Regulatory Compliance

All businesses must comply with the laws and regulations of the jurisdictions in which they operate. As organizations increase in size and expand the scope of their activities, they are affected by a growing number of regulations on how they do business. The organizational practice of ensuring that business is conducted in accordance with the applicable rules and laws is known as regulatory compliance.

What is Regulatory Compliance?

Regulatory compliance is the set of organizational processes, policies, and procedures that support compliance with the laws, rules, regulations, requirements, and guidelines established by lawmakers in the jurisdictions in which the organization operates.

What is a Regulatory Requirement?

A regulatory requirement is a rule or law, legislated by a government, that creates a legal obligation for an organization and adds to its compliance burden.

A regulatory requirement as written may apply to all organizations who do business in a particular state or country, to organizations in a particular industry, or to organizations who engage in a particular kind of activity as part of their normal business operations.

The United States government includes many regulatory agencies with a mandate to oversee the activities of private companies in their respective industries. These include organizations like:

• The Securities and Exchange Commission (SEC) – The SEC establishes and enforces regulations surrounding the buying and selling of securities in the United States.
• The Federal Trade Commission (FTC) – The FTC establishes and enforces regulations that support a competitive marketplace and protect consumers from deceptive commercial practices.
• The Food and Drug Administration (FDA) – The FDA is responsible for regulating food companies, cosmetics companies, and drug companies that distribute their products in the United States.
• The Occupational Health & Safety Administration (OSHA) – OSHA develops and enforces workplace health & safety standards, administering hefty fines to non-compliant organizations.
• The Federal Communications Commission (FCC) – The FCC establishes regulations for interstate and foreign communications via telegraph, telephone, television, and radio.

Why is Regulatory Compliance Important?

Organizations who fail to meet regulatory compliance requirements can face substantial fines or penalties that depend on the exact nature of the offense. Government regulations also provide guidance that helps businesses succeed, and failure to comply often coincides with various kinds of business failures.

Other consequences of poor regulatory compliance can include:

• Suspension or debarment from bidding on government contracts
• Damage to the organization’s reputation as a trustworthy business partner
• Individual penalties or jail time for individuals who intentionally violate the law
• Disruption to business operations caused by investigations or legal proceedings

What are Examples of Regulatory Compliance?

We can point to a variety of regulations that impact most corporations operating in the United States, such as:

• The Dodd-Frank Act – This act restricts the investment activities of some banks, limiting speculative trading and requiring some banks to increase their reserve requirements.
• The Sarbanes-Oxley(SOX) Act – The SOX act creates regulatory compliance requirements for how corporations certify their financial reports, how internal controls and reporting methods are established by financial auditors, and corporate record-keeping.
• The GDPR – The European GDPR creates regulatory compliance requirements for corporations who collect data from citizens of the European Union.

How Do Companies Ensure Regulatory Compliance?

Companies ensure regulatory compliance through a number of activities, including:

• Working to understand the regulatory landscape for their industry and the jurisdictions in which they operate.
• Working to understand new regulatory compliance requirements as they materialize.
• Establishing and adopting policies, processes, procedures, and working methods to ensure compliance with the appropriate regulations.
• Establishing measures to detect and prevent incidences of non-compliance within the organization.
• Utilizing software technologies that automate compliance workflows and centralize management of compliance activities.