White-Collar Crime and Corporate Governance: Legal Risk Management in India Inc.

Framing Corporate Liability Through Regulatory Scrutiny and Litigation Experience

Introduction

India’s corporate governance landscape is undergoing a decisive shift. As white-collar crime becomes more sophisticated and enforcement more assertive, legal risk management has emerged as a strategic imperative. Financial fraud, insider trading, ESG misstatements, and data breaches are no longer isolated incidents; they are systemic risks that demand board-level attention. This article examines how statutory evolution, litigation experience, and regulatory surveillance are reshaping corporate liability in India, and what governance structures must do to stay resilient.

Legal Framework: Expanding Corporate Accountability

India’s enforcement regime for corporate misconduct is built on a set of interlocking statutes that have evolved significantly in recent years.

The Prevention of Money Laundering Act, 2002 (PMLA) has broadened its definition of “proceeds of crime” and expanded the scope of reporting entities to include professionals such as chartered accountants and company secretaries.¹ These changes align India’s framework more closely with global standards set by the Financial Action Task Force (FATF), enabling cross-border cooperation and digital surveillance.

The Prevention of Corruption Act, 1988 (POCA) was amended in 2018 to introduce corporate criminal liability for failure to prevent bribery.² Commercial organisations must now demonstrate that they have implemented “adequate procedures” to prevent corrupt practices, placing internal compliance frameworks under scrutiny.

The Companies Act, 2013, continues to be central to governance enforcement. Sections 134 (Board’s Report), 177 (Audit Committee), and 447–449 (Fraud and Penalties) are frequently invoked in shareholder litigation and regulatory actions.³ Directors are increasingly held accountable for lapses in oversight, especially in cases involving related-party transactions and financial irregularities.

In 2024, India replaced its colonial-era criminal laws with the Bharatiya Nyaya Sanhita (BNS), Bharatiya Nagarik Suraksha Sanhita (BNSS), and Bharatiya Sakshya Adhiniyam (BSA).⁴ These codes modernise procedural law, introduce digital evidence protocols, and streamline investigation processes, enhancing the state’s ability to prosecute corporate offences.

Litigation Trends: Governance Under Judicial Scrutiny

Recent litigation has highlighted the judiciary’s evolving approach to corporate governance and director liability.

In Sona BLW Precision Forgings Ltd. v. Promoter Group (2025), the Delhi High Court upheld the board’s autonomy in the face of a promoter-family dispute over succession.⁵ The judgment reinforced the importance of documented governance protocols and the independence of corporate decision-making, especially when legacy interests conflict with statutory obligations.

The IL&FS and Fortis Healthcare cases revealed systemic failures in internal controls and oversight. Judicial intervention led to board reconstitution and regulatory penalties, underscoring the role of independent directors and audit committees in safeguarding corporate integrity.⁶

The NSE co-location case and the PNB scam demonstrated how deficiencies in surveillance and compliance mechanisms can result in criminal liability and reputational damage. Courts relied on forensic audits and digital trails to establish culpability, expanding the scope of director and officer liability.⁷

Litigation is no longer merely a consequence of governance failure; it is shaping governance norms. Courts are interpreting fiduciary duties, disclosure obligations, and board conduct in light of evolving statutory and regulatory standards.

Regulatory Surveillance and Technology-Driven Enforcement

Regulators are increasingly leveraging technology to enhance enforcement capabilities and detect anomalies in real time.

SEBI’s Business Responsibility and Sustainability Reporting (BRSR) framework has transitioned from voluntary disclosure to enforceable compliance.⁸ Misstatements or omissions in ESG reporting now attract regulatory scrutiny, shareholder activism, and reputational risk.

The Ministry of Corporate Affairs’ MCA21 Version 3.0 platform uses artificial intelligence to flag anomalies in filings, director appointments, and financial statements.⁹ This system enables automated scrutiny and enhances transparency in corporate disclosures.

The Digital Personal Data Protection Act, 2023, imposes obligations on data fiduciaries to ensure lawful processing, consent management, and breach reporting.¹⁰ Non-compliance may trigger penalties and litigation under both civil and criminal regimes, making data governance a critical component of legal risk management.

These developments reflect a shift from passive oversight to predictive enforcement, requiring corporations to embed legal risk governance into operational systems and decision-making processes.

Strategic Risk Management: Governance as a Legal Function

Legal risk management now encompasses multiple dimensions, extending beyond traditional compliance.

With India drafting its National AI Safety Framework, companies must anticipate obligations around transparency, bias mitigation, and data provenance.¹¹ Boards are expected to oversee algorithmic decision-making and ensure ethical deployment of AI systems, particularly in sectors such as fintech, health-tech, and logistics.

Indian entities with global operations face liability under foreign statutes such as the Foreign Corrupt Practices Act (FCPA), UK Bribery Act (UKBA), and Canada’s Corruption of Foreign Public Officials Act (CFPOA).¹² This necessitates robust anti-bribery protocols, third-party due diligence, and cross-border compliance strategies.

SEBI’s 2023 guidance on family arrangements in promoter-led companies remains under-implemented.¹³ The absence of formal succession planning and ownership clarity poses latent governance risks, particularly in closely held and legacy-driven enterprises.

Boards must transition from passive compliance to active stewardship, ensuring whistleblower mechanisms, succession planning, and documented decision-making processes are institutionalised.

Recommendations for Legal Risk Governance

To mitigate legal risk and enhance governance resilience, corporations should consider the following measures:

• Ensure independence, diversity, and documented dissent in board deliberations, in line with Secretarial Standard-1 (SS-1).
• Align internal systems with statutory timelines under SEBI, MCA, RBI, and ESG frameworks.
• Conduct periodic legal and secretarial audits to identify gaps in implementation and exposure to enforcement actions.
• Formalise family charters, shareholder agreements, and trust structures to prevent disputes and ensure continuity.
• Position legal teams as strategic advisors in board and risk committee discussions, rather than limiting them to operational roles.

Conclusion

As India’s corporate liability regime matures, governance will be judged not merely by compliance metrics but by the capacity to anticipate, prevent, and respond to legal risk. The convergence of technology, regulation, and litigation demands a recalibration of boardroom priorities, where legal foresight becomes a cornerstone of corporate resilience.

Footnotes

1. Ministry of Finance, “PMLA Amendments and FATF Compliance,” Gazette Notification, January 2025.
2. Prevention of Corruption (Amendment) Act, 2018, Section 9.
3. Companies Act, 2013, Sections 134, 177, 447–449.
4. Ministry of Law and Justice, “Notification on BNS, BNSS, and BSA,” July 2024.
5. Delhi High Court, Sona BLW Precision Forgings Ltd. v. Promoter Group, Judgment dated March 2025.
6. SEBI Enforcement Orders, IL&FS (2019), Fortis Healthcare (2021).
7. CBI Chargesheet, PNB Scam (2018); SEBI Order, NSE Co-location Case (2022).
8. SEBI Circular on BRSR, May 2023.
9. MCA21 Version 3.0 Rollout Brief, Ministry of Corporate Affairs, October 2024.
10. Digital Personal Data Protection Act, 2023, Sections 4–8.
11. NITI Aayog, “Draft National AI Safety Framework,” Consultation Paper, June 2025.
12. U.S. Department of Justice, FCPA Resource Guide, 2020; UKBA Guidance, 2021.
13. SEBI Circular on Succession Planning in Promoter-Led Companies, August 2023.