The Top 4 Sources of Compliance Risk

When it’s your job to protect the company’s bottom line, the last thing you want is to get the company in needless and expensive legal trouble. Lawyers are expensive as are fines, and even the suggestion of criminality or unethical practice is bad for your reputation. So legal compliance is a fact of life for every company.

But while you want to be a good “corporate citizen”, you also don’t want laws and regulations to ruin your business model either. Changes in regulations and enforcement can have an enormous impact on your business. There’s really no ethical way around it. But, with proper risk management, you can play by the rules without being played by the rules.

To get you started in thinking about these risks, let’s review the top 4 sources of compliance risk:

Laws & Regulations

Failure to meet regulatory requirements can lead to fines, penalties, loss of operation licenses, and more. Other times, changes to trade regulations and agreements can affect international sales. Keeping up with constantly changing regulations and other legal requirements is difficult, and careful monitoring and prompt adoption is critical. Falling behind can slow operations and affect overall company performance.

In May 2019, British Steel announced it was on the verge of bankruptcy thanks to Brexit-related issues. Between the Brexit negotiations and the US-China trade war, the UK steel industry was not ready for their European partners to delay purchases nor the resulting in up to 25% tariffs on most of the steel exported to France, Germany or the United States.

Over 4,000 jobs at risk at their main plant, an estimated 20,000 more jobs along their supply chain were also in danger. The British Steel jobs were only saved once the company was sold to Jingye, in March 2020. As of March 2021, changing laws and regulations still leave the entire future of the UK steel industry in doubt.

The uncertainty around anticipated export laws made the Brexit-related regulatory risks nearly impossible to manage. While British Steel’s Brexit breakdown is an exceptional case, it serves as a cautionary tale of how regulatory risk can bring an entire industry to its knees. Every company needs to do their best to identify such risks and manage them as best they can before a crisis hits.

Employee Misconduct

Employees who break the law or violate ethical standards can have a disastrous ripple effect on a company. Company morale, culture, and stature are all put at risk for substantial legal and financial repercussions when employees, especially executives misbehave.

This happened to Alphabet, the parent company of Google. In 2019, shareholders filed a lawsuit against the board of directors. In the suit, the shareholders accused the board of shielding senior executives from claims of sexual misconduct. The shareholders claimed Alphabet had breached their fiduciary duty, abused their control, enriched themselves unjustly and wasted corporate assets. Google employees around the world walked out of their jobs in protest of a $90 million exit package awarded to an executive who was asked to resign over credible sexual misconduct claims.

Alphabet settled the suit in 2020. As part of the settlement, $310 million went to fund a council on diversity, equity, and inclusion initiatives. They also created a new Employee Disciplinary Committee and mandated coaching that would hold executives to a higher standard of conduct.

While Alphabet managed to mitigate the fallout with a legal settlement, the costs of employee misconduct were still incredibly high. The effects of employee misconduct rippled through the company, down to the employees and the shareholders. Had they managed this risk better from the start they might have avoided this entire mess.

Product Failures

Products that fail to deliver on your company’s promise can ruin your reputation and bottom line. But in some cases, they can get you sued by your shareholders as well. 

CD Projekt Red (CDPR) hyped up their Cyberpunk 2077 video game for over 8 years before its release in late 2020. Promotional videos promised a fully immersive futuristic world for gamers to play in. Despite countless production delays, over 8 million people purchased pre-order copies.

But the game completely failed to deliver a product worthy of that hype. It was full of game-breaking bugs and lacked many of the promised gameplay features. Those who bought and played the game were upset. The glitches and became the butt of jokes and memes for weeks following the release.

The product was so shoddy that Sony, which sold digital versions of the game in its online stores, halted sales and offered full refunds. In an open letter, Adam Kiciski, the CEO of CDPR, urged disappointed fans to take advantage of the offer. He even opened a phone hotline to help those having trouble getting refunds. As a result, the company’s share price plummeted 31% in a matter of weeks.

Following the drop, CDPR was hit by two shareholder lawsuits. The suits claimed that CDPR made statements about Cyberpunk 2077 that were “materially false and misleading” citing the many bugs in the console versions of the game.

While CDPR’s ultimate fate remains to be seen, what’s clear is the fallout that can result from a failed product. Even if CDPR manages to recover, it will be an uphill battle to rebuild their reputation both with consumers and shareholders. 

Safety Violations

Accidents happen. Sometimes human error is to blame, other times it’s the equipment. Having a culture of workplace safety can help reduce accidents and keep your company compliant. But if there is a lapse in those protocols or maintenance procedures, the results can be catastrophic.

The infamous 2010 Deepwater Horizon accident in the Gulf of Mexico, off the coast of Louisiana, is the largest offshore oil spill in US history. After the fact, investigators found the rig operators did not sufficiently conduct safety inspections on the very systems that failed. Fines from the US government totaled $20bn and the company was charged with manslaughter (later dropped) for the deaths of 11 of their workers.

Of course, safety issues of this scale are unique to the oil and gas industry. Still, this tragic event shows how overlooking a safety violation can snowball into a disaster for all involved. 

Conclusion

While the examples above are not the only sources of compliance risk out there, they do help illustrate their nature. It’s never just about following the rules to avoid a fine. Sometimes it’s adjusting to the changing rules to preserve your business. Other times it’s about being a good corporate citizen. At the end of the day, these are all things your company’s stockholders, future employees, and clients will look at when deciding if you truly are acting in their best interests. 

The best thing you can do to honor the needs and expectations of your stakeholders is to assess your compliance risks and manage them. They may not notice when things go right, but they will certainly notice when things go wrong