Compliance Risk arises from violations of laws, regulations, codes of conduct, and standards of practice. It can impact an organization’s ability to operate, potentially leading to legal penalties, loss of finances, and a decrease in reputational standing among other things.
Even if your business is completely lawful and ethical in its own operations, it can still be exposed to compliance risk by – for example – associating with another business that has been identified on sanctions lists or other international watch-lists.
There are steps companies can take to screen against hits on sanctions lists, but what we are seeing with the Russian sanctions specifically, is that it goes a little deeper than just the name of an entity or individual on a list. Russian sanctions include narrative and sectoral sanctions, which basically means that if an individual is on a watch-list, not only can an organization not associate with them, they also cannot associate with any company or affiliation under the individual’s name. As such, not only does an organization have to vet the subject against the list, they must also be aware of the individual’s footprint in the world.
Economic & Political Risk occurs when conditions such as government regulation, exchange rates, and political stability will affect an investment or the profitability of a business.
According to the World Economic Forum, the biggest economic risks of today have been formed out of the aftermath of the Global Financial Crisis of 2008. Among the top risks are unemployment/underemployment issues, social instability, state crisis, and large-scale migration. For example, public discontent is on the rise in Venezuela where demonstrations against corruption have been taking place. This may pose a risk to organizations and personnel operating in the area.
Reputational Risk is the threat of loss as a consequence of damages to an organization’s reputation, i.e. in lost revenue, increased costs, decreased shareholder value, etc. or as a result of an adverse or criminal event. A company’s reputation may help or hinder them in acquiring business partners.
A real world example of reputational risk is the damage that was done to Shell when it overstated its proven oil and gas reserves. The problem arose from Shell’s own interpretation of proven reserves being different from that of regulators, and over time that created a large rift. After the company announced that it would be starting a review, shareholders were concerned about the value of their investment and brought in the SEC and FSA to look at the stated reserves in more detail. What they found was that the figures were incorrect – up to 20% less than what Shell had previously reported.
What did Shell do right in this circumstance? Their cooperation with regulators in terms of opening their books ultimately helped to limit the size of the fines. However, what Shell should have done different was to own up to the error quickly, rather than letting it carry out for an extended period of time.
Furthermore, there was more reputational damage done when the considerable size of the severance packages to the Chairman and Head of Exploration was discovered. Giving huge payoffs to them seemed more like a reward than a punishment, which further deteriorated shareholder trust.