Feeling overwhelmed with all the work you have to finish by year-end? If you’re involved with business compliance, you have good reason to be. Staying on top of regulatory change is all-consuming: last year, there were 40,000 regulatory compliance updates. Whilst figures for 2015 are still to be published, there is no let-up to the pace of change. Just one example is the EU’s General Data Protection Regulation (GDPR), due to come into play in 2016, which brings with it far-reaching change impacting businesses with customers located in the 28 EU member states.
The impact of non-compliance with business regulations is widely documented, from damaged company reputation and plummeting stock prices to six-figure penalties. Perhaps most worryingly, the protection of data privacy is at stake, with implications which stretch beyond an initial data breach. The long term impact on individuals involved can’t always be assessed at the time of the incident. Toy manufacturer V Tech and its customers, have recently fallen victim to such a breach. The company had parents’ and children’s details on its stolen database. The hacker, according to news site Motherboard, planned to ‘do nothing’ with the data which will be of little comfort to the estimated five million customers affected, or to the business.
Some businesses adopt a laissez-faire “Compliance is on our agenda for next year” attitude, whilst others feel powerless and unable to stay on top of regulatory change. Here are five areas of focus, which I hope will lessen your compliancy stress, help you aim for a more peaceful, and restful, holiday season, and set you on your way to a calm, compliant 2016.
- Be prepared: regulations are in place to protect your business and your customers. If your business operations, technology, systems and processes are already streamlined and efficient, you probably don’t have a huge amount of work to do to ensure compliancy. On a regular basis, you need to identify and document risks, build in controls, measure effectiveness and share results, then integrate best practice across your organisation. Non-compliance costs have been estimated at 2.65 times the cost of compliance, so it makes far more financial sense to invest in processes and systems than leave your business vulnerable to risk. To help you stay on top of regulations and examples of best practice, your digital networks can help. There are lots of LinkedIn groups (IT Governance, Risk & Compliance and Environmental Compliance for example), and Twitter influencers to follow such as @complianceweek, for example.
- Share responsibility: compliance officers are becoming more common in financial services companies and law firms in particular, but in many businesses, compliance falls within the remit of several different functions: sometimes the IT team, sometimes the legal team, sometimes the HR team or the Facilities team depending on the nature of the regulations. For a business to have the most robust levels of compliancy, everyone within your organisation needs to understand its importance and how they are responsible for maintaining compliance. Staff have a critical part to play: when it comes to data compliance and security, for example, they are your biggest risk, whether unintentionally or intentionally. They might use their own devices for work; send work emails using wifi in cafes; or leave laptops unlocked. The entire C-suite and business leaders must educate the business and work to create a culture of ownership and integrity.
- Don’t forget your suppliers: do whatever you can to ensure your suppliers have watertight business compliance. Lengthy, often global, supply chains are complex. However, requesting visibility of your suppliers’ risk management, business continuity plans and other compliancy measures isn’t just sensible, it’s essential. Research by MetricStream found that over 50% of organisations have faced a non-compliance issue due to a supplier. Don’t let your business be one of them.
- Make sure your data is precise and accurate: inaccurate, unsecured data exposes your business, and its customers, to risk. In the financial industry, Anti Money Laundering (AML) regulators issue record fines to financial organisations that are not holding accurate and detailed information on customers, structured in a consistent, transparent way. Entity Resolution overcomes this by taking data from multiple sources across a business and determines whether they refer to the same individual. As well as AML regulations, businesses also have to act on the EU’s General Data Protection Regulation (GDPR) which will harmonise the different data protection laws currently in place across the member countries. Companies with EU customers will have to adhere to these regulations, wherever they are located. Non-compliance will result in penalties of up to €100 million or 2.5% of annual turnover – whichever is the greater amount. The right software, tools and systems in place to ensure your data is protected, precise and accurate will reduce your risk significantly.
- Build in document integrity: 59.5% of businesses state the most common area for businesses to be exposed to non-compliance is management systems and documents. Digital documentation, the technology and systems which generate it need to be managed, maintained and protected. Documents produced in paper-based form need equally as careful an approach -in fact, almost a quarter of security breaches relate to paper-based documents. Some organisations are building safeguards into the earliest stages of a document’s creation by rolling out watertight document integrity processes and systems: from document creation through to print output and mail, every stage is specifically designed to protect data and to achieve compliance.
By Ryan Higginson, Vice President, Global Inside Sales at Pitney Bowes