Comments on: The Four Areas of Risk and Knowledge http://www.compliancebuilding.com/2009/11/23/the-four-areas-of-risk-and-knowledge/ Doug Cornelius on compliance and business ethics for private equity real estate Mon, 13 Feb 2012 12:56:20 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Nobody Expects The Spanish Inquisition | Compliance Building http://www.compliancebuilding.com/2009/11/23/the-four-areas-of-risk-and-knowledge/comment-page-1/#comment-17860 Nobody Expects The Spanish Inquisition | Compliance Building Wed, 29 Jun 2011 12:02:04 +0000 http://www.compliancebuilding.com/?p=4905#comment-17860 [...] most dangerous parts of managing risk are the risks you don’t expect. Looking back at my old four-box analysis, there are really two types of unexpected risks, the risk that you know that you don’t know [...] [...] most dangerous parts of managing risk are the risks you don’t expect. Looking back at my old four-box analysis, there are really two types of unexpected risks, the risk that you know that you don’t know [...]

]]> By: Compliance and the Desert Island | Compliance Building http://www.compliancebuilding.com/2009/11/23/the-four-areas-of-risk-and-knowledge/comment-page-1/#comment-6496 Compliance and the Desert Island | Compliance Building Mon, 31 May 2010 12:02:37 +0000 http://www.compliancebuilding.com/?p=4905#comment-6496 [...] A compliance challenge is seeing below the surface. The big danger comes from what you don’t know that you don’t know. [...] [...] A compliance challenge is seeing below the surface. The big danger comes from what you don’t know that you don’t know. [...]

]]> By: Six Mistakes Executives Make in Risk Management | Compliance Building http://www.compliancebuilding.com/2009/11/23/the-four-areas-of-risk-and-knowledge/comment-page-1/#comment-3746 Six Mistakes Executives Make in Risk Management | Compliance Building Wed, 30 Dec 2009 12:01:44 +0000 http://www.compliancebuilding.com/?p=4905#comment-3746 [...] is a bit lofty for my tastes. After all, the danger of the black swan is that you don’t know that you don’t know about that risk. If you know about a risk, you can deal with it. If you know that you don’t [...] [...] is a bit lofty for my tastes. After all, the danger of the black swan is that you don’t know that you don’t know about that risk. If you know about a risk, you can deal with it. If you know that you don’t [...]

]]> By: Gary Rylander http://www.compliancebuilding.com/2009/11/23/the-four-areas-of-risk-and-knowledge/comment-page-1/#comment-2896 Gary Rylander Wed, 25 Nov 2009 14:39:01 +0000 http://www.compliancebuilding.com/?p=4905#comment-2896 Excellent post. I think there is also another level of filtering involved that incorporates both legal uncertainty and risk appetite. Certainly, with respect to compliance obligations, there is sometimes no clear line between "known' and "unknown". First, there is the issue of conflict of laws analysis for large organizations doing business in multiple jurisdictions and the need to normalize varying obligations in such a way that they can be managed. Second, there is the issue of legal uncertainty. Legal authority ranges from black letter law which has been affirmed in the jurisdiction applicable to the business to highly speculative assessments of the meaning of laws and regulations as well as how they will be applied in a given jurisdiction. Finally, there is is the issue of "clean hands". For example if a business has been found by its regulators to have been at fault previously, prudence dictates that one be more conservative in the future with respect to every obligation than might otherwise be necessary. All of these factors together become the basis of determining the degree of compliance risk tolerance one has. Do you want to want to press right up to the line between compliance and non-compliance or do you want to take the compliance equivalent of a belt and suspenders approach? Excellent post. I think there is also another level of filtering involved that incorporates both legal uncertainty and risk appetite. Certainly, with respect to compliance obligations, there is sometimes no clear line between “known’ and “unknown”.

First, there is the issue of conflict of laws analysis for large organizations doing business in multiple jurisdictions and the need to normalize varying obligations in such a way that they can be managed.

Second, there is the issue of legal uncertainty. Legal authority ranges from black letter law which has been affirmed in the jurisdiction applicable to the business to highly speculative assessments of the meaning of laws and regulations as well as how they will be applied in a given jurisdiction.

Finally, there is is the issue of “clean hands”. For example if a business has been found by its regulators to have been at fault previously, prudence dictates that one be more conservative in the future with respect to every obligation than might otherwise be necessary.

All of these factors together become the basis of determining the degree of compliance risk tolerance one has. Do you want to want to press right up to the line between compliance and non-compliance or do you want to take the compliance equivalent of a belt and suspenders approach?

]]>