Enterprise risk management: key issues enterprises must pay attention to (Part 1)

The year 2026 marks a turning point in enterprise governance as new legal regulations impose stricter compliance requirements. In practice, the market is gradually eliminating organizations that operate without effective control, making room for enterprises with a modern risk management mindset. By prioritizing compliance to mitigate financial and legal risks, enterprises not only protect their assets but also optimize sustainable performance. So, what are the key considerations in this process? Below are our detailed insights from our perspective

Table of contents:

1. Contract quality management

The contracts referred to here are commercial contracts, including contracts for the sale of goods, service provision contracts, as well as both international commercial contracts and domestic contracts.

With the current trend of AI development, many enterprises apply AI to generate contract drafts or use contract templates available online. In practice, for simple transactions of low value, and where the parties have an established cooperative relationship with well-established credibility, using template-based or AI-generated written contracts does not pose a significant risk to the business. In such cases, if the parties are able to effectively supervise and control each other, contracts in practice only serve administrative, accounting, and tax purposes, rather than having real value in terms of protecting the interests of either party.

The drafting and adjustment of contracts must be based on multiple factors, such as: the subject matter of the contract; whether this subject matter has any specific characteristics that may give rise to risks; payment methods; transportation methods; the credibility and reputation of the counterparty; each party’s authority and capacity to enter into the contract; and any additional or ancillary services. All of these factors are aimed at optimizing the enterprise’s interests to the greatest extent, while avoiding business interruptions or risks arising from damages, compensation claims, or contractual penalties.

In the process of drafting, reviewing, or participating in the resolution of contractual disputes, we have observed that most disputes and conflicts tend to concentrate on key contractual clauses that have not been clearly stipulated by the parties in the contract, or in other words, issues that have not been specifically and sufficiently addressed or guided within the contract itself. This shortcoming leads to differing interpretations and methods of application by each party in practice. When the parties are unable to reach a unified understanding or agreement on how such provisions should be interpreted and applied, this is precisely when conflicts and disputes arise.

When disputes arise, it also means that enterprises are exposed to or directly affected by the consequences arising from the contract, such as obligations to pay contractual penalties, compensate for damages, forfeit deposits or incur deposit penalties in contracts that stipulate deposit mechanisms, suspension of performance, or contracts being unilaterally terminated or cancelled. These consequences negatively impact the enterprise’s reputation as well as result in the loss of business benefits.

As mentioned above, enterprises need to rely on multiple factors related to the legal status and capacity of each party, as well as the contract itself, in order to anticipate potential risks that may arise in the future, thereby incorporating preventive or contingency clauses into the contract in advance. To effectively control risks arising from contracts, in addition to assessing the credibility of the counterparty, it is also essential to carefully structure and draft key contractual clauses from the outset to mitigate risks at the contract formation stage. Specifically, this includes: detailed descriptions of goods and service contents accompanied by specific standards; payment mechanisms appropriate to the contract value, performance progress, and delivery methods; acceptance and inspection of the quality of goods and services; risk transfer; penalties and compensation for damages; unilateral termination and termination of the contract; accompanying tax obligations; and in particular, the governing law.

2. Labor management

Labor has always been a challenging issue for enterprises, especially for multi-sector enterprises employing diverse groups of workers. Accordingly, beyond issues related to salaries and bonuses, most labor disputes today arise from enterprises’ failure to establish a comprehensive framework of labor management documents that are now mandatorily required by law in specific circumstances. Typical examples include: collective labor agreements, internal labor regulations, salary and bonus policies, wage scale and payroll systems, financial regulations,… Among these, internal labor regulations are considered the key document governing in detail the conduct, behavior, and workplace culture of each individual employee. Under current regulations, acts or violations that are not stipulated in the internal labor regulations or the labor contract may not be subject to disciplinary action against the employee, except for a limited number of violations that are specifically prescribed under labor law, which remain relatively few.

In addition, in cases where an employee consistently fails to meet KPIs, the question arises as to whether enterprises have the right to impose labor disciplinary measures and terminate the employment. In practice, many enterprises handle this issue in an arbitrary manner, based on the assumption that “if the employee cannot perform the job, they can simply be dismissed.” However, it is important to understand that only when enterprises have established internal regulations and evaluation criteria defining the level of failure to complete assigned work will they have a legal basis to assess such performance and, accordingly, proceed with unilateral termination of the labor contract due to failure to complete work in accordance with company regulations.

At present, the increasingly stringent supervision by tax authorities and social insurance agencies places enterprises in a position where they are required to “do things correctly,” from the type of labor contract being entered into, salary calculation mechanisms, salary payment timelines, regulations on monetary penalties within enterprises, overtime exceeding statutory limits, to arbitrary application of allowances and other benefit items for the purpose of tax optimization.

Another issue that enterprises must face in 2026 is personal data. Accordingly, current regulations require enterprises to fully comply with consent requirements of personal data subjects in cases where enterprises act as data processors, data controllers, or a third-party service providers. Depending on each specific circumstance, enterprises are also required to carry out administrative procedures related to personal data impact assessment reports and cross-border data transfers. Failure to comply with these obligations may expose enterprises to the risk of administrative penalties imposed by the Ministry of Public Security. Current personal data protection laws also allow data subjects to withdraw their consent, thereby requiring enterprises to destroy or delete personal data that had been previously collected.

Alongside labor management, issues relating to tax compliance management, accounting governance, and the management of relationships among company members are also brought to the forefront. These are key aspects which, in our view, enterprises must now seriously and systematically develop in order to achieve sustainable growth and to avoid financial risks arising from regulatory violations, as well as reputational risks. Enterprises have reached a stage where they can no longer rely on superficial or reactive compliance approaches as in the past. In our subsequent article, we will share practical perspectives on the development of internal regulations and governance frameworks for managing and controlling compliance in the fields of tax and accounting, as well as risk management approaches aimed at preventing conflicts among company members and executive management, all in pursuit of the enterprise’s sustainable development objectives.

Advisory email info@cdlaf.vn
Hotline: (+84) 909 668 216

Time of writing: 26/01/2026

The article contains general information which is of reference value, in case you want to receive legal opinions on issues you need clarification on, please get in touch with our Lawyer at info@cdlaf.vn

Why choose CDLAF’s service?

We provide effective and comprehensive legal solutions that help you save money and maintain compliance in your business;
We continue to monitor your legal matters even after the service is completed and update you when there are any changes in the Vietnamese legal system;
Our system of forms and processes related to labor and personnel is continuously built and updated and will be provided as soon as the customer requests it;
As a Vietnamese law firm, we have a thorough understanding of Vietnam’s legal regulations, and grasp the psychology of employees, employers, and working methods at competent authorities;
CDLAF’s team of lawyers has many years of experience in the field of labor and enterprises, as well as human resources and financial advisory.
Strict information security procedures throughout the service performance and even after the service is completed.

You can refer for more information:

What should advertising enterprises prepare to comply with the personal data protection law?

Responsibilities of Enterprises when employing Foreign Workers

Is it Mandatory for Enterprises to Appoint Personal Data Protection Personnel?

How Does the Draft Decree on Administrative Sanctions for Personal Data Violations Regulate Acts and Penalties? (Part 2)

How Does the Draft Decree on Administrative Sanctions for Personal Data Violations Regulate Acts and Penalties? (Part 1)

Guidelines for Drafting a Personal Data Protection Policy Under the New Law (Part 1)