Compliance Risk Management – Risk analysis (part 2) RISK-ACADEMY Blog

Step 2. Identify causes and consequence scenarios

Causes and consequences for the bow-tie diagram are normally derived from the regulations as well as through consultation with risk owners and subject matter experts.

Common consequence scenarios for compliance risks (just a quick example, there is more) include:

Risk area	Examples of consequence scenarios
Licensed activities and subsoil use	The need to re-obtain a license Redemption of rights from other owners of the object Fines for operating without the license
Environmental management (ecology)	Administrative fines 3^rd party claims Production halt or stop Criminal prosecution or management disqualification
Sanctions compliance	Fines as a proportion of revenue Restrictions on existing or potential markets Restrictions on capital markets and ability to refinance existing loans Restrictions on the use of foreign technology or equipment Losing control over overseas assets
Anti-monopoly compliance	Fines up to 2% of revenue
Tax compliance	Administrative fines Additional taxes to be paid
Fire supervision, emergency protection	Administrative fines 3^rd party claims Production halt or stop Criminal prosecution or management disqualification
Labor and industrial safety	Administrative fines 3^rd party claims Production halt or stop Criminal prosecution or management disqualification
Covenant compliance	Repayment of existing loans Increase in financing costs Difficulty in refinancing
Economic and information security, state secret	Administrative fines Criminal prosecution or management disqualification
Land and property relations	Administrative fines 3^rd party claims Production halt or stop Criminal prosecution or management disqualification
Construction and reconstruction of hazardous facilities	Administrative fines 3^rd party claims Production halt or stop Criminal prosecution or management disqualification
Physical security of production facilities and vehicles	Administrative fines Criminal prosecution or management disqualification

An example for a bow-tie for a typical compliance risk is presented below:

Where, V – means several events can occur at the same time, and XOR means the variability of either one event or the other. For example, fines can be either for three days of water pollution (small), or for a year (moderate) or three years (large), and criminal prosecution and termination of business can occur simultaneously.

To be continued…