What applies. What matters. Why both are needed for effective governance

Most organizations have a regulatory compliance program. How many can say that they have one that is truly resilient and able to withstand scrutiny from regulators, investors, and boards? Two elements are crucial and it is vital that they work together. Each element plays an individually vital role but combined they achieve much more than the sum of their parts. 

Applicability and Materiality. 

Regulatory compliance was traditionally built around one main driver: the regulator. Get it right, avoid enforcement, protect the business, show that you are a good corporate citizen to your employees, customers and the wider market. This is still very important, only now that audience is expanding and with it other stakeholders are now becoming more vocal. Investors, rating agencies, auditors, trading partners, and boards now evaluate how well organizations manage regulatory risk as part of their assessment of business resilience. And that list keeps growing. 

The compliance program that was built to satisfy a smaller audience now has to perform for many. Most were not designed with that expanding scrutiny in mind. 

Building a compliance program that can withstand that scrutiny starts with three questions, in sequence. Do you have the full regulatory picture? What applies to your specific operations, sites and products? And of those that apply, which matter most? 

The volume and complexity of that regulatory picture is itself the first challenge. 

Applicability

New laws, amendments, guidance documents, draft texts, local interpretations arrive constantly, from across dozens of jurisdictions simultaneously. The result is a question that should be simple but rarely is: what actually applies to us?

In many organizations, attempting to answer that question by tracking everything has itself become a source of risk: the risk of paralysis. Trying to have everybody treat every regulatory development is not a viable strategy. 

The most successful organizations start somewhere different. They begin with a foundational discipline: understand the full picture and then filter down via a clear applicability determination. Systematically mapping regulations to specific activities, processes, assets, and operations across sites, jurisdictions, and business units. When done well, this creates clarity. Teams understand which obligations require attention, where accountability sits, and where action is genuinely necessary. 

This is not a small undertaking. In a single jurisdiction, EHS laws alone can contain thousands of requirements. Multiply that across dozens or hundreds of sites in multiple countries and you are managing hundreds of thousands of obligations. The organizations that do this well typically combine four things: a robust software platform, a curated regulatory database, AI-assisted processing, and the judgment of experienced EHS experts. 

The same logic extends beyond EHS obligations to products and substances: a single chemical ingredient may trigger obligations across dozens of regulatory frameworks simultaneously. 

Applicability is crucial, but it is not enough. Once you know what applies, a second question appears: not operational but strategic. 

Materiality

Knowing what applies narrows the field. Materiality determines where to focus first. 

Of the hundreds, sometimes thousands, of obligations that apply to your business, not all carry the same strategic weight. A minor administrative reporting requirement does not present the same level of business risk as a recurring worker safety issue, a problematic substance affecting product market access, or repeated environmental non-compliance across major operations. 

A materiality assessment identifies which ones are significant enough to shape strategy, resource allocation, and board-level decisions. It does four things: it separates what is genuinely consequential from what is merely loud; it determines what gets disclosed and assured; it provides a defensible position when investors and auditors ask hard questions; and it provides a stable reference point in an ever-changing business and regulatory landscape. 

What many compliance functions are unaware of is that this type of assessment is already happening in their organizations. Through frameworks like the International Financial Reporting Standards (IFRS) Sustainability Disclosure Standards – IFRS S1, which covers general sustainability-related financial disclosures, and IFRS S2, which covers climate-related risk –  investors are already scrutinizing workforce health, safety, and environmental risks, and forming views on which companies are managing those risks effectively. 

Materiality is already part of how your business is being viewed and assessed from the outside.  

Effective governance

Applicability without materiality leaves you mapped but unprioritized. Materiality without applicability leaves you focused but potentially incomplete. Together, and in sequence, they produce something neither delivers alone: a compliance program that is genuinely effective and defensible. 

That ability to withstand scrutiny now matters almost as much as regulatory compliance. Clearly demonstrating how regulatory risk is identified, prioritized, and managed increasingly influences how resilient and well-governed a business is perceived to be.  

Organizations that can clearly demonstrate what applies to their business, where their greatest exposures sit, and how those risks are prioritized carry a fundamentally different governance profile from those that cannot. That difference affects confidence among investors, business partners, and the institutions making decisions about capital allocation and risk. 

This is no longer a question for the compliance function alone. It is a governance issue that sits at the level of the board, the general counsel, and the C-suite. 

To some, getting compliance right once meant primarily avoiding fines, enforcement, and operational disruption. That expectation has evolved. Increasingly, the organizations viewed as well-governed are the ones that can clearly demonstrate what applies, what matters, and how both are managed.