top of page

Managing through the key risks for legal & compliance professionals in 2022

Contributed by: Control Risks

Control RisksRiskMap 2022 laid out the political, reputational, operational, security and cyber risks that multi-national businesses may face in 2022.

India was never easy for multi-national firms to do business in. Following the pandemic years, this is even more the case.

I believe that there are five key themes that will dominate the Indian business environment in the next 12 to 18 months. I'd like to term them the 5Cs of risks:

1. Cyber – as a catch-phrase for all data, content and technology-linked regulations.

Legal stakeholders understand that this will be a major stumbling block for their clients or companies. Failure to prepare your organisation to detect, prevent and respond to cyber attacks will have existential consequences in 2022. As my colleague wrote in her article, Top risks for legal and compliance professionals in 2022, the deterioration of the cyber threat landscape will increase data management risk. The onus will be on companies, and their legal and compliance teams, to ensure that they remain compliant.

Beyond that, the competition to control the parameters for technology will intensify in 2022. The growing realisation of the power of technology – and data – may be used to justify restrictive regulation and online surveillance under the umbrella of digital and cyber sovereignty by governments all over the world, including India.

In India, this may challenge the foundations of internet governance and the way global companies do business. Businesses should prepare for further restrictions, regulations and legislations that will affect their digital operations, content scrutiny and data compliance. The draft Data Protection Bill will be one to keep an eye on when it gets passed.

2. China – The US’s chaotic withdrawal from Afghanistan leaves the world, for now, without the dominant global power that has essentially set the terms and conditions for international commerce, security and geopolitics for the past 70 years. Without the US fulcrum, a weak geopolitical order raises the prospect of a China-led coalition which will adequately challenge any union or Summit of Democratic nations.

Geopolitical tensions aside, such a world-order will further impact the strained supply chain issues that hindered India’s fledgling recovery in 2021. Indian businesses must go beyond tolerating geopolitical risk to actively managing it. Localising manufacturing, leveraging government incentive programmes, nearshoring sourcing and fast-tracking innovation should be part of the plan.

3. Climate – Every company now realises that it is impossible for them to make decisions based on relative climate stability. Businesses must re-orient their planning and execution strategies for a world with a changing climate and unpredictable weather patterns.

As any general counsel will now attest to, the financial, reputational, and accompanying life-safety repercussions of climate risks are too large to ignore. Planning for climate-related risks must now therefore sit at the centre of any effective, long-term risk mitigation strategy – not just for energy, infrastructure or data centre companies, but also consumer goods, automotive and IT services firms.

Every company has to have a roadmap to carbon neutral. A company's value is now as closely linked to its social and environmental credentials as it is to its governance and ability to execute. This realisation has brought a rush of new regulations around sustainability and ESG, which legal & compliance teams will need to play a key role in managing its disclosures and reporting. The risk of missteps in how ESG issues are handled is the main reputational risk for 2022, as predicted in RiskMap 2022. Climate issues, sustainability and ESG have become a compliance issue.

4. Control – investors into India will seek greater control over their businesses on the back of increasing frauds and weakening compliance. Governments will demand greater control over investors and set in place complex regulatory and operational environments to navigate. You can’t just reactively manage your business anymore – you have to consciously and proactively look to check and contain risks that are holding your business back.

General counsels and law firms have been at the helm of managing this web of employee frauds, insider threats and regulatory activism. More regulations and stricter enforcement will only increase the unease of doing business in India in 2022 as the forces of rising protectionism, unexpected policy reversals, as well as fiscal economic strife start to bite.

5. and finally - Covid. In India, the pandemic will continue to accelerate trends that were already in play before 2020. As it rolls into its third year of disruption, Covid-19 will make the path ahead for investors and corporations non-linear.

As the third wave surges across India, companies face a quandary. Even as infections are being regarded as milder due to lower rates of hospitalisation, the sheer upheaval due to at-home sick days and isolation requirements will throw business into near tailspin. Business leaders in India must gear up to take on Omicron and need to plan immediately for potentially severe disruption by ramping up their business continuity plans. Employee rights, worker welfare, physical & mental wellness as well as greater governmental interventions can be expected, especially if companies plan restructuring of their businesses due to changing demands of the marketplace.


We wrote a year ago that the role of the general counsel has expanded, with the pandemic increasing the demands on the legal function, and general counsels having to develop new areas of expertise including (but not limited to) service delivery, supply chain management and brand reputation. This has not changed. In fact, the range of issues that legal and compliance teams have to work across will only continue to widen.

They will need to factor sustainability and ESG metrics in their compliance programme. They will have to consider geopolitical developments that might impact strategy and risk, such as sanctions or regulatory scrutiny. They will need to keep abreast of technological advancements – both locally and globally – and develop new capabilities to handle the pace of technological change and regulations. Above all, they will need to be forward-thinking, so that they can be proactive in protecting their business from the risks that 2022 will bring.

Contributed by Control Risks

The above article is authored by Mr Amit Narayan, Partner and Head of India & South Asia, Control Risks. Contact us at or

bottom of page