Compliance officers are in high demand in today’s fast-paced business world; therefore, the trend is not slowing down. The reason for this demand is simple – a new regulation is issued every seven minutes! So, let’s dive into the impacts, challenges and potential solutions.
What is Regulatory Compliance?
Businesses need to follow a set of laws and regulations in order to comply with local, state, and federal jurisdictional requirements. Regulatory compliance typically describes the process of identifying such regulations and taking actions to abide by these legal instruments. Furthermore, there are many risk management guidelines and frameworks that vary by industry, such as the Federal Information Security Management Act (FISMA), Health Insurance Portability and Accountability Act (HIPAA) for the healthcare industry, and the General Data Protection Regulation (GDPR) for businesses that trade in Europe within the data privacy and security industry.
Corporate regulations were introduced in the 20th century to tackle the root causes of business abuse and scandals. Unfortunately, these attempts to address the root cause only brought about further instances where businesses found loopholes and the need for further legislation. This cycle brought more complexity to the regulatory compliance process and has even accelerated in this century. Corporate regulations have continued to evolve through periods of dramatic legislative interventions by federal lawmakers and major incidents such as the GE and Westinghouse price-fixing scandal in the 1960s. Modern compliance programs have increasingly become part of business practice for most corporations with some businesses having an entire department delegated to this process. As a result, businesses have increasingly started to push back on regulation that slows down innovation while legislators continue to discourage abuse and scandals.
Why is Regulatory Compliance Essential?
Non-compliance can be costly, as evidenced by the $17B in penalties issued by the U.S. Securities and Exchange Commission (SEC) between 2016 and 2020, leading to over 400 companies being suspended from operations.
As another current example of noncompliance, as of September 24, 2021, WPP (a 12 billion GBP advertising conglomerate) agreed to pay $19 million to settle charges that it violated the anti-bribery, books and records, and internal accounting controls provisions of the Foreign Corrupt Practices Act (FCPA) in connection with its subsidiaries in India, Brazil, China, and Peru.
The consequences of non-compliance can be segmented into 5 categories:
- Fines: This is the most obvious and common consequence with legal costs and those of the prosecution adding up quickly.
- Imprisonment: Company leaders and employees can be imprisoned in some cases. As an example, the EPA has initiated more than 50 criminal cases in 2021.
- Reputational damage: The financial impact for fines could be dwarfed by the long term reputational damage, leading to loss of clients. Enterprises strictly monitor their vendors for regulatory noncompliance and don’t hesitate to cut ties in the event of such incidents.
- Loss of key employees or prospect hires: Regulatory investigations seriously hinders the chances of attracting the best talent.
- Loss of operations: In some cases, regulators shut down the operation of a company temporarily or permanently until the incident has been resolved. The loss of income could lead to bankruptcy.
Top Challenges with Regulatory Compliance
The main challenges to maintaining regulatory compliance are:
- Broad horizon
- Constant changes
- Emerging regulatory trends
- Escalating cost
Let’s analyze each of these challenges.
“Broad horizon” refers to the diversity of regulations a given business needs to comply within their jurisdiction.
As an example, a manufacturing business will need to comply with various regulations that span across multiple topics such as:
- Data Protection
- Employment Law
- Export Controls
- Fair Competition
- Environment, Health, and Safety
- IT Safety and Security
- Product Safety
“Constant changes” captures the fact that every seven minutes, a new regulation is issued. Staying on top of regulatory changes for corporate boards and compliance officers remains a major challenge because regulatory change is accelerating by 10% every year.
“Determining emerging regulations and compliance trends” is another key challenge that carries significant risk. On the one hand, compliance officers need to understand the impact of regulatory changes and suggest edits to evolving regulations during the proposed rulemaking process, on the other hand, government relations teams need to monitor evolving bills and make submissions compliant with lobbying regulations in order to influence future legislation. With the number of bills, laws, and regulations exploding in recent years, companies are finding it challenging to track this manually.
“Escalating cost” for corporations and small businesses is a problem since the regulatory compliance teams required to track new regulations and bills and set up risk and controls are doing so manually.
How to Maintain Regulatory Compliance?
Regulatory compliance starts with companies building a law library to represent the regulations they need to monitor. Here are the key steps in this process:
- Identify applicable regulations;
- Understand requirements and associated risks;
- Establish controls tied to risks;
- Collect compliance documentation;
- Capture the compliance process in an auditable format;
- Track changes to regulation to update risk and controls as needed to stay in compliance; and
- Scan the horizon to anticipate future legislative changes by analyzing bills and enforcement actions.
The function of regulatory compliance is benefiting from technological evolution, where Machine Learning and Natural Language Processing are bringing innovative new ways to standardize this step across industries and jurisdictions.
- “SEC.Gov | Selected Division of Enforcement: Accomplishments: December 2016 – December 2020” SEC.Gov | HOME, 30 Dec. 2020, https://www.sec.gov/enforce/selected-division-enforcement-accomplishments-december-2016-december-2020
- “SEC.Gov | SEC Charges World’s Largest Advertising Group with FCPA Violations.” SEC.Gov | HOME, 24 Sept. 2021, https://www.sec.gov/news/press-release/2021-191