Building a Case for PESTLE Risk Monitoring— How to avoid legal pitfalls in your business and supply chains

October 10, 2019 by Mark Dunn

In this fifth instalment, we take a look at the legal risk factors that might affect your business, and reveal what you can do to avoid any unintended legal or regulatory breaches in your organisation and its supply chains.

How do you manage third-party risk?

Nexis® Entity Insight helps you manage third-party risk—both before and after determining financial stress scores—so you can take action, fast.

Find out more

Regulations and laws are the essential components of ensuring a level playing field for businesses and societies, and they affect every business. The legal factors which affect businesses can both negatively and positively impact on how a company operates and how it is managed, regardless of the country in which it is located.

Regulatory risks, which can impact profit, reputation and business success, can occur even when an organisation understands its legal responsibilities because suppliers or other third parties expand regulatory risk exposure. In addition, the ever-evolving nature of the global regulatory environment means that organisations are exposed to risk if they do not conduct monitoring to gain real-time information on current and upcoming changes to policy and regulations. Legal risks are often prevalent in globally-operating and international companies, who, as well as identifying the laws and regulations in their main country of operation, must also analyse and identify those factors independently for every state or country they supply to or source from.

What are the legal risk factors?

  • Tax and custom regulations

This type of regulation will affect any company exporting or importing goods as part of their business operations. Regulations could include: country tax codes; tax restrictions for particular businesses; export and import restrictions; tax relief; income and corporate tax; overall tax; and fiscal policy.

  • General economic policy

All companies could be at risk of not adhering to general economic policy, as this type of risk factor can cover a broad range of themes and issues including: monetary or trade policy; property rights; government control on business activity (approval, licences, concessions); promotion of specific businesses (environmentally friendly goods, energy saving, healthy products; copyright and patent protection; privacy and data laws; and stock market reporting regulations.

  • Laws applying to employee protections

Laws around employee protection vary widely from country to country, which could put organisations at a huge reputational and regulatory risk of non-compliance. For instance, child labour laws in certain parts of Asia allow children as young as 14 to work in paid employment, in line with the International Labour Organisation. Other laws around employee protection could include: anti-discrimination laws; health and safety; trade union regulations; fair wage; health care; and retirement;

  • Laws applying to consumer protection and foreign trade

These laws are especially relevant for organisations selling goods directly to customers, and to those exporting goods to other countries. If new or changed laws aren’t monitored, regulatory action could result in suspended or interrupted supply, and impacts on profit and reputation with customers. Laws could include: weight and measurement laws; product description; consumer credit; age restrictions; social law (social value, transparency in supply chain, modern slavery); trade sanctions; and international trade agreements.

Data protection rules—keeping on top of change

Almost two-thirds of British businesses are unaware they could face fines of up to €20million with the introduction of new data protection laws, according to a survey done by YouGov for national law firm Irwin Mitchell.

Businesses can be fined up to £500,000 for infringing data protection laws, which are put in place to ensure people’s personal data are kept safe and secure. However, this upper limit is due to skyrocket to €20million or 4% of a company's global turnover, as of 25th May 2018. The report said it was "striking and concerning" that very few businesses were aware of just how high the new fines could be. These powers will be used in major breaches such as the 2015 hack of British telecoms firm TalkTalk that saw more than 150,000 customers' data compromised.

The data protection rules mean that companies need to effectively manage their legal risks or face huge fines—not to mention the reputational risk and drop in stakeholder trust that comes with a data breach.
In the U.S. there have already been changes to how data is handled through Safe Harbour Procedures, though some companies are still not managing their risks effectively. The Hamburg Data Commissioner fined Adobe €8,000 ($9,084), Pepsi subsidiary Punica €9,000 ($10,220) and Unilever €11,000 ($12,491) because they had not "established allowed alternative methods", six months after the transatlantic pact was struck down by the European Court of Justice.

Employee and customer protection—on the edge of the law

Legal risk factors can affect businesses even indirectly. For instance, in September 2017, Uber’s licence to operate in London was suspended due to the view by London officials that the company was operating on ‘the edge of the law’ in the way that it was handling the rights of its employees, and the safety of its customers.

Uber has faced criticism from unions, lawmakers and traditional drivers over working conditions, and unions have called on Transport for London to insist Uber guaranteed basic employment rights under the terms of its new five-year licence.
Ensuring that your business is aware of all relevant legislation regulating your operations can reduce both direct legislative risk in the form of fines, sentences, and suspension, and indirect legal risk in the form of criticism from unions, activists, governments, and customers over your practices and operations.

Legal risk and the impact on supply chains

Increasing awareness of potential legislative actions, and most importantly, building your understanding of exactly how they could impact on your business operations, allows you to respond proactively to minimise risk. How can you achieve better visibility into legal risk? Ensure you have a risk monitoring solution to rely on.
Designed as a cost-effective, off-the-shelf solution, LexisNexis Entity Insight helps organisations implement third-party monitoring— tailored to their specific risk considerations—to identify economic and other PESTLE risk factors across global news and market intelligence.

3 ways to apply this information:
1. Watch for the final blog in our PESTLE risk monitoring series; Environmental Risk

2. Arrange for a trial of our PESTLE risk monitoring solution, LexisNexis® Entity Insight

3. Share this blog post with your colleagues on LinkedIn.

How do you manage third-party risk?

Nexis® Entity Insight helps you manage third-party risk—both before and after determining financial stress scores—so you can take action, fast.

Find out more