Companies today face a myriad of legal and regulatory risks that can significantly impact their operations and reputation. These risks can arise from various sources, including changes in legislation, compliance failures and the evolving landscape of industry-specific regulations. For instance, businesses must navigate complex laws related to data protection, environmental standards, labor relations and financial reporting. Failure to comply with these regulations can lead to severe penalties, including fines, sanctions or even criminal charges, which can disrupt operations and damage stakeholder trust.

To effectively address these challenges, companies should adopt a proactive approach to compliance and risk management. This involves conducting regular assessments of current practices and staying informed about changes in relevant laws and regulations. Establishing a robust compliance program that includes training for employees, clear policies and effective monitoring systems is crucial. Additionally, companies should engage legal counsel or compliance experts to provide guidance tailored to their specific industry and operational context. By fostering a culture of compliance and accountability, organizations can mitigate risks and ensure that they are prepared to respond swiftly to any legal or regulatory challenges that may arise.

Moreover, companies should also consider the importance of transparency and communication with stakeholders, including customers, employees and regulators. Engaging in open dialogue about compliance efforts not only builds trust but also demonstrates a commitment to ethical practices. Implementing whistleblower policies and encouraging employees to report potential violations without fear of retaliation can further strengthen a company's compliance framework. By prioritizing legal and regulatory risk management, organizations can safeguard their interests, enhance their reputation, and ultimately achieve long-term success in a complex regulatory environment.

1. Regulations and Demand for Accountability Set the Tone for the Future of ESG Disclosures (Updated)

In recent years, increasing pressures from a variety of stakeholders have combined to drive companies toward more sustainable practices in their business operations and greater transparency. The real game-changer, however, has been the proliferation of global environmental, social and governance (ESG) reporting regulations. Two of the major regulations in play are the Corporate Sustainability Reporting Directive (CSRD) by the European Union adopted on January 5, 2023, and the climate rules by the Securities and Exchange Commission (SEC) in the United States, adopted in March, 2024 — but there are others, as well. Here, we offer an updated overview of current global ESG regulations and ways companies can prepare to do business in the new regulatory paradigm.

2. A Guide to the EU AI Act: Regulations, Compliance and Best Practices

As artificial intelligence (AI) continues its explosive growth within organizations around the world, with virtually every business function exploring opportunities to increase productivity, efficiency and revenue growth, a growing collection of regulations, standards and frameworks is beginning to emerge. Among the most notable of these regulations is the European Union Artificial Intelligence Act, which went into effect in August 2024. The EU AI Act aims to address various aspects of AI, including accountability, risk management, data governance, robustness, security and transparency. In this whitepaper, we provide answers to some of the questions about the act that are heard most frequently in the market today. 

3. Manage and Administer Benefits: Employee Leave Benefits RCM

An RCM provides an overview of different control objectives that organizations should take into consideration and the corresponding controls to safeguard the company against risks, which may arise if not checked timely. Once customized to an organization, this document can help the user in assessing each control. The control assessment can then also be summarized to develop an action plan. This document outlines risks and controls common to the employee leave aspect of the 3.5.7 Manage & Administer Benefits process in a risk control matrix (RCM) format.

4. Enhanced Prudential Regulations for Foreign Banks (Regulation YY)

In December 2012, the Federal Reserve Board (FRB) published a proposed rule under the Dodd-Frank Act (DFA) to address enhanced prudential standards for foreign banking organizations (FBOs) with U.S. operations. Following a prolonged rule-making process, the FRB published a final enhanced prudential supervision rule, Regulation YY, on February 18, 2014. Why did the DFA require the FRB to implement enhanced prudential regulations? Which FBOs are affected by the FRB’s regulation? In this booklet, we will answer these and other frequently asked questions to help head office and U.S. management of foreign banking organizations understand Regulation YY.

5. Compliance With Security Laws Policy

This policy outlines an organization’s process for ensuring compliance with federal security laws. This sample focuses on preventing even the appearance of improper conduct on the part of anyone employed by or associated with the company. It states that the purchase or sale of securities while aware of material non-public information regarding the company, and the disclosure of material non-public information to others who then trade in the company's securities, are prohibited by federal security laws. The company’s board of directors has adopted this policy statement to satisfy the company’s obligation to prevent insider trading, etc.

6. Compliance and Regulation Management Review Memo

This tool outlines the steps for the review of policies, procedures and internal controls within a company’s compliance regulation management function. The primary objectives include: determine whether policies and procedures exist and are adequate in identifying and monitoring compliance with applicable laws and regulations; determine the laws and regulations in which lack of compliance most greatly affects the company; review the compliance processes and controls associated with the selected areas and review adherence to policies and procedures; and determine the status of internal audit’s recommendations delivered to the company.

7. COVID-19 Lawsuits Continue to Pose Ongoing Risk

As the COVID-19 pandemic wears on and 2020 nears its end, there has been a wide variety of litigation — at least 125 cases identified by Audit Analytics — related to the pandemic, under circumstances that would not have otherwise been present. The ongoing risk associated with COVID-19 litigation is significant, given the uncertain nature as to the duration of the pandemic and the diversity in the types of litigation that we’ve seen. In this article, Audit Analytics takes a closer look at these lawsuits stemming directly from circumstances caused by the COVID-19 pandemic and the various ways in which COVID-19 could post a litigation risk on an ongoing basis.

8. Compliance Risk Key Performance Indicators (KPIs)

“Compliance” is defined as acting according to certain accepted standards. Compliance could be external, such as industry laws and regulations that bind our clients, or internal standards such as controls and procedures that we must comply with. Compliance risk can result in failure to conform with laws and regulations that apply to a business process at the international, country, state and local levels. Organizations must be aware of and take appropriate steps to protect their rights, and remain in compliance with applicable laws and regulations. This tool features key performance indicators and questions organizations should consider when measuring compliance for business processes.

9. Manage Legal and Ethical Issues Key Performance Measures (KPIs)

Instilling an ethical work culture and ensuring compliance with laws, regulations and culturally based expectations are processes led by top-down management. They involve every stakeholder within the company's purview. Although laws, regulations and ethical standards are continually changing in subtle ways to fit changing business and social realities, their precepts remain rooted in the fundamental human ideal of right and wrong that transcend time and cultures. This tool contains two examples of how to standardize key performance measures for managing and understanding an organization’s legal and ethical issues.

10. Ongoing Risks of Government Lending Programs

Protiviti and the Los Angeles Chapter of the Risk Management Association (RMA) hosted a webinar last August titled ‘‘Ongoing Risk Implications of Government Lending Programs.’’ During the webinar, speakers discussed the current bank regulatory environment, credit risk issues, and fraud and compliance issues related to government grant and lending programs, specifically the Paycheck Protection Program (PPP). This article summarizes some key takeaways from the webinar and highlights five proactive steps lenders can take to self-discover fraud.