Managing Regulatory Changes and Political Risk with Enterprise Risk Management (Part 2)

Here's Why Compliance Solutions Are Inadequate for Managing Regulatory Changes

Regulatory compliance is mandatory, but it’s not the end goal; it’s the minimum operating standard. For strong companies, compliance is a mere byproduct of performing well and managing uncertainty. Compliance solutions can also cause difficulties in the face of domestic political risk, which includes significant fluctuations in the regulatory environment.

The biggest differences between regulatory compliance and risk management are:

  1. Regulatory compliance has a known, black-and-white outcome (meet a set number of specific requirements).
  2. Regulators give companies a predefined amount of time to adjust their operations, meaning there is no uncertainty as to when (and what) actions must be taken.

The ROI of a software solution can be represented by:

However, when using compliance-specific software, this formula for return falls apart in the face of uncertainty. Software specializing in regulations like Dodd Frank or SOX is only useful when you know the regulation will not change.

Now, with regulations being rescinded, altered, and drafted in an unpredictable environment, it simply doesn’t make sense to invest in compliance-specific solutions. In order to manage domestic political risk, organizations need to be able to do the following:

  1. Thrive in an atmosphere of uncertainty by identifying root-cause risks and creating certainty;
  2. Stay abreast of regulatory changes, adapting as policies change;
  3. Prioritize those risks so high-impact issues can be dealt with more quickly.

A risk taxonomy helps corporations reorganize their processes, policies, and requirements while automatically preserving the links back to underlying risks, controls, monitoring activities. Change management is built-into enterprise risk management systems with robust taxonomy technology. Spreadsheets, Office products, and compliance solutions simply can’t do this. They’re not designed to manage change over time, which is within the inherent definition of effective risk management.

Why is ERM the Answer to Regulatory Changes and Political Risk?

The cost of non-compliance is far greater than monetary fines or lawsuits; violations can substantially impact a company’s reputation for years. When it comes to protecting your company’s reputation, as stated by Ben Franklin, “an ounce of prevention is worth a pound of cure.” The cost of a proactive solution is minuscule compared to the cost of sustained reputation damage.

As is becoming more and more evident as time goes on, the straightforwardness of compliance – a concrete “what” and a concrete “when” – vanishes when regulations are altered. Even in an ideal world, where line items remain constant and unchanged, regulatory risk is but one source (among hundreds) of uncertainty.

Enterprise risk management makes it possible to thrive even when the environment surrounding your business is a cloud of uncertainty. It accomplishes this by helping you answer a simple question: what’s best for the business? Different processes, products, and assets have different value-adds, and ERM is the tool that provides senior management the means of identifying connections between activities to objectively prioritize and address emerging changes.

When the “when/what” is removed (or was never present, as is the case with all risk except regulatory risk), what’s the priority? Compliance solutions can’t help with this; they can only ensure you’re able to provide a report to a particular regulator. That report doesn’t even mean your business is managing uncertainty, it just means you won’t be slapped with a particular penalty.

Determining what will deliver a healthy ROI and ensure compliance is the key to operating amidst significant political risk. As an example, consider a bank or other financial institution: meeting FFIEC requirements for third-party management should be a mere byproduct of robust contracts and vendor due diligence.

These activities allow for uninterrupted, safe operations, and must occur even in the absence of FFIEC requirements. Enterprise risk management, by helping organizations discover both vulnerabilities and opportunities, provides an ROI far greater than the direct cost of potential penalties.

Learn more about the risk-based process and why it’s so effective at managing uncertainty. Also download our free eBook, Implementing Risk-Based Compliance, to learn more about adapting in the face of regulatory changes.

Views: 96


You need to be a member of GlobalRisk community to add comments!

Join GlobalRisk community

Our Sponsors

Would you like to reach over 90,000 + Risk Professionals? 



Current Partners Include:





Join GRC Inner Circle - Get Top Risk Resources, Member Support PLUS become our patron

Business Exchange

If your organization delivers products and services that bring value to our members, you are welcome to join our partnership program.

Companies are welcome to setup a business profile page in our Multimedia Business Directory. You will get full control of the page and can include cutting edge possibilities – videos, adverts, presentations, white papers, job offers, Press Releases, product information, company blog, news feeds and more.


Our Knowledge Partners

Request our MEDIA KIT

Our Twitter feed

© 2020   Created by Boris Agranovich.   Powered by

Badges  |  Report an Issue  |  Terms of Service