In today's world, companies face a minefield of regulations, both governmental and industry-specific. And the list seems to be getting longer all the time. But does complying with these regulations just add cost to the business, or do they provide companies with business advantage, such as improved customer service?
It depends on who you ask. The Financial Times estimates that the cost of complying with just Sarbanes-Oxley alone for the average large Fortune 1000 company in the US amounts to a one-off cost of $5.1 million for implementing a qualifying corporate governance policy, plus a further ongoing cost of $3.7 million, on average, for continuing compliance measures over time. Other sources state that annual IT spending by companies that is specifically earmarked for compliance efforts is growing by around 10 percent per year.
For some companies, these costs are just too high and there have been a number of companies that have de-listed from U.S. stock exchanges in order to avoid the cost of complying with the onerous requirements of Sarbanes-Oxley, which has had the knock on effect of fuelling the boom in private equity spending. There are many examples, but just one is that of technology vendor SafeNet, which was de-listed and acquired by private equity firm Vector Capital in April 2007. But that is not the end of the story and de-listing will not reduce the burden of compliance with a range of other regulations, such as data protection legislation.
Because of this-and because the burden of regulation is likely to increase in the future, with legislation that will potentially be introduced including e-disclosure rules in the EU and a strengthening of privacy rules at a federal level in the U.S.-companies need to view their regulatory compliance efforts as a strategic investment that covers all parts of the business. This means that compliance must involve input from multiple stakeholders in the organization, including the board of directors, legal resources, operations and IT. Organizations taking just a tactical or piecemeal approach by considering each regulation with which they must comply in isolation will fail to see the bigger picture and are likely to end up spending more in the long run.
Before any technology investments are made, companies need to perform an assessment of which regulations affect their business, as well as taking into account future regulations that are on the horizon, and what the provisions of those regulations are. This will provide insight into overlaps between regulations, such as the requirement included in many regulations for maintaining email records for long periods of time, and where common business processes can be implemented to achieve multiple goals. This assessment will form the basis of a company's strategy and plan for investing in technology-for example in automated controls for managing information produced within an organization to achieve goals of privacy and operational transparency required by many of the regulations that exist today. Many of the technology solutions available for helping companies to achieve regulatory compliance include templates or model policies relating to the requirements of the most common pieces of legislation and these can be used to aid companies in ensuring that their investments cover multiple rules.
An essential investment that companies must make in their compliance efforts is in tools for automating and improving auditing and reporting capabilities. A common complaint in recent years has been that regulatory compliance involves increased audit fees. For example, British Telecom says that its spend on audit fees increased by almost one-third due to Sarbanes-Oxley alone. Other companies have complained that compliance burdens caused by the increased level of investment required have reduced the level of dividends that they are able to pay their shareholders.
The benefits of achieving compliance
All this said, there are actually many benefits to compliance-not the least of which is the avoidance of penalties and other costs, such as lawyers' bills. Companies will also be in a better position to prevent their reputation being damaged, which can cause customers to shun their products and partners to cancel deals. Many of the regulations have been developed as a result of corporate scandals such as Enron that have forced companies out of business and the provisions of some of them could lead to more corporate executives languishing in jails in the future.
The benefits that will accrue to companies that achieve regulatory compliance include improved internal processes, with enhanced accuracy of financial reporting reducing the risk of fraud, and a better audit trail of all processes ultimately leading to the goal of lower audit costs. For large companies, the costs of restating earnings owing to poor financial reporting can run into billions-spend that can be avoided by putting in place more efficient operations in the first place. And because of controls such as improved security mechanisms, better records retention, and data recovery capabilities, companies may even be in the position to command reduced insurance premiums owing to reduced risk exposure to fraud and other problems caused by data leakage.
As well as internal process benefits, companies that can demonstrate that they have the tools and processes in place for achieving regulatory compliance will benefit from being seen as ethical, improving shareholder value and potentially competitive advantage if customers and business partners have greater confidence in the business. Companies will also be in a better position to defend themselves against litigation, such as e-disclosure lawsuits, where the costs of manually finding poorly stored documents can run into the millions.
The investment required for compliance efforts may be a bitter pill for a company to swallow upfront. But, when a holistic approach is taken to compliance covering all parts of the business, all processes used, and taking all regulations into account in one company-wide exercise, the benefits will eventually outweigh the costs. In the long run, regulatory compliance will even be good for the business, allowing a company to improve its performance, avoid fines and penalties, and achieve the ultimate goal for any company-that of getting closer to its clients and improving customer service.
