Global Risk Regulator April 2021

The cold weather also increased costs such as natural gas and maintenance costs and affected the transportation of logs. The United States agreed to lift countervailing and anti-dumping duties so long as lumber prices stayed above a defined range. DoC initiated countervailing and anti-dumping investigations and named Canfor Corporation as a mandatory respondent. The core of the softwood lumber dispute is that the United States claims Canadian lumber is unfairly subsidized by provincial and federal governments.

The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. The Board continues to assess its oversight program, however, and will make appropriate adjustments to assure that it achieves the objectives of the Act in the most effective and efficient manner possible. The PCAOB model clearly resonates in countries that are seeking to strengthen the integrity of their own capital markets, and we are pleased that other nations are implementing similar models to auditor oversight.

In this usage, “hazard” is used to refer to the existence of possible harm and its potential severity, but does not convey any information on how likely it is that harm will be materialised. On the other hand, “probability” and “likelihood” refer only to how likely it is that something (e.g. a regulatory violation) happens, without consideration to the severity or scope of this adverse event. A critical capability to strengthen resilience is to develop robust business continuity and crisis response plans to enable the organization to respond to and isolate risks in a swift and agile manner.

Regulation of Financial Institutions Critical to Avoiding Spread of Global Risk,

We are now starting to evaluate the extent to which investors are recognizing improvement in the reliability of financial reporting by U.S. public companies. That is, today we are in a better position to reflect on the impact of the Act and whether we are on the right track in achieving its objectives. We are also seeing audit firms realign their business models to focus on quality audit services, ethics, and appropriate levels of independence. Regulators have also become more aware of how firms in the financial services sector have become increasingly dependent on technology and how any disruption to this technology could have serious repercussions from an operational resilience perspective. In Europe, the proposed Regulation on Digital Operational Resilience, otherwise known as DORA, is close to being finalised.

The National Oceanic and Atmospheric Administration (NOAA) recently predicted a seventh consecutive ‘above average’ hurricane season for 2022. This comes after suggestions by scientists that previous above-average seasons had been exacerbated by anthropogenic (human-caused) climatic factors. In line with this evidence, US political actors frequently depict climate-exacerbated hurricanes as a threat to national security. However, this rhetoric is not culminating in a sufficient adaptive and mitigative policy response.

How CEO should think differently about risk?

Another issue is the major negative effect of intrusive technological control and “automated enforcement” on trust, legitimacy of authorities and regulations, and voluntary compliance. As already indicated above, enforcement that is perceived as overly burdensome or hostile leads to a net reduction in compliance, e.g. as observed in tax compliance studies (Kirchler, Hoelzl and Wahl, 2008[57]). The feeling of unfairness experienced, even in minor cases, can be a negative driver of future compliance, and automated surveillance and enforcement eventually weaken the overall regulatory compliance level. In some fields, however, remote surveillance is used as a direct enforcement tool – e.g. automated cameras for speeding or compliance with other driving rules. Automated, remote surveillance is increasingly used in monitoring compliance with rules for long-distance trucking (particularly international shipments).

• While 75% of organizations report that having technology systems that don’t work together is a significant risk management challenge, just 35% of those are addressing that challenge in a formal, enterprise-wide manner.
• Twenty years ago, and particularly prior to the Bank of Credit and Commerce International (BCCI) scandal, banking supervisors had a less-developed approach to cross-border supervision.
• The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over.
• An organization’s risk management capabilities can create tremendous value if they help the organization take advantage of the upside of risks that have higher payoff.

Regulatory risk is the risk that a change in regulations or legislation will affect a security, company, or industry. Poland has been strengthening partnerships with large American tech companies to facilitate cloud adoption in the past few years. However, simultaneously, Polish authorities have been following Brussel’s lead in regulating tech giants and working on adopting proposals intended to curb their market power. Taking the EU’s tech regulation proposals a step further, the Polish government also proposed a bill intended to prevent social media platforms from blocking or deleting certain posts. Stringent tech regulations might create an unfavorable business environment for tech companies who have been expanding their operations in Poland, and may stifle technological innovation. The importance of transparent engagement with the public on risk (i.e. going beyond just risk communication, but also inviting and responding to public input) is linked to the broader issue of public trust in government and legislation, which has become particularly acute in recent years (De Benedetto, 2021[72]).

Inspections

In these updates, we will bring you expert coverage and comment on the most pressing areas of financial regulation including crypto, ESG, prudential and markets regulation – bringing you timely intelligence that will help you to do your job better. Assistance to develop, implement, and manage global compliance and regulatory consulting programs. The interconnectedness and velocity of risks has increased in recent years, and it now takes different approaches to see them, and the entire organisation to address them. In becoming more proactive in preparing and adapting to risks, you can become more resilient. But through building resilience, you’ll have a strategic advantage and be better placed to respond to disruption in a seamless, coordinated and efficient manner.

Global foreign direct investment recovery remained “bumpy” and in 2012, had suffered from an 18 per cent decline following a significant increase in 2011, he said. Developing and transition economies absorbed more than 60 per cent of global foreign direct investment than those in the developed economies. In recent years, foreign direct investment to developing countries had been on the decline. For the first half of 2013, inflows to the United States and France had dropped while foreign direct investment in the United Kingdom had increased. Indeed, the share of more restrictive or regulatory investment policies continued to increase.

Take a deep dive into the risk regulatory landscape for 2023 and beyond

When connected to key business risks, key risk indicators (KRIs) provide leading indicators of the risk environment in which the organization operates. Movement in KRIs provides early-warning signals to leaders to reevaluate strategies, risk management capabilities and risk mitigation activities. Examples of KRIs to monitor ransomware risk, for example, may include phishing occurrences, the number of open critical points, email security issues or leaked credentials. Supply chain risk KRIs might include supplier quality ratings, violations, financial health measures and more. There is a natural degree of variation in the approach to auditor oversight taken by other bodies, and we are cognizant that certain differences may provide opportunities for what a tax practitioner might call regulatory arbitrage. This is one of the many motivations for auditor oversight bodies to coordinate globally and share approaches.

These can include the use of a centralised database and common system by a number of regulators and possibly by health-care providers too, or tools to exchange information in an automated way between different systems. Sharing information between different regulatory agencies allows them to ensure that data on supervised entities is as up-to-date and comprehensive as possible, and also to avoid duplication of control activities. Information sharing with the healthcare system allows regulatory agencies to better assess the emergence of new risks and evolution of known ones, and thus target their interventions better, both in terms of which establishments they visit, and which industries, products, etc. they focus on. In the United Kingdom the 2008 and 2014 Regulators Codes provided the legal basis for the so-called “Primary Authority” scheme (see Box 6.8), which enables businesses to receive advice from inspectorates on how to meet regulation through a single contact authority.

Lithuania: Law on Administrative Procedures 2012

Risk (and specifically public risk), in addition to its growing use in industry and business, as well as in safety management overall, has over the last couple of decades become increasingly used in a regulatory context (Burgess, 2009[1]). Indeed, in the perspective of trying to improve regulations’ ability to achieve their intended outcomes, and of minimising the burden and unintended side-effects they create, risk is a key tool. Between 2007 and 2010, Campania Region undertook a reform of the food safety inspection system, moving from a regulatory delivery regime mostly focused on deterring non-compliant behaviours to a risk-based system based on the requirements set in the EU Hygiene Package. The reform initiative took place based on a specific regulatory demand, following some major accidents and a breakdown of trust of the private sector and the public (due to insufficient official communication on risks and to the lack of effectiveness of the control activities related to risk management). The underlying systemic problems that prompted the reform initiative were, among others, the lack of a planning system of controls based on risk categorisation. In addition, to provide an initial view of the “delivery” stage, the Secretariat gathered data on regulatory inspections and enforcement staffing resources in as many OECD member countries as possible, focusing on selected regulatory functions that are particularly prominent in terms both of public perceptions and of actual share resources.

The whole approach underlying Primary Authority relies on a high level of professionalism of inspectors, and in particular on them having fully internalised (and being fully proficient) in risk assessment and management. It also requires inspectors to know how to work with businesses in a co-operative way, how to explain and convince – but also how to investigate and spot hidden problems. The foundation of this approach is that inspectors (regulators) need a set of “core skills” (related to risk-based regulation and regulatory delivery) in addition to specific technical skills depending on their domain of activity. These core skills are organised in several groups, including “risk assessment”, “understanding those you regulate”, “planning activities”, “checking compliance”, “supporting compliance”, “responding to non-compliance” and “evaluation”.

Under the PCAOB’s rules, in appropriate cases, the PCAOB may rely on the inspections and other work of those oversight bodies in achieving its own oversight mandate. Specifically, the PCAOB rules enable it to rely on the work of the home-country regulator and to assist non-U.S. Authorities in their oversight of U.S. audit firms that are within the regulatory jurisdiction of the non-U.S. Due to the increasingly global footprint of large audit firms and the increasing inter-relationships between capital markets, auditor oversight bodies must continue to find ways to enhance coordination of work and exchange experiences. The global business community continues to expand its reach and becomes more interconnected every year, making it increasingly difficult for organizations operating in multiple countries to manage their risk.

The gist of the argument is that regulations and regulatory systems are established, or at least so it is assumed and/or proclaimed, in order to strengthen, enable, (re)establish trust – but that they may sometimes be worse than failing at the task, but even actively increasing distrust. For example, in Canada, the CFIA received funds for the purpose of hiring and training staff to conduct critical inspections and to carry out enforcement activities through the use of digital tools. Global Risk and Regulation The CFIA also developed criteria for remote audits of the certification bodies to reduce on-site activities under Canada’s Organic Regime. New technology, modernisation of systems, and new smarter strategies helped increase enforcement capacity during the crisis. The adoption of new methods as an attempt to overcome the mobility restrictions and social distancing rules accelerated the introduction of services that simplified processes and increased operational efficiency.

The philosophy of the approach is to concentrate on understanding of risks and on how to respond to, and handle them. Crucially, it has been found through repeated studies that levels of control that are perceived as “excessively high” actually end up decreasing compliance (Kirchler, 2006[17]), in addition to the perceived control burden creating disincentives to investment and growth. Instead of responding to increased controls by higher compliance, businesses and citizens can end up “resisting” when they face very high burden, that they perceive as unfair, thus reducing voluntary compliance. Such effect is predicted by “procedural justice” compliance models (Tyler, 2003[18]), which have also shown that people react negatively to processes where they feel disrespected, where they do not think decisions are being taken in a manner that is understandable and ethical.