Compliance has been thrust into the limelight the last few years but has become more complex and convoluted at the same time. Filing and storing staggering amounts of information according to legal and regulatory policies can seem overwhelming, and organizations often view compliance requirements as a huge nuisance or proverbial thorn in their sides. Do any of these sentiments sound familiar to you?
- “Nothing’s happened so far, so let’s hope our luck continues.”
- “The cost of compliance seems high, so let’s ignore it for now and cross our fingers.”
- “The chances of us getting caught for non-compliance seem relatively low, so let’s just deal with it later if we ever have to.”
The avoidance approach is far more costly in the end
Existing attitudes towards compliance or the “avoidance approach” are problematic for a couple of reasons. Firstly, your luck may run out. Secondly, when your luck does sour, the cost of non-compliance is nearly three times higher than the cost of compliance through implementing governance and compliance frameworks and solutions. In fact:
- The average cost of compliance came in at $5.47 million, while the average cost of non-compliance was $14.82 million.
- The average cost of non-compliance has risen more than 45% in 10 years.
- The true cost of non-compliance for organizations due to a single non-compliance event is an average of $4 million in revenue.
- Organizations lose an average of $5.87 Million in revenue due to a single non-compliance event.
- GDPR fines start at $11 million or 2% of a company’s annual revenue for corporate abuses and disclosure of user information.
Cautionary tales of fines and penalties
If you’re looking for examples of how not to do compliance, you don’t have to look very far. Cautionary tales of why the avoidance approach doesn’t work are everywhere. Most recently, JPMorgan was fined $200 million for recordkeeping violatations, Marriott was hit with $124 million fine in 2019, Equifax paid $575 million for its 2017 breach, and Uber paid $150 million for a breach in 2016.
In 2018, non-compliant companies were subject to $3.945 billion in penalties and another $794 million in judgments related to SEC investigations and complaints. In addition, FINRA imposed $61 million in fines.
If you need more convincing, just take a look at widespread noncompliance in the 30 biggest GDPR fines so far (2020, 2021, 2022) or the biggest data breach fines, penalties, and settlements so far.
Reputation and business damage from non-compliance
While fines and penalties for organizations not in compliance are astounding, they are only the beginning. The impact of compliance breaches or lapses and not implementing robust governance and compliance programs extends much farther than the top line. Here are four additional hidden costs of non-compliance:
1. Expensive and time-consuming lawsuits
If your organization is violating laws and regulations, it’s open to governmental sanctions and lawsuits from customers, employees, and institutions.
2. Business disruption
Non-compliance can bring your business to an immediate halt while you spend time correcting non-compliance changes. Cost estimates from business disruption are over $5 million on average.
3. Reputational damage
When word gets out about your organization’s non-compliance, damage to your brand and loss of customer trust occurs. According to a 2021 IBM report, lost business due to downtime or diminished reputation accounts for 38% of the overall cost of a breach.
4. Customer and stakeholder loss
Non-compliance leads to the loss of loyal customers who shy away from a brand they view as unethical.
Source: Globalscape study
Overall, the total cost for non-compliance is deemed greater than $14 million, including fines, penalties, business disruption, revenue loss, productivity loss, reputation damage and other fees.
Modern regulation spans industries across the globe
Gartner estimates that 75% of the world’s population is going to have its personal data covered under a modern privacy regulation by the end of 2023. Spanning all industries and geographies, this patchwork of regulations that can be difficult to stay up to date with. Here are a few well-known regulations your company may encounter:
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- Health Insurance Portability and Accountability Act (HIPAA)
- Freedom of Information Act (FOIA)
- Sarbanes-Oxley (SOX)
- Securities and Exchange Commission (SEC)
While each regulation differs in focus and scope, fines for non-compliance or breach of code of conduct can be significant.
Strong governance and information management practices are your best defence
Given the staggering risk and downsides of non-compliance and the comparatively low cost of preventative action, organizations can no longer afford to turn a blind eye and opt to do nothing. Instead, proactive measures are necessary.
Implementing a stringent information management program is key to staying out of trouble. AIIM International is a great source for all things information management, but here are 12 best practices that reduce total compliance costs that you can implement (if you haven’t already).
Centralized governance, the most impactful best practice, involves technology at its core. However, banning certain mediums for communication and collaboration is not enough. As AIIM stated,“an effective practice may include making compliance simple, intuitive, and even automatic if possible. This allows information to be captured, retained, and managed seamlessly in the ordinary course. This also helps avoid forcing employees to adhere to cumbersome retention processes or retrace their steps to preserve records.” Technology solutions can help you get control of your data, implement centralized policies, employ some degree of automation, make it easy for end users to comply, and enable records managers to understand the risk within their data.
How Colligo helps you get control of your content and stay compliant
As the costs of compliance are far less than the penalties for noncompliance, utilizing the right technology solutions is essential. Effective use of technology can further reduce your costs and make staying compliant a whole lot easier. Colligo’s email and document management solutions help make the capture of records easy, and then incorporate the capture process into a broader centralized information governance strategy to remove some of the friction from storing, securing, retaining, and protecting content. Of course, an automated process can help augment the human element.
The Colligo Cloud suite is comprised of three multi-tenant SaaS solutions – all add-ins for Microsoft SharePoint – that help ensure governance across Microsoft 365. They offer a familiar Office-like look and feel and are easy to use, which makes user adoption simple. Colligo also utilizes intelligence and automation to recommend filing locations and tags to enhance capabilities.
|Compliance objective||Colligo compliance feature|
|Emails filed to specified SharePoint location||Email Manager removes the friction from filing emails, increasing governance in organizations|
|All business records filed and tagged to SharePoint||Email Manager provides a frictionless way to save records and promotes records management compliance and policy adoption|
|All business records created saved to SharePoint||Office Connect app makes this easy, in the same way Email Manager helps connect Outlook and SharePoint, right from the Office Apps|
|Manage documents, edit metadata tags, follow workflows required||Colligo Content Manager helps provide capability to manage and edit content in one single location|
|Know where sensitive or confidential
|Designate SharePoint as the repository or System of Record; Colligo’s suite will help your organization get content in the right place|
Now is the time for digital compliance
A digital information governance solution like Colligo lowers your risk of non-compliance by helping you organize, file, and tag your even your most unstructured data. We reduce the cost of compliance while increasing effective governance.
According to PWC, “now is the time for compliance to define a radically different way of operating than it does today: a way that has a digital core.” Leverage technology to automate more of your email and content ingestion, optimize content management, and better access and manage content at the user and admin level. Doing so enables you to take proactive stance that doesn’t rely on luck.
For more information on how Colligo can improve your governance and stay compliant, get in touch.