What is regulatory risk and what does a regulatory risk professional do?

The regulatory landscape is complex and evolving. Regulatory risk is the risk that changes in laws or regulations will materially impact an industry or business. Such changes can increase the cost of running a business, reduce the attractiveness of an investment or change the competitive landscape.

Regulatory risk professionals help organisations to mitigate these risks by working closely with regulators and building expertise in the specific regulatory environment in which they operate. They follow sector developments to allow them to anticipate changes and use their knowledge to develop risk management frameworks, enhance compliance programmes and implement effective governance.

Key responsibilities

Responsibilities will vary, but examples include:

  • Managing known and emerging regulatory risks.
  • Designing and implementing risk and control assessments.
  • Maintaining weekly management control dashboards and regulatory reporting to ensure identification and visibility of key trends and emerging risks.
  • Assessing the impact of regulatory developments and assisting in implementation of new policies, procedures and controls as required
  • Updating senior management, head of compliance and other risk management functions about strategic changes and regulatory developments.
  • Identifying and resolving any gaps against regulatory rules.
  • Establishing and updating a calendar of regulatory, internal audit, compliance, and other reviews and identifying overlaps or gaps.
  • Leading the regulatory exam process through the documentation of potential issues and risks identified during reviews.
  • Training relevant staff on regulatory requirements and upcoming changes.

Why are they important?

Following the financial crisis, the regulatory environment has become more complex, with supervision and enforcement being more intensive and intrusive. Regulatory risk managers ensure organisations are able to respond to changes in regulation effectively.

Skills needed for this role

Regulatory risk managers are required to have a strong attention to detail and should be able to work independently, with minimum supervision or guidance. Strong written and verbal communication and presentation skills are also essential, as is the ability to influence key stakeholders. They must also be highly organised with excellent prioritisation and time management skills.

Strategic Professional Options examinations linked t this role

Advanced Audit and Assurance

Career opportunities presented by this role

Regulatory risk management can be a critical role in highly regulated sectors such as financial services or aviation. In these environments, changes to regulations can have a material impact on commercial performance and, as a result, individuals with specialist regulatory knowledge are in high demand. Staff in this field can be promoted to senior manager level, or by becoming more generalist in approach, can achieve board level positions such as chief risk officer.


High level competencies required include:

  • Advisory and consultancy

    A. Gathers and understands financial and non-financial information to develop complete knowledge of the client business and the environment in which it operates.

    B. Provides expert advice that will add value to the business and gain advantage.

    C. Identify and advise on business partnering to develop strategic relationships to create opportunities, improve performance and solve business problems.

    D. Prepare and present business plans and advise on the actions to implement these plans.


  • Audit and assurance

    A. Advises on and communicates effectively the role and scope of audit and assurance engagements to relevant stakeholders.

    B. Applies regulatory, legal, professional and ethical standards relating to audit and assurance engagements.

    C. Plans and prepares for audit and assurance engagements.

    D. Performs effective audit, and assurance engagements.

    E. Reviews and reports on the findings of audit and assurance engagements.

    F. Guiding efficient and effective operations.


  • Governance, risk and control

    A. Evaluates organisational structures and governance to protect the long-term interests of stakeholders.

    B. Recommends appropriate strategies to ensure adherence to governance structures and application of best practice internal controls.

    C. Identifies and manages risk appropriately.

    D. Uses risk management for the best interests of an organisation and its stakeholders.

    E. Monitors and applies relevant legislation, policies and procedures.