In today’s rapidly evolving risk landscape, it is crucial for companies to adopt robust risk management practices that not only address current uncertainties but also anticipate future threats. Regulators across the globe have taken note of this shifting dynamic, emphasizing the importance of sound enterprise risk management (ERM) frameworks to enhance corporate governance and organizational resilience.
The Securities and Commodities Authority (SCA) of the United Arab Emirates (UAE) is the primary regulator for listed entities in UAE. It has introduced a corporate governance code including principles of risk management, which is outlined in the Governance Code under the Chairman of Authority's Board of Directors' Decision No. (3/Chairman) of 2020 and further refined by the Decision No. (2/RM) of 2024 and 2025 circular, providing comprehensive regulatory requirements aimed at improving governance practices, transparency, and risk management.
To help businesses stay ahead, we focus on simplifying and clarifying key regulatory changes. Drawing on our extensive experience, we provide actionable implementation steps, outlining how regulations can be effectively adopted and offering practical guidance to ensure compliance. This document will support listed organizations align their ERM practices with the latest compliance requirements, ensuring they remain agile, compliant, and resilient in managing emerging risks.
Summary of key SCA ERM regulations
Board obligations
2024 amendment (revision to the Governance Code 2020)
- The board is responsible for the risk management policy and its continuous review.
- The board should adopt a risk framework compliant with best practices (COSO).
- The board is responsible for entity wide risk appetite and tolerance.
Risk committee
Governance Code 2020
- The board may form a permanent committee responsible for risk management.
- The Risk Committee shall hold a meeting at least once every three months.
2024 amendment (additional provisions)
- The Risk Committee will consist of no less than three and no more than five non-executive board members.
Risk management officer
Governance Code 202
- The risk management officer functionally subordinates the risk committee and administratively subordinates the CEO.
- The risk management officer is a part of the senior management of the company.
- The risk officer shall advise internal audit on risk management best practices.
Risk management independence
2024 amendment (New provisions)
- The internal audit function may not be combined with any other function.
- The role of compliance officer may not be combined with any other position within the company.
Contact us
Connect with us
- Find office locations kpmg.findOfficeLocations
- kpmg.emailUs
- Social media @ KPMG kpmg.socialMedia
Stay up to date with what matters to you
Gain access to personalized content based on your interests by signing up today