Compliance cost refers to all the expenses that a firm incurs to adhere to industry regulations. Compliance costs include salaries of people working in compliance, time and money spent on reporting, new systems required to meet retention, and so on. These costs typically increase as the regulation around an industry increases. Compliance costs can be incurred as a result of local, national, and international regulations, and they generally increase as a company operates in more jurisdictions. Global companies that have operations in jurisdictions all over the world with varying regulatory regimes naturally face much higher compliance costs than a company operating solely in one location.

Compliance costs are sometimes referred to as compliance overhead.

Breaking Down Compliance Cost

Compliance costs are often mixed up with regulatory risk and conduct costs. Regulatory risk is the risk that all companies face due to potential changes in the rules going forward and conduct costs are the fees and payments a company makes for breaking the current regulations. Compliance costs are simply the ongoing price for following the rules as they are. For a publicly-traded company, compliance costs include all the industry-specific compliance — environmental assessments, human resources policies, etc. — as well as the costs of shareholder votes, quarterly reports, independent audits and so on.

The Rising Cost of Compliance

In a globalized world, compliance with shifting regulatory regimes is a complicated task. Companies deal with differing regulations as well as expanding jurisdictions where countries like the U.S. look at the total of a company’s operations to ensure compliance with anti-bribery, anti-terrorism, and anti-money laundering legislation. Then there are places like the European Union, which seems to have a regulation for every imaginable business practice. In 2016, all companies selling goods and services were informed that they would have to be in compliance with the General Data Protection Regulation (GDPR) which increases compliance costs by mandating the appointment of a data protection officer (DPO) to oversee implementation of systems and privacy reforms.

As a result of increasing compliance costs, many companies are turning to large enterprise-level systems to lower the headcount they need to dedicate to compliance. Interestingly enough, the trends that created these large systems, like big data analysis, have also helped regulatory bodies spot non-compliance. So even as spending on compliance costs has increased, conduct costs have as well. This trend looks to continue as the number of environmental, tax, transportation, public health, and other regulations have increased. Many nations go through phases of increased regulation followed by deregulation to a point, and the U.S. is no different. That said, the general rule is that once a regulation is on the books, it gets tweaked rather than erased.