The corporate world has to evolve faster than ever before, adopting new technologies, responding to new threats and adapting to new expectations on social responsibility to meet stakeholder needs and tackle new risks.
As Deloitte notes, this leaves “regulators and the financial services institutions they supervise… racing to keep pace.” Regulations need to evolve to mirror the wider landscape. The ever-growing regulatory burden creates a continuous challenge for businesses striving to comply; the Ukraine crisis is a very live example of the unexpected threats that can shift the plates of compliance and risk management.
As a result, regulatory compliance isn’t a “once and done” exercise; it should constantly be front of mind for governance, risk and compliance professionals as part of wider GRC strategy.
Why Is Regulatory Compliance Important?
Compliance with regulatory requirements matters on a number of levels. An organization that meets its regulatory obligations is one that signals to customers and stakeholders that it operates ethically, with integrity, and within the laws and rules that govern it.
Aside from this signposting, corporate regulatory compliance is essential in itself. For instance, it protects employees via equal opportunities legislation or through health and safety obligations — something that’s changing rapidly in a world of hybrid and remote working.
The current focus on environmental, social and governance concerns has increased the prevalence of ESG related compliance requirements.
As businesses’ digital transformation programs accelerate, the risks they face and compliance obligations they need to meet amplify, too: issues like data protection and cybersecurity come to the fore. Noncompliance with best practice and regulations leaves companies wide open to data and security breaches.
If the “carrot” of good compliance is not enough to incentivize organizations, the “stick” — the consequences of non-compliance — should be. The damage created by failing to comply with regulations can be significant, whether reputational, financial or operational.
Regulatory Compliance Requirements
Broadly, regulatory compliance may require:
- Auditing — assessing and reviewing your current approach to identify any shortcomings and put in place remedies
- Testing — monitoring your internal controls to ensure that you are meeting regulatory requirements; for example, checking that food is produced or stored at the correct temperature
- Documenting — ensuring that you capture and audit your approach; for example, when following anti-money laundering requirements
- Reporting — evidencing that you have met certain requirements; for example, around your climate-related obligations
As we mentioned, one challenge with regulatory compliance is the constant evolution of your obligations; the meaning of regulatory compliance is ever-changing, as demonstrated by a deeper dive into regional compliance requirements.
Regulatory compliance in the U.S.
Some predicted changes to U.S. regulatory compliance in 2022 include:
- Increased focus on consumer protection in financial services; Deloitte believes that “banking and financial regulators will accelerate consumer-related supervision and enforcement activities in 2022”
- Federal banking regulation that requires banks and other regulated entities to report data security incidents within 36 hours
- Also in financial services, more active regulation around digital assets where “firms will need to respond quickly” to changing rules
- Expansion of climate-related regulation, such as the SEC’s proposed climate disclosure recommendations
Regulatory Compliance in the E.U.
Similarly, the EU’s regulatory playing field is becoming more crowded:
- The Digital Services Act, announced in April 2022, charges Big Tech firms with removing illegal content from their sites or facing financial penalties of up to 6% of global annual revenue
- A proposal to make sustainable products the norm was announced in March, and while the details are to be firmed up, we are likely to see rules that mandate sustainability in product design and production
- A number of regulatory changes will come into force in financial services regulation during 2022, including in the areas of digital finance, trading and market data
Your compliance program also needs to be compliant; the U.S. DOJ issued guidance in 2020 outlining what is expected of corporate compliance programs in terms of design, application and effectiveness.
How Does Regulatory Compliance Vary by Sector?
Of course, some sectors and corporate activities are more heavily regulated than others. The need for regulatory compliance is critical in sectors like pharmaceuticals and food to ensure consistency and standards, and in healthcare, to safeguard patients.
The financial services sector, due to its potential for harm to consumers, has very stringent compliance requirements, while in IT, the risk of data breaches and the ever-changing nature of technology has led to strict best practices and regulations, with concepts like zero trust driving greater security.
Examples of Regulatory Compliance
Some examples of regulatory compliance requirements specific to particular sectors include:
- The need for financial services firms to meet rules set by the Federal Reserve Board (FRB), the Federal Deposit Insurance Corp (FDIC), and the Securities and Exchange Commission (SEC)
- Requirements set by the Food and Drug Administration (FDA) for U.S. pharmaceutical and food companies
Some that apply across sectors include:
- GDPR — the General Data Protection Regulation that covers any organization processing data on EU citizens
- Requirements to file annual financial reporting
- The requirement for in-scope U.S. organizations to file an EEO-1 Report
- The need for compliance with the Sarbanes-Oxley Act
Regulatory Compliance Management
How do you ensure regulatory compliance? While every organization’s approach should be bespoke, there are a few steps all businesses should take:
- Carry out a compliance audit to determine the effectiveness of your current approach and identify any problem areas.
- Who is responsible for regulatory compliance? Do you have a dedicated compliance team or compliance officer? Are employees clear on the role they have in regulatory compliance. Establishing a culture of compliance demands that everyone plays their part.
- Ensure you have provided sufficient training and education on the areas of compliance you expect people to take responsibility for.
- Set clear compliance policies and review them frequently to ensure they keep pace with a changing regulatory universe. You should be aiming for a continuous improvement ethos when it comes to regulatory compliance.
Regulatory Compliance Reporting
Reporting is an essential component of regulatory compliance — but is not without its challenges. Potential barriers to effective regulatory compliance reporting include:
- Taking a manual approach to compliance
- Insufficient governance — often made harder by the above
- A lack of data or lack of confidence in the compliance data you have
- A siloed approach to compliance, which leads to duplication or omissions in reporting
Drive Success in Regulatory Compliance by Taking a Structured Approach
Regulatory compliance requires a structured approach, one with a clear framework and, ideally, underpinned by dedicated technology.
A risk-based corporate regulatory compliance program enables you to focus efforts on key compliance priorities, keeping abreast of changing obligations, prioritizing your response and enabling you to report on compliance to your leaders, stakeholders and regulators.
Identifying risks and potential noncompliance quickly enables you to take a proactive approach, positioning you as a strategic risk partner to your board and enabling leadership teams to take strategic decisions based on current, comprehensive insight.
Find out more about how Diligent can help you to maximize compliance risk mitigation and achieve your regulatory compliance objectives.