2023-24 Annual Report

Download Report Menu

Corporate Overview
Value Creation
Capitals
ESG
Statutory Reports
Financial Statements

About CAMS
Business Segment Offerings
Diversified Business Offerings
Key Highlights
Chairman’s Message
Managing Director's Message

Board of Directors
Leadership Team
CEO’s of Subsidiaries
Awards and Accolades
Corporate Information

Business Model
Strategy
Stakeholder Engagement
Materiality
Risk Management

Financial Capital
Manufactured Capital
Intellectual Capital
Human Capital
Natural Capital
Social & Relationship Capital

Promoting Welfare of Communities
Creating Sustainable Value
Corporate Governance

Notice
Board’s Report
Corporate Governance Report
Management Discussion and Analysis
Business Responsibility & Sustainability
Reporting

Independent Auditors’ Report on Standalone Financial Statements
Standalone Financial Statements
Independent Auditors’ Report on Consolidated Financial Statements
Consolidated Financial Statements

Home
Corporate Overview
Value Creation
Capitals
ESG
Statutory Reports
Financial Statements

Home > Value Creation > Risk Management

Risk Management

Proactive Risk Management for Effective Control

A robust Enterprise Risk Management (ERM) framework implemented across all businesses and functions enables CAMS to effectively identify and mitigate known as well as potential risks. It adopts best ERM practices, in line with the Company’s specific risks and business environment, and is annually reviewed by the Board.

The framework was further strengthened and risk governance was enhanced with support and recommendations by KPMG. Keeping up with the suggestions, we introduced risk champions, embedded risk management with our first line of defence, solidified three lines of defence, and created clearer and more detailed records of our ERM, risk appetite, and KRI.

Risk Governance at CAMS

Board of Directors

Risk Management Committee of the Board of Directors

Internal Risk Management Committee

Risk, Compliance and Audit Team / Business Units

Enterprise Risk Management at CAMS

Enterprise Risk Management is a comprehensive framework designed to manage organisational risk, encompassing concerns ranging from employee safety, securing sensitive data, meeting statutory regulations, and preventing financial fraud. Simply put, it is an integrated approach to managing risks and its extended networks.

The Board reviews the ERM framework on annual basis to set the tone from the top, with a view to protect the enterprise from potential harm and create opportunities to improve business performance. The Board Committee and Internal Committee(s) are responsible for implementing and tracking ERM projects until completion.

Cybersecurity Risk
Operational Risk
Regulatory Risk
Compliance Risk
Concentration Risk

Most of our operations are digitally driven and involve extensive interaction with a substantial volume of client data. The inability to adequately safeguard this data from cybersecurity breaches and ensure data privacy has the potential to significantly impact our reputation and result in financial losses.

Capitals at risk:

KRI Monitered:

This metric serves as a comprehensive measure of our overall security posture and is presently at 790.

SDGs impacted:

We have a robust technology committee-governed cybersecurity policy which is regularly audited by internal and external teams including external specialist firms

Our cybersecurity strategy is fortified by the deployment of advanced solutions, including:

Darktrace Enterprise Immune System:

Leveraging state-of-the-art machine learning algorithms, this system enables the proactive monitoring and detection of unpredictable threats.

Enterprise Security Assessment Solution (SAFE):

This solution continuously evaluates multiple vectors of security and provides a current score of 4.7 out of 5.0, as of March 31, 2024.

Endpoint Detection Response (EDR) Solution:

Powered by AI and ML algorithms, this system identifies and responds to unknown cyber threats or abnormal behaviours on endpoint devices such as desktops and laptops.

We face risks relating to errors or omissions in our operations that could lead to significant monetary and reputational losses.

Capitals at risk:

KRI monitored:

Critical Incident Reporting tracker and proactive monitoring of potential risks.

SDGs impacted:

From transactional accuracy perspective, the quality of data captured is above 99% on consistent basis, achieved through combination of double data entry, multiple checkers, systemic validations, etc.

To avoid any delay in delivery, “Work To Finish” Dashboard – Consolidated MIS, clearly highlighting the pendency which need to be completed on the same day is monitored.

Continued automation, risk mitigation systemic projects, and digitalising manual processes are the highly concentrated areas for senior management.

Our businesses are guided by various regulators which subject us to periodic audits from them. Any non-compliance to regulations could result in observations from authorities like SEBI, IRDAI, RBI, and MCA, which can expose us to warnings, penalties, and even cancellation of licenses.

Capitals at risk:

KRI monitored:

Internal compliance monitoring tools including Legatrix – which is an external third-party tool for identifying any potential violations or defaults

SDGs impacted:

A central team is in place in the Mutual Fund area, where the known observations are tracked almost on a LIVE basis for ensuring compliance and rectification, wherever required.

Internal Auditors have been appointed to audit and provide reports on a concurrent basis. This is in addition to audits initiated by the clients.

The risk review by the Risk Team and the new way of verification in the form of RAID (Risk Assurance through Inspection and Detection) have all contributed to minimal critical observations by the regulators.

We are required to comply with a host of regulations like reporting to government agencies and regulators timely, error-free fulfilment of regulatory requirements. Any default could result in fines and penalties.

Capitals at risk:

KRI monitored:

Internal compliance monitoring tools like Legatrix, Dashboard-based monitoring, and specific set of individuals tracking the compliance.

SDGs impacted:

Vintage manpower is in place in compliance, enabling extensive interpretation and implementation of systemic solutions and exploring automation opportunities.

Continuous monitoring and testing of the control effectiveness aid in an error-free environment.

Third line of defence in the form of an extensive audit, initiated internally or by clients and regulators acts as another layer of assurance.

Client servicing is becoming increasingly complex & dynamic, and the Company is required to ensure utmost client satisfaction to retain the existing clients. Given the limited number of clients serviced, the Company faces concentration risk which could impact its revenue.

Capitals at risk:

SDGs impacted:

During the last few years, the Company has been actively diversifying into new business lines, which resulted in an increased contribution of the non-mutual fund revenue to the overall revenue.

The client satisfaction survey results, ability to attract new MF clients, technology, and product innovation have all contributed to higher customer satisfaction scores.