Is implementing a compliance policy a cost or an investment?

Is the Compliance ROI concept coming?

Let's start with a short introduction in simple language to what Compliance is. Although there are countless articles that explain it in technical language, which are very correct, in my case I will explain it in a language that can be understood by the rest of us.

Compliance is all the risks faced by an organisation (public or private, profit or non-profit) or individual in relation to the economic activity it carries out. Therefore, we can state that the greater the complexity and the greater the number of actors involved in this activity, the greater the risks will be.

Compliance processes and policies will therefore be created in order to "Identify", "Prevent", "Manage", "Respond" to these risks.

At this level of explanation we can say that there is Compliance for SMEs, Compliance for large companies and Compliance for individuals. And by types we can say that there is Financial Compliance, Legal Compliance, Tax Compliance, Labour Compliance, etc.

Compliance from a cost perspective:

This point of view is based on the premise that establishing trust processes and policies causes an extra cost for the organisation because it only serves to fulfil bureaucratic procedures, which also leads to time wasting for all the people involved in the process.

If, for example, we draw a parallel with the ISO 37301 CMS (Compliance Management Systems) or the GDPR (General Data Protection Regulation ), can we say that mere compliance with these standards guarantees security? Or, in addition to complying with the document checklist, must it be integrated into the daily activities of the organisation?

Compliance from an Investmentpoint of view.

This view, on the contrary, thinks of it as an investment because any outflow of money to improve these policies and processes is focused on integrating them into the normal daily activity of the whole organisation.

Some of those ahead of the curve are looking at how to measure investment in the way MKT managers do through ROI; will Compliance ROI then emerge?  

As an example, let us comment on the following:

What is the return on being more trustworthy to our third parties (customers, suppliers, business partners, franchisees, distributors)?

How much return does it bring to avoid risks of fines, sanctions and bad reputation in the press/society?

What is the return on being able to open up to new international markets that are placing more and more emphasis on compliance?

What do you think?

I encourage you to explore this debate in more depth on my LinkedIn