6. Regulatory/ Legislative Changes

In July 2021, Didi Global, a dominant ride-hailing service in China, went public on the New York Stock Exchange. With shares rising 16 percent on the first day, it was poised to become one of the biggest and hottest IPOs in years. However, two days later, China’s internet regulators suspended the company from registering new users on the grounds that the company mishandled sensitive data that could pose risks to personal privacy and national cyber security. Subsequently, Chinese authorities removed 25 Didi mobile apps from Apple and Android stores.

The penalty for Didi highlights a series of sweeping regulatory actions taken by the Chinese government against the country’s big high-tech companies. At time of writing, China has released a five-year blueprint calling for greater regulation in areas including data security, technology and monopolies. Compliance will be strengthened in sectors ranging from food and drugs to big data and artificial intelligence.

Even though these aggressive and abrupt moves by Beijing have caused upheavals in the global equity market, experts say many of these issues are not China-specific, and other governments in Europe and the U.S. have advanced similar overarching reforms in connection with user data and taxation. Of course, the difference is that regulations in the West are often constrained by a balanced and complicated legal and legislative system.

Regardless, in the post-pandemic era, when governments around the world are expected to expand their authorities in the areas of public health, financial markets, climate change, taxation and technology, the global regulatory landscape for businesses has become more complex and challenging.

In the U.S., the 2020 presidential election led to drastic changes in compliance. In 2017, President Donald Trump issued an executive order that required agencies to cut two regulations for every new one issued, launching a term filled with regulatory rollbacks. Four years later, President Joe Biden has reversed much of the Trump administration’s deregulatory agenda and detailed his ambitions to dramatically expand the scope of his administration’s involvement in education, healthcare, immigration, the environment and taxation.

In the U.K., as Brexit has reached its endgame, businesses are facing many uncertainties and anticipate significant changes relating to compliance with evolving U.K.-EU regulatory divergence.

The EU is currently at the vanguard of ESG measures. The newly implemented obligations for ESG disclosure, the likely forthcoming mandatory human rights, and environmental and governance due diligence will have widespread repercussions for companies domiciled in the EU as well as those operating within the EU.

In Latin America, with resource nationalization firmly back on the agenda for a host of governments, the long-term regulatory outlook for the energy sector appears to be more uncertain.

Regulations are supposed to represent an important policy tool for addressing market failure, protecting both businesses and consumers and advancing effective national policymaking. However, businesses feel that some legislative and regulatory processes have strayed from their original intent. Regulations are becoming so burdensome and stifling that they have undermined their effectiveness in rejuvenating the post-pandemic economic recovery and serving public interest.

For example, in the area of emerging technologies, experts claim that regulations are proliferating rapidly in areas of emerging technologies. In its 2019 Cyber Security Risk Report, Aon points out that "cyber security regulations have gone viral" because laws, rules, standards and guidelines are being proposed and implemented in federal agencies, local legislatures and the business world. Complex and overlapping cyber regulations run the danger of actually creating more cyber risks, not fewer, because compliance obligations overwhelm the chief information officer and a "check the box" mentality ends up replacing best cyber-security practices. This does not even take into account the hefty fines for regulatory violations.

Such concerns are also well documented in Aon’s 2021 Global Risk Management Survey, in which regulatory or legislative change is ranked as a number six risk. Regulatory or legislative change has typically occupied a higher rank on Aon's top 10 risk list. It was ranked at number two from 2007 to 2015 before slipping to number 10 in 2019.

Representatives from the much-regulated insurance sector rate this risk at number two: Industry is anticipating more legislative efforts to refine existing regulations and expand into new areas such as climate risk and InsurTech supervision.

Fortunately, at the height of the pandemic, many governments reduced enforcement of laws, rules and regulations and stalled new legislation to allow companies to quickly respond to consumer demands. In some countries, regulatory agencies have paused or delayed many of their oversight activities. Industry leaders and policymakers may take advantage of the situation and question the value of many regulations that had to be suspended in order to effectively respond to the market and consumers.

But in the long term, as laws and regulations are becoming ever more overarching and detailed, organizations will have to adapt quickly. The consequences of non-compliance will be more severe and rigorous. Even though regulatory risk is not an exposure that can be insured directly, like other emerging areas of volatility it will continue to be an important facet of any comprehensive and informed enterprise risk management program.

For example, multinationals should consider an integrated global compliance infrastructure that can respond effectively to the different enforcement environments in various jurisdictions. The compliance team should be involved in the product-development, risk assessment and design stages to ensure compliance with the most stringent regulatory standards in the different markets. At the same time, it is also imperative to enhance the ability to manage an ever-increasing number of regulators and respond to multiple simultaneous, parallel enforcement actions in different countries.

Rankings in Previous Surveys

Rankings by Region

Have a question? Contact us.

Top 10 Risks

7. Pandemic Risk/Health Crises

©2021 Aon plc. All rights reserved | Contact Us | Privacy Policy | Legal