Regulatory compliance is the act of adhering to laws, regulations, standards or guidelines relevant to a particular business. High-profile examples of such laws are the Health Insurance Portability and Accountability Act (HIPAA) and the Sarbanes-Oxley Act (SOX).
Since violations of regulations often result in legal action or fines, many organizations have responded to these laws by hiring regulatory compliance officers to manage the process. Smaller businesses may not have this option, but it's important for owners to fully comprehend the role that regulatory compliance plays in their organizations.
According to Russell Kommer, CEO of Microsoft support services firm eSoftware Associates, this is true even if a company is not in a traditionally regulated industry.
“Not understanding how regulatory compliance and its applications could cause either long- or short-term issues with the potential to derail your business," he says.
—Michael Fellows, CEO, Broadway Lab
Michael Fellows, CEO of software development firm Broadway Lab, offers an example.
“Acquiring customer trust should be every business's main focus," he says. “Regulations are there to protect the customer in many cases. A failure to comply can result in financial loss due to legal repercussions like fines, but also from customers choosing more trustworthy alternatives."
Creating Your Regulatory Compliance Strategy
Regulatory compliance strategies should include:
- how your organization will address relevant standards from an operational perspective;
- how you will establish or modify corresponding processes; and
- how effective risk mitigation and overall compliance success will be measured.
If you've never put this type of strategy together before, understanding your unique requirements is the first step.
“Once you decide what you need to do, you can create company procedures to make sure you're in line with regulatory requirements and ensure that all business functions are responsible for maintaining compliance in their areas," says Fellows. “Depending on the ramifications of noncompliance in your industry, you may want to involve external auditors."
Seeking outside expertise of some sort is usually a smart move.
“Talk to somebody who knows what you're up against," Fellows says. “Most consultants or advisers who have been in the space can give you a 30-minute overview and quickly understand where your business may be at risk."
Setting Yourself Up for Success
A strong regulatory compliance strategy should take a top down and bottom up approach, and should be written in language that your employees can clearly digest.
“This involves talking to your people about regulatory compliance and how it impacts various business processes," says Kommer. “The best strategies are actionable rather than theoretical, and are regularly revisited. They offer specific guidance on remediating and mitigating issues as they arise and allow compliance to become routine and proactively monitored."
Once you've developed your regulatory compliance strategy, make sure it's accessible.
“Information should be centralized and stored in an online content management platform like Microsoft SharePoint," says Kommer.
Even if you aren't in a highly regulated industry like health care or finance, a basic compliance strategy is advisable. Determine your needs, gain internal and external consensus on the best way to address them and regularly assess whether the right controls are in place. Once you do that, you're on your way to managing risks efficiently.
Read more articles on operations.