Definition vs. Non-Compliance Risk and Examples

What is regulatory risk?

Regulatory risk is the risk that a change in laws and regulations will have a significant impact on security, operations, a sector or a market. A change in laws and regulations by a government or regulatory body can increase the cost of doing business, make investment less attractive or change the competitive landscape in a given sector of activity. In extreme cases, such changes can destroy a company’s business model.

Key conclusions

Regulatory risk refers to the risk that a change in law or regulation will harm a business or investment by affecting a particular company, sector or market.
While government regulations are often necessary for the public good, they can increase the costs of doing business or limit the prospects for further growth, reducing profits and worsening returns on investment.

Understanding Regulatory Risk

Virtually any business can face significant regulatory risk, given the government’s power to force companies operating within its borders to comply with its laws. Regulatory risk often materializes out of anger at public harm caused by a company or business sector.

But even if new laws never pass, business leaders are obligated to assess and monitor regulatory risks and be prepared to respond if they do materialize. This can be time-consuming and expensive, since regulatory risks from even a single issue can linger for years.

Examples of regulatory risk

One sector that faces significant regulatory risk from antitrust enforcement is Big Tech, including Meta (formerly Facebook), Amazon, Google, and Apple. This is largely a result of growing public distaste for their enormous and growing market power and societal influence.

Examples of the materialization of regulatory risk in the past include the enactment of the Sarbanes-Oxley Act in 2002, which introduced more stringent accounting requirements and harsher penalties for violating securities laws. The law was passed following public outrage over numerous accounting scandals in the early 21st century, including Enron Corporation and WorldCom.

Another type of regulatory risk would be more stringent pollution standards for manufacturers or mileage requirements for automakers as a result of public concerns about climate change. In this case, the risk may not stem from wrongdoing by any one company, but merely from a broader concern for the public good—in this case, the impact of climate change.

Regulatory Risk vs. Compliance Risk

Compliance risk is the risk that a company will be found to be in violation of already established laws or regulations. It can occur for a number of reasons, including inadequate controls, negligence, and human error. Ensuring that a company can and does comply can be a significant cost. As with regulatory risk, compliance risk management is an essential part of a company’s overall risk management.

Regulatory risk management involves forward-looking strategic thinking, as well as careful monitoring of public opinion and the regulatory process in a given business sector. Compliance risk, on the other hand, involves knowledge of existing laws and regulations and a more systematic approach to verifying that a company complies with all of them.