A year into the Biden administration, the focus on US regulation and compliance is clear. From financial crime to data privacy and environmental and social justice, regulators are flexing their muscles ever more forcefully.
The recently unveiled United States Strategy on Countering Corruption emphasizes two of the administration’s key enforcement priorities: anti-money laundering and anti-corruption. This follows on from the enactment of the Anti-Money Laundering Act 2020, one of the most significant developments in US AML law in decades.
Where can businesses expect regulators to focus their attention in 2022?
To a large extent, we can expect to see a continuation of trends seen in 2021.
In particular, we can expect continued targeting of the SPAC (Special Purpose Acquisition Companies) sector. The Securities and Exchange Commission (SEC) has already made clear its concerns about the auditing of these so-called ‘blank check’ shell corporations.
Another area of focus will be disclosures. The Biden Administration has been increasingly clear on the need for a factual basis for companies’ public statements. One example is climate change, and the SEC is consulting on whether current climate change disclosure requirements are sufficient to adequately inform investors about how companies are addressing climate-related risks and opportunities.
This brings us to the third key area of focus: ESG. Although what’s interesting here is what’s really driving corporations to change their behaviour on ESG is not primarily regulation, but consumer and investor demand. The challenge for businesses will be to predict and prepare for the secondary impact of ESG regulation, on the back of the actions they are already taking in response to investor and consumer pressure.
At the same time, businesses must not lose sight of the opportunities that can arise from shrewd management of key risks. For example, as we outlined in our 2021 report on ESG strategy, if a company understands its vulnerabilities to specific ESG risks – such as carbon emissions, labor sanctions, disclosures etc. – it can implement ESG performance initiatives to not only mitigate those risks, but drive value in their corporation and support business objectives (e.g. tracking KPIs to strategic goals and financial outcomes within ESG risk management).
And this brings us to the final, critical point to understand about managing risk, which is that it really can drive value. For too long, businesses have labored under the misconception that there’s no money to be made from compliance. The reality is that nothing could be further from the truth.
Managing regulatory risk: 4 key takeaways
- Don’t put risk in a box. Don’t leave it to one person or one department to manage. Periodically, conduct business risk assessments to understand risks across the organization, the underlying information to manage the risk environment, and involve all of the relevant stakeholders. Managing regulatory risk at a state, federal and global level is an impossible undertaking for one person or one team.
- Always tie risk and compliance to business and strategic objectives. Once you’ve assessed the risks facing your business, prioritize them. You might only mitigate the top 25% of your risks, but what matters is whether those risks align with driving stakeholder value and threaten what’s really at stake for your business.
- Don’t think of risk as a cost center. Think of it as a lever to increase your return on investment. Once you’ve mitigated your top risks, think about and assess the value this could deliver, be it through preventing fines or generating insights that create and support business opportunities (e.g. cross-selling and up-selling).
- Understand that risk and compliance is always going to be a moving target – so never become complacent.