It's not surprising to learn that banking executives rate the risks associated with regulation more highly this year than last. The Vickers Review is just one example of a host of new recommendations around financial services regulation that the sector has been gearing up for, more or less since the financial meltdown in 2007/08.
Regulation retained its number one ranking from 2010 – up from second place in 2009 – according to Ernst & Young which carried out the study. Its researchers don't anticipate it being dislodged for some time either. "Regulation looks like it's got a substantial way to go," explains Gerard Gallagher, markets leader in EY's UK&I advisory arm.
"If you look at banking, for example, it's a huge issue. Equally, for the power and utilities industries, higher prices to consumers means more pressure on regulators to act."
Ernst & Young asked a panel of senior managers to identify the top risks and opportunities for their sector in 2011, then questioned 733 executives worldwide – 22 percent of them CFOs – about how these risks would define their business over the next two years.
So this is far from being a challenge unique to financial services. In four of the seven sectors within the survey, regulation now ranks as the number one risk.
Even in retail, not traditionally beset with rules, respondents ranked it second only to low-growth consumer markets – citing new payment regulations as well as changing terms and conditions of sale as key factors. (In fact, many of the other regulatory risks for retail derive from new rules in banking, limiting their access to much needed working capital.)
Respondents were asked to break down the drivers of regulation and compliance risk to help the survey team understand what exactly was worrying them. Ranking first are sector-specific regulations; second is new legislation. But others in the top seven include rules on corporate social responsibility – and public pressure.
"It's important to bear in mind that probably the most important compliance body is your customer base," Gallagher says. "They're the first to tell you when you're doing something wrong – and their decisions can have a much bigger impact than official censure or a fine. So the compliance function needs to be on top of what customers are thinking and be proactive in meeting their expectations."
Uncertainty is the key
But while understanding public pressure – particularly in the era of social media – is an important aspect of compliance, for most businesses it's those new rules that present the biggest risks.
Stuart Bridges, CFO of FTSE250 insurance giant Hiscox, backs up the findings. "It's massively on the increase. A particularly topical one for us at the moment, for example, is Solvency II. We also have the shift from the FSA to the Bank of England and all that entails. So we have considerable regulatory change – which only increases the risk."
If the new regulations were straightforward and predictable, the level of risk around them would be considerably lower. But they're not. "The problem for CFOs is that in many sectors, the details and pace of regulatory change aren't clear," Gallagher says.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.