The Cost of Compliance

The Cost of Compliance

Every business will bear a cost to comply with international, national or local laws, regulations and industry code agreements. Have you ever considered what this cost is worth to you?

The ‘Cost of Compliance’ is usually shrouded with a negative connotation and a cost that businesses see as a burdensome overhead, a business levy even! Whether the business is a sole trader or an international household name, there will be a cost associated with complying - whether it be an indirect cost, through the administration of licences, creating policy documents to demonstrate adherence to the rules, technology to monitor transactions and systems, to the direct cost of employing compliance staff, training courses, paying for licences to trade etc.

In the majority of cases, those costs to a business are for protection against enforcement action being taken in the event of something going wrong, the eyewatering fines they carry and the personal liability upon the directors. There’s no doubt that regulatory change is increasing and will continue to do so in the near term, with the UK’s withdrawal from the EU, decades of laws and regulations will be unpicked and stitched back together again. The aftermath of
Covid-19 will likely introduce more regulatory protection for the vulnerable and those affected by the pandemic. Coupled with the shrunken economy and operating budgets being squeezed to recoup lost revenue, the cost to comply will inevitably increase, whilst turnover and profits decrease.

Businesses across the world are looking at their operations to identify cost savings and efficiencies whilst maintaining quality and standards, a conundrum that has to balance many factors to survive financially with the objective of finding the ‘Value Add’, seldomly to many organisations does the word ‘compliance’ conjure up the sense of adding value – a phrase that most Chief Finance Officers utter relentlessly. With that approach you are just paying a levy without extracting the advantages of good governance & compliance.

An effective approach to extracting the benefit & value of a fully effective compliance framework is to begin with a culture of compliance, where for medium to large size organisations the burden and cost of operating compliance is shared. Multiple times have I worked with organisations where Compliance sits in a silo and is called upon when things go wrong, to fix a problem that shouldn’t have happened. If the Compliance team were involved at the beginning of a change implementation or when an issue first arose, the incident could have been contained, averted or have less impact to their customers. The problem stems from Compliance being seen as the internal police, the “sales prevention team” or sometimes, quite simply .. no one really knows what they do or what they’re to be used for, and sometime the Compliance team feel the same! Embedding a culture of compliance and having an integration of the Compliance team within the operation, whilst maintaining a level of independence is critical to an effective compliance regime which will increase efficiency and engagement, reduce costs and risk.

An integral part of a compliance framework is training and sharing knowledge, but the training has to be made relevant to the organisation and the objective needs to be understood by all, otherwise it’s a download of ‘what the rule book says’. The responsibilities and how compliance impacts the function and operation of a business has to be clearly explained and agreed, after all, enforcement bodies and regulators look at how the organisation as a whole has demonstrated compliance, not how effective the team is who provides the management oversight.

Compliance teams who withhold or hoard knowledge create a barrier to operational performance and obstacles which prevent collaborative working. Again, I have seen this many times in organisations, large and small where the thought is, if operational areas know how to comply and are self-sufficient, what’s the point of the compliance team? I use an analogy to explain to those organisations struggling to understand. A parent will teach their child at a young age to tie their shoelaces, to enable them to do it themselves and teach them a life skill. Whilst the child now knows how to tie their laces, the parent will check and make them aware if they’re not tied to avoid an accident – the parents responsibility doesn’t fall away just because they have imparted knowledge, the role now becomes one of oversight and assurance. This translates into an organisational setting, by teaching the functional teams how to comply they become self sufficient and see the value and purpose of what their doing, the role of compliance is to therefore oversee adherence and prevent risks from materialising, although not to be mistaken by implementing a ‘parent to child’ relationship but one of business partnering.

Highly skilled compliance professionals are hard to find and when you do, they come with a high salary, it should be seen as an investment, but one that is short lived, to enable the change of an organisations culture to set them on the right path. By having a sustainable and flexible framework which is owned by everyone will ultimately reduce the burden of internal compliance costs and dispel the black cloud of compliance over the operation, as it becomes part of their DNA.

The conclusion is that compliance is an overhead cost, whether you treat it as a separate line item in a budget or absorb it into general administration. The cost of compliance is and will increase with more regulatory and legal changes on the horizon coupled with increasing financial penalties and brand damaging enforcement action – something that can takes years to recover from. We’re no longer in the world of monopoly organisations and consumers will ‘vote with their feet’. The communications network provider, Talk-Talk found that when they were the victim of a cyber attack in 2015 as a result of poor controls and a lack of adherence to the basics of compliance. A financial penalty of £400,000 was issued, which under the GDPR regime would have been much higher and possibly in the millions but the brand damage was at a much greater cost. Embedding a core team within an organisation to manage and maintain a sustainable framework which is based on culture and engagement will extract value and provide benefit, whilst protecting your business interests.

If you would like to find out more or would like to discuss this topic in more detail, I would be interested to hear from you.