Compliance cost

Last updated October 29, 2023

Compliance costs are all expenses that a company uses up to adhere to government regulations. Compliance costs incorporate salaries of employees in compliance, time and funds spend on announcing, new system necessitated to meet retention, and so on. Compliance costs happen to be as results of local, national or even international regulation (for instance MiFID II or GDPR applying to countries in European Union). Global firms operating all over the world with varying new regulations in each country tend to face significantly larger compliance costs than those functionating solely in one region.^[1] Example – people registered for value added tax (shortly VAT) have to keep records of all tax (input and output) to simplify the completion of returns. They need to employ someone skilled in this domain, which is regarded as compliance cost.^[2]
Compliance cost mostly includes following:

Compliance costs are often combined and misunderstood with regulatory risk or conduct costs. Compliance costs are simply onward for following rules as they arise. It may include variance compliance – human resources policies, independent audits, quarterly reports, environmental assessments etc.^[1]

Rising cost of compliance

Managing and coping with rife and frequent regulation changes are one of the biggest challenges for compliance practitioners. Increasing personal liability is key concern, expected to rise each year, presumably.^[4] In regulated industries, compliance costs can rise to a point where they are barriers to entry to a market. That easily creates oligopoly. If that is the case, enterprises already competing in the concrete market mostly favor new regulations in order to keep new entrants from entering and making bigger competition. Costs are higher for firms operating for publicly held companies, they are more watched and are requested to produce reports.^[2]

The impact on operating models

According to the survey: The cost of compliance, KPMG International, 2013; we can divide managers into two camps – first, those who react to changes as they happen without previous planning, and second, those who proactively use changes to transform their operating models. Interestingly, different continents reported remarkably similar results (varying in units of percentages). There was not a side which would overcome any approach. Although exceptions exist, some said they considered exiting market due to rising regulations, others admitted thinking about moving their fund domicile.^[5]
The changing regulatory system also influenced product development decisions. According to the research, managers agree that regulation might not be the best way to improve products designs.^[5]

Taxonomy of regulatory costs

Compliance costs
- Administrative burdens
  - Substantive compliance costs
  - Implementation costs – short-term costs, used to understand the new obligation, developing compliance strategies
  - Direct labor costs - wage and non-wage (sick leave etc.)
  - Overhead costs – office equipment, rent
  - Equipment costs – software and machinery
  - Material costs – for instance where material has to be changed for one more ecological
  - External service costs – professional assistance (only when it is needed – technician etc.) with goal to find most profitable way with new regulation
- Administration and enforcement costs – implementing new licensing systems, processing renewals or publicizing a new information
Financial costs - the price of capital spent on being in accordance with restrictions
Indirect costs – also called “second costs”
Opportunity costs – for example staff spends time on dealing with compliance instead of working on another projects
Macro-economic costs – these affects variables such as GDP, GNI etc.^[6]

Financial systems

Banks have faced a huge wave of new regulations in the decade after financial crisis in year 2008. The pace of incoming changes was enormous, so banks have been forced to hire remarkable number of employees to manage with this situation and be ahead of the regulations and avoid paying fees for any breaches. Since 2008, they have spent more than $321 billion of dollars ^[7] on fines and settlements. Yearly it is spent approximately $270 billion on compliance and those costs are expected to double by year 2022.^[8]
Banks are developing strategies to reduce these costs. To do so, interest and focus turn to analytic technologies and artificial intelligence to become more cost-effective and be in accordance with compliance program.

Regulatory requirements library – Most business compliance programs consist of library of requirements. To maintain these libraries requires manual updates and reviews. Artificial intelligence (=AI) technologies notices instantly when any component is in need of external or internal change. Then these libraries are updated in real-time.
Responses to regulators – Banks and other businesses are frequently asked to provide with data assets. The period to do so is in some cases no longer then 72 hours. In the past, it was challenging to provide them while the data was not tracked already. AI technologies allow access the required information as they are received, without significant delay.
Risk assessment - traditionally, risk assessments are managed by bigger group of professionals examining documents to understand more obligations. AI technologies can map those obligations and match them to appropriate laws so that the business impacted can understand the regulations better.^[8]

Focus on risk

Governments and policymakers have done so to prevent this from happening again. For remaining financially stable, Financial Stability Board (FBS) was founded. Compliance officers look to them as source of regulatory changes around the world. Expectation on compliance has largely changed mainly over the decade after crisis in 3 areas – culture and conduct risk, personal liability, technology.^[9]

Compliance or non-compliance?

Compliance is not cheap. And as regulations keep coming, alongside companies try and focus more on transparency and firm’s ethics, money and time spend on compliance grow. There is not only one option how to handle with those problems. You may decide not to follow the standards of legislative.^[10]
At macroeconomic level, boards and directors make decisions on governance issues and their strategic approach. Once strategy is implemented, associated costs are developed – the direct cost of the team, whether it is partly outsourced or managed in-house. Compliance teams turn to technology solutions. This technology also costs despite the fact investments might pay for itself in terms of future benefit achieved.^[10]
Certainly, following of ordinances has expenditures. Failing to grant with the standards mostly ensue with penalties. For example, a breach of General Data Protection Regulation (=GDPR) may conduct to fines of up to 20 million of euros. Increasingly, corporations come to the ending that compliance is everyone’s responsibility. They cannot afford to underestimate the effect any defect or imperfection in governance might have on commercial performance.^[10]
If we compare compliance and non-compliance costs, breaches of the rules mostly lead to negative reactions from population, fines or in rare cases to prohibiting to do a business activity. On the contrary, perfect governance put in advance companies compared to their competitors. In spite of the fact costs to meet the requirements are likely to be noticeable, indirect costs of not complying can be far higher.^[10]

Bylaws

Bylaws with a high cost of compliance can suffer from not being taken seriously & often being broken. For example, jurisdictions which ban smoking in all public areas theoretically have higher rates of people smoking in public areas as it would be inconvenient for them to go all the way home. Lawmakers therefore need to consider cost of compliance.

Tax compliance

Compliance with tax laws, such as income tax or sales tax legislation, is a common topic of political debate, primarily because these taxes affect the majority of citizens in a society. By contrast, environmental regulations, such as those on sulfur dioxide emissions, only affect a minority of businesses within an economy.

Related Research Articles

Environmental laws are laws that protect the environment. Environmental law is the collection of laws, regulations, agreements and common law that governs how humans interact with their environment. This includes environmental regulations; laws governing management of natural resources, such as forests, minerals, or fisheries; and related topics such as environmental impact assessments.Environmental law is seen as the body of laws concerned with the protection of living things from the harm that human activity may immediately or eventually cause to them or their species, either directly or to the media and the habits on which they depend.

Emissions trading is a market-based approach to controlling pollution by providing economic incentives for reducing the emissions of pollutants. The concept is also known as cap and trade (CAT) or emissions trading scheme (ETS). One prominent example is carbon emission trading for CO₂ and other greenhouse gases which is a tool for climate change mitigation. Other schemes include sulfur dioxide and other pollutants.

The Sarbanes–Oxley Act of 2002 is a United States federal law that mandates certain practices in financial record keeping and reporting for corporations. The act,, also known as the "Public Company Accounting Reform and Investor Protection Act" and "Corporate and Auditing Accountability, Responsibility, and Transparency Act" and more commonly called Sarbanes–Oxley, SOX or Sarbox, contains eleven sections that place requirements on all U.S. public company boards of directors and management and public accounting firms. A number of provisions of the Act also apply to privately held companies, such as the willful destruction of evidence to impede a federal investigation.

KPMG International Limited is a multinational professional services network, and one of the Big Four accounting organizations, along with Ernst & Young (EY), Deloitte, and PwC. The name "KPMG" stands for "Klynveld Peat Marwick Goerdeler". The initialism was chosen when KMG merged with Peat Marwick in 1987.

<span class="mw-page-title-main">Audit</span> Systematic and independent examination of books, accounts, documents and vouchers of an organization

An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon." Auditing also attempts to ensure that the books of accounts are properly maintained by the concern as required by law. Auditors consider the propositions before them, obtain evidence, and evaluate the propositions in their auditing report.

In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Compliance has traditionally been explained by reference to the deterrence theory, according to which punishing a behavior will decrease the violations both by the wrongdoer and by others. This view has been supported by economic theory, which has framed punishment in terms of costs and has explained compliance in terms of a cost-benefit equilibrium. However, psychological research on motivation provides an alternative view: granting rewards or imposing fines for a certain behavior is a form of extrinsic motivation that weakens intrinsic motivation and ultimately undermines compliance.

Regulatory economics is the application of law by government or regulatory agencies for various economics-related purposes, including remedying market failure, protecting the environment and economic management.

Governance, risk management and compliance (GRC) is the term covering an organization's approach across these three practices: governance, risk management, and compliance.

The Chief Privacy Officer (CPO) is a senior level executive within a growing number of global corporations, public agencies and other organizations, responsible for managing risks related to information privacy laws and regulations. Variations on the role often carry titles such as "Privacy Officer," "Privacy Leader," and "Privacy Counsel." However, the role of CPO differs significantly from another similarly-titled role, the Data Protection Officer (DPO), a role mandated for some organizations under the GDPR, and the two roles should not be confused or conflated.

Security breach notification laws or data breach notification laws are laws that require individuals or entities affected by a data breach, unauthorized access to data, to notify their customers and other parties about the breach, as well as take specific steps to remedy the situation based on state legislature. Data breach notification laws have two main goals. The first goal is to allow individuals a chance to mitigate risks against data breaches. The second goal is to promote company incentive to strengthen data security.Together, these goals work to minimize consumer harm from data breaches, including impersonation, fraud, and identity theft.

ISO/IEC 27005 "Information technology — Security techniques — Information security risk management" is an international standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) providing good practice guidance on managing risks to information. It is a core part of the ISO/IEC 27000-series of standards, commonly known as ISO27k.

The Pest Management Regulatory Agency (PMRA) is the Canadian government agency responsible for the regulation of pest control products in Canada under the federal authority of the Pest Control Products Act and Regulations. The agency is a branch that reports to Parliament through Health Canada. The PMRA is responsible for providing access to pest management tools while minimizing the risks to human health and the environment by “using modern evidence-based scientific approaches to pesticide regulation, in an open and transparent manner”. Their main activity areas include: new product evaluation, post market review and compliance and enforcement.

Information governance, or IG, is the overall strategy for information at an organization. Information governance balances the risk that information presents with the value that information provides. Information governance helps with legal compliance, operational transparency, and reducing expenditures associated with legal discovery. An organization can establish a consistent and logical framework for employees to handle data through their information governance policies and procedures. These policies guide proper behavior regarding how organizations and their employees handle information whether it is physically or electronically created (ESI).

The economics of climate change mitigation is part of the economics of climate change related to climate change mitigation, that is actions that are designed to limit the amount of long-term climate change.

The National Industrial Chemicals Notification and Assessment Scheme (NICNAS) is the Australian government’s regulatory body for industrial chemicals. NICNAS is designed to help protect workers, the public and the environment from the harmful effects of industrial chemicals. It does so by making risk assessment and safety information on chemicals widely available and providing recommendations for their safe use. NICNAS also informs importers and manufacturers of their legal responsibilities.

The General Data Protection Regulation is a European Union regulation on information privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and human rights law, in particular Article 8(1) of the Charter of Fundamental Rights of the European Union. It also governs the transfer of personal data outside the EU and EEA. The GDPR's goals are to enhance individuals' control and rights over their personal information and to simplify the regulations for international business. It supersedes the Data Protection Directive 95/46/EC and, among other things, simplifies the terminology.

ISO/IEC 27001 is an international standard to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, revised in 2013, and again most recently in 2022. There are also numerous recognized national variants of the standard. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure. Organizations that meet the standard's requirements can choose to be certified by an accredited certification body following successful completion of an audit. The effectiveness of the ISO/IEC 27001 certification process and the overall standard has been addressed in a large-scale study conducted in 2020.

<span class="mw-page-title-main">Fintech</span> Subset of technologies used in finance

Fintech, a portmanteau of "financial technology", refers to firms using new technology to compete with traditional financial methods in the delivery of financial services. Artificial intelligence, blockchain, cloud computing, and big data are regarded as the "ABCD" of fintech. The use of smartphones for mobile banking, investing, borrowing services, and cryptocurrency are examples of technologies designed to make financial services more accessible to the general public. Fintech companies consist of both startups and established financial institutions and technology companies trying to replace or enhance the usage of financial services provided by existing financial companies.

Third-party management is the process whereby companies monitor and manage interactions with all external parties with which it has a relationship. This may include both contractual and non-contractual parties. Third-party management is conducted primarily for the purpose of assessing the ongoing behavior, performance and risk that each third-party relationship represents to a company. Areas of monitoring include supplier and vendor information management, corporate and social responsibility compliance, Supplier Risk Management, IT vendor risk, anti-bribery/anti-corruption (ABAC) compliance, information security (infosec) compliance, performance measurement, and contract risk management. The importance of third-party management was elevated in 2013 when the US Office of the Comptroller of the Currency stipulated that all regulated banks must manage the risk of all their third parties.

Regulatory technology, Abrv: RegTech, is the use of information technology to enhance regulatory and compliance processes. RegTech is most usefully applied to heavily regulated industries and activities such as financial services, gaming, healthcare, pharmaceutical, energy and aviation. RegTech puts a particular emphasis on regulatory monitoring, reporting and compliance and aims to enhance transparency as well as consistency and to standardize regulatory processes, to remove ambiguity from regulations and provide higher quality outcomes at a lower cost.

References

1 2 "Compliance cost". investopedia.com. Retrieved 27 April 2020.
1 2 "What does compliance cost means?". definitions.net. Retrieved 27 April 2020.
↑ "Compliance cost". accountingtools.com. Retrieved 27 April 2020.
↑ "Cost of compliance 2018 report". legal.thomsonreuters.com. Retrieved 27 April 2020.
1 2 "The cost of compliance" (PDF). home.kpmg.com. Retrieved 27 April 2020.
↑ "OECD Regulatory Compliance Cost Assessment Guidance" (PDF). normenkontrollrat.bund.de. Retrieved 27 April 2020.
↑ "Banks Trimming Compliance Staff as $321 Billion in Fines Abate". bloomberg.com. Retrieved 27 April 2020.
1 2 "The cost of compliance". internationalbanker.com. Retrieved 27 April 2020.
↑ "Cost of compliance Survey 2019". blogs.thomsonreuters.com. Retrieved 27 April 2020.
1 2 3 4 "Will compliance or non-compliance cost you more?". simplifie.com. Retrieved 27 April 2020.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[compliancecost1-1] 1 2 "Compliance cost". investopedia.com. Retrieved 27 April 2020.

[compliance2-2] 1 2 "What does compliance cost means?". definitions.net. Retrieved 27 April 2020.

[compliance3-3] "Compliance cost". accountingtools.com. Retrieved 27 April 2020.

[ref10-4] "Cost of compliance 2018 report". legal.thomsonreuters.com. Retrieved 27 April 2020.

[ref5-5] 1 2 "The cost of compliance" (PDF). home.kpmg.com. Retrieved 27 April 2020.

[ref9-6] "OECD Regulatory Compliance Cost Assessment Guidance" (PDF). normenkontrollrat.bund.de. Retrieved 27 April 2020.

[ref11-7] "Banks Trimming Compliance Staff as $321 Billion in Fines Abate". bloomberg.com. Retrieved 27 April 2020.

[ref7-8] 1 2 "The cost of compliance". internationalbanker.com. Retrieved 27 April 2020.

[ref8-9] "Cost of compliance Survey 2019". blogs.thomsonreuters.com. Retrieved 27 April 2020.

[ref4-10] 1 2 3 4 "Will compliance or non-compliance cost you more?". simplifie.com. Retrieved 27 April 2020.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]