Compliance Risk Management – Risk analysis (part 2)

Step 2. Identify causes and consequence scenarios

Causes and consequences for the bow-tie diagram are normally derived from the regulations as well as through consultation with risk owners and subject matter experts.

Common consequence scenarios for compliance risks (just a quick example, there is more) include:

Risk area Examples of consequence scenarios
Licensed activities and subsoil use
  • The need to re-obtain a license
  • Redemption of rights from other owners of the object
  • Fines for operating without the license
Environmental management (ecology)
  • Administrative fines
  • 3rd party claims
  • Production halt or stop
  • Criminal prosecution or management disqualification
Sanctions compliance
  • Fines as a proportion of revenue
  • Restrictions on existing or potential markets
  • Restrictions on capital markets and ability to refinance existing loans
  • Restrictions on the use of foreign technology or equipment
  • Losing control over overseas assets
Anti-monopoly compliance
  • Fines up to 2% of revenue
Tax compliance
  • Administrative fines
  • Additional taxes to be paid
Fire supervision, emergency protection
  • Administrative fines
  • 3rd party claims
  • Production halt or stop
  • Criminal prosecution or management disqualification
Labor and industrial safety
  • Administrative fines
  • 3rd party claims
  • Production halt or stop
  • Criminal prosecution or management disqualification
Covenant compliance
  • Repayment of existing loans
  • Increase in financing costs
  • Difficulty in refinancing
Economic and information security, state secret
  • Administrative fines
  • Criminal prosecution or management disqualification
Land and property relations
  • Administrative fines
  • 3rd party claims
  • Production halt or stop
  • Criminal prosecution or management disqualification
Construction and reconstruction of hazardous facilities
  • Administrative fines
  • 3rd party claims
  • Production halt or stop
  • Criminal prosecution or management disqualification
Physical security of production facilities and vehicles
  • Administrative fines
  • Criminal prosecution or management disqualification

An example for a bow-tie for a typical compliance risk is presented below:

Academic disciplines

Where, V – means several events can occur at the same time, and XOR means the variability of either one event or the other. For example, fines can be either for three days of water pollution (small), or for a year (moderate) or three years (large), and criminal prosecution and termination of business can occur simultaneously.

To be continued…

Check out other decision making books

RISK-ACADEMY offers online courses

sample85
+

Informed Risk Taking

Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!

$149,99$49,99
sample85
+

ISO31000 Integrating Risk Management

Alex Sidorenko, known for his risk management blog http://www.riskacademy.blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.

$199,99$49,99
sample85
+

Advanced Risk Governance

This course gives guidance, motivation, critical information, and practical case studies to move beyond traditional risk governance, helping ensure risk management is not a stand-alone process but a change driver for business.

$795

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.