UNIINFO TELECOM SERVICES LIMITED

POLICY FOR RISK MANAGEMENT

1. PREAMBLE

The Securities and Exchange Board of India (Listing Obligations and Disclosure
Requirements) Regulations, 2015 ("SEBI LODR") came into force from December 1, 2015.
As per the Regulations of SEBI LODR, Uniinfo Telecom Services Limited ("the
Company") is required to frame a Policy for Risk Management ("Policy")

As per Regulation 17 of the SEBI (LODR) Regulations, the Board of Directors ("Board")
shall be responsible for framing, implementing and monitoring the risk management plan for
the listed entity.

In accordance with Section 134(3)(n) of the Companies Act, 2013, a company is required to
include a statement indicating development and implementation of a risk management policy
for the company including identification therein of elements of risk, if any, which in the
opinion of the Board may threaten the existence of the company.

Accordingly, to mitigate and manage risk at the Company, the Company has formed the
Policy for the same. This document shall be under the authority of the Board of the
Company. It seeks to identify risks inherent in the operations of the Company and provides
guidelines to define, measure, report, control and mitigate the identified risks.

The Board of the Company on January 17, 2018 has adopted the Policy

2. OBJECTIVE

The objective of the Policy of the Company is to create and protect shareholder value by
minimizing threats or losses, and identifying and maximizing opportunities. This Policy is
being applied in order to ensure that effective management of risks is an integral part of
every employee’s job.

These include:

a) Providing a framework, that enables future activities in a consistent and controlled

manner;

b) Improving decision making, planning and prioritization by comprehensive and structured

understanding of business activities, volatility and opportunities/ threats;

c) Contributing towards more efficient use/ allocation of the resources within the
organization;

Page 1 of 6
 d) Protecting and enhancing assets and company image;

e) Reducing volatility in various areas of the business;

f) Developing and supporting people and knowledge base of the organization; and

g) Optimizing operational efficiency.

3. DEFINITION

In this Policy, unless the context otherwise requires:

a) "Audit Committee or Committee" means Committee of Board of Directors of the

Company in accordance with the provisions of the Companies Act, 2013 and as per SEBI
LODR;

b) "Company" means Uniinfo Telecom Services Limited, a Company constituted under

the provisions of Companies Act, 1956.

c) "Board of Directors" or "Board" in relation to a Company, means the collective body of

Directors of the Company.

d) "Policy" means Risk Management Policy of the Company.

4. RISK MANAGEMENT

a) The Company shall lay down procedures to inform the Board members about the risk
assessment and minimization procedures.

b) The Board shall be responsible for framing, implementing and monitoring the risk
management plan for the company.

c) The Company will also constitute a Risk Management Committee or other committee as
it may deem fit. The Board shall define the roles and responsibilities of the Risk
Management Committee and may delegate monitoring and reviewing of the risk
management plan to the Committee and such other functions as it may deem fit.

5. RISK MANAGEMENT FRAMEWORK

The Board is required to review the business plan at regular intervals and develop the risk
management plan ("Risk Management Strategy") which shall encompass laying down
guiding principles on proactive planning for identifying, analyzing and mitigating all the
material risks, both external and internal including environmental, business, operational,

Page 2 of 6
 financial, political and others. Risk Management Strategy should be communicated to
various levels of the management for effective implementation in the Company.

The Board and Audit Committee are required to carry out the following role for governing
risk management:

a) The Board’s role to ensure framing, implementing and monitoring risk management plan,
having in place, systems for risk management as part of internal controls with duty being
cast upon Independent Directors to bring unbiased approach during the Board’s
deliberations on making risk management systems very strong and effective.

b) The Audit Committee’s role, is to evaluate the risk management systems.

c) This policy shall complement the other policies of the Company in place e.g. Related
Party Transactions Policy, to ensure that the risks, if any, arising out of Related Party
Transactions are being effectively mitigated.

6. IDENTIFICATION OF RISK AND ANALYSIS

Risk Identification is obligatory on all vertical and functional heads, who with the inputs
from their team members, are required to report the material risks to the chairman and
managing director and whole time directors of the Company along with their considered
views and recommendations for risk mitigation.

Analysis of all the risks thus identified shall be carried out by Board of the Company through
participation of the vertical/functional heads and a preliminary report shall be placed before
the Risk Management Committee.

Risk identification:

To identify organization’s exposure to uncertainty, risks which may be classified in the

following:

a) Strategic

b) Operational

c) Financial

d) Hazard

e) Political

Risk Description:

Page 3 of 6
 The identified risks should be displayed in a structured format.

Risk Evaluation:

After risk analysis, a comparison of estimated risks against organization risk should be
carried out. This should be used to make decisions about the significance of risks and
whether each specific risk is to be accepted or treated accordingly.

Risk Estimation:

Risk can be quantitative, semi quantitative or qualitative in terms of probability of occurrence

and possible consequences. The impact level of risk on performance and profit needs to be
estimated as both threat and opportunity.

Reporting

a) Internal Reporting

i. Risk Management Committee

ii. Board of Directors

iii. Vertical Heads

iv. Individuals

b) External Reporting

i. To communicate to the stakeholders on regular basis as part of Corporate Governance.

7. BOARD APPROVAL

The action plan and guidelines decided by the Risk Management Committee shall be
approved by the Board before communication to the Key Managerial Personnel for
implementation.

The Board shall approve the Risk Management Strategy (including risk treatment), control
structure and policy guidelines and delegate authority and accountability for risk
management to the Company’s executive team.

8. RISK TREATMENT

Page 4 of 6
 Risk Treatment includes the process of selecting and implementing measures to mitigate
risks and to prioritize risk control actions in terms of their potential to benefit the
organization. Risk treatment includes risk control/mitigation and extends to risk avoidance,
risk transfer (insurance), risk financing, risk absorption etc. for:

a) Effective and efficient operations

b) Effective Internal Controls

c) Compliance with laws & regulations

Risk treatment shall be applied at all levels through carefully selected validations at each
stage to ensure smooth achievement of the objective.

9. RISK REGISTERS

Risk registers shall be maintained showing the risks identified, treatment prescribed, persons
responsible for applying treatment and status after the treatment etc.

Risk managers and risk officers will be identified for proper maintenance of the risk registers
which will facilitate reporting of the effectiveness of the risk treatment to the Risk
Management Committee, Audit Committee and the Board.

The Board shall have the discretion to deal with certain risks (may be called key or highly
sensitive risks) in the manner it may deem fit. Mitigation of such highly sensitive/key risks
and effectiveness of their mitigation measures and review of the strategy may be directly
discussed by the Board members with Audit Committee.

10. ROLE OF AUDIT COMMITTEE

The following shall serve as the role and responsibility of the Audit Committee authorized to
evaluate the effectiveness of the risk management framework:

a) Evaluation of internal financial controls and risk management systems;

b) Review of the strategy for implementing risk management policy;

c) To examine the organization structure relating to risk management;

d) Evaluate the efficacy of risk management systems;

e) To review all hedging strategies/risk treatment methodologies vis a vis compliance with
the Risk Management Policy and relevant regulatory guidelines;

Page 5 of 6
 f) To define internal control measures to facilitate a smooth functioning of the risk
management systems; and

g) Ensure periodic review of operations and contingency plans and reporting to Board in
order to counter possibilities of adverse factors having a bearing on the risk management
systems.

11. REVIEW

This Policy shall be subject to review by the Risk Management Committee and the Board
from time to time as may be necessary.

This Policy will be communicated to all vertical/functional heads and other concerned
persons of the Company.

Page 6 of 6