The global economic environment in FY25 has had an increased level of uncertainty and unpredictability. There are some signs of recovery - particularly with the potential for interest rate cuts in the US and Europe—however, persistent inflation, tight credit markets, and continued geopolitical tensions (such as those in Eastern Europe, the Middle East, and the Red Sea) are influencing customer demand patterns. Additionally, tariff-related disputes and protectionist trade policies have begun to reshape global supply chains. While the IT Services sector has seen increased traction in GenAI, digital transformation, and cost-optimization programs, discretionary spending continues to be subdued.
From an industry standpoint, the emergence of Gen AI has led to rapid technological shifts, requiring accelerated adaptation by IT services companies. At the same time, regulatory scrutiny around data privacy, AI ethics, and environmental disclosures is intensifying across geographies. Talent models continue to evolve, with organizations fine-tuning their hybrid work strategies. This shift brings ongoing challenges around workforce engagement, productivity measurement, leadership visibility, and cultural cohesion in a distributed environment. While clients remain prudent with discretionary tech spending, demand remains strong for AI-led transformation, cybersecurity, platform-based services, and managed cost takeout initiatives.
Opportunities Arising from Risk Trends
In addition to proactively identifying and mitigating risks, the Companys Enterprise Risk Management program also aims to uncover potential opportunities embedded within risk themes. For instance:
• Cybersecurity and data privacy risks have led to the creation of managed security offerings, trusted cloud services, and privacy governance consulting capabilities.
• AI governance risks have driven demand for responsible AI frameworks and ethical AI advisory engagements.
• Cost and margin pressures at client organizations have expanded opportunities for delivering AI Ops, Service Led Transformation, automation-led managed services, and cost-takeout solutions.
The Company continues to monitor these developments to align investments and innovation initiatives accordingly.
Risk Management Framework at Mphasis:
At Mphasis, we are committed to proactive risk management to safeguard our business interests, optimize performance and ensure sustained value creation for our stakeholders. Our risk management framework encompasses strategic, operational, and compliance dimensions, enabling us to identify, assess, mitigate, and monitor risks effectively.
To provide the appropriate governance and oversight, given the criticality of risk management and to comply with the regulatory requirements, the Company formed the Risk Governance and Management Committee (RGMC) comprising of Board Directors and Companys senior executives to assist the Board in discharging its risk governance and oversight responsibilities. This Committee reviews the details of Risk Assessments undertaken by management every quarter.
At the management level, the Mphasis Risk Management Council (MRMC), provides the required oversight for the ERM program and monitors the progress on various identified enterprise risks and periodically reviews the mitigation efforts. The MRMC is comprised of four members of the ExCo team. There is a dedicated risk management function headed by Chief Risk Officer to coordinate all risk related activities across the enterprise and periodically report the status of enterprise risks to the Board/RGMC/Audit Committee/MRMC.
Risk Intelligence: Pursuant to our larger goal of making Mphasis a Risk Intelligent Organization, this program aims to spot the ‘Black Swans and manage ‘Gray Rhinos (external risks) on the horizon and manage them proactively. Using inputs from PESTLE/GRIC (Global, Regional, Industry and Client) analysis, the Risk Intelligence framework complements the ERM program by evaluating / analyzing the external global events that are likely to have an impact on the Company, enabling management to take informed and timely decisions.
Some of the important enterprise risks/concerns (covering strategic, operational, compliance risks) specific to the Company and steps taken by the Company to mitigate these risks are given below:
Strategic Risks
| Risk Header | Risk Description | Mitigation |
| Geopolitical Risks | Heightened geopolitical tensions and disputes, including but not limited to the Russia- Ukraine War, Hamas Israel war, the recent Red Sea attacks, etc. pose a risk of disruption to our global operations, including supply chain interruptions. | There is no direct impact to your Companys business. The indirect impact in terms of rising costs, inflation and hence higher interest rates does impact the companys growth. The Company closely monitors developments to ensure we minimize impact. |
| Risk Header | Risk Description | Mitigation |
| Technology Obsolescence | Rapid technological advancements may render our existing solutions obsolete, impacting our competitiveness and market relevance. | Your Company has consistently invested in technology and R&D. The Company fosters a culture of innovation and has entered into several strategic partnerships to stay abreast of emerging technologies and market trends. The Companys unique Tribe model, created to bring the right tech capabilities across the company to stitch together the most appropriate IT and business solutions, has positioned us well to capitalize on the mainstream acceptance of emerging technologies through focus on speed to market. The recent launch of DeepInsights AI, an intelligent document processing solution, powered by Generative AI is a testament to the Companys technological capabilities and advancements. |
| Business Concentration | Dependency on a few key clients or markets exposes us to the risk of revenue volatility and client-specific challenges. | Your Companys business concentration is a strategic decision aligned with our goals to profoundly impact our clients technology landscape. Your company enjoys a sizeable wallet share in these accounts. In our journey to make the next billion dollars in revenue, the Company invests significantly in New Client Acquisitions. Further, your Companys Management has devised a client diversification strategy, targeting faster growth (in comparison to the top 10 accounts) in an identified set of accounts - Accounts 11 - 20 and Accounts 21- 30. This helps in strengthening relationships with a broader client base to mitigate concentration risks. |
| AI and Emerging Tech Risk | Rapid adoption of GenAI and other emerging technologies brings risks of regulatory lag, ethical concerns, job displacement, and security vulnerabilities (e.g., deepfakes, hallucinations). | The Company has published AI ethical usage guidelines, instituted governance mechanisms for AI adoption, and runs upskilling programs for employees. |
| Tariff Trade Escalation and Sectoral Spillover | The recent imposition of tariffs by the U.S. government has triggered trade tensions and contributed to supply chain uncertainty in key client industries such as Hi-Tech, Manufacturing and Automotive. Such tariff levy creates indirect stress for the banking and insurance sectors, which are key client sectors for the Company, by dampening credit demand, increasing sectoral risk premiums, and slowing transformation budgets. | The Company is closely monitoring the evolving tariff and trade policy landscape. Sector-specific account planning, pricing flexibility, and demand sensing have been strengthened to anticipate budget realignments. Additionally, the Company is expanding its near-shore and domestic delivery capabilities in North America and building cross-sectoral solution sets (e.g., risk analytics, treasury digitization) to stay relevant to impacted BFSI clients. |
| Competition and outsourcing risks | Mphasis faces a risk when the IT units or Global Innovation / Capability Centers (GICs or GCCs) of our existing and potential clients choose to build technology skills in-house instead of outsourcing to technology firms. | Your Company views this as an opportunity to work with the clients to build their in-house capabilities and assist in their operations. Further, the Companys strategy and focus on proactive deal wins helps mitigate this risk. |
Emerging Risks
| Risk Header | Risk Description | Mitigation |
| Tariff on Services & Trade Policy Risk | Increasing protectionism and potential country-specific tariffs on digital services, especially in large economies, may affect cost structures and client behavior. | The Company is monitoring global policy changes, diversifying delivery across near shore hubs, and engaging in bilateral forums through NASSCOM and other industry associations / bodies. |
| Risk Header | Risk Description | Mitigation |
| Geoeconomic Fragmentation | Fragmentation of global markets due to sanctions, supply chain decoupling, and policy-driven barriers (e.g., semiconductors, critical tech exports) could increase operational complexity. | A geo-diversified operating model, internal risk analytics, and resilience planning are enabling Mphasis response mechanisms across supply chain, talent, and compliance. |
Operational Risks
Compliance Risks
| Risk Header | Risk Description | Mitigation |
| Regulatory Compliance | Evolving regulatory landscapes across jurisdictions pose compliance challenges, including data privacy, intellectual property, and ESG norms. | Your Company has established a robust compliance management solution to track compliance across jurisdictions. The Company also uses the services of professional consultants to ensure compliance with domestic and overseas laws and regulations. The Company has implemented processes to ensure internal stakeholders of the Company are aware of statutory requirements and maintain the evidence required to demonstrate that due care has been taken by the Company to ensure compliance. |
| Privacy | Data privacy breaches could lead to legal liability and reputational damage. | Your Company has implemented a robust Privacy Risk Management Framework to ensure that the Company complies with the relevant requirements. The Company has implemented measures to comply with the stringent requirements of General Data Protection Regulation (GDPR) and all other applicable privacy regulations. These measures are periodically audited and reported to the Risk Committee. To ensure compliance to GDPR and other global privacy laws such as CCPA, Australian Data Privacy Regulations, etc. the company has rolled out a tool during the year for Privacy Risk Assessment. Periodic awareness mailers are sent to all the employees to sensitize on safeguarding privacy. |
| IP Infringement | Intellectual property infringements could lead to legal liabilities and reputational damage. | The Company has put in place mechanisms to detect and mitigate any infringement of IP rights. To ensure this the Company has implemented technology-based solutions and has taken several steps to hone the awareness level of the employees to ensure that the Companys IP is well guarded. Mandatory training, knowledge sharing sessions and discussions on best practices are conducted to ensure that this risk is well mitigated. The Company has also implemented an enterprise-wide Open-Source Software (OSS) Policy and conducted training, with the objective to provide governance around harnessing the OSS regime and ensure compliance with OSS Licenses and client contracts. |
| Non-compliance to Sanctions Regulations | Different countries periodically announce sanctions regulations and non-compliance to such sanctions can lead to serious risks and penalties. | The Company has implemented a comprehensive Trade Sanctions Compliance framework to ensure compliance with sanctions regulations. The Company has established a ‘screening protocol for all vendors and clients to ensure that the Company does not deal with sanctioned individuals, groups, entities or countries. |
| Noncompliance with Immigration laws and regulations | Being in a human resource intensive industry, the movement of human resources to various countries for execution of client projects is a necessity. Changes to visa regimes in countries where the Company is operating, including, in the form of increased scrutiny or rejections of visa requests, poses a risk of increased cost of the operations. | The Company has put in place several measures such as local campus hiring and offshoring and nearshoring of onsite work. The industry has also seen increased scrutiny by various governments for non-compliance with immigration laws and have levied penalties on non-compliant companies. The Company is equipped with the expertise to handle the complex immigration laws in the relevant countries and has processes to ensure compliance. In addition to an internal team with the right expertise, the Company has enlisted external consultants, wherever necessary, to ensure proper compliance with these laws. Periodic immigration compliance reviews, audits, training, and awareness programs are facilitated to ensure compliance with immigration requirements. |
ESG Risks
Risk Header |
Risk Description |
Mitigation |
| Disrupted Operations | Disruptions to operations due to extreme weather events or environmental disasters may impact business continuity and productivity. | Mphasis has implemented robust business continuity plans and has invested consistently in disaster recovery infrastructure. |
Risk Header |
Risk Description |
Mitigation |
| Physical Risks of Extreme Weather Events | Physical risks posed by extreme weather events, such as floods, hurricanes, or wildfires, can impact direct costs and infrastructure. | Mphasis has commenced a detailed climate risk assessment and commits to investing in mitigation of physical risk exposures - be it through infrastructure upgrades or location diversification. The Companys robust BCP / DR plans assist in safeguarding employees while enabling operations to continue seamlessly. |
| Pollution | Environmental pollution (mainly from scope 3 emissions and water pollution) can lead to regulatory fines, legal liabilities and reputational damage. | The operations hybrid model has helped in establishing sustainable practices in the business and minimizing environmental impact as a whole. Your Company is compliant with all applicable environmental regulations and standards and is constantly working on contributing to the environment and society. |
| Water Stress | Water scarcity or stress in regions where the company operates may disrupt operations and increase costs. | In addition to our hybrid model of working, Mphasis is addressing the risk by adopting the following practices: |
| a) Water conservation initiatives and efficient water management practices. | ||
| b) Diversification of water sources (suppliers base) and | ||
| c) Investment in water-saving technologies. | ||
| As part of the CSR activities, your Company is actively contributing to the environment, for e.g., Mphasis has partnered with United Way of Bengaluru (UWB), an NGO : | ||
| a) For the afforestation program in Doddasaggare Botanical Garden in Tumkur district, | ||
| b) In construction of percolation wells in Lalbagh Botanical Garden in Bangalore, and | ||
| c) To improve the groundwater levels and boost greenery and biodiversity at Yamare Lake. | ||
| Climate Action Failure | Failure to adapt to climate change or contribute to climate action efforts may result in a drop in demand and revenue as clients seek environmentally responsible partners. | Your Company is a responsible business player and has integrated climate change considerations into business strategy and operations. The Company consistently invests in renewable energy and carbon reduction initiatives. Mphasis is recognized by its clients for its proactive engagement and collaboration to develop sustainable solutions and meet shared environmental goals. |
| Diminishing Relevance as Partner | Inadequate ESG performance may erode trust and credibility with clients, leading to a diminished relevance as a preferred business partner. | a) Implementation of robust ESG policies and practices aligned with stakeholders expectations. |
| b) Transparency and disclosure of ESG performance metrics to stakeholders. | ||
| c) Continuous improvement and innovation to enhance ESG performance and value proposition. | ||
| Chronic Physical Risks | Chronic physical risks, such as sea- level rise or heatwaves, in locations where the company operates may pose long-term challenges to business operations and infrastructure. | Mphasis has commenced a detailed climate risk assessment and commits to investing in mitigation of physical risk exposures - be it through infrastructure upgrades or location diversification. The scope of our assessment includes: |
| - Long-term risk assessment and scenario planning to anticipate and address chronic physical risks. | ||
| - Investments in climate-resilient infrastructure and adaptive measures. | ||
| - Collaboration with local communities and authorities to mitigate chronic physical risks. |
Data and Information Security Risk
Information and cybersecurity threats are growing in complexity and magnitude, particularly those involving data breaches and compromise of information assets. These threats have become increasingly sophisticated, with cybercriminals and nation-state actors targeting IT service firms. To address these, your Company continues to maintain and enhance its robust IT security frameworks and a comprehensive Cyber Security Strategy.
Your Company is certified on ISO 27001 (Information Security), PCI DSS (for credit card processing BPO projects), and ISO 22301 (Business Continuity Management). We also undergo SOC 1 Type 2 and SOC 2 Type 2 audits annually, conducted by independent third-party auditors. In addition, the Company has obtained multiple global certifications and external validations, including HiTrust, Cyber Essentials Plus, TISAX, and CyberGRX. These demonstrate our adherence to best-in-class data security, privacy, and resilience standards applicable across clients and geographies.
Red Team Assessments and mock cyberattack simulations are regularly conducted to identify vulnerabilities and test preparedness. Any identified gaps are promptly addressed. Notably, despite the increase in cyber threats globally, the Company did not experience any cyber incidents that impacted business operations during the year.
Our refreshed Mphasis Cyber Security Strategy (MCSS) roadmap focuses on risk reduction, brand protection, and resilience. The roadmap incorporates input from clients, regulators, shareholders and consultants. A dedicated security awareness function and simulation-based training are key to strengthening employee cybersecurity culture across the enterprise.
Furthermore, the Company is currently in the process of implementing ISO 42001, the international standard for Artificial Intelligence Management Systems, to ensure ethical, secure, and compliant deployment of AI technologies in line with global best practices.
Continuity and Disaster Recovery Risk
Disruptions due to natural disasters, civil unrest, or infrastructure outages can severely affect business continuity. The Company has implemented ISO 22301-certified Business Continuity Management Systems (BCMS), with defined Disaster Recovery (DR) plans for critical applications and delivery centers.
Regular DR drills are conducted, and critical business services are periodically tested for failover scenarios. Despite city-level disruptions during the year, the Company ensured seamless service delivery to its clients. Enhanced BCP and DR capabilities, combined with location- diverse infrastructure, have enabled operational resilience.
In summary, your Company remains deeply committed to identifying, assessing, and mitigating a comprehensive range of risks across strategic, financial, operational, compliance, and ESG dimensions. Our risk management philosophy balances agility with governance, enabling the business to remain resilient in the face of uncertainty and responsive to stakeholder expectations.
The integration of risk intelligence into strategic planning, use of scenario-based testing, and our commitment to emerging standards such as ISO 42001 and CSRD-aligned ESG disclosures position the Company to not only safeguard value-but also to create and amplify value in a dynamic global environment.
IIFL Customer Care Number
(Gold/NCD/NBFC/Insurance/NPS)
1860-267-3000 / 7039-050-000
IIFL Capital Services Support WhatsApp Number
+91 9892691696
Download The App Now
Follow us on
2025, IIFL Capital Services Ltd. All Rights Reserved
IIFL Capital Services Limited - Stock Broker SEBI Regn. No: INZ000164132, PMS SEBI Regn. No: INP000002213,IA SEBI Regn. No: INA000000623, SEBI RA Regn. No: INH000000248, DP SEBI Reg. No. IN-DP-185-2016
ARN NO : 47791 (AMFI Registered Mutual Fund Distributor)
This Certificate Demonstrates That IIFL As An Organization Has Defined And Put In Place Best-Practice Information Security Processes.