Legal and regulatory compliance has emerged as an increasingly relevant risk management concern for companies both large and small across all industries and business sectors.
In fact, 2022 saw lots of news coverage of non-compliance incidents involving well-known corporations that were slapped with tremendous fines and penalties totaling in the millions and even billions of dollars. Here is a look at a few of the most significant fines that were handed down when these prominent companies failed to address what many would consider to be fairly common compliance challenges.
- JPMorgan was fined a total of $200 million by two U.S. banking regulators: the Commodity Futures Trading Commission and the Securities and Exchange Commission (SEC) after the company admitted to allowing employees to use WhatsApp to communicate with clients concerning business matters. JPMorgan reportedly admitted to “widespread recordkeeping failures” because they did not retain the messages as is required. As a response to JPMorgan’s non-compliance, the Commodity Futures Trading Commission handed down a $75 million dollar fine to JPMorgan for “unapproved communications,” while the SEC fined them $125 for their admitted failure to retain the WhatsApp client communications as is required by law and by financial industry regulatory organizations.
- Goldman Sachs Group, Bank of America, Barclays, Citigroup, Deutsche Bank, Credit Suisse Group, Morgan Stanley, UBS Group, and Nomura Holdings were among the latest banks to be fined a total of nearly $2 billion dollars by regulatory groups such as the SEC for allegedly allowing — and even encouraging — employees to use messaging apps that resulted in non-compliance. Apps like WhatsApp have been essentially banned within the industry due to the inability to use this technology for client communication while simultaneously maintaining legal and regulatory compliance.
While the aforementioned non-compliance cases involved companies in the banking, trading and financial sector — one of the most highly regulated industries aside from perhaps the healthcare industry — businesses in other industries are subject to legal and regulatory oversight as well. For this reason, it is important to consider regulatory compliance as part of a comprehensive and complete risk management strategy.
Working With Regulatory Compliance Solution Companies to Help You Overcome Common Compliance Challenges
Non-compliance issues such as those involving JPMorgan, Bank of America, Morgan Stanley, Goldman Sachs, and several others have prompted business leaders to take action, seeking help from compliance solution companies to overcome common compliance challenges that could potentially lead to problems down the road.
There are many compliance challenges that can arise for a business, from the mobile apps that employees use to communicate with clients concerning business matters, to data management fines associated with the EU’s General Data Protection Regulation (GDPR), or Human Relations (HR) fines such as the Fair Labor Standards Act (FLSA) and the Americans With Disabilities Act (ADA).
Fortunately, regulatory compliance solution companies can offer great insights into how a business can overcome common challenges and avoid non-compliance fines.
Identifying New or Unrealized Regulations – Keeping track of new laws and regulations is a challenge and many companies simply fall short in this regard. A compliance consulting firm will have information on the latest regulations to come down in your industry, along with any new regulatory bodies that you should be actively monitoring. Some regulations apply to every business across the board, such as those associated with the ADA or the FLSA. Others are industry-specific, such as the SEC and its issuance of fines for recordkeeping laws that apply to the banking industry or HIPAA, which applies to the healthcare sector.
Additionally, compliance solution companies may also be able to help your business to establish a system for monitoring the regulatory compliance landscape in a way that ensures you get and stay informed. This often takes the form of a risk management software platform that includes a live feed on industry regulatory groups and their issuance of new or updated regulations.
Compliance Audits and Evaluations – Once a compliance solution consultant identifies a company’s legal and regulatory burdens, it is time to perform a comprehensive audit and evaluation of the areas that may be impacted by those regulations. The company’s policies, procedures, and protocols will also be reviewed to ensure compliance. The regulatory compliance consultant will determine what constitutes compliance for each applicable regulation or law. Then, they will perform an evaluation to determine if any areas of non-compliance exist. Common problem areas include the following.
- Data Management – Data management is commonly identified as a non-compliance issue. The ways in which a company collects, stores, and uses data may be strictly regulated. Additionally, the healthcare field is subject to HIPAA regulations, which also govern who can access patient data.
- Hiring and Workplace Practices – There are numerous anti-discrimination regulations surrounding hiring practices and workplace environment. These HR-related regulations can pose compliance challenges which can arise from something such as inaccessibility problems in a workplace or the wording of a job posting.
- Labor Practices – The Fair Labor Standards Act (FLSA) is just one example of a regulation that can lead to fines and penalties for non-compliance. Something as innocent as an underage employee who accidentally clocks out a minute past 10 p.m. can result in huge fines for violation of child labor standards. The FLSA also regulates minimum wage pay rates, overtime pay, and other labor-related issues. This is an area where consultants commonly identify non-compliance issues.
- Recordkeeping – Recordkeeping laws and regulations are stringent and they extend across nearly every industry. New technology has transformed recordkeping practices and the related requirements, making this yet another common challenge when it comes to achieving and maintaining compliance. Recordkeeping regulations can affect a broad range of areas within a company’s operations, from client, customer, and patient data, document, to document retention timeframes, employee communications with clients and customers, or operations-related reports and metrics.
Developing a Plan to Overcome Common Compliance Challenges – Compliance solution companies often provide assistance with remediation after they have identified non-compliance issues and other common compliance challenges that may exist within an organization (i.e. an inability to keep track of new regulatory burdens.)
The Right Technology and Software to Overcome Common Compliance Challenges
The best regulatory compliance consultants will help your company to develop a step-by-step plan that can be implemented as part of a broader risk management strategy. This ensures sustainable, long-term change that will minimize the chances of non-compliance and the associated fines and penalties that can result.
Often, the best strategy to overcome common compliance challenges involves risk management software and other similar technology. At iTech, risk management technology is one of our specialties. We have developed innovative enterprise risk management solutions, including governance, risk and compliance (GRC) software. We invite you to reach out to the team at iTech today to discuss your company’s compliance and risk management needs and we will work to help you find the perfect technology to help your business achieve its goals.