While many sectors such as financial services have long made risk management, compliance and operational resilience a top priority, the retail industry has tended to keep these areas on the back burner. For years, competitiveness and profit margins have come first — until now.
According to RiskSmart, come January 2025, new regulations landed a heavy blow on retail companies, forcing a dramatic shift in how risk is handled.
Over the past decade, retailers have endured a series of major shocks — from global pandemics to shipping crises and trade wars. Each event exposed just how delicate the retail supply chain really is, pushing the need for stronger risk management into sharp focus.
The regulatory shake-up came in the form of the updated UK Corporate Governance Code. In 2024, several important amendments were introduced, but Provision 29 stands out. From January 2025, boards must formally attest to the strength of their risk management and internal controls, while facing tighter demands to prove accountability to stakeholders. This has sparked a reckoning for retail, where brands of all sizes are scrambling to adapt.
Having worked closely with retailers in my role at RiskSmart, I’ve witnessed first-hand how this shift is playing out. Provision 29 has put governance, risk, internal audit and compliance squarely on the agenda for retailers large and small — an overdue step in many ways.
It’s clear that risk in retail can no longer be treated as an afterthought. From my conversations with leaders across the industry, a recurring issue is that boards often feel disconnected from daily risk and compliance activity. Many executives suffer regulatory fatigue, only truly engaging with risk when fines or penalties loom large.
This is risky business in itself. Today’s retail brands face additional layers of challenge — from managing complex return policies to tackling GDPR, new consumer duty expectations and more scrutiny from regulators. Hidden risks lie everywhere, whether in digital transformation, sustainability pledges or new payment models.
Yet too many companies see risk purely through the lens of “avoiding fines”. In reality, done well, risk management should be seen as a source of competitive strength — not just a box to tick. When it is embedded properly, it drives resilience and protects the bottom line.
Thanks to Provision 29, retail risk is having a moment — and not just within boardrooms. Even mainstream titles like Vogue are giving risk a platform, recently publishing a whitepaper on the hidden supply chain risks threatening premium brands. The conversation is changing, and retailers must decide whether to tackle risk head-on or risk being left behind.
But how do retailers move beyond spreadsheets and half-hearted risk registers? Increasingly, companies are investing in purpose-built risk management software. Specialist RiskTech platforms like RiskSmart are gaining traction as the old ways prove unfit for purpose.
Retail companies want tools that centralise data, enable better forecasting and reporting, and connect risk insights with senior leadership teams. RiskSmart, for example, has seen a 140% jump in retail demand over the past year alone. Major names like ASOS, Autotrader, JD Sports and Skyscanner are already using such tools to stay ahead.
The shift away from static spreadsheets means teams can monitor risk in real time, communicate across departments with ease, and automate critical reminders and due diligence checks. More importantly, these tools help leadership teams align around risk and make decisions with confidence.
As Jensten chief risk and compliance officer Steve Folkard put it: “RiskSmart engages senior leaders in risk management. It’s changed how people think about risk — something spreadsheets could never achieve — and helped cascade that mindset across the business. I wouldn’t underestimate the value of that.”
One thing is certain: in 2025, retail risk management is no longer optional. Those that embrace it properly could find themselves stronger than ever.
Keep up with all the latest RegTech news here
Copyright © 2025 RegTech Analyst
Copyright © 2018 RegTech Analyst
