For over a decade, organizations have faced a deluge of new and more onerous regulatory requirements. Sarbanes-Oxley in the U.S. and similar rules in other jurisdictions were implemented in the wake of Enron and other failures in the early years of this century, and additional regulatory initiatives followed in the wake of the 2008 financial crisis. For many organizations, simply catching up to the requirements of the new rules and ensuring they are compliant with them has been a full-time task.
Further regulatory initiatives are on the horizon.
The OECD has initiated a Base Erosion and Profit Shifting (BEPS) project which, if adopted by G20 nations and others, will significantly change global tax rules.
Anti-bribery, anti-corruption, and anti-fraud measures are also an increasing focus of many regulators. While some jurisdictions believe more rigorous implementation of the current rules will be sufficient to address problems, others believe tougher rules may be required. In some instances, senior officers have been found personally liable for their organization's failure to implement sufficient anti-corruption measures; in other cases, organizations have had to pay significant penalties for not meeting requirements to protect personal data.
Pay ratios and executive compensation policies are other high priorities. The European Commission, for example, has proposed rules around "say on pay" that will give shareholders a binding vote on management compensation, while Dodd Frank in the U.S. gives shareholders a non-binding vote on pay.
A variety of measures have been implemented or are being contemplated to further shape organizational behaviour, including requirements to disclose the sources of precious metals, political contributions, environmental impact, executive health, and the representation of women at the board and management levels.
As organizations struggle to meet the many new regulatory requirements being imposed, many have yet to make the cultural changes necessary to adapt their business models to the changing regulatory landscape. Doing so will be a key priority, since the heightened pressures that have existed since 2008 are unlikely to ease in the future – and may well increase, given that social and media pressures are increasingly setting regulators' agendas.
Organizations also need to be mindful of social and media concerns since they are becoming as important as regulatory measures in affecting the way entities operate and the perceived acceptability of their business strategies and practices. This is a tricky process. Public perceptions of an organization and its business activities can change quickly with little warning, and organizations may suddenly find themselves out of step with their customers and other stakeholders.
Boards should ensure that regulation is a topic on their agendas, at least annually, and management should be asked to report to the board on new and proposed regulatory changes and their plans for responding to them.
Boards and management should also have open lines of communication with regulators, legislators and industry associations in order to discuss proposed rules and the impact they will have on the organization and its business, and alert regulatory authorities to any unintended consequences or unnecessary burdens that may be created by a proposed rule change.