What is the Regulatory Risk?
Regulatory risks arise with a change in the legislation and regulations. It can lead to business loss or financial losses. Non-compliance with the regulatory requirements can impact the business operations, business model and strategic direction, therefore it is crucial to consider regulatory requirements while assessing business risk.
To illustrate, regulatory risk can lead to:
- Additional costing in the business operation as the cost is associated with meeting regulatory and compliance requirements.
- Business margins may get affected with the change in import and export duties.
- Product marketing practices can be categorised as illegal, as happened with asbestos and tobacco products.
- It can impact the business image with the release of news of regulatory non-compliance in the open market.
- Regulatory risks arise with a change in the legislation and regulations. It can lead to business loss or financial losses.
- Non-compliance with the regulatory requirements can impact the business operations, business model and strategic direction.
- Regular audit can help in identifying areas of regulatory risks.
Frequently Asked Questions (FAQs)
Which regulatory changes can affect the business and industry?
The regulatory bodies can introduce regulatory changes by either introducing new policy or upgrading the old ones.
- Trade and tariff policies – Amendments in the trade or tariff policies of can have an impact on the import and export businesses, cost of raw material, along with business margins and increase or decrease in the competition in the market. Chiefly, the firms involved in foreign direct investment business are affected. Change in the trade policies of home country and the host country both affect the businesses.
- Tax policies – Any amendments in the income tax policy have a direct impact on the business activities and can be seen as a new regulatory risk by business.
- Labour laws – Change in the labour laws can be categorised as the biggest regulatory risk. It impacts the operational cost. Small businesses suffer most as they have low-skilled labour in large quantities. As a result, they are unable to benefit from economies of scale.
- Change in sick days and vacation law can also affect business operations. The company has to manage the availability of employees to ensure the smooth functioning of the business.
Why are politicians interested in regulatory risk?
Politicians are concerned about the regulatory risk because the introduction of new policies or up-gradation in old policy can affect the political landscape and national economy.
When a new government takes control of the administrative office, then regulatory risk intensifies within the economy. In effect, the directions of the fund can change significantly. Either the investments dry up or move in other directions.
The power of the politicians is under threat due to regulatory risks as they might not be authorised to act in a certain area that was earlier authorised.
How 2007 – 2008 crisis impacted regulatory risk?
The regulatory landscape became complex after the global financial crisis (GFC) of 2007 – 2008. In advanced economies, enforcement and supervision have become more intensive, confrontational and intrusive.
To protect the interest of the economy, if regulating bodies anticipate any problem, then they intervene and take strict actions. For example, if a regulatory body observes non-compliance with the Anti-Money Laundering / Know Your Customer policies, then heavy fines are imposed on the financial industry.
Businesses are assessed based on their business models apart from the products and services they provide.
How to manage the regulatory risk?
Source: Copyright © 2021 Kalkine Media
Step 1: Assess the regulatory risk – The first step is a crucial step, involves the identification of the sources which can create regulatory risk. Complete elimination of regulatory is not possible, therefore, risks assessment allows organisation to optimally allocate their scarce compliance resources.
Risk assessment helps organisations to ascertain the exposure of the firm to different types of regulatory risks. Assessments should include the likelihood of occurrence and severity of the violation.
MNCs should undertake the risk assessment on the basis of their operations, size of organisation, business profile, areas with high risks, the revenue stream to name a few.
Step 2: Gap Analysis – Gap analysis starts after the risk assessment. MNCs might already have a procedure to identify risks. By conducting gap analysis on regular basis, organisations can infer whether the current procedures uncover all the potential areas of risks or not.
The gap analysis function should include determining the gap in corporate governance infrastructure and gap in maintaining adequate communication with the compliance oversight functions. Companies should also keep a check on the compliance requirements of their operations in foreign locations, especially in high-risk regions.
Lastly, organisations should also consider the gap between the available compliance resources and identified risk. In case of mismatch, compliance officers and auditing committee should pass on the suggestions to the top-level management. Either the current resources are reallocated or new resources are procured.
Step 3: Setting up internal controls and compliance policies – A company should have a written compliance document that highlight the compliance expectations of the industry on the basis of the industry analysis and legal requirements. The document should be in an understandable manner by the personnel as overly legalised documents might result in overlooking the requirements.
Furthermore, an organisation should focus on internal control as it ensures the implementation of compliance requirements. The internal control system should be set up on the basis of the organisation type, high-risk areas of operations and gap analysis.
Step 4: Implementing Training – The main aim of the training program is to train agents and employees to identify red flags in their operations and providing sufficient knowledge regarding compliance actions that can be undertaken in different situations.
In multinational companies, the training includes knowledge about the different culture and local regulatory norms. Also, transmitting the knowledge regarding the follow-up activities to handle different regulatory issues.
Step 5: Third-party risk – In case a third party is involved in the business operations, then a company should assess the risk added by a third party.
Step 6: Compliance Audits – The compliance programs should be monitored by regular compliance audits. The audit should be extended to different locations, subsidiaries, divisions and third-party.