including mergers,

acquisitions and takeovers) to a general meeting for shareholder approval if the value of the transaction

exceeds 5 per cent of the company’s net worth.

• Qualifications in Auditor’s report- In case of a qualified report, the audit firm may read out the qualifications, with

explanations, to shareholders in the company’s annual general meeting. It should be mandatory for audit firms

to send a copy of the report to the audit committee, SEBI, ROC, and to the principal stock exchange on which the

company is listed.

• Disclosures on contingent liabilities- The management should provide a clear description of each material

contingent liability and its associated risks, which should be accompanied by the auditor’s clearly worded comments

on the management’s view. This section should be highlighted in the significant accounting policies and notes to

accounts, as well as in the auditor’s report where necessary.

• Regulatory compliance declarations- There should be processes established with regards to the monitoring and

reporting of regulatory compliance to the audit committee. This may include attestations by the CEO (over and

above any declaration by the company secretary) on compliances.

• Disclosures around “Good Corporate Governance”- That the company has not denied any personnel access to the

audit committee (in respect of matters involving alleged misconduct) and that they have protected “whistleblowers”

from unfair termination and other unfair or prejudicial employment practices.

• Disclosures for “Comply or Explain” Rule- Listed Companies are required to follow all the mandatory requirements

of Clause 49. However, they should be asked to explain why they have chosen not to comply with the non-mandatory

recommendations. Listed Companies should also adopt the MCA Voluntary Guidelines on Corporate Governance.

• Awards and Recognition- The company shall disclose awards and accolades received for its good corporate

governance practices.

• Disclosures in Analysts’ Reports- Disclosure in the company report issued by a security analyst should include

- Whether the company is a client or associate of the analyst’s employer, and the nature of any services rendered

to such company

- Whether the analyst, the analyst’s employer or an associate of the analyst’s employer currently hold or have

held (in the 12 months immediately preceding the date of the report) or intend to hold any debt or equity

instrument in the issuer company that is the subject matter of the report of the analyst.

• Corporate sustainability reporting - Disclose policies framed and performances achieved in areas of environment

and social responsibility and the impact of these policies on the company’s sustainability.

• Disclose details of material non-compliances- Disclosures should include penalties and strictures imposed on

the company by the stock exchange, SEBI, or any statutory authority during the last three years.

Page 14: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

NASSCOM Corporate Governance and Ethics Report14

Risk Management Framework

The Indian IT-BPO sector is involved in mission critical applications for its customers and is part of a globally integrated

value chain. In today’s complex regulatory and globalised environment, it is imperative for the management to assess

and manage the various risks facing the company. Simultaneously, the board must ensure that there is a robust and

independent system in place to identify the key risks facing the company. This system should be fully aligned with the

overall company strategy and should enable the company to develop and support a true risk management culture.

The management must clearly articulate company’s overall risk strategy and benchmark returns required for undertaking

these risks while clearly communicating company’s risk appetite both internally and externally. Risk identification and

management is an ongoing process, and new risks should be continuously identified and incorporated into the overall risk

framework as they emerge.

• Risk appetite statement- The board should approve a risk appetite statement and review it annually to keep

it aligned with the company’s objectives. Business risks should be viewed in the context of the stated risk

appetite.

• Comprehensive risk assessment reporting- The management/risk committee should present a comprehensive

risk assessment for the business as well as risk minimisation and mitigation procedures to the board of directors

at periodic intervals as determined by the board. It should document the business risks faced by the company,

measures to address and minimise such risks, and any limitations to the risk taking capacity of the company.

Their assessment should be approved by the board. Any significant increase in the level of any identified risk that

exceeds or deviates from the chosen strategy and the board’s approved risk appetite should be brought to the

attention of the board immediately.

• Regular oversight and monitoring of risks

- Every company should have a tailored structure and clear responsibilities outlined for risk monitoring and

oversight at the board level. Appropriate consideration should be given to the skill sets prevalent at the board

level. Certain companies are strengthening risk oversight at the board level by constituting risk committees

and taking away the responsibility for risk oversight (with the exception of financial risks) from the audit

committee.

- The board should explicitly approve the company’s risk governance structure and the risk appetite over the

different areas of the business.

- Additionally, the board and/or its committees must review a) the company’s processes to identify and assess

risks in accordance with the risk policy and appetite b) the processes implemented to track changes to the

internal and external risk environment and changes to risk profile and c) whether actions to minimise or

mitigate risks are properly implemented and reported.

- The board or the board risk committee’s report should be included as a separate report within the annual

report, and should compromise accounts describing the risk management strategy of the company, including

information on the inherent risks, associated risk appetite, actual risk appetite assessed over time and the

effectiveness of the risk management process over such exposures.

- When the company has a risk management executive or board committee, details on the membership of the

committee, its skill sets and experience, the frequency of its meetings, and the source of any external advice

taken should be provided. In situations where a company does not have a risk committee, disclosures should

be made as to how risk oversight responsibilities are dealt with at the board and executive level.

Page 15: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

NASSCOM Corporate Governance and Ethics Report15

CEO and CFO certification relating to internal controls over financial reporting (iCOFR)

Management must put in place a self-assessment process wherein different business units and functions assess the

controls in their respective areas and formally sign off on the efficacy and effectiveness of these controls to the senior

management. Senior management should put in place appropriate supervisory process to ensure the authenticity of the

sign-offs. The deficiencies arising through the self- assessment process should be evaluated, and the cumulative impact

and the status of any remedial action should be reported to and evaluated by the board. The board should compare the

results of the self-certification with auditor assessments of internal controls and question management on inconsistencies

and differences in results.

Shareholder empowerment

An effective two-way communication with shareholders based on a mutual understanding of objectives has to be ensured

by the board. The board should make sure that it is aware of the views of shareholders on issues such as strategy,

performance, quality of leadership and boardroom remuneration. In order to achieve this, it should empower them with

all relevant information needed to take informed decisions and ensure that there are appropriate and adequate systems

and processes to solicit opinions, thoughts and suggestions.

• Adequate systems to ensure maximum participation and voting- Companies must have appropriate systems in

place which enable the shareholders to participate effectively and vote in the shareholder meetings. Shareholders

should also be informed of the rules and voting procedures which govern the general shareholder meetings.

• Appropriate place and timings for board meetings- The shareholder meetings should not be held at an inconvenient

place or time and the company should ensure that shareholders are not exposed to undue hardship when casting

their votes.

• information to shareholders- The company should strive to provide information to its shareholders in an easily

accessible manner. To this end, all relevant information may be published on the company’s website in an easily

navigable format. Such information can include, but may not be restricted to, financial information, disclosures,

corporate governance reports, codes of conduct, investor address mechanisms and key charters, with a view to

provide insights to the shareholder community. Similarly all information should be provided for exercising votes

through postal ballots.

Page 16: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

NASSCOM Corporate Governance and Ethics Report16

Ethical Practices: Customers

The customer influences every aspect of the business and is the foundation of the organisation’s success. In today’s

climate of rapid and chaotic change, “no force is more grounding and stabilising than a partnership with customers.”

Customer partnership is more than putting customers first, finding mutually satisfactory solutions to shared problems,

or a dedication to excellence in every sale or service encounter. It also requires commitment to forging long-term

relationships that create synergies of knowledge, security and adaptability for both parties.

Organisations need to adopt a code of conduct that will be followed by all its stakeholders – for management

and employees. This code should define ethical practices for interacting with customers. Some good practices are

listed below:

• Adherence to client contracts, including maintenance of client data and information in strict confidence-

Adequate measures should be taken to protect client data to avoid the inadvertent leakage of sensitive

information to the competition or making personal information public. Stringent measures should be taken

against breach of confidentiality of client data.

• Prohibition on entering into any gratuitous transactions and discontinuing alliances with vendor-partners

who try to influence decisions by inappropriate means- A system should be instituted for blacklisting vendors

who offer undue inducements for influencing decisions.

• Prohibition on offering any financial inducements to the client representatives with the objective of securing

business- A framework of rules and guidelines should be laid down for enabling employees and directors to take

ethical decisions in conflicting situations. Furthermore, any reports on attempted unfair inducements should

be dealt with severely, upto and including the involuntary resignation of employees.

• Adoption of a reasonable cooling-off-period when moving employees between projects for competing

clients- The ‘cooling-off-period’ is defined as the period during which an employee cannot work for a competitor

client/customer. Introducing a time lag between working with competitor customers ensures that both the

customer’s interests and information are safeguarded. Industry-wide benchmarks should be created to establish

a standard cooling-off period. In case of the BPO sector, maintaining a cooling-off period for two similar processes

between competing clients would be sufficient.

• Establishing clear and unambiguous channels of communication and escalation between company and the

customer to avoid delays- Establishing clear communication channels is imperative for the smooth running of

a project. Effective communication includes informing the clients of any potential delays which could prevent

the delivery of the project within the agreed upon timeframe.

• Conduct in the event of a dispute- In the event of a dispute, both parties should rely on facts rather than

perceptions. Arguments against each party should be well articulated and presented without distorting

facts. If need be, independent arbitrators should be appointed to reach a mutually acceptable solution in an

amicable manner.

• transparency in dealings- Clear transparent processes including those for billing, accounting of time spent

working on a project, and the free sharing of relevant information should be established to promote transparency

and add credibility to the company.

• Maintain confidentiality of company information- Company employees should not disclose any non-public

information to any customer. Any material should be regarded as non-public information, if there is a reasonable

likelihood that it would be considered important to a reasonable investor in making an investment decision

Page 17: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

NASSCOM Corporate Governance and Ethics Report1�

regarding the purchase or sale of the company’s securities. Either positive or negative information may be

considered as non-public information.

• Periodic customer satisfaction surveys- Periodic customer satisfaction surveys should be conducted by an

independent agency to ensure constant monitoring and improvement of customer satisfaction. Most customers

would prefer surveys conducted by an independent research agency to avoid bias. Survey results should be collated

and suitably acted upon. Repeat complaints should be escalated to the higher levels of the company’s management

and leadership.

Corporate Social Responsibility

• Listed organisations should adopt the MCA Voluntary Guidelines on Corporate Social Responsibility.

Page 18: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

NASSCOM Corporate Governance and Ethics Report1�

Ethical Practices: Competitor

To build a sustainable and growing industry, a strong ecosystem of industry players is needed so that all can compete

fairly and collaborate fiercely.

Organisations need to adopt a code of conduct that will be followed by all its stakeholders – for management and employees,

this code should define ethical practices with regards to competitors. Some good practices are listed below:

• Strict prohibition on violation of intellectual Property Rights- Stringent measures should be taken against

employees if they are found to be making unauthorised use of a competitor’s intellectual property rights. Only

publicly available information and research reports available from legitimate sources should be used. All sources

should be acknowledged.

• Sharing of Best Business Practices- Best business practices which would benefit a large section of the industries

should be shared through association events and forums. For eg: through sharing of training methodologies of

different companies, and industry standard training certification programme can be introduced.

• Avoiding the formation of cartels and colluding for unfair purposes- The formation of cartels prevents healthy

competition and eventually leads to a deterioration of industry performance as a whole. Organisations must avoid

cartel formation.

• Respect towards competitors- Any pejorative reference towards a competitor should be strictly avoided. Proposals

should be prepared based on company strengths rather than the competition’s weaknesses.

• Ethical means of hiring employees- Channels such as advertisements in newspapers, websites, radio, television

or specialised recruitment firms should be used to hire employees. Organisations must insist on relieving letter

from the former employer before hiring a new employee. Direct poaching of employees from competitors should

be avoided.

Page 19: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

NASSCOM Corporate Governance and Ethics Report19

Ethical Practices: EmployeesThe success of any organisation’s future business strategy is quite dependent on the commitment levels of its employees.

The organisational leadership is expected to create the understanding that it is only an employee’s total commitment to

excellence that will translate into greater productivity and a very high quality level of service.

Every employee should use the best of his or her skills and abilities to promote the interests and welfare of the company and

to conform to and comply with the directions and regulations of the company. Some good practices are listed below:

• Protecting company assets- Organisational assets should be used only for legitimate business purposes. Any

suspected incident of fraud, mismanagement of company assets or theft should be immediately reported to

appropriate authority.

• Confidentiality of company information- Organisational information should be kept completely confidential and

should not be used for personal purposes. Employees have a fiduciary responsibility to protect the confidential

information, including the information made available and assets developed by them during their employment.

• Avoidance of conflict of interest- Every employee shall perform his or her duties conscientiously. They should

avoid any situation where there could be a potential conflict of interest. The organisational interest should not be

jeopardised for personal gain. All employees are expected to disclose all circumstances that constitute an actual

or apparent conflict of interest. These disclosures shall be made to the Chairman in case of Executive Directors.

Others shall report the disclosures to the CEO of the company.

Below are some situations that can constitute a conflict of interest:

Business interests- Employees are responsible for declaring their business interests at the time of joining and

during the course of their employment. The declaration shall be given by way of an e-mail or a letter to the company

secretary and the copy shall be provided (if required by company policy) to the board of directors as well. Regardless

of any outside business activity, all employees are required to act in the best interests of the company.

Related parties- The employee must not be involved in a significant role in any business transaction with a party

that has a relative of the employee playing a major role. Relatives include but are not limited to the employee’s

father, mother, siblings, grand parents, children, spouse, in-laws, cousins, aunts, uncles, nieces and nephews. If

such an arrangement is unavoidable, the employee must disclose this information.

Assignments outside the organisation- An employee, including the Executive Directors (excluding Independent

Directors) of the organisation shall not accept a position of responsibility in any other company or not-for-profit

organisation without specific permission to do so.

The above shall not apply to (whether for remuneration or otherwise):

a. Nominations to the boards of joint ventures or associate companies.

b. Memberships/positions of responsibility in educational/professional bodies, where such association would

benefit the employee/company.

c. Nominations/memberships in government committees/bodies or organisations.

d. Exceptional circumstances, as determined by the competent authority.

In the case of all employees, the competent authority shall be the Chief Executive, who shall in turn report such

exceptional cases to the board of directors on a quarterly basis. In case of the Chief Executive and Executive

Directors, the board shall be the competent authority.

Page 20: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

NASSCOM Corporate Governance and Ethics Report�0

The employee must make sure that such an engagement does not result in his/her sharing sensitive or propriety

information about the organisation.

The examples cited above are illustrative and not exhaustive. When in doubt, employees are expected to speak

to their immediate supervisor for clarification.

• Ethical conduct- All employees of the company should conduct themselves in an ethical manner. There should

be complete intolerance for unethical practices. Ethical conduct should be demonstrated by the leaders in order

to provide an example for employees and to create a culture of ethical behaviour. Suspected violations should be

reported through the whistleblower channel to an appropriate authority. This includes compliance with laws and

regulations and the preservation of human rights. Furthermore, it is equally important that third parties should

perceive the company and its employees as being ethical.

• Political non-alignment- All employees shall be committed to and support the constitution and governance

systems of the country in which it operates. The company should remain a neutral legal entity. The employee’s

conduct shall preclude any activity that could be interpreted as mutual dependence/favour with any political body

or person. Personal involvement with political parties should be carried out solely during personal time and by

deploying personal resources. Giving the impression that a company is favouring a party should also be construed

as a violation.

• Special reporting obligations and procedures relating to concerns regarding accounting or auditing practices-

Employees should bring to the attention of the audit committee of the company any questions, concerns or

complaints they may have regarding accounting, internal accounting controls or auditing matters. The audit

committee should have established procedures for the receipt, retention and treatment of complaints received by

the company regarding accounting, internal accounting controls and auditing matters as well as the confidential or

anonymous submission by employees on concerns regarding what they may perceive as questionable accounting

or auditing matters.

• Concurrent employment- Employees are expected to devote their full attention towards their job and perform their

roles and responsibilities with undivided efforts. The organisation prohibits any employee from accepting concurrent

employment with a competitor, supplier or customer. Additionally, any areas of interest or other employment,

including self-employment, which the employee engages in and which might lead to a conflict of interest or the

employee using organisation time and resources in an improper manner must be disclosed immediately to the

organisation.

• Gifts and donations- No employee shall directly or indirectly solicit, accept or retain illegal payments, renumeration,

gifts, entertainment, trips, discounts, services or other benefits from any organisation or person doing business with

the company or competing with the company. Gifts and entertainment are permissible provided they are modest and

part of normal business courtesy and hospitality. The total value of such a gift or entertainment should be decided by

each individual organisation, but is generally less than USD 50. Furthermore, any gift/entertainment should not be so

large as to influence or reasonably appear capable of influencing a person to act in a manner not in the best interest of

the company.

Page 21: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

NASSCOM Corporate Governance and Ethics Report�1

• Public representation code- Every organisation must honour the information requirements of the public and

its stakeholders. In all its public appearances, with respect to disclosing company and business information, the

organisation should be represented only by designated directors and employees. It is the sole authority of these

representatives to disclose information about the company in a public forum.

Ethical Practices: Company as an “Employer”

An organisation is driven by the desire to make a difference to its customers by delivering extraordinary value. It is vital

for the organisational leadership to attract, motivate and retain committed people for future business objectives.

Every employer should undertake to provide a congenial work environment for its employees, one that promotes

development, learning and fair practices. Some good practices are listed below:

• Physical environment- Each organisation should be committed to creating a safe work environment which

considers both the employee’s interests as well as those of the community at large. One of the core values of

the organisation should be to minimise wastage of natural resources and to strive towards economic, social and

environmental sustainability.

• Sexual harassment- Every organisation should provide a work environment where an employee’s privacy and

personal dignity is maintained. Appropriate and discrete channels to report any acts of abuse should be maintained,

and employees should be informed of their existence. Organisation should take stringent actions to deal with

such reported incidents.

• Grievance handling- A grievance handling cell should be maintained by every company. The types of grievances

handled by the cell can include but are not limited to issues relating to the employee’s contract, workplace rules or

regulations, policy or procedure, health and safety regulation, past practice, changing the cultural norms unilaterally,

individual victimisation, wage, bonuses, etc. The employer should be empathetic towards the grievances reported

and should investigate thoroughly prior to the disposal of the case. This will create confidence in the company and

promote a productive work environment.

• Ethnic/racial discrimination- It is the responsibility of the organisation to select, place and pay all employees on

the basis of their qualifications for the work to be performed without discrimination on the basis of race, religion,

national origin, ethnicity, colour, gender, age, citizenship, sexual orientation, veteran status, marital status, disability

or any other characteristic protected by law.

• Openness to address policy- Government interface- Every organisation should comply fully with all applicable

laws and regulations that apply to Government contracting. It is also necessary to strictly adhere to all terms and

conditions of any contract with central, local, state, federal, foreign or other applicable Governments.

• Security issues- Every organisation handling sensitive client data will need to ensure that strict levels of controls

and processes are implemented to ensure confidentiality of data. Organisations also need to have the requisite

infrastructure and well defined policies in place to ensure the safety of information and employees.

• Equal opportunity to all employees- Organisations must recognise that it is essential to provide equal opportunities

to all persons without discrimination. They must promote diversity and equality in the workplace, as well as

Page 22: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

NASSCOM Corporate Governance and Ethics Report��

compliance with all laws, while encouraging the adoption of international best practices.

• Statutory compliances- Compliance with all applicable laws and regulations is an essential part of good governance

for any company. Companies need to build robust systems to identify new requirements applicable to them and to

report compliance with existing and new provisions. Any acts of non-compliance should be dealt with severely.

Ethical Practices: vendor Partners

In today’s era of systemic innovation characterised by the need for speed and flexibility, organisations that want to operate

efficiently and win customers must build effective supplier relationships. An effective supplier relationship balances

negotiations on price, quality and delivery schedules with well-defined internal processes that eliminate the friction that

costs both time and money.

Organisations need to adopt a code of conduct that will be followed by all its stakeholders - management and employees

that defines ethical practices with vendor partners. Some good practices are listed below:

• Maintain fair and transparent dealings- It is essential for every company to maintain fair dealings with vendors.

These practices promote long-lasting relationships.

• Gifts and donations- The company should have a policy restricting the giving or accepting of inappropriate gifts

that could influence business decisions. Customary insignificant value gifts may be permissible, however they

should specifically be allowed by the company. Any attempt to influence business decisions in an inappropriate

manner should be severely dealt with.

• Avoid vendor relations with family or relatives- Business proposals from friends, family and relatives should not

be encouraged and should be evaluated by an independent panel. Any such potential conflict of interest should

be disclosed to the company.

• Feedback and communications- Organisations must have mechanisms in place through which suppliers can

express their views and share feedback openly and without any fear of reprisal. Furthermore, all dealings of the

organisation with the vendor partners should be conducted in a fair and transparent manner.

Page 23: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

NASSCOM Corporate Governance and Ethics Report�3

Key elements of a whistleblower policy

Whistleblowing is the reporting, by employees or other stakeholders, of wrongdoing such as fraud, malpractice,

mismanagement, breaches of health, environment and/or safety laws or any other illegal or unethical act, either on the

part of management or by employees.

It is an act where any stakeholder comes to a decision to express a concern over which he has genuine doubt and which

is raised in good faith.

Aim of the whistleblower policy

The policy is aimed at achieving the following objectives:

• Encouraging various stakeholders to feel confident in raising serious concerns

• Providing ways to raise their concerns

• Ensuring that they get a response to their concerns

• Reassuring them that if their concerns are raised in good faith, they will be protected from victimisation

• Initiating action, where necessary, to set right the concern raised

• Ensuring that the policy is not abused

Definition of whistleblowing

Whistleblowing is the deliberate, voluntary disclosure of individual or organisational malpractice by a person who has or

had privileged access to data, events or information about an actual, suspected or anticipated wrongdoing within or by

an organisation that is within their ability to control.

In this context, it is important to understand what ethical conduct entails and the definition of malpractice.

Ethical conduct is critical to our business. This document has been created to promote ethical conduct and to assist each

of us in our efforts to maintain and enhance our reputation and standing in the corporate world. The topics covered in this

policy are of the utmost importance to organisations, employees, shareholders, customers and vendors. There may be

ever increasing expectations from corporate organisations. We should not only be meeting those expectations, we should

be exceeding them. Ethical standards are not static – they increase and evolve with time, and we must stay ahead of the

curve. In short, conducting business with complete honesty, fairness, openness and integrity plays a vital role in ensuring

continued growth and success and helps achieve the goals.

To sustain trust and confidence, integrity and good judgment must be the cornerstones for all the decisions we make.

It has therefore become imperative that organisations have a Code of Business Conduct & Ethics (COBCE) defining policies

on the use of company resources, sexual harassment in the workplace, managing conflicts of interest and maintaining

confidentiality of company information, etc. The COBCE is designed to help employees recognise and deal with such

ethical issues arising at the workplace.

While this document provides guidance for employer and employee conduct in a number of areas, it does not serve as a

substitute for individual responsibility to exercise good judgment, as a single document cannot address every business

situation that may occur.

ANNExuRE

Page 24: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

NASSCOM Corporate Governance and Ethics Report�4

Malpractice refers to misconduct or breach of duty in the performance of a professional service that results in a financial

and/or reputation loss.

Malpractice is any activity by an employee that is undertaken in the performance of the employee’s official duties, whether

or not that action is within the scope of his or her employment, and that:

1. is in violation of any law or regulation of India or any other country under whose laws the employee is governed,

including, but not limited to, corruption, malfeasance, bribery, theft of property, fraudulent claims, fraud, coercion,

conversion, malicious prosecution, misuse of property, misuse of confidential information of the Company/Associate

Companies/Clients/Vendors or willful omission to perform duty, or

2. is in violation of code of conduct of the company

3. is economically and/or environmentally wasteful/harmful, or

4. involves abuse of authority, gross misconduct, or

5. any directive to violate or assist in violating an applicable law, rule or regulation or any order to work or cause others

to work in conditions outside of their line of duty that would unreasonably threaten the health or safety of employees

or the public, or

6. unethical and improper practice (e.g., a decision being taken on the basis of personal relationship/gain rather than

merit), or

7. Misstatement in the company’s financial records which include time sheets, sales records and expense reports and

distorting the true nature of the transaction

8. Misstatement about the products and services of the company

9. Any act in the nature of a restrictive trade practice

Abuse of authority- Committing an act, decision or conduct with the intent to intimidate, harass or treat another stakeholder

unreasonably under the applicable facts and circumstances.

Gross Misconduct- Violation of the law, infringement of the company’s code of conduct or ethics and harassment policies,

environment policy and/or misappropriation of money, gross waste, and actual or suspected fraud.

unethical and improper practice- Any act which does not conform to approved standards of social or professional behavior,

which leads to unethical business practices or morally offensive behavior.

Whistleblowing domain

Strong business ethics should form the basis for the relationships with employees, customers, partners, competitors,

suppliers, government, shareholders, society and colleagues. Actions that fall short of, or even appear to fall short of these

standards can only undermine the business integrity, standards of excellence, and ultimately, the success.

This policy aims to enable stakeholders to raise their concerns about any malpractice, impropriety, abuse or wrongdoing

at an early stage and in the right way, without fear of victimisation, subsequent discrimination or disadvantage. The

policy is intended to encourage and enable the stakeholders to raise concerns with the company rather than overlooking

the problem.

It should be emphasised that this policy is intended to assist stakeholders who believe they have discovered malpractice,

impropriety, abuse or wrongdoing. It is not designed to question financial or business decisions taken by the company, nor

Page 25: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

NASSCOM Corporate Governance and Ethics Report�5

should it be used to reconsider matters which have already been addressed pursuant to disciplinary or other procedures

of the company.

The scope of whistleblowing is not confined to internal organisational issues. It extends to external relations (i.e. customers,

partners, competitors, vendors, other external agencies – statutory/others and society at large) as well.

Ombudsperson concept

It is important for organisations to provide a robust structure for stakeholders across the globe to raise their concerns.

Organisations can introduce the concept of an ombudsperson to give stakeholders the confidence and accessibility to

raise their concerns.

An ombudsperson is one who investigates reported complaints, report’s findings and helps to achieve equitable settlements.

An advocate of ‘fairness’, he/she is expected to resolve conflicts and employee concerns in the organisation, guided by

the principles of justice, objectivity, confidentiality and independence.

The ombudsperson should preferably be a person from the company’s senior management. The key characteristics of an

ombudsperson is his/her impeccable reputation for integrity; they should be known as a just and trustworthy person. It

is also necessary for an ombudsperson to have excellent problem-solving and conflict resolution skills. He/she should be

an excellent communication conduit between conflicting parties to find a solution. An upholder of human values in the

organisation, the ombudsperson should possess the sensitivity to view a situation from different perspectives.

The responsibilities of an ombudsperson are listed below:

• Providing options to whistleblowers with ethics concerns. The ombudsperson is responsible for resolving ethical

dilemmas by interpreting policies and procedures

• Evaluating the situation, helping stakeholder/s organise their thoughts, assessing their feelings, and deciding on

what is important and relevant to the specific circumstance

• Ensuring that the stakeholder/s blowing the whistle are protected against any abuse, bias or improper treatment

• Ensuring confidentiality of the stakeholder/s, if desired by them

• Investigating the concerns raised by the stakeholder/s and reporting the findings of this investigation

• Taking appropriate action to resolve the issue

• Working towards strengthening the policies and procedures based on his/her understanding and the outcome of

the investigation.

Reporting mechanisms

Once a clear and well-articulated ethical conduct policy is in place, there should always be mechanisms to ensure that any

non-compliance to these policies is quickly resolved.

Employee education- Awareness about the importance of ethical conduct has to begin early. There are various ways of

creating this awareness:

• New recruits- The ethical conduct policy should form a part of the induction program for new recruits to make

them aware of the rights and responsibilites they have under the policy. An online ethical conduct training module

could be made compulsory for new employees to go through, and they could be required to sign off to confirm

that they have read and understood the policy.

Page 26: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

NASSCOM Corporate Governance and Ethics Report�6

• Case Studies- It is always a challenge to build a shared understanding of what constitutes ethical conduct. There

may be varying levels of maturity on the subject within an organisation. An effective way to educate employees

is through the usage of case studies. Case studies should articulate what an individual’s response should be to a

particular practical situation. Case studies should also cover instances of wrongdoings and how the matter was

reported, investigated and what action was taken. FAQs based on case studies & hypothetical situations could be

made available to the employees on the organisation’s intranet.

• Web chat- Web chats by the senior management at regular intervals is another way of educating employees.

Employees can be encouraged to raise their doubts and a member of the senior management team can respond. A

transcript of the chat can also be later published on the company’s intranet, thereby forming a reference document

for employees.

• Yearly review of the policy and sign off by employees- To reinforce the importance of ethical conduct, employers

must review the policy once a year. Once reviewed, the revised policy can be hosted on the intranet and employees

should sign off confirming that they have read and understood the policy.

• Poster and mailer campaigns- These can be used as strong communication channels to ensure top of mind recall.

Feedback on the effectiveness of such campaigns could be obtained by means of questionnaires, opinion polls,

etc. Classroom training/role playing could be employed to create awareness.

• All stakeholders should be made aware of their rights under the policy. These rights can be mentioned in the

purchase orders/RFPs/proposals/Annual Report, etc. Additionally, the policy should be posted on the company’s

website.

Reporting- Once awareness is created, it is important to establish safe routes for stakeholders to communicate their

concerns. Individuals (like an ombudsperson) or groups (like the compliance committee) outside the normal chain of

command should be appointed to receive complaints of irregularities or other concerns. These people should have appropriate

seniority and be well respected. They need diplomatic skills and should enjoy a reputation for honesty, impartiality and

fairness. Stakeholders should know who they are and how they can be contacted in confidence.

Stakeholders can also participate in reporting programmes that may be open for a specific duration to report wrongdoings.

These programmes should be well publicised and happen at regular intervals, preferably once a quarter. During this

period, a strong and focused communication drive could be activated which would detail the kind of concerns that one

could raise.

Reporting channels- The reporting channels identified should help to make the process of raising a concern more

comfortable for a stakeholder, though confidentiality about the issues raised should be maintained. Stakeholders should

be made aware of how to report concerns and to whom they should address their concerns. Below are several different

channels that can be used to report concerns:

• internal channels- A stakeholder can communicate his/her concerns directly to the identified individuals

(ombudsperson) or committee (compliance committee) within the organisation through a face-to-face meeting,

e-mail, telephone call, fax or any other method.

• third party- Stakeholders can also raise their concerns with identified external entities like regulatory authorities

and external auditors. While external whistleblowing is a qualitatively distinct step from internal disclosure -it is

done only once stakeholders come to believe that internal channels are closed to them.

• 24x7 call centers and help lines- Organisations can share the numbers of internal or external call centers/help

lines where stakeholders can call and raise their concerns. This is usually suitable for organisations that are large

Page 27: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

NASSCOM Corporate Governance and Ethics Report��

in size and operate from multiple locations.

• Website and e-mails- There can be a section on the company’s website or a dedicated e-mail id where an individual

can post their concerns. The concerns raised through this channel can then be re-directed to the identified individuals

or committee.

• Anonymous reporting- Stakeholders can also raise their concerns anonymously using any of the above channels.

They can also be allowed to raise their concerns by forwarding a sealed envelope to the identified individual or

committee.

Remediation and investigation

First level investigation- Once any disclosure of concern has been made by a stakeholder, the relevant authorities to whom

the disclosure has been made will begin their investigation.

the ombudsperson- The relevant authorities include the ombudsperson, as defined in this document. The ombudsperson

can be a member of the senior management (e.g. CFO, COO, Head HR and Chief Legal Officer). The head of HR can be the

chairperson of the compliance committee. It is the responsibility of the chairperson to convene a compliance committee

depending upon the nature of the complaint. The compliance committee will be made up of members from the senior

leadership team as well as the ombudsperson.

A stakeholder who becomes aware of alleged wrongful conduct is encouraged to make a disclosure to the ombudsperson.

The disclosure made must relate to an event that has occurred no earlier than one year from the date of disclosure.

In order to allow the company an opportunity to investigate alleged wrongful conduct and to take necessary internal

corrective action, stakeholders are encouraged to make a report in writing to disclose the alleged wrongful conduct.

If the stakeholder is unwilling or unable to put an oral disclosure in writing, the ombudsperson who investigates the

disclosure will prepare a written summary of the stakeholder’s disclosure and provide a copy to the stakeholder. The

stakeholder may submit a written supplement to the company officer/committee who prepared the summary no later

than 10 days after the receipt of the summary. Failure to submit a supplement within 10 days will constitute acceptance

of the summary as an accurate statement of the disclosure made by the stakeholder. It is the duty of all employees to

cooperate during the course of investigation.

investigation and decision process

Once a disclosure of concern has been made by a stakeholder, the ombudsperson to whom the disclosure has been made

shall investigate the concern either by himself or through any other person deemed necessary by him. The investigation

by the ombudsperson includes the following steps:

• Obtain full details and clarifications of the complaint

• Consider the involvement of any other internal or external investigation agency or person

• Fully investigate the allegation with the assistance, where appropriate, of other individuals/bodies

• Prepare a detailed written report and submit it to the compliance committee no later than 30 days from the date

of disclosure of the concern

Whilst the purpose of this policy is to enable the company to investigate concerns raised by stakeholders and take appropriate

steps to deal with them, the company will give the stakeholders as much feedback as possible.

The company may not be able to inform the stakeholder about the precise action taken where this would infringe a duty

Page 28: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

NASSCOM Corporate Governance and Ethics Report��

confidence owed by the company to someone else.

The company will take steps to minimise any difficulties which the stakeholder may experience as a result of raising the

concern. Thus, if the stakeholder is required to give evidence in criminal or disciplinary proceedings, the company will

arrange for the stakeholder to receive advice about the procedure, etc.

Rules for investigation and decision by the compliance committee

The compliance committee shall, in consultation with the audit committee of the board of directors, frame and circulate

such rules as may be deemed necessary to enable fair conduct of the inquiry, investigation and the decision.

The compliance committee will, based on the findings in the written report submitted by the Ombudsperson and after

conduct of such further investigation as it may deem fit, come to a final decision in the matter not later than 30 days

from the date of receipt of the written report.

If the complaint is shown to be justified, then the compliance committee shall invoke disciplinary or other appropriate

actions against the defaulting employee as per company procedures.

A copy of the decision should be sent in writing to the audit committee of the board of directors.

A person against whom a complaint is made (hereafter known as the subject), will normally be informed of the allegations

at the outset of a formal investigation and will have opportunities to provide their inputs during the investigation.

Subjects shall have a right to consult with a person of their choice, other than the investigatiors and/or members of the

audit committee and/or the whistleblower. Subjects shall be free at any time to engage counsel at their own cost to

represent them in the investigation proceedings.

Subjects have a responsibility not to interfere with the investigation. Evidence shall not be withheld, destroyed or tampered

with, and witnesses shall not be influenced, threatened or intimidated by the subjects.

All decisions by the compliance committee shall be agreed upon by a simple majority. In the event of a tie, the matter

should be referred to the audit committee for a final decision in the matter.

The lessons learnt should be documented for reference or to be considered in relation to revisions to existing policies/

processes/procedures.

Regular disclosure

The audit committee should be informed of the investigation process, reports and decisions taken with respect to each

and every case reported under this policy.

The number of complaints received and addressed can be disclosed in the annual report under “Corporate Governance.”

Appeal against the decision of the compliance committee

If the whistleblower or the person against whom a complaint has been made are not satisfied with the decision of the

compliance committee, then either of the parties will be allowed to appeal the decision before the audit committee within

30 days from the date of the decision taking effect.

The audit committee will make a decision on the matter within 30 days of an appeal, and the decision of the audit committee

will be final and binding on all the parties.

Page 29: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

NASSCOM Corporate Governance and Ethics Report�9

Reporting in good faith

Every stakeholder must read and understand the policies, abide by them and report any violations. It is recommended that

the stakeholder who decides to take on the responsibility of being a whistleblower does so after gathering facts and/or

data to substantiate his/her accusations, and to avoid raising suspicions based on hearsay and rumours. All reporting

must be done in good faith. No action will be taken against the stakeholder if the reporting is done for the larger benefit

of the organisation but is not confirmed by subsequent investigation. However, the organisation will take action against

any reporting which is done with malicious intent and/or vested interests on the part of the whistleblower.

While the company will ensure that genuine whistleblowers are accorded complete protection from any kind of unfair

treatment as defined below, any abuse of this protection will warrant disciplinary action.

Protection under this policy would not mean protection from disciplinary action arising as a result of false or bogus allegations

made by a whistleblower who knowingly makes false or bogus allegations or does so with malafide intention.

Whistleblowers who make three or more protected disclosures which have been subsequently found to be malafide,

frivolous, baseless, malicious, or reported in bad faith will be disqualified from reporting further protected disclosures under

this policy. With respect to such whistleblowers, the company/audit committee reserves the right to take or recommend

appropriate disciplinary action.

“Protected disclosure” means any communication made in good faith that discloses or demonstrates information that

gives evidence of unethical or improper activity.

Non-retaliation and non-harassment policy

Any stakeholder who raises a concern in good faith will be protected from the threat of retribution, victimisation, discharge

or discrimination.

The ombudsperson, compliance committee and audit committee will ensure that no action will be taken against a stakeholder

who makes an allegation or raises a concern in good faith, if the claim can reasonably be believed to be true. They will also

ensure that there is no harassment or victimisation of a stakeholder who has raised a concern in good faith.

In case the stakeholder believes that he or she has been retaliated against for disclosing concerns under this policy, he/she

may file a written complaint to the ombudsperson requesting that appropriate action be taken. Such retaliation by an

employee, including his immediate superior, may be brought to the attention of the compliance committee as well.

Alternatively in case of any concern relating to a member of the compliance committee including the ombudsperson, the

same shall be referred to the audit committee.

In all cases, the concerned committee will direct an investigation against such employee or superior and ensure that

appropriate action is taken according to the organisation’s policy on disciplinary action.

Guiding principles

To ensure that the policy helps pre-empt the occurrence of misconduct, the following principles must be kept in mind:

• The organisation will ensure that the ‘whistleblower’ is not victimised in any way. Though the revelation of his/her

identity can make the investigation stronger by having the whistleblower be a witness, if the whistleblower so

chooses, he/she should be allowed to maintain anonymity.

• In the event of the stakeholder wishing to maintain his/her anonymity, the stakeholder must understand that

Page 30: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

NASSCOM Corporate Governance and Ethics Report30

the organisation will not be able to provide any information regarding the findings of the investigation.

• Victimisation of whistleblowers will be treated as an act warranting disciplinary action as per the policy on

disciplinary action.

• The Whistleblowing policy is not intended as a channel for raising concerns regarding personal issues. It is expected

that such issues will be dealt with as per the relevant organisation policy on grievance handling.

Record retention

An organisation must have a central repository of all cases dealt with under this policy. This repository could be in the

form of updates to the company’s intranet, a website or reports maintained on a server. Care should be taken that this

data is securely stored. The concerns raised, investigation reports and actions taken should be recorded and maintained

for at least 7 years from the date of publishing the final report to audit committee.

Details of modifications brought about in policies/processes/procedures as a result of the outcomes of investigations

undertaken in cases dealt with under this policy should also be maintained.

Stakeholder acknowledgement

Based on the report of the compliance committee or upon its own findings, the audit committee, in consultation with

the senior management, will ensure that where required, remedial action is taken in a timely manner depending on the

gravity of the misconduct. This action will be in accordance with the applicable laws. The stakeholder raising the concern

shall be given the necessary feedback on the concern raised in a timely manner unless such feedback is prevented by legal

constraints.

Page 31: Corporate GovernanCe and ethiCs report€¦ · 5 NASSCOM Corporate Governance and Ethics Report COMMittEE MEMBERS Chairman 1. Mr. N. R. Narayana Murthy, Chairman and Chief Mentor,

International Youth CentreTeen Murti Marg, ChanakyapuriNew Delhi 110 021, IndiaT 91 11 2301 0199 F 91 11 2301 [email protected]