The U.S. government churns out new rules and regulations at shocking speed. One commentator reviewed the situation at the end of 2016 and found that over the course of the year, federal departments, agencies, and commissions had issued 3,853 new rules that applied to various interests and industries. On average, that works out to more than 100 new rules per day.
Unfortunately, no one is going around tapping corporations on the shoulder and saying, “Hey you! Yes, you. This just happened, and it applies to you.” New rules often come out under the radar. Corporations have the responsibility of finding out about these rules and applying them to stay in compliance with government requirements.
The penalties for not doing so can be steep. According to the organization Business Engineering Inc. (BEI), violations of Health Insurance Portability and Accountability Act (HIPAA) rules result in penalties of $100 to $50,000 per breach, with a maximum penalty of up to $6 million per year. Penalties as high as $1 million can be levied for violations of the Financial Institutions Reform, Recovery, and Enforcement Act of 1989 (FIRREA). And thousands of Occupational Safety and Health Administration (OSHA) fines are issued each year in workplaces across the United States, with potential penalties of more than $1 million.
As these frightening numbers make clear, having an effective regulatory compliance management policy is a worthy goal for any business. Keeping up with ever-changing regulations, however, is a Herculean task for business managers, particularly in heavily regulated industries such as health care and finance. Managing the process is best done by professionals with specialized training in compliance, which can be obtained from programs such as Washington State University’s Online Master of Business Administration. Offering a top-quality Online MBA course curriculum within the framework of a flexible learning environment, WSU’s Online MBA degree program teaches the ins and outs of regulation compliance and offers a solid foundation for career success.
A company called NAVEX Global conducted a survey to question businesses about their top compliance challenges. Titled the “2016 Ethics & Compliance Third-Party Policy Management Benchmark Report,” the report was a compendium of responses from 1,075 businesses globally (75 percent in the United States) across a wide range of industries. These industries included health care, manufacturing, banking and finance, nonprofits, insurance, energy and utilities, government and administration, and technology businesses.
The report found that the top 10 compliance challenges were:
- Keeping policies up to date with new and changing regulations (47%)
- Training employees on policies (40%)
- Improving version control, reducing policy redundancy and inaccuracy (32%)
- Demands of legal compliance with regulations/aligning policies with regulations (31%)
- Providing easy access to the most current policies and procedures (28%)
- Creating and updating documents easily (23%)
- Distributing new policies quickly to employees and third parties (15%)
- Records management (15%)
- Creating audit trails and tracking completions (12%)
- Getting employees to sign policies in a timely manner (12%)
The fact that the top challenges were so common across so many industries suggests a real problem. Businesses want to be compliant—that is not a question. The issue is how to make compliance happen in a fast-moving environment where change is the norm rather than the exception.
Steps to Take
To overcome these challenges and stay current on regulatory requirements, the website BEI suggests several helpful methods:
- Regularly check sites for updated standards. Check in often on websites that post updated standards for your industry. The Department of Labor, OSHA sites, and Centers for Medicare & Medicaid Services (CMS), for example, have many resources and provide updated information on compliance standards.
- Attend trainings, conferences, and seminars. Attend regulatory compliance training sessions and seminars and participate in conferences, either online or in person. You’ll increase your knowledge, learn new things, get tips for implementing standards, and connect with industry peers.
- Join industry associations. Become a member of associations and trade groups connected with your industry. These organizations alert members to significant changes, and they can usually provide information when you have compliance questions.
- Designate a compliance officer. Think about appointing a person to handle your business’s compliance matters. At the least, assign a staff person to regularly check for regulation updates.
- Subscribe to newsletters. Sign up for mailing lists and newsletters issued by law firms, legislators, regulatory agencies, trade organizations, and other industry-specific groups. Once you have signed up, read them! Don’t let them just build up in your inbox. It’s a small investment of your time that will pay off in a big way.
- Use software solutions. Policy management software or governance, risk management, and compliance (GRC) software can help you to automate policy-related processes. Software can help centralize your company’s compliance information and make it easier to track. Software vendors will also update you on regulatory changes.
- Outsource with experts. Partner with a vendor who can provide expertise and up-to-date knowledge in specific areas of compliance. For example, there are companies that will review your infrastructure and policies for compliance with HIPAA. Audits of your current practices can help identify areas of weakness in terms of compliance.
Automating the Process
According to NAVEX Global, automation may be the key to solving the compliance nightmare. “The way the automated process comes into play is that the policies in an effective program are regularly reviewed—updating, translation, version control, everything you need to make sure people have access to the latest policy,” explains Randy Stephens, former vice president of advisory services at NAVEX Global. “Ultimately, what was most obvious in the report is that the people with an automated policy management process, a software-driven strategy, were the ones that perceived their programs to be the most effective.”
After automated processes are put into place, says NAVEX, several benefits emerge:
- Easy access and availability. Policies must be readily available, and automation makes this access much better. “When employees have a question, they need to be able to look at the policy. If they can’t find it, they can’t be trained,” says Stephens. “That’s where automated solutions are the hands-down winners because those policies are housed in a central location.”
- Interdepartmental communication. Open communication across an enterprise or large organization helps to ensure that everything stays synced. Automation makes this process much easier and less error prone.
- Online training. Online training, NAVEX finds, is the most effective way to deliver policy change updates and ensure organization-wide awareness. Automating this process facilitates delivery of the information. “It’s easy to track who saw the policy email or training on a new or updated policy, who read it, who acknowledged it, and who completed the certification,” Stephens says.
- Incident management. Automatic incident management adds a final layer of effectiveness to the adherence process. “If a user has a question or an issue, you can raise an issue and automatically convert that into a report to add a greater degree of efficiency to compliance to whatever policy you’re dealing with,” Stephens says. The report can be automatically sent to all users who might need to know about that particular issue, keeping people in the loop about compliance requirements. This tactic is helpful because, as Stephens points out, “You can’t expect people to adhere to a policy if they have no idea what the expectations are.”
Many good choices for automation software are available, depending on a business’s needs. Stephens specifically mentions Accountable and Microsoft SharePoint Online, but says that there are others, depending on how deeply an organization wants to integrate this information with existing systems.
Whatever system is chosen, Stephens recommends that every policy have an “owner” within a business—a dedicated person who is responsible for monitoring and sharing information about that particular area or regulation.
“Compliance failures can often stem from nobody checking up on a policy for months or years after it’s been instituted,” he says. By designating a responsible party, changes are less likely to slip through the cracks—and your business is less at risk for hefty regulation violation fees.
About WSU’s Online Master of Business Administration Program
To help your business stay on top of regulations, consider advanced education. Washington State University’s Carson College of Business delivers one of the top-ranked MBA programs in the nation. WSU offers an Online MBA course curriculum designed to equip students with the tactics, knowledge, skills, strategies, and other resources utilized by today’s high-profile business leaders.
WSU’s Online MBA degree program offers several MBA concentrations—marketing, finance, hospitality business management, international business, and general MBA. For more information, visit WSU’s Online MBA website.
Number of new rules annually – Forbes
Violations and penalties – BEI
Top 10 compliance challenges – PC Magazine
Steps to take – BEI
Automation – PC Magazine