What Is Regulatory Risk?
Regulatory risk is the risk that a change in laws and regulations will materially impact a security, business, sector, or market. A change in laws or regulations made by the government or a regulatory body can increase the costs of operating a business, reduce the attractiveness of an investment, or change the competitive landscape in a given business sector. In extreme cases, such changes can destroy a company's business model.
- Regulatory risk refers to the risk that a change to the laws or regulations will hurt a business or investment by affecting that business, sector, or market.
- While often necessary for the public good, government regulations can increase the cost of doing business or limit prospects for further growth, cutting into profits and hurting the return on investments.
Understanding Regulatory Risk
Virtually any business can face significant regulatory risk, given any government's power to compel businesses operating within its borders to follow its laws. Regulatory risks often materialize as a result of anger over a public harm caused by a business or business sector.
But even if new laws are never passed, business leaders are obligated to assess and monitor regulatory risks and be prepared to react if they do materialize. This can be time-consuming and expensive because regulatory risk stemming from even one issue can drag on for years.
Examples of Regulatory Risk
One sector facing significant regulatory risk in the area of antitrust enforcement is Big Tech, including Meta (formerly Facebook), Amazon, Google, and Apple. This is largely the result of a growing public backlash over their enormous and still-growing market power and social influence.
Past examples of regulatory risk that materialized include the introduction of the 2002 Sarbanes-Oxley Act, which established more stringent accounting requirements and more severe criminal penalties for violating securities laws. It was passed following public outrage over multiple accounting scandals in the early 2000s, including those of Enron Corporation and WorldCom.
Another type of regulatory risk would be more stringent pollution standards for manufacturers or mileage requirements for automobile makers as a result of public concerns over climate change. In this case, the risk may not derive from wrongdoing by any business, but merely broader concern over the public good—in this case, the impact of climate change.
Regulatory Risk vs. Compliance Risk
Compliance risk is the risk that a company will have been determined to be in violation of already established laws or regulations. This can have many causes, including inadequate controls, negligence, human error. Ensuring that a business is capable of maintaining compliance and does so can be a source of significant expense. As with regulatory risk, managing compliance risk is an essential part of a business's overall risk management.
Managing regulatory risk involves forward-looking strategic thinking, as well as careful monitoring of public opinion and the regulatory process in a business's given sector. Compliance risk, on the other hand, involves knowledge of existing laws and regulations and a more systematic approach to verifying that the company is compliant with all of them.