“For companies, regulatory compliance does not mean just checking a box to keep the dogs at bay. It can mean achieving performance benchmarks that move the company forward,” says Ronald Lear, the CMMI Institute’s Director of IP Development.
Shifting from regulatory Compliance to Performance
Organizations of all sizes are coming to grips with an increasingly troubling paradox. On one side, regulators are carrying bigger sticks: Non-compliance with the regulations that govern many industries has grown so expensive that it is simply not an option. At the same time, the cost of complying with regulations has skyrocketed, leading to questions on whether there are any financial benefits beyond regulatory compliance. For many companies, the return on investment (ROI) for compliance has become an expensive checkmark in a box.
A key factor driving up non-compliance costs in 2018 was the rise of privacy and data protection regulation, which caused every organization that collects information on customers and prospects to scramble and securely align their operations with these mandates.
The cost of data protection non-compliance has jumped 45% since 2011, with yearly penalties averaging nearly $15 million for multinational firms, according to a 2017 Ponemon Institute report. And that was before Europe’s General Data Protection Regulation (GDPR) took effect in May 2018. GDPR forced many companies to admit lack of compliance, generating headlines like this one from The Wall Street Journal: “Facebook faces potential $1.63 billion fine in Europe over the data breach.”
For companies that are wrestling with this paradox, there is another path — a way where regulations are viewed as performance guidelines rather than hard-line rules. Instead of simply complying with regulations, we should develop frameworks that offer benchmarks and targets to enhance performance and encourage innovation. This benefits entire markets and industries rather than simply punish.
Data protection should be the heart of every business
Ian Osborne, Vice President UK & Ireland for Shred-it, explains how a holistic approach to information security can decrease data risks and win back customer trust
There is an enormous challenge inherent in the nature of current regulation: A compliance-only approach fosters a ‘check-the-box’ mentality that is the antithesis of performance improvement. In most cases, an audit won’t tell you where to improve — it only tells you what you’re doing right or wrong based on the regulation or standard. When businesses comply for the sake of complying, they diminish their ability to think about business behavior in a performance-focused way.
Because a compliance mindset is counter to the sustainable, repeatable processes necessary for a business to improve over time, some organizations choose to abandon the checkbox approach in favor of a performance-based model that wrings value out of their obligatory regulatory investment.
Take Siemens: After getting hit with hefty non-compliance fines in 2008, Siemens instituted a proactive regulatory compliance plan to protect, detect and respond. Siemens’ actionable objectives and focus on continuous improvement and sustainable development led to a powerful ROI: Siemens said its record-breaking 2010 fiscal year was helped, not hindered, by its new perspective on compliance.
From regulatory Compliance burden to business Performance Boon
Moving from the past compliance mentality, enterprises may wish to explore the use of frameworks or models that aid higher performance or innovation.
Capability frameworks can help companies break the regulatory mold. Instead of providing boxes to check to demonstrate compliance, the output from frameworks should be a roadmap for improving business performance. It’s a way for companies to examine their current processes and pinpoint where they are going wrong via comparison to global best practices.
On the topic of innovation and maturity, there is another interesting piece of this puzzle cited in the January-February, 2019 issue of the Harvard Business Review front cover article on innovation – namely that innovation can’t be successful, or even happen consistently, without discipline. The article points out the confluence between innovation and maturity and discipline, stressing the need for the maturity of process discipline when innovating.
There’s no doubt that companies are checking boxes as fast as individuals are. Like anybody else, companies must weigh frameworks that best move the needle. As individuals, we know it takes discipline to reach goals, like sticking to a diet or watching less TV. For companies, regulatory compliance does not mean just checking a box to keep the dogs at bay. Compliance can mean achieving performance benchmarks that move the company forward. That takes discipline.
Since most organizations have no choice when it comes to meeting compliance requirements, it makes sense to embrace compliance activities as a vehicle for improving performance. Performance-improvement frameworks are a logical place to start.
CGA Technology offers Flex Management System a high-quality software that improves data transparency, performance indicators, processes management, and the creation of a new culture based on compliance.