How does the cost of complying with regulations compare to the cost of fees and fines incurred when caught out of compliance? Well, recently, a global manufacturer was fined a multi-billion dollar penalty for being found guilty of non-compliance with various regulations.
Let’s break it down a bit:
- U.S. population: approx. 325,000,0001
- World population: approx. 7,400,000,0002
- Total fines/compensation paid by manufacturer: $21,300,000,0003
Using these figures, every person in the world (as of August 2016) would have to incur an average of $2.87 to cover these fines and if the U.S. alone was responsible for this direct loss, it would equal $23 per person.
And these are just the direct costs. Reputational damage and the cost of redesigning processes will probably add another few billion to the total.
In GRC terms for this instance, the governance was ultimately the various regulations to which the company was required to comply. There may have also been other governance within the company, such as policies not to attempt to cheat or mislead the public, or there may even have been contractual governance in the form of contract between buyer and seller of the product that minimum standards would be achieved.
The risk was that if found to be out of conformance, there could be penalties and costs to remediate. It would be interesting to see the risk assessment for this instance (if there was one), including the evaluation of potential criminal actions and remediation costs. Would the cost to comply for the period of this non-compliance have been anywhere close to these numbers, which equal nearly 14% of company revenue?
It’s hard to comprehend the full magnitude of the costs and it will be interesting to see how the company recovers.
Right on the heels of this news, another manufacturer was accused in January of similar fraudulent activities. So, it’s worth wondering whether we can expect more emphasis in many organizations on fully assessing the risks of certain actions, and how effective monitoring of compliance be implemented and maintained.