According to a survey by The Institute of Internal Auditors, regulatory changes are among the top five risk management concerns for organizations in 2022. Investopedia defines regulatory risk as “the risk that a change in laws and regulations will materially impact a security, business, sector, or market.”
The risks of regulatory changes
When a government or regulatory body changes a law or regulation, it can:
- Increase the cost of operating your business
- Make your business less attractive to investors, shareholders, or customers
- Change the competitive landscape of your industry
In extreme circumstances, regulatory changes can even put you out of business due to the financial and management costs needed to comply.
Regulatory changes have transformed industries
A prominent example of a regulatory change affecting businesses is the 2002 Sarbanes-Oxley Act. The law establishes stringent accounting rules and severe criminal penalties for violating securities laws across industries. It was passed because of public outrage over multiple accounting scandals in the early 2000s, including those of Enron Corporation and WorldCom. Both of these scandals involved corrupt accounting practices that ultimately led to the companies’ downfall.
The passage of the Health Insurance Portability and Accountability Act (HIPAA) in 1996 impacted the entire health care industry. HIPAA requires organizations to take protective measures to ensure patients’ privacy related to their health, treatments, and conditions.
More stringent pollution standards
Increasingly stringent pollution standards are another type of regulatory risk. In response to public concerns over climate change, manufacturers and automakers are having to keep up with changing standards like mileage requirements. In this case, the risk doesn’t come from the wrongdoing by any business, but from broader concern for the public good.
Limits on the extraction of natural resources
Government agencies like the Environmental Protection Agency (EPA) and the Occupational Safety and Health Administration (OSHA) are actively seeking regulatory changes to address climate change. We are already seeing executive orders to stop gas and oil drilling and prohibit coal mining on federal lands.
COVID-19 safety standards
COVID-19 safety standards are a prime example of regulatory changes affecting businesses. Nearly overnight, businesses were burdened with the increased costs of keeping customers and employees safe. Examples include:
- Installing workplace barriers between cubicles or within break rooms
- Fogging common areas
- Purchasing personal protective equipment, such as masks and face shields
- Supplying hand sanitizer
- Temporarily closing or furloughing employees due to lockdowns
Many restaurants and small businesses lost their competitive edge, cash flow, and experienced employees. Those that were unable to adapt or carry on through the lockdowns simply went out of business.
And these regulatory requirements didn’t just affect businesses. They had a ripple effect on employees, many of whom were terminated, furloughed, or forced to work grueling hours that disrupted their families. Many organizations were not prepared for the cost of change or the cost to maintain their employees during a lockdown.
Hazard communication standards
These risks can also be influenced by global agencies and changes within other countries. For example, the Globally Harmonized System (GHS) recently revised its Hazard Communication Standard on the labeling of containers and safety data sheets. In response, OSHA updated its Hazard Communication Standard to align with the new GHS requirements.
How to prepare for regulatory changes
So, what can you do to prepare for regulatory changes that may impact your business?
Stay close to the regulatory process. Join professional trade associations related to your industry. Participating in legislative or government affairs will help ensure that you know about any possible changes and the potential risks to your business. You may even have an opportunity to help draft or comment on any language being proposed.
Prepare your organization to meet International Organization for Standardization (ISO) updates. This will help you stay ahead of any changes and adjust to new requirements. Pursuing ISO certifications related to safety (45001), environmental management (14001), quality (9001), risk management (310000) and other standards will help prepare you for changes.
Build a positive reputation with employees and your community. Showing that you are working in good faith to meet compliance requirements and respond to changes will promote credibility, trust and loyalty.
Maintain good relationships with regulatory agencies. Your history with regulatory agencies demonstrates that you are acting in good faith to comply with applicable laws. It also demonstrates to your employees that you are concerned about their safety and well-being and that the organization can be trusted to do the right thing.
Regulatory compliance can be expensive. But it’s more expensive if you fail to prepare for changes. Without proper planning, you could find yourself reacting to regulatory investigations and facing penalties and fines. Remember that these investigations and citations are public, so they could seriously impact your reputation and your bottom line.
Copyright © 2022 Applied Systems, Inc. All rights reserved.