Sue Copeman looks back at the hot issues of the past 10 years and finds them not too far removed from the topics that concern risk managers today

In most of the surveys conducted among businesses during the last 10 years, regulatory and legislative changes have come high on the leader board of major risks. This is hardly surprising. The EU has produced a plethora of directives during the period, also adding modifications to existing directives. Member states have then been faced with making the necessary changes to their national legislation, usually but not always within the required timeframe.

For most European companies, this has meant that compliance has shot up their agenda. Failure to comply may not only mean hefty penalties but can also result in loss of licence to trade in some countries.

Adding to problems is the fact that not all countries interpret framework EU directives into their national legislation in the same way. Such directives leave discretion to the member states in some areas so one country may have a stricter regime than another. Truly, the devil is in the detail!

Since its inception, StrategicRISK has tried to provide readers with essential information on the regulatory changes that are taking place. For example, the first issue carried stories on changes in UK company law, the revised OECD guidelines for multinational enterprises, and the implications of the Environmental Liability Directive. Indeed, following up modifications, we have revisited the latter on a number of occasions, including producing a stand-alone guide last year which highlights some of the legislative differences in major European countries.

We had quite a challenge too with the so-called “corporate killing” legislation in the UK. In the event, by the time they reached the statute books, the provisions had been so watered down that in hindsight the heading for our report in September 2000 – “No escape for corporate killers – companies who kill must pay the price” – was overly optimistic (or pessimistic depending where you are coming from).

At a very early stage, at the end of 2000, we spotted potential problems relating to anti-competitive practices, with an article on “Competing fairly”. Once again, this is a subject that we make no excuse for revisiting on several occasions, not least because of the far-reaching impact of the US Foreign Corrupt Practices Act. The lengths to which US regulators have been prepared to go to pursue non-US citizens has probably taken most of us by surprise.

Also on the subject of the US, 2002 saw the introduction of the Sarbanes-Oxley Act regulating financial protection and corporate governance. Non-US based companies were given an extension of time in which to comply but some European companies estimate that the costs have been huge. We dedicated some editorial space to complying with SOX although many of our readers seemed to view the legislation as an unnecessary evil.

Corporate governance, data protection, brand and reputational risk, intellectual property protection, IT security, crisis management, fraud and employee-related risks are all subjects on which we have focused more than once in the last 10 years. Our aim with these features was to pick up on relevant regulation and – all important – to communicate best practice.

In the last 10 years, it has been noticeable that when anything has gone wrong publicly, ie it’s been reported in the media, governments have responded with the “sticking plaster” approach of more legislation. The value of this reaction is questionable. Does anyone believe that the US will not experience another Enron or WorldCom simply because of the existence of SOX?

So there are two predictions that we can safely make for the next 10 years. First, it is that the spate of regulation will continue. Second, well publicised corporate transgressions and scandals will also continue. It’s hard to legislate for human failings.

Some of the directives that have taxed risk managers over the last 10 years

2000 Race Directive harmonising the level of protection from race discrimination across the EU

2000 Equal Treatment Directive a general framework to ensure equal treatment of individuals regardless of their religion or belief, disability, age or sexual orientation in respect of access to employment or occupation

2001 General Product Safety Directive protecting health and safety of consumers of products not covered by more specific legislation

2002 Directive on Privacy and Electronic Communications establishing rules protecting the right to privacy with respect to processing personal data held electronically and for the movement of such data in the EU

2002 - Waste Electrical and Electronic Equipment Directive (WEEE directive) aimed at minimising the impact of electrical and electronic equipment on the environment

2004 Equal Treatment Directive equal treatment between men and women in access to and supply of goods and services

2004 Environmental Liability Directive introducing polluter pays principle

2006 Equal Opportunities and Treatment Directive in respect of employment regardless of gender

2006 Data Retention Directive harmonising provisions on retaining communications data and its availability for dealing with serious crime

2008 Integrated Pollution Prevention and Control Directive requirements for potentially high polluting activities to improve environmental protection