The intangible cost of non-compliance
Article Navigation
Compliance is becoming increasingly important to businesses globally. Consequently, the development and adoption of effective compliance programs is taking up more time and resources from busy companies seeking to grow.
As laws and regulations relating to corporate activities increase and businesses executives spend more time on external and internal compliance efforts – a question arises about what the actual cost of non-compliance is.
“In a 2011 study by the Michigan-based information and privacy management-focused Poneman Institute, the cost of non-compliance was estimated to be three-times more than compliance. And in the six years following the study, non-compliance costs continued to increase by 50%. Notably, these costs are projected to continue to increase.”
Why compliance is important
Compliance helps protect vital interests of internal and external business stakeholders. Compliance often protects things like corporate governance, supply chains and management practices, human rights, safety, business confidence, while protecting against unnecessary legal and regulatory liabilities or damage to the economy. Pressure can be brought to bear against companies by customers, governments, employees, international organizations and industry leaders.
It’s important to keep in mind here that the risks are so high that simply identifying compliance risks is not enough – focused action must be taken to ensure business compliance goals can be achieved.
It’s important to consider what areas of compliance businesses must understand and adhere to, as well as specific ways non-compliance can be harmful to a company.
The hidden costs of non-compliance
Non-compliance can be more expensive than compliance when:
- There is loss of money from lawsuits and fines
Losses from recent lawsuits and settlements for non-compliance have been substantial.
In a 2021 case of a supplier of parts to the US Military, Crane Company agreed to pay more than $4.5 Million to resolve a False Claims Act suit brought against them by the US Government for “non-compliance with military specifications”.
In another 2021 case,
the Toyota Motor Company agreed to pay a $180 Million settlement for noncompliance with Clean Air Act reporting requirements which extended out over a decade.
These are just a few of many examples of how damaging non-compliance can be for companies that run afoul of regulators or other adverse parties. PEO services companies help businesses avoid the circumstances which lead to lawsuits and fines by ensuring they remain compliant with all relevant regulatory and statutory requirements.
- Loss of trust due to transparency around privacy and data security
System and Organization Controls (SOC) reports help businesses feel confident that service providers are operating ethically and in a compliant manner. SOC 1 audits help organization examine and report on internal controls relevant to client financial statements. SOC 2 audits help organizations examine and report on internal controls relevant to all aspects of security, privacy and management of customer data.
In the EU, GDPR requires data privacy and security by adoption of the technology required to achieve it. GDPR requires: A lawful reason for processing personal data; data subjects must be aware of how their information is being used and must consent to its use; personal data can only be collected for specific purposes; data must be documented and deleted when no longer needed; data subjects must be provided with a mechanism for deliberate action to opt-in; privacy concerns must be addressed before data is captured; impact assessments must be conducted where data processing is likely to result in high risk to data subjects; special safeguards must be in place when moving data out of the EU, including appointment of a data protection officer (DPO) to ensure compliance; and staff must be trained in data compliance related practices.
In 2021, British Airways (BA) settled one of the U.K.’s largest group actions after thousands sought to be compensated after a 2018 data breach which affected over 400,000 customers and staff where names, addresses, and credit card details were accessed. The U.K. Information Commissioner’s Office (ICO) then levied a £20 million penalty against BA under GDPR, its largest ever fine.
PEO services companies help client companies secure their data in full compliance with SOC reporting standards, GDPR requirements, as well as similar requirements in other jurisdictions – and avoid the types of penalties which could in some cases result in record fines.
- Causes business disruptions
At any time, suppliers or business partners might engage in behaviors which could result in trouble for non-compliance or worse. For example, suppliers or business partners might violate labor and human rights laws, become involved in corrupt or other illegal activities, or outsource production in violation of one or several jurisdictional legal requirements.
Often, suppliers or other business partners may not disclose to you where your branded products are being manufactured, or where key services you rely upon are provided. In these cases, businesses expose themselves to many unknown risks which have the potential to stop production lines, import and export activities, services provision, sales, and more. Therefore, it is essential to put monitoring mechanisms in place to avoid this.
Jenny Yu of Munch RE detailed in European Pharmaceutical Review how a Canadian drug manufacturer had its license suspended due to regulator concerns about its manufacturing facility. The suspension meant no product could be sold from the site, resulting in the near failure of the company as it only produced this one product. Further competitor products also put the companies’ contracts at risk creating an ongoing impact to its market share.
PEO services companies help client companies establish and maintain monitoring mechanisms to avoid risks, as well as improve business governance, ensure compliance with corporate policies and values, and reveal new ways operational efficiencies can be realized. PEO’s also help facilitate additional insights allowing companies to act to streamline corporate processes for faster disclosure. Once full visibility is present, companies can engage in regular assessments to maintain close connections with all business partners to ensure full compliance throughout the organizational system.
- Loss of brand reputation
In today’s fast-paced communications environment, even small issues can initiate major problems for businesses. As a result, corporate brand equity is at risk where controversy erupts. It should come as now surprised then that Deloitte has detailed that 87% of executives consider reputational risk to be the biggest strategic risk their companies face.
When companies rely on PEO services to help ensure transparent business conduct, they lower the risk of brand equity damage.
A 2015 Nielsen Global Corporate Sustainability Report found that consumers from throughout the world are willing to spend more with companies that they feel are focused on ethical business practices.
- Loss of trust among clients and stakeholders
Non-compliance can often lead to the loss of long-standing clients who will cease doing business with a brand they regard as unethical. According to a recent Deloitte report, 50% of internet users in 2019 stopped buying from companies they didn’t trust were ethical. Deloitte also reported that a full 30% of the annual revenue of a typical business is at risk from negative consumer responses or regulatory non-compliance.
And in 2018, the United Nations (UN) reported that self-regulation for business is crucial to securing consumer trust. As the UN detailed, businesses are becoming more aware that their stakeholders place greater importance on their ethical practices. Consumers look to the entire chain of activities business engage in, making compliance across the entire organization key. As Harvard describes it – businesses are looking to the preferences of employees, suppliers, customers, partners, and society – to ensure they meet expectations of all stakeholders when creating a corporate strategy.
Savvy businesses are, therefore, prioritizing social responsibility, good management processes, and a stakeholder-based strategy, by using PEO Services companies.
- Problems with reporting and economic management
PEO Services companies help clients secure well-designed internal controls capable of protecting business assets from loss by accident or fraud by ensuring corporate management teams have timely, accurate and full information. This information can include accounting records used for the planning, monitoring and reporting of business operations. PEO Services also provide clients with internal controls which help to make sure organizations are following the wide range of national, regional, and local laws and regulations that affect the operations of the business, efficient business operations and mechanisms for monitoring the progress of key operational objectives.
- Lack of visibility can lead to fraud
PEO Services companies help clients maintain company cultures which actively identify and combat fraud, supported by relevant staff training. These services provide businesses with a competitive advantage by helping them to avoid unnecessary loss. According to a recent study, British businesses typically lose 5.6% of their total expenditure to fraud annually. And most fraud is difficult to detect and expensive to investigate. Companies that have been able to successfully reduce the cost of fraud have been able to do so by focusing on stopping it before it happens by building stronger anti-fraud cultures and more effective deterrence systems within their organizations.
- Employees can be impacted
Certifying employees as eligible to work is an essential part of today’s workplace compliance. While keeping track of employee eligibility may seem straightforward, tracking the status of their certifications can be easily overlooked.
The consequences of non-compliance arising from expired employee certifications or inadequate training affect every industry and can result in financial penalties and fines, loss of productivity and revenue, official sanctions and license suspensions, and the risk of injury and potential lawsuits from hazardous work environments.
Recently in the UK, Her Majesty’s Revenue and Customs (HMRC), a UK Government department responsible for the collection of taxes, announced it would clamp-down on businesses engaging flexible workers where they should in fact be deemed employees, to avoid the additional costs associated with a full-time workforce. Workers in these circumstances would then be entitled to rights including notice period, holiday pay, and redundancy pay.
It’s important, too, to remember that the cost of attracting and keeping outstanding employees can be steep. Compliance violations make employee retention even more difficult. As International Audit reports, 59% of employees who witness non-compliant practices begin searching for a new job as a result. These circumstances negatively impact employee retention and drive away other ethical employees. And as Forbes has detailed, the total cost of replacing veteran workers can be as much as 33% of their annual salary.
How to avoid the cost of non-compliance
As we’ve outlined previously, when businesses fail to comply with laws and regulations, this leads to a very damaging environment in which to do business – where costly lawsuits, hefty fines, lengthy disruptions, loss of business trust, and loss of clients and stakeholders – become far too commonplace. When you secure accurate visibility over all the activities of your supply chain and business process partners, you insulate yourself from risk and lay the framework for sustainable compliance programs in all areas across your supply chain.
In 2019, international accounting and audit firm PwC conducted the State of Compliance Study which called for a “radically unique way of operating” for business to ensure compliance is as good as it can be in a digital economy.
As PwC detailed, digital forms of compliance can help companies keep even the largest supply chains and business processes organized while maintaining full visibility among supply chain and business process partners – while also reducing the cost of compliance.
By working with PEO services providers to leverage technology to automate and optimize compliance operations, companies can standardize and centralize compliance and sustainability efforts, compare and evaluate compliance data for better decision making, and create a data-driven compliance strategy. These digital solutions allow companies to always monitor their supply chains carefully, make better use of their compliance resources and programs, while being able to always adapt to a fast-changing compliance landscape.
Sources:
- https://www2.deloitte.com/content/dam/Deloitte/za/Documents/risk/NEWReputationRiskSurveyReport_25FEB.pdf
- https://www.wipfli.com/insights/articles/ra-soc-1-vs-soc-2-whats-the-difference
- https://www.itgovernance.eu/blog/en/summary-of-the-gdprs-10-key-requirements
- https://corporatefinanceinstitute.com/resources/knowledge/accounting/internal-vs-external-financial-reporting/
- https://finance.uw.edu/fr/internal-controls
- https://www.raconteur.net/top-five-tips-to-prevent-fraud/
- https://360advanced.com/soc-report-and-why-my-company-needs-one/
- https://www.ponemon.org/about/
- https://www.justice.gov/opa/pr/crane-company-agrees-pay-more-45-million-resolve-false-claims-act-lawsuit-non-compliance
- https://www.justice.gov/opa/pr/toyota-motor-company-pay-180-million-settlement-decade-long-noncompliance-clean-air-act
- https://www.europeanpharmaceuticalreview.com/article/103616/regulatory-non-compliance-business-interruptions/
- https://www.forbes.com/sites/johnhall/2019/05/09/the-cost-of-turnover-can-kill-your-business-and-make-things-less-fun/?sh=63918c067943
- https://www.accountancyage.com/2021/05/20/false-self-employed-to-be-targeted-for-ir35-non-compliance/