What price compliance?

Companies are wilting under the weight of increasingly onerous government and industry-specific regulations. But does compliance just add cost? Quocirca's Fran Howarth argues that rules and laws can provide companies with a business advantage if tackled in the right way.

The answers to questions about the impact of regulations depend on who you ask. The Financial Times estimates that the cost of complying with Sarbanes-Oxley alone for the average large Fortune 1000 company in the US amounts to a one-off cost of $5.1m for implementing a qualifying corporate governance policy, plus a further ongoing cost of $3.7m for continuing compliance.

Other sources state that annual corporate IT spending specifically earmarked for compliance efforts is growing by about 10 per cent per year.

For some organisations these costs are just too high and a number of companies have delisted from US stock exchanges to avoid the cost of complying with the onerous requirements of Sarbanes-Oxley. This has had the knock-on effect of fuelling the boom in private equity spending.

The investment required for compliance efforts may be a bitter pill for a company to swallow upfront. But when an organisation takes a holistic approach to compliance by looking at all parts of its business, all processes and all regulations, the benefits will eventually outweigh the costs.

But that is not the end of the story and delisting will not reduce the burden of compliance with a range of other regulations, such as data protection legislation.

Because of this - and because the burden of regulation is likely to increase with new legislation potentially covering e-disclosure rules in the EU and a strengthening of privacy rules at a federal level in the US - companies need to view their regulatory compliance efforts as a strategic investment that covers all parts of the business.

This means compliance must involve input from multiple stakeholders in the organisation, including the board of directors, legal resources, operations and IT.

Organisations taking just a tactical or piecemeal approach by considering each regulation with which they must comply in isolation will fail to see the bigger picture and are likely to end up spending more in the long run.

Before any technology investments are made, companies need to perform an assessment of which regulations affect their business, as well as taking into account future regulations that are on the horizon, and what the provisions of those regulations are.

This assessment will provide insight into overlaps between regulations, such as the requirement included in many regulations for maintaining email records for long periods of time, and where common business processes can be implemented to achieve multiple goals.

The assessment will form the basis of a company's strategy and plan for investing in technology - for example, in automated controls for managing information produced within an organisation to achieve goals of privacy and operational transparency required by many of the regulations that exist today.

Many of the technology solutions available for helping companies to achieve regulatory compliance include templates or model policies relating to the requirements of the most common pieces of legislation and these can be used to aid companies in ensuring that their investments cover multiple rules.

An essential investment that companies must make in their compliance efforts is in tools for automating and improving auditing and reporting capabilities. A common complaint in recent years has been that regulatory compliance involves increased audit fees.

For example, BT says that its spend on audit fees increased by almost one-third due to Sarbanes-Oxley alone. Other companies have complained that compliance burdens caused by the increased level of investment required have reduced the level of dividends they are able to pay their shareholders.

Benefits of achieving compliance

All this said, there are actually many benefits to compliance - not least of which is the avoidance of penalties and other costs, such as lawyers' bills. Companies will also be in a better position to prevent their reputation being damaged, which can cause customers to shun their products and partners to cancel deals.

Many of the regulations have been developed as a result of corporate scandals such as Enron that forced companies out of business. The provisions of some of these regulations could lead to more corporate executives languishing in jails in the future.

The benefits accruing to companies that achieve regulatory compliance include improved internal processes, with enhanced accuracy of financial reporting reducing the risk of fraud, and a better audit trail of all processes ultimately leading to the goal of lower audit costs.

For large companies, the costs of restating profits owing to poor financial reporting can run into billions - spend that can be avoided by putting in place more efficient operations in the first place.

And because of controls such as improved security mechanisms, better records retention and data recovery capabilities, companies may even be in the position to command reduced insurance premiums through reduced exposure to fraud and other problems caused by data leakage.

As well as internal process benefits, companies that can demonstrate they have the tools and processes in place for achieving regulatory compliance will benefit from being seen as ethical, improving shareholder value and potentially competitive advantage if customers and business partners have greater confidence in the business.

Companies will also be in a better position to defend themselves against litigation, such as e-disclosure lawsuits, where the costs of manually finding poorly stored documents can run into the millions.

The investment required for compliance efforts may be a bitter pill for a company to swallow upfront. But when an organisation takes a holistic approach to compliance by looking at all parts of its business, all processes and all regulations, the benefits will eventually outweigh the costs.

In the long run, regulatory compliance will even be good for the business, allowing a company to improve its performance, avoid fines and penalties, and achieve the ultimate goal for any company - getting closer to clients and improving customer service.