Regulate Everything Everywhere all at Once

Each week, the Law.com Barometer newsletter, powered by the ALM Global Newsroom and Legalweek brings you the trends, disruptions, and shifts our reporters and editors are tracking through coverage spanning every beat and region across the ALM Global Newsroom. The micro-topic coverage will not only help you navigate the changing legal landscape but also prepare you to discuss these shifts with thousands of legal leaders at Legalweek 2024, taking place from January 29 to February 1, 2024, in New York City. Learn more and register today:

The Shift: Regulate Everything Everywhere all at Once

You often hear it referred to in the legal world as “regulatory alphabet soup.” The FTC, SEC, DOJ, CFIUS, GDPR…you get the drift. There are a lot of acronyms in the regulatory world and they are all on the radar of companies to varying degrees.

In fact, when I talk to any group of GCs, they all say that the increased focus of regulatory bodies on enforcement is one of the main things that keeps them up at night. And it is easy to see why—from data privacy and cybersecurity, to M&A and antitrust, to ESG and AI—it touches every industry.

The Conversation

This current regulatory focus has not been this prolific in a very long time.

When Ryan Phair, co-chair of Paul Hastings’ antitrust and competition practice, started practicing law, his particular field of specialty had a certain stigma.

“For me, and I have been practicing for 25 years, I remember coming out of law school and it was a sleepy, sort of nerdy practice area,” he says of antitrust law. “Now my Mom wants to talk about it. Not since the Roosevelt era, the trustbuster era, have we seen so much regulatory intervention.”

And although we have a large regulatory focus here in the U.S., the EU has been the one leading the charge on issues such as privacy, data collection and ESG efforts. And it is those regulations that have had big impacts on many multinational companies (just ask Microsoft and Google).

However, if you had to pick one regulatory issue that companies across the globe say remains a challenge, it would definitely be data privacy.

Companies are united in grappling with “huge challenges that we still have not solved,” five years after the EU’s General Data Protection Regulation (GDPR) went into effect, saidRyan O’Leary with the International Data Corp.

Therefore, “compliance is becoming more and more expensive and critical,” says Moritz Hüsch, a tech regulation partner at Covington & Burling in Germany. “It’s really a full-time job to monitor the legal environments, to implement everything and to manage the risks.”

The Significance

The magnifying glass approach from regulators means both companies and firms need to bulk up regulatory and compliance practices in varying fields and adjust their geographical footprint to work effectively with regulatory bodies. But this comes with a cost—and with legal departments tightening the purse strings in the current economy, this can create greater risk.

“Organizations with limited resources may find it difficult to navigate complex regulatory requirements, especially when the stakes are so high,” said Shannon Yavorsky, who heads Orrick, Herrington & Sutcliffe’s global cyber, privacy and data innovation group.

Without consistent enforcement, organizations will lack clarity on what constitutes compliance and what might get them in hot water with regulators, said Jake Frazier, senior managing director of FTI Consulting.

One example is that companies are struggling to keep up with an evolving patchwork of laws and regulations around privacy and cybersecurity, even as enforcement actions over data breaches and privacy violations ramp up.

Uneven enforcement, he said, “sends mixed messages and causes confusion. That’s when I see a chilling effect in the market,” leaving some organizations wary of trying to innovate, says Rick Arney, a co-author of the California Consumer Privacy Act.

The Information

Want to know more? Here's what we've discovered in the ALM Global Newsroom:

The Forecast

In short? Investment. According to Gartner Inc, by 2026 legal and compliance teams, buckling under heavier and more complex reporting requirements by federal regulators, are likely to boost their spend on governance risk and compliance technology 50%. The tech research and consulting firm said companies particularly need help coping with executive risk oversight and monitoring.

Most organizations have already made substantial investments in governance, risk and compliance platforms, with the global market in 2022 estimated at $39.4 billion, according to IMARC Group.

Even that investment might not be enough to cope with new regulatory requirements. Kornutick said legal and compliance teams “need to ensure they are empowered to capture and elevate the right information to management and the board, take the appropriate action, and maintain documentation related to these processes.”

In addition, experts say that the regulatory environment will continue to become more complex and require more specialization and “team play.” That will prompt Big Law to continue its drive for regulatory specialists and clients to seek out counsel who can seamlessly deliver on all facets of regulations affecting their business.

The sleepy practice of 30 years ago is no more. Given that there is hardly a company untouched by regulatory bodies, the sleeping giant is awake.

Heather D. Nevitt is the Editor-in-Chief of Corporate Counsel, Corporate Counsel Advance and Global Leaders in Law. Email her at hnevit@alm.com and find her on Twitter @HeatherDNevitt