Confidentiality Policy

Introduction

In the normal course of business, employees may encounter or handle information that is not publicly available or is proprietary. To safeguard such information, employees must take all reasonable measures to protect it, ensuring it remains confidential and avoiding any unauthorised dissemination, directly or indirectly. This Confidentiality Policy protects any proprietary or confidential information related to BWR, its clients, and its suppliers. The policy complies with SEBI Regulations, 1999, which mandates that every credit rating agency treat client information as confidential and prohibit disclosure to any other party, except where required or permitted by law.

Objective

The purpose of this Policy is to protect confidential or non-public information of BWR, its clients, its employees, and its service providers while ensuring seamless use of such information by BWR employees for discharging their duties.

Applicability

This Policy applies to all employees, directors, consultants and Rating Committee Members of BWR.

Definitions

1. Employee in this policy refers to any individual engaged by BWR to perform work, including Key Managerial Personnel (KMP), outsourced workers, temporary staff, and contractual personnel.

2. Confidential Information in this policy refers to any non-public information, including documents, but not limited to any emails, discoveries, inventions, patents, plans, client data, financial details, strategies, and trade secrets. Confidential information received from a rated entity, obligor, or originator, or the underwriter or arranger of a rated obligation, and non-public information about a credit rating action (e.g., information about a credit rating action before the credit rating is publicly disclosed or disseminated to subscribers.), including disclosing such information to other employees where the disclosure is not necessary in connection with the BWR’s credit rating activities, unless disclosure is required by applicable law or regulation.

   This information, whether marked as confidential or not, is valuable and unique to BWR. It includes information received from clients during business engagements, and it exists in physical, electronic, electromagnetic, or other forms. Any information submitted or available as public disclosures like press releases, news, brochures (print or electronicformat), and filings to regulatory bodies, courts or stock exchanges are not considered Confidential Information.

3. Unpublished Price Sensitive Information (UPSI) refers to any non-public information related to the company or its securities that, if made generally available, is likely to materially affect the price of those securities. This includes, but is not limited to, information about financial results, dividends, changes in capital structure, mergers, de-mergers, acquisitions, delisting, disposals, business expansions, changes in key managerial personnel, and other material events as specified in the listing agreement.

4. Employee Information, as defined in this policy, includes any personal or professional data collected, stored, and used by an organization that is not meant for public disclosure or sharing with unauthorized individuals. This includes personal identifiers (e.g., [Aadhaar Redacted], PAN card, home addresses), employment history, salary details, performance evaluations, disciplinary records, medical information, and other data that could identify an employee or impact their privacy or employment Safeguarding this information is crucial for protecting employee privacy and ensuring compliance with legal and regulatory standards.

Confidentiality Policy Framework

BWR has implemented a comprehensive confidentiality policy to ensure the protection of sensitive information entrusted to the organization by its clients, partners, and stakeholders. This policy includes a robust framework comprising a Code of Conduct, Trading Policy, and contractual agreements with employees, rating committee members, clients, vendors, and associates. These measures are designed to safeguard non-public information and ensure that all individuals associated with BWR adhere to the highest standards of confidentiality. The policy outlines both the protection of client information and the responsibilities of BWR employees in upholding these standards. Additionally, BWR has put a Standard Operating Procedure (SOP) in place to handle the Structured Digital Database (SDD) for Unpublished Price Sensitive Information (UPSI), ensuring compliance with regulatory requirements.

Protection of Client Information

At BWR, the protection of client information is of paramount importance. All employees and associated individuals are expected to adhere to stringent confidentiality standards that safeguard sensitive data and uphold the integrity of the organization. The following guidelines outline the specific measures in place to ensure that all non-public information is handled responsibly and securely. These measures are designed to prevent unauthorized disclosure, misuse, and accidental exposure of proprietary and confidential information, ensuring compliance with legal and regulatory requirements. The principles laid out below are foundational to BWR’s commitment to maintaining the highest levels of confidentiality and trust with its clients and stakeholders.

1. Confidentiality Agreements: Each BWR employee is bound by the confidentiality agreements established with BWR's management.
2. Non-Public Information: All BWR employees and external committee members are required to acknowledge and uphold strict confidentiality regarding any non-public information they encounter during their employment, whether it is developed internally or entrusted by clients. This includes proprietary processes and information generated within BWR. The concerned individuals must ensure that BWR's and its clients' information remains confidential and refrain from any unauthorized disclosures.
3. Authorized Use of Information: BWR employees must use confidential information solely for the purposes for which it was obtained.
4. Legal Disclosures: BWR commits to disclosing confidential information only when legally required under applicable laws, regulations, court orders, government directives, or regulatory agencies.
5. Safeguarding Information: Individuals associated with BWR must take reasonable precautions to safeguard confidential information against fraud, theft, misuse, or accidental exposure.
6. Prohibition of Unauthorized Disclosure: BWR employees are prohibited from disclosing details about BWR's ratings, products, or services before their official release to the public without appropriate authorization.
7. Issuer Information: Issuer information must not be shared with any third party or via personal email without the issuer's express written consent, except when required by Non-public information should only be disclosed within BWR on a need-to-know basis.
8. Confidential Conversations: Employees should avoid discussing confidential information where it could be overheard, including in public places like restaurants and public transport, and when using speakerphones or cellular phones.
9. Analyst Discussions: Analysts may discuss their analysis supporting a rating during investor calls, referencing only publicly available information for new Confidential information must not be disclosed during these discussions.
10. Handling of UPSI: Employees who obtain Unpublished Price Sensitive Information (UPSI) about another company or its securities must not trade in those securities until the information is publicly available, in accordance with BWR’s Trading Policy. Disclosure of any rating or information about BWR's products or services before publication is prohibited.

Guidelines & Protocols for BWR Employees to Maintain Confidentiality

Maintaining the confidentiality of client information is a critical responsibility for all BWR employees. By adhering to the following guidelines, employees contribute to the safeguarding of sensitive data, ensuring that it is protected from unauthorized access, misuse, or exposure. These protocols not only reinforce the trust clients place in BWR but also ensure compliance with all relevant legal and regulatory requirements. The guidelines outlined below serve as essential practices that every employee must follow to uphold the highest standards of confidentiality within the organization.

1. Use of BWR-Provided Equipment: Employees are required to use BWR-provided laptops, mobile phones, and other electronic devices strictly for business purposes. These devices should not be shared with family members or other unauthorized individuals. Employees must ensure that these devices are secured with strong passwords and are not left unattended in public or unsecured locations.
2. Communication Protocols: All communication with clients, including emails, phone calls, and messages, must be conducted using official BWR email addresses and communication platforms. Employees must not use or disclose non-public information for any purpose, including sending confidential and/or internal work materials to personal email accounts, WhatsApp, or other messaging platforms. The use of BWR email will be monitored for compliance with this and other BWR policies.
3. Document Management: Employees are required to store all work-related documents, including client information, on designated BWR shared drives or secure cloud storage solutions. Confidential documents should not be stored on personal devices or unapproved external storage media. Employees must ensure that access to shared drives is restricted to authorized personnel only, as per BWR’s confidentiality guidelines.
4. Any breach of confidentiality, whether intentional or accidental, must be immediately reported to the Compliance Officer.
5. The employees should comply with confidentiality obligations under the agreement signed by BWR with the client and/or other third parties.
6. The employees shall ensure that no written document containing Confidential Information must be left visible where it can be read by This includes telephone messages, computer prints, letters and other documents. All hardware containing confidential information must be housed in a secure environment.
7. Nothing in this section shall prohibit or restrict an employee/personnel member from initiating communications directly with, or responding to an inquiry from, or providing testimony before the applicable regulatory authority.
8. When in doubt, employees should treat information acquired in the course of employment at BWR in the strictest confidence and consult the Compliance Team for clarification.

Protection of BWR information and systems

To safeguard against the misuse of confidential information, BWR has established firewall systems and processes to separate departments with access to client confidential information from those without such access. Clear guidelines are in place to prevent the exchange of information between BWR and its non-rating entities, providing employees with comprehensive instructions on information sharing within the group. If an employee requires access to information not ordinarily available for legitimate business purposes, it will be provided only after approval from the Compliance Officer and the respective Business Head. The employee must then use the information solely for business purposes and must not share it with others.

Protection of Personal Data of Employees

BWR collects, processes, uses, transfers, discloses, and stores the personal data of its employees and directors for employment purposes, business administration, and legal compliance. This data includes names, birth dates, nationalities, IDs, photos, education details, marital status, dependents, bank details, tax information, health data, employment details, performance evaluations, absences, compensation, securities holdings, family members' holdings, and contact details for employees and their next of kin. Personal data may be shared with external agents or contractors under confidentiality agreements, such as payroll providers, IT services, law firms, accountants, and auditors. BWR may also disclose data if required by law or court order. Employee data is processed during employment and retained as needed for legitimate business purposes and legal compliance.

Departments with access to personal data, including employees and directors, are required to secure and maintain the confidentiality of this information in accordance with the Code, BWR policies, and applicable laws.

Disciplinary Action

Any violation of this policy by an employee of BWR (contractual, temporary or outsourced) or its subsidiaries will be taken seriously by BWR management and may result in disciplinary action, including termination of employment/contract.

Relationship to Other Policies

This Confidentiality Policy should be read in conjunction with the appointment letter, employment contract, and all other applicable work rules, policies, and procedures for BWR employees and personnel. The respective dealing employees shall take care to ensure that all the outsourcing contracts have unambiguous confidentiality clauses to ensure protection of proprietary and confidential customer information/data during the tenure of the contract and also after the expiry of the contract; shall ensure that it is not misused or misappropriated and shall take appropriate steps to require that third parties protect confidential information of both BWR and its customers from intentional or inadvertent disclosure to unauthorized persons.

The concerned employees shall prevail upon the third party to ensure that the employee of the third party have limited access to the data handled and only on a "need to know'' basis, and the third party shall have adequate checks and balances to ensure that it is not misused or misappropriated.

In cases where the third party is providing similar services to multiple entities, the concerned employees shall ensure that adequate care is taken by the third party to build safeguards for data security and confidentiality.

IOSCO Regulations & Code of Conduct Policy

This policy should be read with IOSCO Regulations and the Code of Conduct Policy of BWR.

Policy Review

This Policy shall be reviewed by BWR biennially or whenever changes are necessitated by new regulations or deemed appropriate, whichever occurs first. Any recommended changes or modifications to this Policy will be submitted to the BWR Board of Directors for approval.