A decade of comment

In most of the surveys conducted among businesses during the last 10 years, regulatory and legislative changes have come high on the leader board of major risks. This is hardly surprising. The EU has produced a plethora of directives during the period, also adding modifications to existing directives. Member states have then been faced with making the necessary changes to their national legislation, usually but not always within the required timeframe.

For most European companies, this has meant that compliance has shot up their agenda. Failure to comply may not only mean hefty penalties but can also result in loss of licence to trade in some countries.

Adding to problems is the fact that not all countries interpret framework EU directives into their national legislation in the same way. Such directives leave discretion to the member states in some areas so one country may have a stricter regime than another. Truly, the devil is in the detail!

Since its inception, StrategicRISK has tried to provide readers with essential information on the regulatory changes that are taking place. For example, the first issue carried stories on changes in UK company law, the revised OECD guidelines for multinational enterprises, and the implications of the Environmental Liability Directive. Indeed, following up modifications, we have revisited the latter on a number of occasions, including producing a stand-alone guide last year which highlights some of the legislative differences in major European countries.

We had quite a challenge too with the so-called “corporate killing” legislation in the UK. In the event, by the time they reached the statute books, the provisions had been so watered down that in hindsight the heading for our report in September 2000 – “No escape for corporate killers – companies who kill must pay the price” – was overly optimistic (or pessimistic depending where you are coming from).

At a very early stage, at the end of 2000, we spotted potential problems relating to anti-competitive practices, with an article on “Competing fairly”. Once again, this is a subject that we make no excuse for revisiting on several occasions, not least because of the far-reaching impact of the US Foreign Corrupt Practices Act. The lengths to which US regulators have been prepared to go to pursue non-US citizens has probably taken most of us by surprise.

Also on the subject of the US, 2002 saw the introduction of the Sarbanes-Oxley Act regulating financial protection and corporate governance. Non-US based companies were given an extension of time in which to comply but some European companies estimate that the costs have been huge. We dedicated some editorial space to complying with SOX although many of our readers seemed to view the legislation as an unnecessary evil.

Corporate governance, data protection, brand and reputational risk, intellectual property protection, IT security, crisis management, fraud and employee-related risks are all subjects on which we have focused more than once in the last 10 years. Our aim with these features was to pick up on relevant regulation and – all important – to communicate best practice.

In the last 10 years, it has been noticeable that when anything has gone wrong publicly, ie it’s been reported in the media, governments have responded with the “sticking plaster” approach of more legislation. The value of this reaction is questionable. Does anyone believe that the US will not experience another Enron or WorldCom simply because of the existence of SOX?

So there are two predictions that we can safely make for the next 10 years. First, it is that the spate of regulation will continue. Second, well publicised corporate transgressions and scandals will also continue. It’s hard to legislate for human failings.