Risk management

Compliance and regulatory risk


Compliance and regulatory risks arise from laws and regulations that rely on penalties or sanctions to regulate the operations of a business.

What is a regulatory risk?

Regulatory risk is the effect of a change in laws and regulations that could potentially cause losses to your business, sector or market. Regulatory risks could, for instance:

  • increase the costs of running a business - eg costs to achieve compliance
  • change the competitive landscape - eg perhaps invalidating your business model
  • make your business practices illegal - eg new law changing rules on marketing
  • reduce the attractiveness of an investment

For example, your products or services could become less marketable if new laws or taxes are introduced. This was the case with tobacco and asbestos products in the past.

The introduction of tougher food labelling regulations has similarly disrupted the food industry, pushing up costs and reducing the appeal of certain types of food.

New and emerging regulations can have a wide-ranging impact on your strategic direction, business model and compliance system. It is, therefore, important to consider regulatory requirements when you evaluate business risks.

What is the difference between compliance and regulatory risk?

While regulatory risk relates to a potential change in laws and regulations, compliance risk relates to the potential of your business to violate existing laws or regulations. Often, compliance risk results from:

  • insufficient control systems
  • lack of training
  • lack of due diligence
  • human error

Compliance risks can potentially expose your business to a range of consequences, including:

  • legal penalties
  • voided contracts
  • financial forfeiture
  • material loss
  • loss of business opportunities
  • damaged reputation

While compliance risks mainly involve the need to comply with laws and regulations, they can also relate to the need to act in a way that investors and customers expect. For example, by ensuring proper corporate governance.

Find strategies to manage business risk.

Other categories of risk you should prepare for include strategic risk, financial risk and operational risk.