RiskMap 2024 | Martina Rozumberkova | Principal
The key risks that we highlight in RiskMap 2024 may seem overwhelming in their diversity and implications. For legal and compliance teams, the focus should be on the rapidly evolving risks in three areas: geopolitical realignment, risk management overload and digital integrity.
The great realignment: acting globally, surviving locally
The continued disruption to supply chains presents very specific compliance challenges for companies operating globally. The disruption includes changes to supply chains themselves as well as changes in cross-border relations, such as moving from a single source to multiple sources.
But it is the disruption stemming from moving operations and/or manufacturing to new countries and new territories – such as US companies reducing their presence in China – that deserves some careful attention heading into 2024.
Many companies will maintain their operations in China since China is still an important and attractive market. But international and especially US companies must be prepared to enhance and modify their compliance programmes to address the everchanging business environment within China. For example, companies must be able to comply with the new restrictions on US companies operating in China, including new privacy laws, or be ready to respond to the new wave of Chinese government enforcement actions focused on the healthcare sector.
Those companies diversifying operations to other countries such as Vietnam, India, Morocco, Turkey, Hungary or Mexico, must address and mitigate risks specific to these jurisdictions. Companies have their work cut out for them: they need to develop and implement new policies and procedures aligned with local conditions, conduct training of local employees, and revise their management of third-party relationships to correspond to local conditions (e.g., different privacy laws in different jurisdictions).
Reliance on new third parties in new territories will represent some of the most significant challenges for any company. Companies will need to revise their due diligence processes for selecting and engaging with their new suppliers, distributors, agents and other third parties conducting business on the companies’ behalf. The level of difficulty in conducting due diligence may vary depending on availability of information. Companies should also consider developing and implementing periodic audits to review the third parties’ compliance with applicable laws and regulations.
Risk management overload: crisis everywhere
Risk management functions are feeling pressure as multiple ongoing crises and an accelerating cyber threat landscape have created a sense of “crisis everywhere”.
One area where risk management functions are feeling the heat is from regulators. The US Department of Justice guidance (Evaluation of Corporate Compliance Program) was updated in March 2023 to emphasise risk assessment as one of the key components of a company’s compliance program. The risk assessment needs to be tailored to the company’s specific conditions and should be frequently updated so it can provide a basis for changes to its compliance program, including changes to policies and procedures; additional training for employees, suppliers, distributors and other third parties; and management of the third parties.
Companies should review and update their risk assessment methodologies to be able to identify and properly address the new areas of risks to be ready for an increased level of scrutiny.
Trust deficit: digital integrity frays
Regardless of where companies choose to operate, they will face increasing risks related to the safeguarding of the integrity of their internal systems and their data from emerging threats of cyberattacks.
To safeguard the data and to achieve and maintain compliance with the required laws and regulations, companies will need to conduct periodic systems reviews and be more proactive in reviewing and updating policies and procedures to meet the demands of an increasingly fragmented regulatory landscape. As AI capabilities continue to develop and are implemented in operations, the rush to regulate will require the rapid development of new policies and procedures to address potential compliance issues and take into account the new, and sometimes hastily developed, regulations for AI and other emerging technologies. Companies need to be ready.
The bottom line: review and assess
Shifting geopolitical realities, including competition between the US and China, several armed conflicts around the globe, and other trends, bring many challenges for companies operating in the global economy. Any company with international operations aiming to stay competitive and in compliance with all applicable laws and regulations will need to review and assess its risks to address the ever-changing risk landscape.