What is a risk register and why is it used for legal, regulatory, and geopolitical risks?

A risk register is a formal list of risks with details (description, owner, likelihood, impact, controls, and residual risk). It helps track regulatory obligations, identify potential legal issues, assign ownership, and plan mitigations to support compliant decision-making.

What types of risks are commonly captured in a risk register for legal, regulatory, and geopolitical factors?

Common risks include regulatory non-compliance (privacy, industry rules), contract or litigation risk, sanctions and export controls, anti-bribery/anti-corruption, employment law, tax, intellectual property, and supply chain disruptions from geopolitical events.

How do geopolitical factors influence risk registers?

Geopolitical events such as sanctions, trade restrictions, elections, or instability can change risk likelihood and impact, create new compliance requirements, or disrupt suppliers and markets. The register should be updated to reflect these changes.

How should likelihood and impact be assessed for legal/regulatory risks?

Use a consistent scale (e.g., 1–5) for likelihood and impact, with clear criteria. Combine them into a risk rating and tie each risk to owners and mitigations. Regular reviews keep the register current.