Opinions expressed by Entrepreneur contributors are their own.
Ingenuity and the entrepreneurial spirit have always been integral components in what it takes to succeed and grow in a competitive marketplace. With the numerous tasks and considerations business owners must juggle when starting a business, there’s already a lot to worry about. Throw regulatory risk in the matrix of items businesses must face and that is an overwhelming total.
According to a report by the U.S. Chamber of Commerce Foundation, it is estimated that federal regulations cost the American economy up to $1.9 trillion each year from direct costs, lost productivity and higher prices. On top of that, businesses that are non-compliant with regulations pay, on average, 2.71 times the amount they would on regulatory-conscious practices.
Few industries are immune to regulatory risk. The manufacturing industry tops the list as the most regulated with over 200,000 regulations, according to Industry Today — and in the same report, finance and insurance are the second most regulated sectors with almost 128,000 relevant regulations. Additional domestic and international highly regulated industries in a list curated by Deloitte include health care, transportation, life sciences, energy, agriculture, construction, defense and postal services.
Although compliance poses a headache, regulations do play an important role. Numerous governmental regulatory bodies — such as the Environmental Protection Agency (EPA), Food and Drug Administration (FDA), Securities and Exchange Commission (SEC) and Federal Trade Commission (FTC) — exist to protect consumers and the integrity of the domestic and abroad fiscal environment, as well as to promote fair and ethical practices. But with so many regulatory agencies and policies existing, it isn’t surprising countless businesses find themselves caught in potential regulatory violations.
Having the tools to avoid non-compliance penalties and stay ahead of regulatory risk is critical to the financial health and longevity of your business. Regardless of your industry, regulatory risk is an ever-present threat due to robust and ever-changing policies that pose tremendous costs if you aren’t properly protected or completely compliant. The following practices position a business so it’s safeguarded against rising costs and increased risk of regulatory compliance.
Related: Risk, the Entrepreneur and Intelligent Disobedience
Start with a strong foundation
Before anything else, make sure the people you employ model values and character you deem essential for your business. After all, regulatory compliance often comes down to trust — being able to trust that employees will respect and adhere to regulations and value the protection that regulations provide consumers and end-users.
With government regulations and regulatory risk, that principle is a significant determining factor in how well your business can adhere to regulations enforced by governing bodies, especially since your employees carry out your business’s mission and their commitment can make adherence to federal regulations simpler when working together as a cohesive unit. Putting policies and policy/regulation training in place also helps ensure your employees stay aware of changes in regulatory standards and keep contributing in positive ways to your business.
Stay compliant or risk everything
Cutting to the chase, your business needs to conduct ongoing internal audits to determine points of weakness and see areas of current or future potential risk. Implementing a regulatory compliance team/officer is also a great idea to ensure your company follows mandates handed down by government agencies, lest you incur their wrath.
From a penalty standpoint, Chron reports that a business unknowingly violating health regulations must pay a minimum of $5,000 for each infraction committed. A number that goes up to $70,000 per violation if the business is deemed to have willfully violated regulations. For small and mid-size businesses, this can devastate and seem like an uneven punishment given how little the fines affect larger businesses.
A real-world example of a regulatory violation and its cost comes from Target and its General Data Protection Regulation (GDPR) fines from 2017. In 2013, Target’s system was hacked and 41 million of its customers’ payment card accounts were compromised. Subsequently, Target settled a class-action lawsuit with victims of the hack for $10 million. Although Target was not intentionally mishandling its customer data, it was a breach nonetheless.
Given the tight regulations and restrictions that GDPR enforces, this cost Target a further $18.5 million from a multi-state settlement in 2017. In terms of penalties, healthcare and personal data-related breaches consistently result in tens of millions of dollars in fines.
Related: Target’s Security Breach Stresses the Need for Better Cyber Security
Insure your business
In a report from McKinsey & Company, traditional insurance companies and their respective policies may be able to protect your business’s regulatory/compliance risks. While still behind the curve in getting new policies immediately out there, traditional insurance is working to keep up with rapidly changing economic and regulatory environments.
Another option when transferring risk is captive insurance. A captive insurance company is owned by the company or company owner and is a form of self-insurance where premiums (minus claims) are retained as profit. For risks like regulatory compliance, captive insurance is uniquely suited to address the risk since the policies can be written more broadly and customized to address an evolving, complex threat such as regulatory risk. It can also fill the gaps in a traditional insurance policy and ensure an exclusion won’t prevent claims from being paid.
Related: What Business and Government Should Do When Innovation Outpaces Regulation
When growing a business within a highly-regulated industry, it’s extremely challenging to stay on top of evolving regulations and policies unless you have specific experts on your team dedicated to ensuring compliance. However, not all businesses have the capacity for a role such as this. Thus, it behooves businesses to follow best practices and have resources in place to properly address and mitigate the risk.
This article is from Entrepreneur.com