Regulatory Risk

What Is Regulatory Risk?

Regulatory risk is the risk that a change in laws and regulations will materially impact a security, business, sector, or market. A change in laws or regulations made by the government or a regulatory body can increase the costs of operating a business, reduce the attractiveness of an investment, or change the competitive landscape in a given business sector. In extreme cases, such changes can destroy a company's business model.

Understanding Regulatory Risk

Virtually any business can face significant regulatory risk, given any government's power to compel businesses operating within its borders to follow its laws. Regulatory risks often materialize as a result of anger over a public harm caused by a business or business sector.

But even if new laws are never passed, business leaders are obligated to assess and monitor regulatory risks and be prepared to react if they do materialize. This can be time-consuming and expensive because regulatory risk stemming from even one issue can drag on for years.

Examples of Regulatory Risk

One sector facing significant regulatory risk in the area of antitrust enforcement is Big Tech, including Facebook, Amazon, Google, and Apple. This is largely the result of a growing public backlash over their enormous and still-growing market power and social influence.

Past examples of regulatory risk that materialized include the introduction of the 2002 Sarbanes-Oxley Act, which established more stringent accounting requirements and more severe criminal penalties for violating securities laws. It was passed following public outrage over multiple accounting scandals in the early 2000s, including those of Enron Corporation and WorldCom.

Another type of regulatory risk would be more stringent pollution standards for manufacturers or mileage requirements for automobile makers as a result of public concerns over climate change. In this case, the risk may not derive from wrongdoing by any business, but merely broader concern over the public good — in this case, the impact of climate change.

Regulatory Risk vs. Compliance Risk

Compliance risk is the risk that a company will have been determined to be in violation of already established laws or regulations. This can have many causes, including inadequate controls, negligence, human error. Ensuring that a business is capable of maintaining compliance and does so can be a source of significant expense. As with regulatory risk, managing compliance risk is an essential part of a business's overall risk management.

Managing regulatory risk involves forward-looking strategic thinking, as well as careful monitoring of public opinion and the regulatory process in a business's given sector. Compliance risk, on the other hand, involves knowledge of existing laws and regulations and a more systematic approach to verifying that the company is compliant with all of them.