Every company doing business faces risk of one kind or another, especially multi-national corporations and any company doing business internationally. A slight downward fluctuation of a country’s currency or uptick in interest rates can affect a company’s bottom line. Managing regulatory risk—the potential financial loss because of a country’s changing laws, regulations and codes of conduct—can be hard to plan for and quantify. However, regulatory risk management continues to be a dynamic field of practice and opportunity. In a nutshell any risk management plan can be broken into three parts: Identification, measurement and monitoring.
Identify Existing and Potential Risks
Many small businesses are surprised when regulations change in an industry causing financial loss. However, most regulatory changes in the industrialized world are announced publicly in the mainstream and industry-specific media and even offer practitioners the opportunity to participate in the process of building new regulations. For example, the implementation of the U.S. Financial Accounting Standard 133: Accounting for Derivative Instruments and Hedging Activities, was announced in June 1998 but did not take effect until 2000, so those affected could take time to understand the necessary changes. When technology could not keep up with the changes the standard required, the FASB under the guidance of the Securities and Exchange Commission delayed the date. It was the proactive practitioners who wrote letters to regulatory agencies and kept current in the discussions who were the vanguard of helping define the regulations and mitigate a reporting crisis by delaying the start date. Reading industry-specific trade publications, business journals and even local business data will help identify changes on the regulatory horizon.
Adopt a global view. Knowing domestic regulations is no longer enough if a business has foreign suppliers, clients or merchants. Stay abreast of the issues affecting them and issues facing your industry in all the foreign markets in which you sell products and procure supplies. For example, agricultural regulations affecting pesticides in India requiring certain, more expensive pesticides can affect markedly net income and cash flow.
Stay flexible. Foster a culture that allows change to occur easily at the operational, financial and management level. Surprisingly, many companies that suffer needlessly when regulations change are those companies that refuse to accommodate the new ways. For example, Enron, shortly before the fall, did not change its risk management policies to accommodate the new accounting standards. The company decided to bypass the standard and opened itself up to high-risk energy and commodity transactions. When Enron tried to mitigate the financial hit with creative accounting, disaster ensued.
Quantify the Potential Damange
If a new accounting standard, employee protection law or industry-specific regulation is on the proverbial table, do not wait to see how it will all play out. Act as if the regulation is in effect when making capital budgets and cash forecasts. Adding this variable and projecting its possible effects in the future will let you know ahead of time how it will affect revenue and income and what capital will need to be set aside to implement changes in machinery, supplies and the workforce.
Plan for a worst-case scenario. Do not be conservative when making changes. If change is coming, expect it and have a plan in place. If capital reserves are dwindling, shore them up. Risk implies the worst-case scenario and being prepared for the worst financially will help navigate the unknown and potentially stormy waters of change.
Make necessary changes ahead of time. Proactive companies will often adopt regulatory changes before the “go-live” date and ask for feedback from the regulatory agency. While this may seem counter-intuitive to companies that want to use every minute to ensure compliance. For example, Union Carbide adopted FAS 133 nearly a year ahead of schedule and asked the SEC to proactively audit the company’s compliance. The SEC did and Union Carbide was able to work out its system bugs by the adoption date.
Monitor and manage going forward. Really this is just continued vigilance which is similar to identifying risk. Monitor and manage the risk going forward and continue to identify new risk on the regulatory seas of change.