Blog Post

The cost of non-compliance

Cornerstone Editors

This article originally appeared in SumTotal Systems blog.

To be compliant or not to be compliant; it's an age-old question. The answer for any organisation, however, carries with it a lot of complexities and implications. For many companies, particularly those in highly regulated industries like financial services and healthcare, taking steps to meet legal obligations — or be compliant — is essential to protecting the health, safety, and welfare of the organisation and its customers.

But as a company grows, the compliance complexities expand into topics around workers, hiring, firing, discrimination, harassment, safety, wages, payroll, and benefits. And that's just to name a few. As a result, the compliance responsibility list is long, and the cost to ensure compliance is often steep.

Compliance pain points

If you manage compliance at your organisation, you are well aware of the common issues when implementing compliance protocols within your workforce. Unfortunately, compliance training and employees don't always mix well. Typically, giving your best effort at achieving engagement across the organisation involves navigating a layer of difficulty. A few common pain points include:

  • Employees often state they do not feel better equipped after completing compliance training.
  • Employees feel the compliance training runs too long. The need to protect employees' time is an ever-challenging dynamic.
  • Employees simply click through mandatory compliance training without listening or reading. The training is described as "boring," which hinders engagement and retention of knowledge.

Determining solutions for these problems can be draining on an organisation's resources. In addition, employees who need to pay more attention to mandatory compliance training put the whole organisation at risk.

But there is more to the difficulty surrounding compliance. Alongside the complexity of employee engagement are the costs associated with that effort. Many business leaders rationalise the cost of noncompliance against the spending required to upgrade their technology and data processes. However, it is eye-opening to look at the expense of noncompliance under regulatory frameworks like GDPR, HIPAA, PCI-DSS, and others.

Traditional costs of compliance

Compliance costs encompass everything that goes into keeping a business compliant with relevant regulations. Companies must have a detailed plan that includes the policies and procedures to meet compliance requirements adequately and on time. An accurate recordkeeping system to document those procedures is also necessary. Best practices recommend implementing software and databases to automatically keep track of all the data and assist in time-intensive tasks like audit performance management and compliance risk management.

Considering those needs, it's common when a company views the suggested solutions as both a nuisance and a drain on often already strained resources. But while the cost of being compliant may seem high, being non-compliant often costs an organisation significantly more.

Recent research indicates that the failure to comply has become more expensive than ever, far exceeding compliance costs. Data security has the highest compliance cost — although, for most businesses, investing in data security is not to improve business security but to adhere to laws and regulations.

In the past, compliance laws and regulations were strongly recommended, but non-compliance didn't equate to steep fines, legal implications, or business reputation consequences that are now a result of noncompliance.

Penalties and fees due to non-compliance

Regulatory fines and penalties for noncompliance are steep.

In 2018, non-compliant companies were subject to $3.945 billion in penalties and another $794 million in judgments related to SEC investigations and complaints. In addition, FINRA imposed $61 million in fines. While these numbers are staggering, they are just the beginning of possible costs for companies that operate without robust regulatory compliance programs.

That's different from where the costs stop, however. Business disruption related to being out of compliance–including regulatory fines, lost productivity, lost revenue, lost customer trust, and operating expenses for remediation–have cost firms nearly three times the cost of complying in recent years.

Stated another way, the average cost of compliance came in at $5.47 million, while the average price of noncompliance was $14.82 million. The average cost of noncompliance has risen more than 45% over the past ten years.

As businesses expand, many are looking into third parties to ensure compliance and reduce the potential costs associated with non-compliance.

Hidden costs of non-compliance

Fines are just one cost of noncompliance for a business. For example, if your organisation violates several non-compliant actions, the FDA may take recourse depending on the severity. Some of those actions include:

  • Sending warning letters to specify the violations and seek a response on the corrective action required to correct the issue
  • Seizing non-compliant products to remove them from being sold
  • Seeking court injunctions to prevent companies from committing or causing a violation

Businesses also need to consider financial costs resulting from market erosion, damage to reputation, and loss of customer trust, in addition to litigation and compensation. Plus, all notices of noncompliance are posted on the FDA website.

The business impact of non-compliance

Despite compliance challenges and the rising costs associated with them, it's clear that noncompliance is vastly more expensive and far riskier to a company's reputation, stakeholders, and bottom line. Beyond your company's bottom line, however, ignoring required compliance measures can impact your business in the following ways:

  • Business disruption: When found to be non-compliant, businesses are often forced to implement compliance changes before they can resume operating. And if new processes need to be introduced to ensure compliance, further disruption can occur while these are implemented.
  • Possible data breaches: Data protection regulations are increasingly complex due to personal and proprietary data's value and sensitivity. Noncompliance may increase the risk of data breaches, data loss, cyberattacks, or insider threats.
  • Reputational damage: This is one of the most overlooked costs of noncompliance. Repairing a damaged reputation is difficult and often hard to accomplish in a timely fashion.
  • International operations: The complexity of global payroll compliance is significant. Studies have shown that maintaining in-country compliance is considerably cheaper, which is why it makes sense to comply before you expand and threaten your ability to operate overseas.
  • Revenue loss: Regulatory violations significantly impact a business' revenue numbers.




The truth: Zero violations do not equal compliance

While justifying reasons not to implement a robust compliance program, organisations often believe they effectively manage compliance risk simply because they haven't experienced any regulatory violations to date, but to believe that is a grave mistake. No violations do not mean there are no issues — in reality, there may be significant issues that haven't been detected yet.

If left unaddressed, those issues could cost the company more than it would have spent on solutions to prevent them. The majority of companies need help to afford to become complacent about their compliance efforts. While it may be tempting to continue running the way you always have, that can come with significant financial and reputational impacts.

Risks associated with noncompliance are ever-evolving. Therefore, continuing to rely on old compliance programs is not an effective strategy. Instead, teams need an efficient way to monitor and manage existing compliance programs — like manually handling review or certification tasks and searching for saved information in files or emails — that open the door for compliance risk and inefficiency.

Related Resources

Want to keep learning? Explore our products, customer stories, and the latest industry insights.

The cost of non-compliance

Blog Post

The cost of non-compliance

To be compliant or not to be compliant; it's an age-old question. The answer for any organization, however, carries with it a lot of complexities and implications. For many companies, particularly those in highly regulated industries like financial services and healthcare, taking steps to meet legal obligations — or be compliant — is essential to protecting the health, safety, and welfare of the organization and its customers.

Schedule a personalised 1:1

Talk to a Cornerstone expert about how we can help with your organisation’s unique people management needs.

© Cornerstone 2024
Legal