R_Regulatory_M 2

Some industries and sectors are highly regulated and others are not. But one thing is clear: no one is untouched by the impact of regulation. Striking a balance between identifying and complying with existing regulation and preparing your business for new regulatory changes remains a perennial concern. 

The key question is – who’s in the driving seat? Are you letting regulation happen to you, or are you actively embracing it, influencing and exploiting the opportunities compliance can bring?

Regulation can pose difficult questions for businesses and is fast becoming an issue of increasing concern for CEOs. This message is crystal clear in PwC’s 18th Annual Global CEO Survey, launched earlier this year on the eve of the World Economic Forum at Davos. Polling over 1,300 CEOs in 77 countries, the survey, A marketplace without boundaries? Responding to disruption, shares CEOs’ views on the global economy, business strategies and the outlook for their companies and industries in the years ahead. Although the majority of CEOs see more opportunities than they did three years ago, they paint a picture of an increasingly fluid and disrupted environment. 

It’s not simply economic fundamentals that worry CEOs – an ever-increasing range of risks is emerging from more sources than ever before. National deficits, talent shortages and the speed of technological changes are just a few examples. However, regulatory changes are seen as the prime disruptive trend over the longer term, with 78% of CEOs concerned that over-regulation will threaten business growth prospects – up 6% from last year. And these concerns are not limited to industry-specific regulations but go much broader into areas like trade and employment. 

Some industries are undergoing more upheaval than others, with financial services poised for the greatest change. Regulation, not surprisingly, is the biggest
driver of change.

The emerging competitive landscape reveals the tension between the conditions needed for businesses to thrive and the existing framework of national and international regulations within which they operate. New models of competition, cross-sector, networked and decentralised, are straining against policies designed for a different world. And while global businesses are more connected than ever before, geopolitical trends seem to be moving in the other direction.

The survey results show that CEOs are divided as to whether collaboration between governments or between the public and private sector is improving the ability for businesses to compete across borders. Getting government and business on the same page requires a change in mindset, starting with the ability of both sides to understand each other’s perspectives. 

Business leaders clearly accept the need for regulation but want it to be more effectively designed and implemented. Governments, meanwhile, understand the need for better regulation but must deal with a legacy of policies designed to address very real problems of the past. Responding to business excesses in the wake of the financial crisis is a case in point: the large body of regulations put in place at the time were an answer to societal demands and a means to create a badly-needed trust mechanism. 

Trust is also key to ensuring more balanced policy outcomes. Trusted collaboration with government can strengthen the ecosystem of partnerships that businesses need to effectively leverage their capabilities. Working together as true partners, businesses can engage in continual dialogue with policymakers, bring proposals to the table and help craft solutions that are proportionate, accountable, consistent, transparent and targeted.

On another note, the private sector could be doing more to anticipate regulation and get ahead of it. A food company claiming health benefits could self-regulate its marketing and disclosures, for example; while a technology player that facilitates financial transactions could self-regulate its information security. 

Heading off potential regulatory concerns is plainly the best first option; government intervention is often driven by the perception that the right behaviours don’t exist in the marketplace. Anticipatory actions would also go a long way towards protecting reputation and maintaining customer trust. However, getting too far ahead risks committing the organisation to unnecessary or ineffective measures. 

There’s another challenge for businesses. They not only have to focus on what’s coming from their own governments, but deal with the emerging web of global regulation focused on privacy, cybersecurity, resilience and critical technology platforms. However, the ability to leverage a strong risk management programme can help companies avoid the biggest pitfalls, enhance profitability and improve performance. The goal is to mesh strategy, enterprise risk and business continuity systems to generate company-wide risk resiliency, allowing you to exploit opportunities to gain competitive advantage while minimising the downside.

Staying on top of regulation

It’s easy to feel overwhelmed by the sheer volume and complexity of regulation. This is made worse by an environment that can be multi-regulator and multi-jurisdiction, where non-compliance varies in impact and the regulatory landscape is constantly evolving. 

So, faced with this abundance of regulation, how do you stay on top of it? The reality is, many organisations don’t. Interpreting regulation and finding the right balance between responding to it and delivering ‘business as usual’ can be a struggle. If you don’t get your act together, the impact can be damaging – not just financially, but in terms of stakeholder trust, reputation in the market and regulatory focus. You need to find a way to navigate regulation. 

It may seem like a paradox, but if you sort it out and do it well, a good regulatory response buys you a lot of freedom, allowing you to invest in your business with less scrutiny. Being seen as a regulatory high-performer is a great way to be viewed by your regulator.

In addition, being a good regulatory citizen should underpin your broader business goals. Leading organisations that are regarded as good regulatory citizens are those that embrace regulation, recognising that it drives resilience, good practice, control, competition, governance and performance. 

Not all regulation is equal – some carries greater penalties and has greater impact. The distinction is key. Be clear what regulation matters now or in the future.

  • Keep an eye on the horizon: It’s understandable that regulatory focus tends to be on the here and now; however, keeping an eye on what lies ahead,  deploying an early warning system and engaging with the regulator throughout the process is key.  
  • Behaviours need to be part of your DNA: Too often businesses try to meet regulatory requirements  without embracing the people dimension. Everyone has a role to play in controlling the business and you won’t be able to sustain compliance if the right behaviours aren’t part of your organisation’s DNA.
  • Don’t forget the data: The key to good reporting often lies in the quality of your data. You need to know which data matters and what impact systems and human intervention have on the data on its journey to your reports. It’s important to shift the emphasis from the report itself as an output, to the process and controls used to generate it.
  • Stakeholder trust is key: Greater consumer power has come with the rise of social media, making it harder for organisations to maintain their reputations and customer trust. Those that regulation seeks to protect now have a greater voice for their concerns, and this is driving new regulation. Proactively communicating your regulatory performance – good or bad – to stakeholders can enhance your reputation and build trust.

Taking charge of your regulatory destiny offers countless benefits, including cost efficiencies, increased stakeholder confidence, freedom from scrutiny by regulators, and a greater organisational resilience to absorb and respond to new regulation. Here are a few things to consider: 

  • Regulatory resilience cannot be viewed as a one-off activity or initiative; it’s ‘baked in’ to business-as- usual, even when changing the business, through outsourcing, offshoring or partnering, for example. 
  • An outcome-based focus on regulatory compliance is key, making maximum use of processes, controls and enablers. It needs to be an aligned, prioritised response to strategic objectives, supported by frequent and open communication. 
  • It’s also important to bear in mind your partnerships with third parties. You need to look beyond your organisation’s boundaries to the extended enterprise and the responsibilities of third parties in order to keep up with your regulatory promises and standards. 
  • Board-level understanding of the regulatory landscape, horizon and strategic impact is critical, as is strategic engagement with regulatory bodies. 

At its core, regulation has an uncomplicated, even noble, purpose: to protect. Covering public safety and welfare, industry and revenue generation – we’d all agree that protection is a positive motivation. But the way you respond to regulation reflects the level of control you have in your business. Successful businesses are those where the board has adopted a different mindset to regulation and control and, in doing so, created significant value and opportunity. 

Getting your regulatory response wrong can mean fines or even worse. Getting it right is the only option. It’s time to look again at regulation and see it as a benefit and not always a burden. In today’s challenging business environment, where trust and transparency are highly prized, getting on to the front foot with your regulatory response with a well-executed and communicated approach can bring significant opportunities. 

Marco Amitrano heads PwC’s UK risk assurance services practice and is the firm’s global assurance markets leader.