The biggest risks, according to E&Y

According to Ernst & Young's Business Risk Report 2010, here are the top 10 risks that businesses are facing today:

  1. Regulation and compliance
  2. Access to credit
  3. Slow recovery or double-dip recession
  4. Managing talent
  5. Emerging markets
  6. Cost cutting 
  7. Non-traditional entrants
  8. Radical greening
  9. Social acceptance risk and corporate social responsibility
  10. Executing alliances and transactions

Regulation and compliance is at the very top of the list this year. That's up from position 2 last year. It was also number 1 in 2008.

But there's a lot more to regulatory compliance that just the things that information security deals with. Here's how E&Y described the risks that businesses face from regulation and compliance:

Regulation and compliance has remained one of the most prominent risks since 2008 when these reports began. In 2008, regulation and compliance risk topped the global list. In 2009, this risk was only exceeded by worries about the credit crunch. For 2010, regulation and compliance has resumed its place as the Number 1 threat, not only for financial services, but also across a spectrum of sectors, from oil and gas to real estate, and from life sciences and technology to telecoms. Compliance risks are also notable in the automotive sector and the power and utilities sector.

For the financial services sector, the risk of encroaching regulation is still growing with severe worries regarding a poorly designed regulatory response to the credit crisis. Coordination among governments worldwide has the potential to fall by the wayside, increasing the risk of uncoordinated and conflicting new regulation. Banking executives and academic analysts expressed concern that this could result in an over-regulated sector and greater protectionism, preventing global firms from effectively operating across borders.

Our interviewees worried that, in the wider financial sector, regulatory reform proposals have the potential to destroy customer and shareholder value. "New taxes and higher capital requirements will impair the industry’s ability to absorb risk, impose a competitive disadvantage when it comes to attracting capital relative to other financial market players, and more broadly constrain the industry’s ability to meet its social and economic function as ultimate holder of risk," wrote Daniel Hofmann, Group Chief Economist at Zurich Financial Services. Firms need to rebuild trust, and act in concert to convince governments, regulators and the public at large that their activities do not create systemic risks.

Uncertainty over regulation was another problem raised by many panelists this year. Uncertainty both damages investment and the ability of companies to act. "Governments need to move fast to remove uncertainty, particularly regarding regulation of the financial sector," wrote one panelist. Similar concerns were raised beyond the financial services sector in telecoms, power and utilities, and oil and gas.

Companies can take a number of steps to respond to this risk. First among these is planning ahead and preparing for expected changes in regulation now, rather than waiting for regulations to be imposed. Trying to respond to new regulatory standards in a short space of time can be difficult, especially in a climate where forbearance may be scarce. Avinash Persaud, an independent consultant on finance and policy, commented that forthcoming regulations were likely to favor banks with larger deposits. To respond proactively to such fundamental changes may require companies to take a long view on possible regulations and consider alternate scenarios.

So information security is part of the biggest risk that businesses are facing today, but there are also lots of other issues related to regulations and compliance that are making life difficult for people in the business world. So don't be surprised if the divisions tasked with ensuring regulatory compliance grow significantly over the next few years. And also don't be surprised if most of that growth is in areas other than information security.

Leave a Reply

Your email address will not be published. Required fields are marked *