How trading pressure can turn operational choices into board-level risks
In retail, decision-making and risk are increasingly inseparable. From supply chain disruption and customer data handling to fast-changing consumer behaviour, businesses are operating in a more demanding environment where routine commercial choices can quickly create legal, financial and reputational exposure.
Alongside this, corporate accountability is coming under increasing scrutiny as the UK regulatory landscape continues to shift. Organisations can now face criminal liability for the actions of senior managers acting within the scope of their role. This changes the question for businesses from simply “what went wrong?” to whether the issue could have been prevented, how decisions were made, and who had authority for those decisions.
For mid-market retailers, this now means that governance is no longer about oversight. It is instead about defensible decision-making under scrutiny.
Scenario: when trading pressure becomes corporate risk
A mid-sized UK retail experiencing pressure during a peak trading period. As a result of this pressure, the operations director approves a change to ensure faster picking targets in the warehouse whilst reducing quality assurance checks. Additionally, customer data begins to be shared more widely within the company to support customer targeting.
Within a month, there has been a health and safety incident in the warehouse due to increased emphasis on speed, and a data handling issue has led to multiple customer complaints. Although initially identified and dealt with as isolated operational issues, the Health and Safety Executive (HSE) begin to investigate the injury, and a customer lodges a complaint with the Information Commissioner’s Office (ICO).
Under recent changes to UK corporate criminal liability, offences committed by senior managers are no longer viewed only through the lens of fraud or financial crime. This marks a significant shift from the previous position, where criminal liability was harder to attribute to an organisation unless the individual could be treated as the company’s “directing mind and will”. If the operations director qualifies as a senior manager, the company may be liable for offences committed within their authority. The business may also need to show that appropriate procedures, controls and escalation routes were in place, even where the issue was not known to the wider leadership team at the time.
After investigation, what was originally deemed as operational pressure has potentially incurred financial, legal and reputational consequences. Regulatory fines, civil claims and legal and investigation costs have been incurred. Additionally, the senior management could face criminal investigation and subsequent prosecution. The erosion of customer trust, concern from suppliers and investors can have severe knock-on effects.
The issue that the company must address is the balance shift from ‘what happened?’ to ‘did the company make any defensible actions in advance?’.
How issues escalate in practice
Often risk emerges through a series of routine decisions rather than a single major failure. Processes may be accelerated to meet commercial deadlines, whether onboarding suppliers, handling customer data or maintaining store operations. Controls may still exist, but they are not always applied as intended, and temporary workarounds can become accepted practice. Initial concerns may appear contained: a discrepancy in stock, a discrete data-handling issue or a minor query over supplier conduct. At that stage, uncertainty over ownership or materiality can delay escalation. As the issue develops, scrutiny shifts to how decisions were made, who was responsible, and whether the organisation can evidence that appropriate safeguards were in place.
In our experience, the most impactful failures typically arise not from the absence of policy, but from poor decisions taken under pressure and within a culture which tolerates exceptions (e.g. where controls are bypassed or concerns are not escalated early enough). At the point of crisis, the issue moves beyond an operational concern to a potential financial, legal and reputational event for the business.
The Decision Economy – Why this shift matters for retailers
As demonstrated above, the expansion of UK corporate liability reflects a deeper change in how businesses are judged. Now, offences are created and judged based on a failure to prevent wrongdoing, regardless of intent. This update to the regulatory framework now assumes that decisions are structured, risks are formally assessed and controls are designed, tested, and documented. Companies must now adapt to align with this expectation.
Whereas organisations used to be assessed on outcomes such ‘did something go wrong?’ and ‘who was responsible?’, the focus has shifted to ‘What decision was made, and by whom?’ as well as ‘what controls and safeguards were in place?’ Boards must now evidence the effectiveness of internal controls, not just describe them. This marks a shift for businesses into a ‘Decision Economy’, where decisions, not outcomes, are the yardstick for measuring accountability. In this environment, operational choices are no longer routine, they are risk-bearing decisions. Controls are no longer compliance tools, they are safeguards; and governance is no longer about oversight, it is about evidencing that the decisions made were sound and reasonable.
Mid-market retail businesses are particularly exposed because they often rely on fast, commercially driven decisions, decentralised authority and informal control environments. Complex supply chains and third-party relationships can create exposure where supplier due diligence is inconsistent, sustainability or sourcing claims are not properly validated, or contract terms are bypassed under pressure. High transaction volumes and growing reliance on technology also create risks around customer data handling, system access controls and decisions to accept risks where mitigation is seen as too costly or operationally difficult. At store or regional level, trading pressures can result in shortcuts on safety or compliance, inconsistent application of policies and failure to escalate issues that are perceived as immaterial.
In summary
Risks to the retail sector rarely stem from a single event. More often, they reflect a series of ordinary decisions made under pressure, where controls are stretched, responsibilities are unclear or issues are not escalated early enough. The key question is whether those decisions are supported by the right controls, oversight and evidence before they develop into something more serious.