Organizations in highly regulated industries received a momentary reprieve as the United States federal government entered shutdown. While some organizations may welcome the respite, the increased uncertainty that would accompany a lengthy hiatus could prove to be more harmful to unprepared organizations.
Federal regulatory agencies have announced large-scale reductions in activities and furloughs, cutting some to as little as 2% and 3% of pre-shutdown capacity (Figure 1). While a quick resolution in Congress would have minimal consequences, an extended shutdown (the last one lasted 21 days) would result in widespread cessation in oversight activities as agencies’ functional capacity approaches zero. With time, even agencies with sufficient funds to keep doors open temporarily will be reduced to minimal capacity, such as the Securities and Exchange Commission, which will need to furlough 91% of its workforce after a few weeks. Agencies retaining relatively robust reserves of “excepted” staff, such as the FDA, expect to make significant cutbacks in inspection and enforcement activities.
Figure 1: Expected Active Staff Retained in Shutdown
Source: Blue Hill Research, Data Drawn from Agency Projections, October 2013
An extended shutdown means a widespread drop in oversight and enforcement activity. This would be a sudden departure from the increased enforcement announced by agencies such as the Federal Trade Commission and the Securities and Exchange Commission in recent months. The absence of regulators could exacerbate the uncertainty introduced by the shutdown as organizations lose confidence in partners and markets. While excessive regulation slows business operations, a lack of oversight becomes an opportunity for some to engage in fraud or to cut corners. An extended regulatory hiatus could thus contribute a period of increased financial and operational risk.
The government shutdown will test the worth of Governance, Risk, and Compliance (GRC) officers.
Much of GRC stewardship involves preparing the organization for changes in its risk and compliance environments. However long it lasts, the federal shutdown will involve rapid shifts in risk and compliance priority. Organizations that were ramping up for increased regulatory oversight will need to pivot to focus on growing risks in their financial portfolios and supply chains. Once the shutdown ends and regulators return in force, the organization must pivot again, while still responding to lingering risks.
Organizations unprepared for contingencies will be unable to change gears as needs shift. Where risk and compliance functions remain segregated across functional departments, the unwieldiness of the organization will mean each pivot will come with wasted effort, confusion, and costs.
Successful GRC officers will have implemented integrated risk and compliance processes and controls that allow the organization to navigate these shifts with minimal disruption. In the first case, GRC initiatives will be revealed as the obstructions they are often perceived to be. GRC officers in unprepared organizations will face difficulty justifying their salaries and budgets. In the latter, GRC initiatives will be recognized as valued safeguards of business performance. That success will generate accolades for GRC officers, demonstrate ROI, and justify expanded programs