Navigating Modern Risk & Regulation: A Field Guide



Though it may sound contradictory, an ever-changing risk and regulatory landscape has become a constant for most industries. But today it seems that this landscape is moving at an even more rapid, break-neck speed than in previous years. And this turbulence is happening concurrently with two other trends:  


  1. The competitive pressure to be at the forefront of innovation, and  
  2. Budget constraints stemming from economic factors, including workforce stagnation, inflation, ongoing supply chain disruptions, high-interest rates, and more.

So, how can your organization adapt to these competitive and economic pressures, while also navigating an uptick in regulatory changes? By turning your focus to proactive solutions that allow you to break free from the cycle of reactivity. 

Navigating Modern Risk & Regulation

Why is this shift so critical? Reactive organizations are likely to spend more resources attempting to play catch-up as new requirements come down the pipeline. Whereas proactive organizations are better equipped to maintain and update compliance processes without compromising operational efficiency. And when new regulations are a guarantee, it’s imperative that businesses have the tools, capabilities, and processes in place to anticipate them and adapt accordingly.  

This field guide has been designed with that goal in mind—outlining the top trends of today’s regulatory landscape and presenting solutions for proactive risk and compliance.

Navigating Modern Risk & Regulation


We consulted with industry experts across our firm to build this comprehensive guide, where we’ll explore: 

  • Current trends: What our experts are seeing and how it’s shaping the landscape.
  • Solutions for proactivity: Ways to ensure your organization isn’t caught in the cycle of risk and regulation reactivity.

Let’s get started. 


Leaders across both the private and public sectors are facing a more rigorous regulatory environment than ever before, but why? Here are four trends most prominently shaping today’s risk and regulatory landscape. 


A need for speed:

The pace of today’s business landscape is relentless. Customers want faster transactions, technology is rapidly advancing, and competition is fierce. Organizations are feeling the pressure to keep up. But compliance experts must walk the tightrope of balancing customer demand against business needs. And leaders must find ways to develop new products and services—or streamline existing ones—without sacrificing safety. And it’s a delicate balance between accelerating time to delivery, maintaining compliant processes, and adhering to emerging regulatory requirements. But for industries with stringent regulations, it’s not just about hitting deadlines; it’s about acing them while playing by the rules.  

With no signs of things slowing down, becoming a proactive organization means embracing the dance between speed and compliance, and innovation and regulation.  


Artificial Intelligence (AI) and other emerging technologies:

Speaking of speed—the drive to embrace cutting-edge technology presents a similarly contentious area for businesses and regulators.  

When it comes to AI, most leaders see a tool for elevating efficiency and driving productivity. But regulators and compliance leaders are more inclined to see greater exposure to risks and vulnerabilities, like cyberattacks and data breaches. 


Enter: The tense intersection of technological innovation and regulatory governance.

The challenge that lies ahead for compliance leaders is ensuring that ethical and compliance standards remain at the forefront of their operations. And as these technologies continue to mature, we expect them (AI specifically) to extensively influence the regulatory landscape.

Navigating Modern Risk & Regulation

A culture of ESG:

The escalating focus on Environmental, Social, and Governance (ESG) policies is already proving to be a game-changer in the risk and regulation sphere. More specifically, customers and employees are becoming increasingly tuned into the climate and many are only interested in associating with companies that align with their values.  

More than 60 percent of consumers base their purchases on sustainability criteria, and at least one-third of Gen Z survey respondents claim to have turned down a role if the organization lacked eco-friendly initiatives.

Navigating Modern Risk & Regulation


Although U.S. frameworks remain somewhat undefined, growing demand for sustainability will likely be a catalyst for regulatory bodies to design and enact clearer guidelines around ESG compliance. 

Organizations navigating this landscape should not view ESG pressures as trends, but as fundamental shifts. And leaders must make a proactive effort to remain up to date on evolving ESG regulations and protocols.  

It’s an election year:

As we’ve outlined, there are trends that make up the turbulent risk and regulation landscape. Tack on the myriad of potential futures that come with an election year, and the stage is set for a whirlwind of further change and uncertainty.


Navigating this trend proactively requires a keen understanding of the political climate, as shifts in leadership can usher in new regulatory frameworks or alter the enforcement priorities of existing ones.

Organizations should stay on their toes, tune into political developments, and be ready to adapt their compliance strategies to align with potential policy shifts.

Navigating Modern Risk & Regulation

Solutions for navigating risk and regulatory uncertainty

Based on the trends outlined above and what our experts see in the field, we’ve compiled five effective solutions for bringing proactivity to your organization’s risk and compliance.  


Transformation Thinking 

Proactivity is equal parts mindset, capability, and process. With today’s rapid pace of change—especially in the risk and regulation sphere—business leaders must be able to plan for multiple futures so that they can adapt. And that’s where it’s helpful to bring in three distinct schools of thought—design, systems, and scenario thinking—to ensure your business is made for change.

Design: Understanding and addressing the needs and perspectives of your stakeholders (regulatory bodies, customers, employees) and fostering collaborative solutions that enhance compliance and preserve positive experiences.

Systems: Encouraging symbiosis between people, processes, governance, technology, and data to bridge the gap between ideas and execution. Systems thinking helps your organization digest regulatory updates and enhance compliance.

Scenario: Exploring alternate risk and regulatory futures, determining the potential resulting impact, and determining the most effective strategy for enhancing compliance without disrupting operations.

For a more in-depth understanding of transformation thinking—and ideas for applying it to your organization—check out our perspective, “Transformation Thinking: The Three Schools of Thought That Matter.”


Invest in your infrastructure

The second—and most foundational—solution on this list is investing in your infrastructure. This includes any processes, policies, data, technology, operating models, or ways of working used to fortify your organization against risk.  

Navigating Modern Risk & Regulation


It dictates your organization’s ability to continuously digest regulatory changes, assess and mitigate risk, and be compliant. But what makes a strong risk and compliance infrastructure? Here are the three qualities yours should have:

First, it needs a governing body: There should be a collective body within your organization that discerns, digests, and dispatches critical regulatory updates. 

Let’s take that a little further:

  • Discern: Your governing body should diligently follow relevant regulatory developments and glean real-time information as soon as possible. This way, they can consider potential implications ahead of time and reduce surprises that slow down your organization.
  • Digest: When new rules are introduced, you need a governing body that can examine different value streams and assess how, when, and where they will affect the organization.
  • Dispatch: Then, this collective should use appropriate channels to make critical details known to the appropriate parties.

Second, it should be comprehensive and transparent: The ability to dispatch critical details—as mentioned above—will only effectively boost proactivity when done comprehensively. By that, we mean ensuring that regulatory knowledge is shared throughout the entire organization with full transparency, from the top all the way down.  

Third, it should be flexible and responsive: As we’ve stated, the current risk and regulatory climate is a turbulent one—with even more change on the horizon. And as these changes occur, so will the areas of your business that are the most heavily impacted by regulatory requirements. Agility must be woven into your infrastructure, so it can flex and adapt accordingly.

Pro-tip: Systems thinking can help you create a strong, agile infrastructure – one that enables your teams to leave behind the reactive cycle of scrambling to cope with evolving regulations.  


Prioritize people-centricity

Risk and compliance processes, structures, and operating models are critical to success—but it’s your workforce ultimately carrying them out. You need to arm your teams with the tools, resources, and knowledge they need to support operations and proactive risk and compliance.  

Here are a few ways you can arm your workforce to help you navigate regulatory changes:

  1. Democratization and decentralization: You will need a comprehensive infrastructure that can move critical information throughout the organization. Employees are the first line of defense for upholding compliant processes, so they should have access to the information they need to spot potential risks.
  2. Measure and build the right capabilities: Doing this successfully will also depend on the quality of your infrastructure. As your governing body employs scenario thinking and tracks emerging or evolving trends, it can identify skills gaps and capabilities needed for potential futures. This will prepare your organization to build the right capabilities where they’re needed most. And when it’s time to deploy these capabilities, we suggest engaging a co-sourcing partner.
  3. Cultivate a culture of compliance: Your culture must value and prioritize compliance while encouraging accountability and transparency. Fostering a culture where compliance isn’t just a mandatory chore, but a shared commitment that creates a sense of purpose and empowers your teams to own compliant processes. Instead of feeling restricted, they’ll feel connected to the cost, ensuring regulations serve as guideposts rather than roadblocks.  


Lean into data and systems

A data-centric approach (powered by the right systems) is instrumental for being more proactive in an ever-shifting risk and regulation landscape. Leveraging data and systems empowers organizations to move beyond reactive measures in a few ways:

Leaning into quality data can help your governing body monitor regulatory changes in real time, empowering them to adjust compliance frameworks and stay ahead of the curve.

Modernized systems can support the scenario and systems thinking processes, analyzing vast datasets and pinpointing areas that are the most likely to be impacted by new regulations as well as predict potential or emerging risks before they escalate.

Converting data into actionable insights can help you to continually assess the effectiveness of new and existing risk management strategies while also predicting future developments. AI people analytics can provide visibility into any knowledge or capability gaps within your organization, helping you implement people-centric strategies.


Security AI and automation can reduce the time to identify and contain a data breach by 108 days, on average.

Not only can modern data and systems enhance foresight, but it will also bring your risk assessments to a higher standard. Essentially, you’ll be better equipped to not only meet current requirements, but proactively anticipate and prepare for new and upcoming ones, too.


Navigating Modern Risk & Regulation

Embrace outcomes

Building off the importance of data, and utilizing those insights to track, measure, and showcase outcomes is a non-negotiable in the journey to becoming a more proactive organization.  

Internally, intentionally measuring and understanding outcomes enables you to continually evaluate the success of your regulatory strategies and the performance of your infrastructure. These insights help you identify weak spots and roadblocks and see where processes are being held up or are not performing as they should, so that you can adapt your strategies. It’s an exercise in testing, learning, and iterating, which are aspects of design thinking. Communicating outcomes and learnings with your people helps you prioritize people in the journey and foster a culture of compliance.  

Externally, showcasing outcomes is a powerful tool for influencing one’s regulatory environment—which we address in the following solution.


Engage regulators

Regulation rollouts may seem like a one-way channel—from policymakers and regulatory agencies to the sectors they govern—but this doesn’t always have to be the case.  

Organizations should engage proactively with regulatory authorities and build an open dialogue. This is where infrastructure, data, and the ability to demonstrate outcomes will converge.  

Cultivating relationships with regulators can help your organization stay ahead of evolving expectations. It’s also critical that business leaders make their situations known to regulators to shape their regulatory environment as much as possible.


For energy and utility organizations, it’s critical to have a robust governing body that acts as a strategic compass, helping them navigate shifting regulations on critical topics like environmental stewardship or grid reliability.

The collapse of Silicon Valley Bank (SVB) stemmed from a domino effect of missteps, a prominent one being the lack of a comprehensive infrastructure. We outlined how this gap—combined with other failures—led to the collapse in our piece “From Collapse to Control: Lessons Learned from Silicon Valley Bank”.  

Achieving a culture of compliance starts within—something made easier with a Managed Services partner. By embed-ding people with the right capabilities and a commitment to continuous improvement, co-sourcing can help initiate an internal mindset-shift around risk and compliance.

Externally showing outcomes is especially important for state agencies, like Health and Human Services. It’s critical to have internal capabilities to capture and relay healthcare outcomes as they react to federal regulations.

It’s all in your balancing act

Today’s risk and regulatory landscape shows little signs of letting up—in pace or rigor—any time soon. As technologies, consumer preference and demand, and legislation continue to shift and evolve, so will the difficulty of balancing innovation and growth with safety and compliance.  

We hope this field guide serves as a starting point for identifying the best practices to help your organization navigate this environment with dexterity and confidence. But we understand that each industry and organization face unique risk and regulatory challenges, that require custom strategies.

From Human Health Services to Financial Services, North Highland has a proven track record of supporting both public and private sector organizations in their journey to uphold compliant processes—while also meeting demand, adopting new technologies, and growing their operations.