Regulatory changes affect all organisations in some way. “While there are some industries and sectors that are innately more regulated than others, no organisation in the modern western world sits outside of the compliance environment,” explains Nona Sichinava, a Partner for Gerard Daniels. “And as we find ourselves at junctions of political and social mood changes, emergence of new technologies, or business competition challenges, we should expect regulatory changes.”
Anticipating and ensuring regulatory compliance as well as establishing a governance framework that ensures regulatory requirements are adequately addressed is an important part of the Board’s overarching responsibility to understand and mitigate risk. However, compliance can be complex to navigate, particularly for organisations that operate in already highly regulated and/or politically dynamic markets.
Here we consider why regulatory change occurs; what happens when there is failure to comply; and how Boards can support their organisation in anticipating and meeting its compliance obligations.
When does regulatory change occur?
Some regulatory reforms are important for achieving continual improvement at industry/sector level (for example, health and food safety) and addressing negative externalities. Equally, deregulation can be part of national economic policies. Many factors can drive these changes, such as:
- Government addressing market or business failures – often following high-profile ethical failures
- A political desire to influence economic growth (but ironically, often leading to worsening of economic performance)
- More recently, technological advances that have a huge impact on our lives.
“Regulatory reform followed the Bre-X Minerals scandal in 1997 – one the biggest financial frauds in the history of mining. This event led to the introduction of National Instrument (NI) 43-101, which established Standards for Disclosure for Mineral Projects with the primary purpose of enhancing transparency in the reporting of mining projects,” says Nona. “More recently, the catastrophic Brumadinho dam failure brought mining tailings facilities and their management around globe into sharp focus and triggered the tightening of mining sector regulation.”
What happens if organisations don’t comply?
Meeting compliance requirements can help to grow an organisation’s brand and reputation, build trust, consistency of customer and stakeholder experiences and relationships, and improve long term sustainability. Non-compliance, however, can be costly in many ways, depending on the nature and severity of the breach.
“Poor-decision making leads to non-compliance, and when an organisation fails to meet its regulatory requirements there may be legal recourse, or a warning or a formal fine may be issued,” says Nona. “Non-compliance can often expose employees, consumers and communities where a business operates to harm; break stakeholder trust; damage brand and reputation; and ultimately impact the bottom line. When regulations fail, they can also lead to significant liabilities for the taxpayer, subsequent overregulation of entire industries and even nationalisation of a sector.”
Risk management
As a Board, the regulatory compliance risk management approach is largely around understanding how regulation impacts the organisation – including its strategy, supply chain, its customers, cost to business, impact on M&A or investment decisions – and mitigating it.
“As a Board member, you have a duty to understand the ever-changing regulatory landscape for your organisation along its whole value chain. You must work closely with the Executives to ensure there is strategic alignment and the capacity to deliver on what is required,” says Nona. “To build this understanding the Board must ask the right questions, request the right information and tread carefully to probe further when required.”
“Boards must also consider how compliance requirements affect the enterprise and how to prevent any negative impact,” Nona continues. “To manage this risk Boards must understand what will happen in the event of non-compliance, and how mitigating this risk will shape organisational strategy.”
Understanding how regulatory change impacts your strategy: a theme-based analysis
Developing a theme-based analysis is an effective way to understand the compliance requirements for an organisation, and to identify the potential for future regulatory change.
“This approach makes it easier for Boards to understand how change is likely to impact the company strategy and business operations,” says Nona. “Theme-based compliance portfolios can also be allocated to individual Board members, based on their skills, interests and expertise.”
Governance and continuous education
When Boards take a proactive approach to governance and continued learning, it reduces the need for reactive compliance and creates a far more effective way to understand and mitigate risk. Continued learning and education is also important for understanding wider influences and anticipating the future compliance requirements for an organisation – which may involve keeping abreast of changes in a particular region, or in areas like HSE, technology or politics, that can shape regulatory change
“Although individual Board members aren’t expected to be specialists in all areas, to fulfil their governance role there is an expectation for Board directors to stay across what’s happening in the market and to regularly assess the business relevance of their skills and experience,” says Nona. “In terms of compliance, Board members must also be proactive in understanding the issues that relate to the organisation and to their areas of expertise.”
AI provides an interesting example, given its potential to have such transformational impact influence. “All industries and sectors globally should expect regulation related to AI and its applications as this technology evolves,” says Nona. “A proactive approach is needed for Boards to anticipate the compliance requirement; the strategic alignment; and how it will affect the organisation.
Communication and collaboration
As the flow of information is critical to informed decision making, clear communication around regulatory compliance and risk between Boards and ExCo is a good practice.
“The board does not implement compliance strategies. Instead, its role is to understand and communicate the relevant risks and requirements, and to hold the CEO and other Executives to account for setting and enacting a plan and monitoring business performance,” says Nona.
“As part of this remit, Boards should be asking Executives for projections on how regulation will impact areas like budget and strategy development, to ensure all compliance requirements are met,” Nona continues. “At an executive management level, on the other hand, companies should have a positive relationship with the regulatory bodies – either through the General Council or Chief Risk and Compliance Officer positions.”
Adaptability
Boards of publicly listed companies should expect and prepare for constant regulatory change. “You can have a plan for compliance, but you must also know and be prepared for the fact that it will likely evolve,” says Nona. “The Board and Executive must be nimble to perform successfully and foster a culture of change.”
“In being adaptable, Boards must be able to balance the regulatory requirement with core business needs, which means understanding which compliance areas are critical to its business specifically,” Nona continues. “It is equally important to remember that in business everything has a risk profile attached to it, so you must find the right balance between ensuring compliance and dealing with other business critical issues.”
To build high performing Executive leadership teams or develop the capability of your Board, connect with Nona or reach out to your local Gerard Daniels team.
