Regulatory Risk is the risk of loss resulting from failure to comply with laws as well as prudent ethical standards and contractual obligations. It also includes the exposure to litigation from all aspects of an institution’s activities.
The penalty for this might be:
- financial penalties (Real Risk)
- incarceration (Real Risk)
- a drop in stock prices if said issues are "material" enough to require reporting.
For example, compliance within the Health Care industry with data privacy and HIPAA, companies within the Financial Organizations and SOX compliance, or retail organizations or anyone else accepting Payment Cards who must adhere to PCI compliance.