A stakeholder-based taxonomy for managing regulatory compliance risk and aligning to business strategy

Abstract

Despite advances in how organisations identify and categorise evolving regulatory requirements, there is no common alignment around a robust taxonomy to manage regulatory compliance risk. This paper explains the importance of risk taxonomy, and how objectives provide the lens through which to categorise risks in a robust taxonomy. It summarises a stakeholder-based approach for categorising regulatory compliance risk, providing a financial services taxonomy example that has been successfully implemented at CWB. The advantages of a stakeholder-based taxonomy approach are reviewed, including its (a) robust risk identification and assessment; (b) flexible application to any scale or complexity of enterprise; (c) natural alignment for structuring oversight; (d) facilitation of focused reporting and aggregated updates; (e) agility to apply to an evolving external landscape; and most importantly (f) alignment with processes and tools for strategic management. Areas for further research to expand that literature are proposed, building from the paper's two main ideas — applying an objectives focus to risk taxonomy, and using it to apply a stakeholder-based approach to regulatory compliance risk taxonomy. The paper concludes with practical next step considerations for chief compliance officers in managing their own programmes.