When lawmakers impose rules and regulations on how organizations are permitted to operate, those organizations must invest time, capital, and human resources into understanding the new rules and implementing policies and procedures that ensure compliance. Organizations can measure their compliance burden by quantifying the administrative costs associated with maintaining regulatory compliance.
A compliance burden, or regulatory burden, is the sum of all administrative costs related to maintaining regulatory compliance for a single organization.
All organizations experience some measure of compliance burden, which tends to increase in magnitude and complexity as an organization grows and expands its scope of activities. Some regulations are uniformly applied to businesses of all types, while others may be more narrow in scope, applying only to specific industries or to organizations who engage in certain activities.
For most organizations, compliance burden begins with the basic requirements associated with running a business. These include expenses that are triggered by:
Compliance burden is even greater for organizations who operate in highly regulated market sectors, such as finance, healthcare, consumer goods, and information technology (IT). Within these sectors, many organizations face industry-specific regulatory requirements that add significant costs and complexity to their compliance efforts. Some have entire government agencies devoted to their regulation and oversight.
The purpose of government regulation is to constrain organizational behaviors that could harm the public. At the same time, lawmakers understand that excessive regulations may negatively impact an organization’s ability to grow and compete in the marketplace.
To ensure these impacts are addressed, regulatory agencies in the EU, Canada, and other nations have adopted a process called Regulatory Impact Assessment (RIA) whose purpose is to evaluate the economic costs and benefits of implementing new policies.
Let’s look at an example of the compliance burden created by the Payment Card Industry Data Security Standard (PCI DSS). This standard creates 12 requirements for all entities who store, process, and/or transmit payment card data, including all merchants who accept payment cards.
Among other things, the PCI DSS requires covered entities to:
Each of these requirements translates into administrative cost for the covered entity, adding to its compliance burden. These costs include the hardware and software systems necessary to meet the technical requirements of PCI DSS and the human resources needed to manage those systems and ensure ongoing compliance.
Digital technologies are helping organizations meet their compliance objectives more efficiently, manage greater complexity, and reduce compliance burden. Organizations can adopt compliance management software solutions that provide centralized oversight of compliance requirements, along with automation, process integration, and other features that reduce the overall cost of compliance.
Few compliance programs harness automation to its full potential. Learn how you can drive impact with every process by infusing technology where it matters most.