Drafting Risk Factors in a DRHP

Key Takeaways

  • Risk Factors are governed by Schedule VI, Part A of SEBI ICDR Regulations, 2018, under the disclosure standard set by Regulation 185(1)
  • SEBI's February 2022 circular mandates 5–10 internal risk factors in the abridged prospectus, ordered by materiality in the full chapter
  • Every risk factor must be quantified, company-specific, and cross-referenced to the relevant DRHP section with precise page numbers
  • The DRHP enters the public domain for at least 21 days before SEBI issues its Observation Letter — market visibility begins well before regulatory clearance
  • Three patterns trigger most SEBI clarification notices: promotional language, internal contradictions, and self-serving omissions

Why the Risk Factors Chapter Is the Highest-Stakes Section of Your DRHP

Most founders treat the Risk Factors chapter as a legal formality — something counsel handles at the end. Both assumptions are wrong, and the consequences show up in SEBI query rounds, not at the end of the process.

The Risk Factors chapter is a mandatory disclosure under Schedule VI, Part A of the SEBI ICDR Regulations, 2018 (current consolidated text, last amended March 21, 2026). It exists to give prospective investors a structured, unvarnished view of the issuer's vulnerabilities before they commit capital.

The Dual Audience Problem

This chapter has two distinct readers with very different expectations:

  • SEBI's review team checks for regulatory compliance — specificity, quantification, internal consistency, and cross-referencing
  • Institutional investors and analysts read it to calibrate risk and form investment views during the 21-day public comment window

Weak drafting creates both problems simultaneously. A chapter full of generic boilerplate fails SEBI's adequacy test and damages investor confidence at the exact moment you're trying to build it.

Materiality-Based Ordering

SEBI's February 4, 2022 circular requires that the abridged prospectus and front cover include a minimum of 5 and maximum of 10 internal risk factors, ordered by significance. For the full DRHP Risk Factors chapter, Schedule VI mandates materiality-first ordering — meaning the risks listed first must reflect the issuer's actual, most significant exposures, not an industry-generic list copied from a comparable filing.

The ordering signals to both SEBI and investors what the company views as its most serious vulnerabilities. Get it wrong, and SEBI will ask you to justify every sequencing decision — in writing, with evidence.

DRHP risk factors materiality-first ordering framework for SEBI compliance

What SEBI Actually Expects: The Regulatory Framework

The True, Correct, and Adequate Standard

Regulation 185(1) sets the overarching disclosure standard: the offer document must contain all material disclosures that are "true, correct and adequate to enable the applicants to take an informed investment decision."

"Adequate" is the operative word. Listing a risk is not enough. Each disclosure must describe:

  • What specifically could go wrong — the precise nature of the risk, not a category label
  • How likely it is — based on historical evidence where available, not a boilerplate qualifier
  • What it costs — quantified impact, or at minimum a directional estimate grounded in financial data

A risk factor that says "we face currency fluctuation risk" satisfies none of these requirements. One that identifies the specific currency pair, states historical volatility, and quantifies the revenue impact in a prior period satisfies all three.

The Internal Consistency Requirement

SEBI reviews the Risk Factors chapter alongside the Business Overview, MD&A, Financials, and Objects of the Issue. Contradictions between sections are flagged without exception.

Common inconsistency pattern: A business overview describing 40% year-on-year revenue growth paired with a risk factor describing "uncertain demand" without qualification. SEBI will ask you to reconcile these.

If the financials show deteriorating margins, the Risk Factors chapter must acknowledge margin pressure as a material risk — not as a hypothetical.

Cross-Referencing Requirements

Every risk factor must include a precise cross-reference to the DRHP section where further detail appears. The IRM Energy SEBI final observation letter makes this explicit: every risk factor should cross-reference the detailed facts and reasons in the DRHP. Vague references like "see the financial section" are insufficient. Specific page numbers are required.

The 21-Day Public Window

After filing, the DRHP is hosted on SEBI's website, the lead manager's website, and the relevant stock exchange for at least 21 days for public comments. During that window, competitors, analysts, and complainants can review every risk factor — not just SEBI. Vague, contradictory, or promotional disclosures are a commercial liability before the issue even opens. Pre-filing quality is a business decision as much as a regulatory one.

The Six Categories of Risk Factors Every DRHP Must Cover

SEBI and market practice expect disclosures across six categories. Using SWOT and PESTEL frameworks during drafting helps identify risks systematically rather than reactively.

Business Risks

Core operational vulnerabilities with mandatory quantification:

  • Customer concentration — if five customers account for 60% of revenue, the disclosure must say so and describe the potential revenue impact of losing one, referencing any historical precedent
  • Supplier dependence — single-source arrangements, substitutability, and price exposure
  • Production and capacity constraints — utilisation rates, expansion timelines, bottleneck risks
  • Workforce risks — key person dependencies, attrition rates in specialised functions

The BlueJet Healthcare SEBI interim observation letter specifically required disclosure of revenue from top 10, top 5, and largest customers. Generic dependency language will not survive review.

Governance Risks

Business risks don't exist in isolation — SEBI will trace operational vulnerabilities back to the governance structures that allowed them. The regulator looks for evidence that the issuer has identified governance gaps and is actively managing them, not merely acknowledging their existence:

  • Board composition imbalances, including overrepresentation of promoter-family members — SEBI scrutinises whether independent directors can meaningfully override promoter decisions
  • Absence of industry-specialist independent directors — a manufacturing company with no independent director carrying operational or technical expertise is a common observation trigger
  • KMP succession gaps and concentrated decision-making authority — if the MD's departure would materially impair operations, that dependency must be quantified and disclosed

Regulatory and Compliance Risks

Every regulatory default, show-cause notice, or penalty from MCA, SEBI, RBI, or tax authorities above the materiality threshold must be disclosed with:

  • Date and authority
  • Nature of the default
  • Corrective action taken or in progress

Pending government approvals, sector-specific licensing dependencies, and any compounding or settlement applications all fall within this category.

Financial Risks

Related party transactions (RPTs) are the highest-scrutiny item. SEBI's October 2014 order in the DLF matter established that omission of group company transactions — even when framed as "technical" — can lead to enforcement action. SEBI restrained DLF and six senior officials from accessing the securities market for three years.

Beyond RPTs, financial risk disclosures must cover:

  • Debt aging and leverage exposure — covenant breach thresholds, refinancing timelines, and any cross-default provisions across group entities
  • Off-balance-sheet obligations — contingent liabilities, corporate guarantees extended to subsidiaries, and any structured finance arrangements not captured on the face of financial statements
  • Insurance coverage gaps — where insured values are materially below asset replacement cost or where key operational risks (product liability, cyber, business interruption) are uninsured

DRHP financial risk disclosure categories RPTs debt off-balance-sheet and insurance gaps

External Risks

Macroeconomic and sector-specific exposures — inflation, interest rates, FX, geopolitical disruption, competitive dynamics — cannot be controlled, but generic language does not pass SEBI review. A pharma company that sources APIs from a single country must name that geography, quantify the import dependency as a percentage of input costs, and describe its alternative sourcing timeline. A disclosure that says only "we are exposed to global supply chain risks" will draw an observation letter. The standard is issuer-specific exposure with issuer-specific mitigation.

Miscellaneous Risks

  • Contractual restrictions from lenders — NOC requirements that block project milestones, dividend distributions, or asset disposals must be disclosed with the triggering conditions and timeline for resolution
  • Cybersecurity and data privacy — for technology-dependent issuers, the disclosure must go beyond generic language: describe the systems carrying sensitive data, the incident response framework in place, and whether the company has experienced any breaches in the last three years
  • IP ownership gaps — if core technology is licensed rather than owned, or if title to registered IP is held by a promoter entity rather than the issuer, that structure must be disclosed with the terms of transfer or ongoing dependency

Four Drafting Principles That Determine Whether SEBI Returns Your Risk Factors

1. Language and Precision

Promotional or unverifiable qualitative terms are not permitted. Words like "leading," "robust," "prominent," and "well-established" require verifiable data to support them.

Avoid: "The company may be impacted by currency exchange fluctuations."

Prefer: "Approximately 32% of our revenue for FY2024 was denominated in USD. A 5% depreciation of the INR against the USD in FY2022 reduced our reported revenue by ₹X crore. We do not currently maintain hedging arrangements."

The second version gives SEBI something to verify and gives investors something to calibrate.

2. Data-Backed Quantification

Every risk should be anchored in numbers — financial ratios, historical impact data, market share figures, or directional forecasts. Qualitative-only disclosures give SEBI nothing to verify.

Evidence-linked drafting (where every stated risk connects to a source document in the data room) is the most effective way to build a clean, SEBI-ready risk section. A practical test: if you cannot point to a specific line item in your audited financials, management accounts, or industry report to substantiate a stated risk, it is not ready to file.

3. Specificity Over Generality

Replace generic boilerplate with company-specific language.

Generic: "We face intense competition in our industry."

Specific: "Our market share in the southern India distribution segment declined from 18% to 14% between FY2023 and FY2024 following the entry of two new competitors. This pricing pressure reduced our gross margin in that segment by approximately 3.2 percentage points in FY2024."

4. Materiality Ordering and Structure

Specificity of language (Principle 3) is the content standard. Ordering is the structural one. Rank risks by potential financial impact on the specific business, not by frequency of appearance in comparable filings. The sequence signals to SEBI and investors what management views as the company's most material vulnerabilities. Drafters who borrow risk lists from similar DRHPs without adapting them to the issuer's actual exposure profile will face pointed SEBI queries about why generic industry risks rank above issuer-specific ones.

Four DRHP risk factor drafting principles for SEBI-ready disclosure quality

The Three Drafting Traps That Trigger SEBI Observation Letters

The Promotional Framing Trap

The most common reason SEBI returns Risk Factor chapters is risks described in a way that subtly reassures rather than discloses.

Examples of phrases that trigger clarification requests:

  • "While we face competition, our diversified product portfolio positions us well..."
  • "Although our customers are concentrated, we have long-standing relationships..."
  • "The regulatory environment is evolving, but we have historically maintained compliance..."

Each of these softens the disclosure rather than making it. SEBI reads these as inadequate disclosure, not good communication.

The Consistency Trap

Promotional language isn't the only trigger. Risks that contradict other DRHP sections are flagged without exception. If a key customer departed during the review period, the customer concentration risk must reflect this event specifically — not just reference concentration in the abstract. If margins deteriorated materially in the most recent financial year, the risk section must acknowledge margin pressure as a current risk, not a hypothetical one.

Under Regulation 185(1), internal contradictions are disclosure failures — not editorial oversights.

The Omission Trap

Self-serving materiality thresholds — set just high enough to exclude inconvenient disclosures — draw consistent SEBI scrutiny. Common omission patterns that trigger observation letters include:

  • RPTs excluded because they are described as "arm's length" without supporting documentation
  • Litigation items excluded wholesale as "routine" without case-level assessment
  • Material threshold definitions calibrated to exclude specific known exposures

Three DRHP drafting traps that trigger SEBI observation letters and enforcement action

SEBI's April 2025 settlement order in the matter of Quadrant Future Tek Limited confirms that seemingly minor disclosure omissions carry real regulatory consequences. SEBI reviewers identify selective disclosure patterns reliably, and the consequences extend beyond revision requests to enforcement action against issuers and lead managers.

Frequently Asked Questions

What is the purpose of the Risk Factors chapter in a DRHP?

The Risk Factors chapter is a mandatory disclosure under SEBI ICDR Regulations that alerts prospective investors to material uncertainties affecting the issuer's business, financials, or stock performance. It is also a primary input for SEBI's review before the Observation Letter is issued — so its quality directly determines how quickly the IPO moves forward.

How many risk factors should a DRHP include?

SEBI does not prescribe a fixed number for the full chapter. The February 2022 circular requires 5–10 internal risk factors in the abridged prospectus and front cover format. For the full DRHP chapter, every included risk must meet the issuer's defined materiality threshold, and the most material risks must appear first.

What language is not permitted in the risk factors section?

Promotional or unverifiable qualitative terms — such as "leading," "prominent," or "well-established" — are not permitted unless independently verifiable. Risk disclosures must be specific, quantified where possible, and written in plain language — no hedging, no reassurances, no qualifiers that dilute the disclosure.

What happens if risk factors are poorly drafted or incomplete?

SEBI will issue a clarification notice requiring revision and refiling, delaying the Observation Letter by weeks or months. Deliberate misrepresentation or material omissions can trigger enforcement action against the issuer and its lead managers — SEBI has exercised this authority in high-profile cases.

Do SME IPO DRHPs follow the same risk factor rules as Main Board filings?

SME DRHPs are filed with the relevant stock exchange (BSE SME or NSE Emerge) rather than directly with SEBI, but the same ICDR disclosure standards apply. Materiality thresholds may differ given company size, but the expectation of specificity, quantification, and consistency across the financials, business overview, and litigation disclosures is unchanged.

How early in the IPO process should risk factor drafting begin?

Risk factor drafting should begin during due diligence, before any other DRHP chapter is finalised. Risks must align with the financials, litigation disclosures, and business overview — and that alignment only holds when all sections are drafted in parallel, not sequentially.