Volume 6 • Number 1 | March 2022

Risk of regulatory failure of “risk-based regulation” while using enterprise risk management as a meta-regulatory toolkit

Mohammad Moniruzzaman


Debate is growing around the expansion of risk-based regulation. The regulation scholarship provides evidence of regulatory failure of the risk-based approach in different domains, including financial regulation. Therefore, this paper aims to provide cautionary evidence about the risk of regulatory failure of risk-based strategy in the financial regulation while using enterprise risk management (ERM) as a meta-regulatory toolkit.

Based on interview data gathered from 30 risk managers of banks and five regulatory personnel, combined with secondary data, this study mainly explores the challenges for meaningful use of ERM based self-regulation in regulated banks. The evidence helps to assess the risk of regulatory failure of the risk-based regulation while using ERM.

The evidence reflects that regulated banks face diverse challenges arising from both peripheral and internal environments that limit the true internalization of ERM-based self-regulation. Despite this, the regulator uses this self-regulation as a meta-regulatory toolkit under the risk-based regulation to achieve the regulatory aims. However, the lack of true internalization of ERM based self-regulation is likely to raise the risk of regulatory failure of risk-based regulation to achieve the regulatory goals. Risk-based regulation is an evolving strategy in the regulatory regime. Therefore, care should be taken while using ERM as a regulatory toolkit before relying on it substantially.

The paper provides empirical insights about the challenges for effective use of ERM as a meta regulatory toolkit that might be useful practically both to the regulators and regulated firms.


  1. Akinbami, F. (2013), “Is meta-regulation all it's cracked up to be? The case of UK financial regulation”, Journal of Banking Regulation, Vol. 14 No. 1, pp. 16-32.
  2. Baker, C.R. and Bettner, M.S. (1997), “Interpretive and critical research in accounting: a commentary on its absence from mainstream accounting research”, Critical Perspectives on Accounting, Vol. 8, pp. 293-310.
  3. Baldwin, R. and Black, J. (2016), “Driving priorities in risk-based regulation: what's the problem?”, Journal of Law and Society, Vol. 43 No. 4, pp. 565-595.
  4. Bangladesh Bank (2015), “Bangladesh bank: annual report 2015-2016”, available at: https://www.bb.org.bd/pub/annual/anreport/ar1415/index1415.php.
  5. Beaussier, A.L., Demeritt, D., Griffiths, A. and Rothstein, H. (2016), “Accounting for failure: risk-based regulation and the problems of ensuring healthcare quality in the NHS”, Health, Risk and Society, Vol. 18 Nos 3-4, pp. 205-224.
  6. Berger, P.L. and Luckmann, T. (1966), The Social Construction of Reality: A Treatise in the Sociology of Knowledge, New York.
  7. Binz, C., Razavian, N.B. and Kiparsky, M. (2018), “Of dreamliners and drinking water: developing risk regulation and a safety culture for direct potable reuse”, Water Resources Management, Vol. 32 No. 2, pp. 511-525.
  8. Black, J. (2005), “The emergence of risk based regulation and the new public risk management in the UK”, Public Law, Vol. 32, pp. 1-42.
  9. Black, J. (2010), “Risk-based regulation: choices, practices and lessons being learned”, in Risk and Regulatory Policy: Improving the Governance of Risk, OECD Publishing, Paris, Paris: OECD, 2008–SG/GRP.
  10. Black, J. (2012), “Paradoxes and failures: 'new governance' techniques and the financial crisis”, Modern Law Review, Vol. 75, pp. 1037-1063.
  11. Black, J. and Baldwin, R. (2010), “Really responsive risk-based regulation”, Law and Policy, Vol. 32 No. 2, pp. 181-213.
  12. Black, J. and Baldwin, R. (2012), “When risk-based regulation aims low: approaches and challenges”, Regulation and Governance, Vol. 6 No. 1, pp. 2-22.
  13. Boehm, J., Curcio, N., Merrath, P., Shenton, L. and Stähle, T. (2019), The Risk-Based Approach to Cybersecurity, McKinsey Insights, New York.
  14. Braithwaite, J. (2003), “Meta risk management and responsive regulation for tax system integrity”, Law and Policy, Vol. 25 No. 1, pp. 1-16.
  15. Braun, V. and Clarke, V. (2006), “Using thematic analysis in psychology”, Qualitative Research in Psychology, Vol. 3 No. 2, pp. 77-101.
  16. Coglianese, C. (2020), Regulatory Abdication in Practice, Faculty Scholarship at Penn Law, p. 2144.
  17. COSO (2017), Enterprise Risk Management Integrating with Strategy and Performance, (June), The Committee of Sponsoring Organizations of the Treadway Commission, p. 16.
  18. Ford, C. (2013), Financial Innovation and Flexible Regulation: Destabilizing the Regulatory State, 18 N.C, Special ed., Vol. 18, No. 1, Banking Inst, pp. 27-38.
  19. Ford, C. (2017), “Flexible regulation scholarship blossoms and diversifies: 1980-2012”, in Cristie Ford, Innovation and the State: Finance, Regulation, and Justice, Cambridge University Press, Cambridge.
  20. Fraser, J.R.S. and Simkins, B.J. (2016), “The challenges of and solutions for implementing enterprise risk management”, Business Horizons, Kelley School of Business, Indiana University, Vol. 59 No. 6, pp. 689-698.
  21. Gonçalves, M.E. (2020), “The risk-based approach under the new EU data protection regulation: a critical perspective”, Journal of Risk Research, Vol. 23 No. 2, pp. 139-152.
  22. Gray, J. (2010), “What next for risk-based financial regulation?”, in MacNeil, I. and O'Brien, J. (Eds), The Future of Financial Regulation, Hart Publishing , Oxford, pp. 123-140.
  23. Hommel, U. and King, R. (2013), “The emergence of risk‐based regulation in higher education”, Journal of Management Development, Vol. 32 No. 5, pp. 537-547.
  24. Hussain, Z., Mahmood, S.A., Khan, N.S., Alam, A. and Shahriar, S. (2019), Bangladesh Development Update: Towards Regulatory Predictability, No. 135838, The World Bank, pp. 1-55.
  25. Hutter, B.M. (2005), “The attractions of risk-based regulation: accounting for the emergence of risk ideas in regulation”, CARR Discussion Paper, (March), p. 17.
  26. Jabbour, M. and Abdel-Kader, M. (2015), “Changes in capital allocation practices - ERM and organisational change”, Accounting Forum, Vol. 39 No. 4, pp. 295-311.
  27. Knol-Kauffman, M., Solås, A.M. and Arbo, P. (2021), “Government-industry dynamics in the development of offshore waste management in Norway: from prescriptive to risk-based regulation”, Journal of Environmental Planning and Management, Vol. 64 No. 4, pp. 649-670.
  28. Krieger, K. (2013), “The limits and variety of risk-based governance: the case of flood management in Germany and England”, Regulation and Governance, Vol. 7 No. 2, pp. 236-257.
  29. Liff, R. and Wahlstrom, G. (2018), “Usefulness of enterprise risk management in two banks”, Qualitative Research in Accounting and Management, Vol. 15 No. 1, pp. 124-150.
  30. Mikes, A. and Kaplan, R.S. (2015), “When one size doesn't fit all: evolving directions in the research and practice of enterprise risk management”, Journal of Applied Corporate Finance, Vol. 27 No. 1, pp. 37-40.
  31. Molfetas, A. and Grava, L. (2020), Risk-Based Approaches to Business Regulation: A Note for Reformers. Finance, Competitiveness and Innovation in Focus, World Bank, Washington, DC, © World Bank.
  32. Ojo, M. (2010), “The growing importance of risk in financial regulation”, Journal of Risk Finance, Vol. 11 No. 3, pp. 249-267.
  33. Oliveira, K., Méxas, M., Meiriño, M. and Drumond, G. (2018), “Critical success factors associated with the implementation of enterprise risk management”, Journal of Risk Research, Vol. 22 No. 8, pp. 1004-1019.
  34. Paul, R. and Huber, M. (2015), “Risk-based regulation in continental Europe? Explaining the corporatist turn to risk in German work safety policies”, European Policy Analysis, Vol. 1 No. 2, pp. 5-33.
  35. Pellegrina, L.D., Di Maio, G., Masciandaro, D. and Saraceno, M. (2021), “Are bankers crying wolves? The risk-based approach in money laundering regulation and its Effects”, SSRN Electronic Journal, No. 444.
  36. Rothstein, H. (2006), “The institutional origins of risk: a new agenda for risk research”, Health, Risk and Society, Vol. 8 No. 3, pp. 215-221.
  37. Rothstein, H., Irving, P., Walden, T. and Yearsley, R. (2006), “The risks of risk-based regulation: insights from the environmental policy domain”, Environment International, Vol. 32 No. 8, pp. 1056-1065.
  38. Rudakov, M., Gridina, E. and Kretschmann, J. (2021), “Risk-based thinking as a basis for efficient occupational safety management in the mining industry”, Sustainability, Vol. 13 No. 2, p. 470.
  39. Sinha, G. (2020), “Risk-based approach: is it the answer to effective anti-money laundering compliance?”, in Assets, Crimes, and the State, 1st ed., Routledge, London.
  40. van der Heijden, J. (2019), “Risk governance and risk-based regulation: a review of the international academic literature”, State of the Art in Regulatory Governance Research Paper Series 2019.02, SSRN Electronic Journal.
  41. van der Heijden, J. (2021), “Risk as an approach to regulatory Governance: an evidence synthesis and research agenda”, SAGE Open, Vol. 11 No. 1, pp. 1-12.
  42. van der Heijden, J. and Hodge, G. (2021), “Ten global trends in regulation: a future outlook”, in The Palgrave Handbook of the Public Servant, Springer International Publishing, pp. 741-759.
  43. Zhao, X., Hwang, B.-G. and Low, S.P. (2013), “Critical success factors for enterprise risk management in Chinese construction companies”, Construction Management and Economics, Vol. 31 No. 12, pp. 1199-1214.


JEL classification: DOI 10.1108/AJEB-05-2021-0067