Written by Jim Mitchell, Senior Risk Consultant for BBJ Group - Syracuse, NY
The internet likes nothing better than a scary meme, and “regime change brings regulatory uncertainty” is always ascendant among Environmental Health and Safety (EHS) reports whenever a new administration comes into office. Valid sources of regulatory uncertainty can arise at any time, including new or changed federal and state regulations, and agency policies for implementing them. Regime change magnifies these concerns (e.g., new policies, repeal or roll-back of proposed and existing regulations), but as discussed in this blog, the concern can be exaggerated and meaningful responses are available to EHS risk managers.
Types of risk associated with regulatory uncertainty include:
- Legal and regulatory risk (enforcement, penalties and liabilities)
- Reputational risk (company’s success or failure to address EHS concerns as perceived by the public, whether warranted or not)
- Business competitive risk (a.k.a. “Keeping up with the Joneses, Inc.”, or how a company’s EHS performance, including how it deals with regulatory uncertainty and change, compares to other companies’ performances and methods)
Despite any regime change, the resulting legal/regulatory risks generally require only “keeping the eye on the ball”, and continuing to do what conscientious EHS, legal and risk-management teams always have done. Compliance with existing regulations combined with systematic regulatory monitoring and internal compliance audits reduces the risk of penalties (specifically, EPA audit policies cap your risk of being penalized when a regulation changes, or despite best efforts to comply, you discover a violation in your operations). Boards and risk managers sleep better when they remember that while politician’s promises and press releases can be made overnight, actual rule-making processes move slowly… slowly enough to adjust course. The requirement to adjust course is rarely applied retroactively or suddenly under U.S. rulemaking procedures as well as those of the individual states and in many other developed countries.
Reputational risk is a separate category that nevertheless is largely managed by properly managing legal/regulatory risks. These two areas of risk overlap causally, because failure to comply with current or evolving regulations is both a reliable cause of reputational risk and a major source of such problems. However, because reputational risk deals in perceptions and stigma, it also requires broader, proactive and preemptive approaches to control messaging. Provided a company has a solid basis of legal compliance in place internally, such external messaging is both effective and within its control.
Competitive risk—“keeping up with the Joneses, Inc.”—also overlaps with regulatory and reputational risk. Failure to stay ahead of regulatory risks can limit opportunities for growth, from the risk of being shut out of markets as regulations change and in jurisdictions with different or more stringent requirements on supply chains, to customers who insist on “buying green.” Reputational loss can result in lost opportunities, as well. As regulations and public opinion on EHS issues evolve, capital investments or reallocation of assets may be necessary to comply with the law or satisfy market demands. Simply doing a good job at the status quo on EHS risk management is as noted above necessary, but it won’t always address these competitive and opportunity risks. By anticipating legal/regulatory changes and shifting market demands and adopting compliance measures before the changes actually occur, many regulated organizations have been staying ahead of the EHS regulatory curve, addressing reputational risk and maintaining competitive advantage.
Resource allocation is key to addressing all categories of EHS risks within the growing responsibilities of corporate risk management teams. Legal counsel and staff are already overstressed by their traditional areas of concern in EHS and other areas (regulations and enforcement, litigation, intellectual property). In the social media age, risk managers see increased demands overstressing their already limited time and resources (privacy and data security, crisis management). Risk managers address evolving risks and stay relevant through proper allocation of resources to protect the corporation and their team. This requires thoughtful analysis and some degree of triage: taking a hard look at regulatory uncertainty areas and monitoring coming regulatory changes, learning how to evaluate the actual levels of risk presented, and allocating internal and external resources effectively to address those risks in a prioritized way.
To summarize: The risks of regulatory uncertainty are real but can also be overstated. There isn’t as much uncertainty and risk as some media and bloggers might say or risk managers might fear. Change is slower, more predictable and more manageable than many believe. To reach workable solutions and allocate resources to EHS productively, organizations must understand the realities behind regulatory uncertainty, how managers can assess risks realistically, and to the degree possible, and how other corporations are managing regulatory uncertainty using internal and external resources.
 Superfund in 1980 being the notorious example, and one that led to a decade or more of litigating the validity of retroactive liability. This blog focuses on the remaining 99% of EHS legislative and regulatory actions.