business plan environmental and regulatory compliance

Regulatory Compliance 101 for Business Managers

By Andy Marker | August 6, 2019 (updated September 16, 2021)

• Share on Facebook
• Share on LinkedIn

Link copied

In this article, you’ll find the most useful, comprehensive guide to understanding regulations that affect American businesses, expert input on maintaining compliance while reaching your business goals, and free compliance templates.

Included on this page, you'll find specific laws and regulations by industry and public interest , the costs of not complying with regulations , details on how complying with regulations improves your business and save you money , and steps your organization can take to handle regulatory compliance .

What Is Regulatory Compliance?

Regulatory compliance , also called business compliance , refers to any organization’s obedience to the laws, regulations, and other rules that govern all organizations.  

What Is a Regulatory Requirement?

A regulatory requirement is a rule that a government entity imposes on an organization. Some federal and state laws govern virtually all organizations. Regulations govern how organizations manage their business and employees and how they interact with customers, among many other areas.

Number of Regulations Balloon in Recent Decades

There have been attempts to decrease or slow the growth of federal regulations in recent years. Still, the overall number of regulations has grown significantly over the past several decades. A 2017 U.S. Chamber of Commerce Foundation report that assessed only federal regulations found that “Over the last 60 years, the U.S population has increased by 98 percent, while the federal regulatory code has increased by 850 percent, including some 6,081 final rules published between 2015 and 2016.”  

Overall Goals of Regulations

Generally, regulations are implemented to protect someone or something, whether it be employees, consumers, the public at large, or the integrity of commerce or of business processes. The entities overseeing regulation often focus on several primary areas, including the following:

• Establishing and implementing controls at organizations
• Keeping abreast of and assessing how organizations are complying with laws and regulations
• Identifying and remediating areas where organizations are not complying
• Providing ways for organizations to report on their compliance with laws and regulations

Industries and Other Areas Where Regulations Are Prevalent

Some regulations apply to almost all organizations and businesses. But, many regulations — often federal, but also some state and local — apply to specific industries or specific areas of oversight.

Here are some regulations that apply to specific industries, areas of commerce, or other entities:

• Financial institutions and transactions
• Employment and labor law (see details below)
• Pollution and climate change
• Use and disposal of chemicals 
• Corporate identity and business structure, including recording and reporting
• Tax code and taxation requirements
• Antitrust laws
• State licensing
• Interstate commerce laws
• License and permitting laws 
• Consumer protection, including product liability and safety
• Technology/data security, including data protection and privacy
• Government, including public procurement 
• Telecommunications, media, and technology
• Other European Union regulatory matters, including agriculture, import/export, pharmaceutical and medical devices, sports and gaming, and specific product regulation
• Contract laws

What Is Compliance in the Workplace?

A wide range of regulations apply to employment and the workplace. These regulations concern the following aspects of your business:

• Employee discipline and termination
• Hiring practices
• Sexual harassment, intimidation, or other offensive acts
• Discriminatory hiring or unfair employment practices
• Wages and hours
• Work environment
• Workplace safety
• Recruitment and retention of employees

Regulations and Regulatory Compliance in Nations Outside the U.S.

Countries outside the United States also have a wide range of regulations, of course. Here’s an overview on regulations in four countries:

• Australia: The nation has a range of financial regulations, overseen especially by the Reserve Bank of Australia, the Australian Prudential Regulation Authority, the Australian Securities and Investments Commission, and the Australian Competition and Consumer Commission. Other important national regulators include the Australian Communications and Media Authority, for issues relating to the internet, broadcast, and communication; the Therapeutic Goods Administration, for medical devices and drugs; and the Clean Energy Regulator, for the oversight of energy and carbon emission issues.
• Canada: The nation has two independent bodies that oversee most financial entities in Canada. The Office of the Superintendent of Financial Institutions regulates banks, insurance companies, and other financial entities and transactions. Meanwhile, the Financial Transactions and Reports Analysis Centre of Canada works to detect money laundering and also gathers and analyzes information on possible financing of and by terrorist organizations. Unlike most nations, Canada does not have a federal regulator of securities. Entities within provinces and territories work together to regulate securities trading. Other Canadian regulators include the following: Environment and Climate Change Canada, which oversees regulations relating to the environment and alternative energy; Health Canada, which oversees public health; and the Canadian Food Inspection Agency, which oversees food safety and animal health.
• India: India has regulations at the local, state, and national level. Many of its regulations fall into three areas: economic, environmental, and public interest-related. Many of these regulations are implemented at the national level.
• United Kingdom: The United Kingdom has a wide range of regulations, some of them specific to the U.K. and some of them set up by European Union legislation. The U.K. Corporate Governance Code governs how publicly traded companies in the U.K. are set up and operate. The code focuses particularly on best practices by boards of directors in corporate governance.

Specific Laws and Regulations by Industry and Public Interest

Tens of thousands of laws and regulations apply to organizations across the U.S. In many cases, these laws and regulations apply to companies within certain industries or apply in certain subject areas. Examples of specific laws in particular industries or areas include the following: 

• Dodd-Frank Act: Passed in 2010, this act created regulations to increase transparency and accountability within the financial industry.
• Payment Card Industry Data Security Standard (PCI DSS): Established not by government but by the four major credit card companies, this standard sets policies to increase the security of transactions involving credit and debit cards.
• Sarbanes-Oxley Act (SOX): This federal law set up a wide range of auditing and financial regulations for publicly traded companies. The law was created to decrease accounting errors and fraud. Read more about Sarbanes-Oxley here . 
• Gramm–Leach–Bliley Act (GLBA): This act removed regulatory barriers that banned commercial banks, investment banks, securities firms, and insurance companies from consolidating.
• Fair Credit Reporting Act of 1970: This act regulates the collection of credit information and access to a person’s credit reports.
• Sherman Act of 1890: This is a landmark U.S. antitrust law that prohibits anti-competitive agreements between companies and other business conduct that might lead to a monopoly in a market.
• Securities Exchange Act of 1934: This act, which created the Securities and Exchange Commission (SEC), governs securities transactions in the U.S..
• Securities Act of 1933: Approved after the stock market crash of 1929, this act was intended to increase transparency in financial statements and decrease fraud.
• Bank Secrecy Act (BSA): This act requires that financial institutions assist the U.S. government in detecting and preventing money laundering.
• Federal Information Security Management Act (FISMA): This act requires federal agencies to implement programs to keep their information technology systems secure from data breaches and other outside intrusions.
• European Union Data Protection Directive (EUDPD): This 1995 directive by the European Union regulates the processing of an individual’s personal data. (This law was later superseded by the European Union’s General Data Protection Regulation of 2016.)
• General Data Protection Regulation: This is an updated EU law regulating the personal data of EU citizens.
• Finnish Personal Data Act: This legislation, approved by Finland in 1999, protects and regulates the personal data of the country’s citizens.
• Danish Act on Processing of Personal Data: This legislation protects the personal data of Denmark’s citizens.
• Austrian Federal Act Concerning the Protection of Personal Data: This legislation protects the personal data of Austria’s citizens.
• California Senate Bill 1386: This is a California law that requires any company that experiences a data breach to notify any California citizens whose information may likely be exposed as part of that breach.
• Health Insurance Portability and Accountability Act (HIPAA): Among other things, this act protects health insurance coverage for workers when they change jobs and regulates how hospitals, insurers, and other groups use and disclose certain health information about individuals.
• Joint Commission (Healthcare): A nonprofit organization that accredits hospitals and health organizations and programs in the U.S.
• Civil Rights Act of 1964: This is a U.S. law that bans discrimination based on a person’s race, sex, national origin, or religion.
• Americans with Disabilities Act: This act bans discrimination based on a person’s disability. 
• Fair Labor Standards Act (FLSA): This act sets the minimum wage, overtime pay, and other standards for workers in the U.S. You can find free overtime authorization templates here.
• Family and Medical Leave Act (FMLA): This act requires most U.S. employers to give employees unpaid leave for certain medical and family reasons.
• Workers’ Compensation Laws: These are state laws that require employers to pay for employees who are injured on the job.
• Worker Adjustment and Retraining Notification Act of 2003 (WARN): This act requires employers with 100 or more employees to notify workers 60 days in advance of any plant closings or large layoffs.
• Equal Pay Act of 1963: This act was aimed at ending wage disparities based on gender.
• Federal Workers' Compensation Act: This act established compensation to federal workers who are injured on the job.
• Uniformed Services Employment and Reemployment Rights Act (USERRA): This act protects civilian job rights for members of the military and military reserves while they are on military duty. 
• Hazard Analysis and Critical Control Points (HACCP): This is a system that addresses food safety issues. 
• Immigration and Nationality Act of 1952: This act governs immigration and citizenship in the U.S..
• Migrant and Seasonal Agricultural Worker Protection Act: This act sets employment, housing, and other standards for seasonal farm workers in the U.S..
• Employee Retirement Income Security Act (ERISA): This act governs employee benefit plans in the U.S..
• Social Security Act of 1935: This act established the Social Security system of benefits for retired and disabled U.S. citizens.
• USA PATRIOT Act: This 2001 law established protections against terrorism in the U.S.

Industries Most Affected by Regulatory Compliance

Regulations are especially wide-ranging and complex within certain industries. The following are among the most heavily regulated industries:

• Financial services
• Health care
• Life sciences
• Information technology

Regulations Governing Internal Requirements for Businesses

Governments — often state governments — require companies incorporated within a state to keep and provide records relating to the operation of business. Those requirements might apply to the following elements of a business:

• Information about annual directors’ meetings
• A company’s bylaws and updates of those bylaws
• A company’s provision of stock to shareholders
• All of a company’s stock transfers
• Company records on major business transactions
• Updates or important changes to the operations of a company

Agencies That Oversee or Provide Guidance on Regulatory Compliance

Hundreds of local, state, and federal agencies administer laws and regulations that apply to organizations. Those agencies, and sometimes other groups, also provide guidance to help companies understand and follow the laws and regulations that apply to them. Some of those agencies and groups include the following:

• U.S. Securities and Exchange Commission (SEC): The SEC administers a wide range of laws and regulations that apply to the United States’ securities exchanges and publicly traded companies. 
• U.S. Office of Foreign Assets Control (OFAC): This entity enforces trade sanctions that the U.S. may impose on foreign governments, organizations, and people.
• United States Sentencing Commission: This government agency has provided guidelines on compliance relating to federal criminal laws that organizations and companies must follow.
• Small Business Administration (SBA) and (its website) Business.gov: The SBA provides a wide range of information that can help businesses understand and comply with regulations.
• Equal Employment Opportunity Commission (EEOC): This agency administers laws and regulations that apply to companies’ hiring practices. It focuses on employment discrimination against people based on their race, gender, religion, age, or other such factors.
• Employee Benefits Security Administration (EBSA): This body enforces laws and regulations relating to employee benefit plans.
• Civil Rights Center with Federal Department of Labor: This entity enforces rights guaranteed by the Civil Rights Act of 1964, which includes an employee’s right to do their job without any discrimination based on race, gender, or other such factors.
• Occupational Safety and Health Administration: This agency administers laws and regulations relating to workplace safety.
• Employment and Training Administration of Federal Department of Labor: This government entity administers laws and regulations relating to companies laying off a large group of employees at the same time. It includes a requirement that businesses with 100 or more employees notify workers at least 60 days in advance of a planned layoff.
• Environmental Protection Agency (EPA): This agency administers laws and regulations that relate to how businesses’ operations affect the natural environment.
• Federal Financial Institutions Examination Council (FFIEC): The FFIEC consists of a group of five financial regulatory agencies that together oversee the Gramm-Leach-Bliley Act, which, among other things, requires financial institutions to protect the privacy of financial information they have about individuals.

Non-Governmental Entities That Oversee Industry Standards and Regulations

Some industry-related organizations have established standards that serve as quasi-regulations within specific industries. Other nonprofits have been established to oversee certain industries and regulations, including the following:

• American Society of Mechanical Engineers (ASME): This industry organization has developed rules to ensure that products meet safety, security, and other engineering standards.
• Financial Industry Regulatory Authority (FINRA): This is a nonprofit group authorized by Congress to oversee securities brokerage firms and brokers in the U.S. It can discipline its members for violating a wide range of FINRA rules that govern broker actions and behavior.
• Public Company Accounting Oversight Board (PCAOB): This is a nonprofit entity created by the Sarbanes-Oxley Act that oversees the auditors, and auditing behaviors, of public companies.

Standards That Help Guide Regulatory Compliance

• NIST Standards: These standards were set up by the National Institute of Standards and Technology, a federal agency, to guide compliance with some regulations.
• International Organization for Standardization (ISO) and ISO 19600: The ISO is an international body that sets standards in a range of industrial, commercial, and other areas. Its ISO 19600 standard offers guidance on how organizations can set up and maintain a system of compliance management.
• ISO/IEC 27002: This is a standard that recommends best practices to ensure appropriate security for information technology systems.
• COBIT: This is a framework that recommends best practices for managing and governing information technology. The COBIT framework was created by an information technology professional association called the Information Systems Audit and Control Association — now known only by its acronym, ISACA. ( Learn more about information security and enterprise security here .)

What Is a Regulatory Compliance Cost?

A regulatory compliance cost is the amount of money or other resources an organization must expend to ensure it complies with all applicable regulations. For example, many regulations require detailed record-keeping that calls for employee time and other company resources.

The total economic costs for U.S. organizations to comply with all regulations is likely impossible to calculate. A 2017 report by the American Hospital Association estimated that regulations in the U.S. healthcare industry alone cost hospitals about $38.6 billion per year.

The Costs of Not Complying with Regulations

While the costs of complying with regulations can be steep, so can the costs of not complying. In fact, most experts say that the costs of the latter can be much steeper.

“Regulatory compliance is expensive,” says Marta Moakley, a lawyer and legal editor for XpertHR , an online subscription service that provides companies with legal and compliance advice on human resources issues. “But, regulatory non-compliance can be infinitely more expensive.” Here are some of the costs of non-compliance:

• Penalties: The most obvious costs, of course, are the governmental penalties for non-compliance. Fines for some minor violations — missing the deadline for filing an annual corporate report for your private business, for example — might be a few hundred dollars. But, violating SEC and other financial regulations can bring millions of dollars in fines. Hospitals that violate HIPAA patient privacy provisions can pay several millions of dollars in fines for large data breaches or repeat incidents. The European Union’s General Data Protection Regulation applies to any organization that obtains or stores the personal data of an EU citizen. That means the regulation applies to many U.S. businesses. The maximum penalty for violating some provisions of the GDPR is €20 million, or four percent of an entity’s gross global revenue.
• Enron: Shares of the apparently very successful Texas energy company were trading at more than $90 in 2000. Then, in the fall of 2001, it was revealed that Enron’s actual financial condition was falsified through a wide range of accounting fraud. The stock price dropped to less than $1 by late 2001. The company filed for bankruptcy and was eventually dissolved. A number of executives pleaded guilty or were found guilty of a number of felonies, including fraud. The scandal was also a significant reason for Congress approving the Sarbanes-Oxley Act in 2002. 
• Volkswagen: In 2015, it was revealed that the exhaust control equipment in the diesel engines of almost 600,000 of the company’s cars sold in the U.S. had been programmed to shut off after emissions testing was completed on the vehicles. That meant that when the vehicles were on the road, they were emitting much more pollution than the regulations allowed. Volkswagen eventually admitted to rigging nearly 11 million diesel-powered vehicles in the same way. The company has paid more than $32 billion in fines and compensation for customers. 
• Wells Fargo: In April 2018, federal regulators fined Wells Fargo $1 billion for forcing customers to buy car insurance they didn’t need and for charging unfair fees to mortgage borrowers. In February 2018, the Federal Reserve punished the bank for, among other things, creating millions of fake customer accounts. The Federal Reserve imposed penalties that limit the bank’s growth until it proves it has improved its internal controls. Wells Fargo also paid $185 million in other fines and settled a class-action suit for $142 million in connection with fraudulent practices.

Complying with Regulations Improves Your Business and Saves Money

Experts say that the penalties and reputation damage from flouting regulations make one thing clear: complying with regulations saves money in the long run. There are also other benefits to regulatory compliance:

• Improve Your Organization’s System and Operations: When you comply with regulations, your organization runs more smoothly.
• Build a Positive Reputation among Employees, Customers, and the Public: Complying with regulations expands your credibility and legitimacy both inside and outside the company.
• Achieve Higher Employee Productivity and Higher Employee Retention: “I encourage employers to view compliance as a smart business decision,” says XpertHR’s Moakley. “It emphasizes a fair and safe workplace. Employees will probably be more productive, and employee turnover costs will be at a more reasonable level.”

Moakley says that companies need to understand “that compliance overall is good business. I think most businesses don’t think of compliance as a cost-saving measure,” she explains. “They think of it as a burden. But, it is a cost-saving measure — in the short and long-term.”

What Is a Regulatory Compliance Policy?

A regulatory compliance policy is a statement from an organization — most often in writing — in which the entity establishes its commitment to following all laws and regulations and gives details on structures the company has put in place and practices it will follow to achieve compliance.

XpertHR’s Moakley says it is very important for a company to regularly and clearly communicate this policy to all employees. Companies should also collect electronic verifications from employees indicating that they’ve read and understood the policy, she adds.

“A business should communicate to its workforce, and to its leaders, what’s important: that this policy exists and that it reflects a culture that is important to an organization,” she explains.

This template provides your organization with the basics to create a strong regulatory compliance policy. The pre-built template includes space for the main components of a policy document, including procedures and policies you will commit to follow. Additionally, the template includes questions your organization should answer to create a comprehensive regulatory compliance policy document. 

Download Regulatory Compliance Policy Template

Word  | PDF

How to Stay on Top of Regulatory Compliance

It can seem overwhelming to understand and track all of the regulations that might apply to your company. But, there are basic steps that even smaller companies can take to stay on top of regulatory compliance:

• Assess Your Company’s Overall Exposure to Regulations: It’s important to understand whether or not your company is in a highly regulated industry (like healthcare, financial services, and insurance). If it is, you should begin by seeking outside advice from experts in your industry. Even if your company is in a less regulated industry, use common sense about likely regulations. “If you’re preparing food, do you need to worry about food regulations?” asks Spark Compliance’s Grant-Hart. “Look at your company and think about what type of laws would naturally apply to it.”
• Perform a Compliance Training Needs Assessment: The best way to understand and comply with regulations that affect your company is to train your employees. But, it may be cost prohibitive to train employees on every regulation that might apply to your company.  Moakley recommends performing the training needs assessment that might be most beneficial for your company. The assessment should include three categories, she says: areas that must be covered in the training; areas that would ideally be covered; and areas that may not be a good return on your company’s investment. “Your training needs analysis may recommend most of the need-to-haves and may have to forego some of the other areas,” she says.
• Establish a Code of Conduct: Grant-Hart recommends that companies create a code of conduct document that lays out ethics that the company and its employees should adhere to. For example, the code might include provisions about the limit on the value of gifts an employee can accept from a business associate. It might also include provisions detailing protections against harassment in the workplace and protections for “whistleblowers” — employees who raise ethical issues about something the company or another company employee has done. Grant-Hart recommends that as companies approach how they will deal with regulatory compliance, “they start with a code of conduct.” Such a code “tends to be the founding document for all compliance programs,” she says.
• When Using and Adopting New Technologies, Always Consider the Regulations That May Apply to Those New Technologies: Don’t take it for granted that you’re already compliant just because you were compliant when using an earlier generation of a technology. 
• Understand Where to Find Regulatory Information and How To Track Changes: A wide range of third-party services and software are available to help companies understand regulations. But, there’s also a large amount of accurate and free information, including from the government agencies that enforce the regulations, says Moakley. She adds, “It’s important to view compliance as an ongoing process that you need to evaluate and tweak — based on business needs and a shifting legal landscape.”

Use this template to outline the essential elements for a strong regulatory compliance plan. The template asks for details about your organization’s leadership, standards, communication strategies, training, employee discipline, and how it will continually improve its regulatory compliance.

Download Regulatory Compliance Plan Template

When Regulatory Compliance and Data Privacy Are at Cross-Purposes

Increasing demand for data privacy — and in some cases increasing regulations related to data privacy — can run counter to the demands for record-keeping concerning a number of other regulations. Here are two especially problematic areas:

• Data Retention: Many regulations require organizations to keep data for long periods of time, sometimes in ways that can make it difficult for companies to comply with data privacy regulations that impose strict limits on how businesses gather and store personally identifiable data.
• The “Right to Be Forgotten”: Data privacy laws often give people the “right to be forgotten” — meaning that organizations must destroy all personal data about an individual upon that individual’s request. Those rights can run counter to other regulations’ requirements that certain data be kept as evidence of compliance.

Organizational Strategic Issues to Consider Regarding Regulatory Compliance

Companies that are subject to a significant regulation need to consider how to structure their companies and processes to ensure they can operate well while also complying with regulations. Company leaders need to think about the following factors:

• How to predict the potential impact of regulations on the company’s strategic direction, its business goals, and its regulatory compliance processes
• How to balance the duties of compliance among legal, auditing, and other business functions
• How to encourage common compliance across different teams and company locations
• How to create internal systems that monitor and report on compliance
• How to measure the value of compliance, including in employee performance evaluations

Steps Organizations Can Take to Handle Regulatory Compliance

Larger companies and companies within highly regulated industries need to hire employees — sometimes dozens or even hundreds of employees — whose primary focus is the company’s regulatory compliance.

The Securities and Exchange Commission requires any company with publicly traded stock to have a compliance officer. The majority of such companies have regulatory compliance departments; some banks and other large companies have a compliance staff of hundreds.

Alternatively, smaller private companies may not even have one employee solely responsible for compliance. They may have a company lawyer or outside lawyer handle compliance. Or, a top company executive may be responsible. When it comes to smaller companies, Moakley advises, “it’s helpful to have a point person” who’s responsible for regulatory compliance.

Beyond staffing, companies can use software or undergo internal assessments to help with regulatory compliance. These options include the following:

• Acquiring Compliance Management Software: This helps organizations track the wide range of regulations that apply to all companies as well as those within specific industries.
• Developing a Business Continuity Plan: This involves determining how a company can continue to operate during and after a disaster, including a natural disaster, crash, virus, or other catastrophic event affecting a business’s information technology systems.
• Assessing Auditing Systems: This is an internal assessment that is crucial to maintaining regulatory compliance.
• Assessing and Improving the Security and Privacy of Information Technology Systems: This is also an internal assessment that is central to maintaining regulatory compliance.

This pre-built template provides your organization with a structure to create periodic reports on your regulatory compliance work. The template asks for details on regulatory compliance requirements that apply to your organization, along with compliance status, a summary of actions taken, and recommendations for future actions.

Download Regulatory Compliance Report Template

Executive Positions That Regulatory Compliance Has Created

As regulations have increased in recent decades, larger organizations are increasingly hiring executives to fill specific compliance roles. Here are three of the most common positions:

• Corporate compliance officer
• Chief compliance officer
• Regulatory compliance officer

What’s Your Major? — “Regulatory Compliance”

As more companies hire executives and staff that focus on regulatory compliance, colleges and universities are taking notice. And, some colleges and universities have now established areas of study that are partially or entirely focused on regulatory compliance:

• Northwestern University’s School of Professional Studies in Chicago offers a Master’s of Science in Regulatory Compliance . 
• Drexel University in Philadelphia offers a Graduate Certificate in Financial Regulatory Compliance , along with a Master’s of Legal Studies with a concentration in financial regulatory compliance.
• The University of Scranton in Pennsylvania offers a Master’s of Science in Human Resources Management that includes a significant focus on compliance issues.

FAQ: A Career in Regulatory Compliance Management

As more companies hire people for regulatory compliance work, and as colleges and universities offer majors that focus on compliance, more people are interested in understanding a potential career in compliance. Here are some of the most frequently asked questions about compliance managers:

What does a regulatory compliance manager do?

A regulatory compliance manager works to understand regulations that apply to an organization and sets up systems that help ensure the organization complies with those regulations. Alternatively, they work in governments that enforce regulations.

Where do regulatory compliance managers work? 

Almost half of regulatory compliance managers work in federal, state, and local governments. The rest work in private enterprise and other organizations.

What is the average salary of a regulatory compliance manager? 

In 2015, the median salary was $69,180.

What is the job demand for regulatory compliance managers? 

In 2014, job demand was expected to grow about three percent per year between 2014 and 2024 — which was about half the national average for all jobs. Some believe that the growth of job opportunities in this industry might be slowing down as businesses increasingly use software and other technology to help with their regulatory compliance.

What are the educational requirements for a regulatory compliance manager? 

The job requires a bachelor’s degree; a graduate degree might be beneficial if job growth is slow.

Benefits of Using an Outside Provider to Help with Your Company’s Regulatory Compliance

Many companies hire outside providers to help with regulatory compliance training or other compliance services. These providers may help smaller companies with much of their compliance work. But, the providers can also help the compliance departments of larger companies with specific tasks. Here are some of the benefits to hiring outside providers:

• They provide teams that are specialized and expert in specific industries and areas of compliance.
• They often have technical knowledge in a wide variety of areas.
• They use expert-developed risk methodologies and tools, which can help companies understand industry standards and best practices in a specific industry.

Services and Expertise of Regulatory Compliance Providers

Providers of regulatory compliance consulting can help your company in a number of ways:

• Help your company set up the design of a compliance program that routinely assesses risk and other compliance issues.
• Develop ways to embed your company’s compliance goals within the day-to-day operations of the business.
• Help your company understand and use technology to assist with compliance.
• Help your company track and adjust to continually changing compliance requirements.
• Conduct compliance and risk assessments.
• Help your company achieve an appropriate balance between compliance and risk, given limited budgets.
• Implement processes that help your company report its regulatory compliance.

Improve Regulatory Compliance with Real-Time Work Management in Smartsheet

Empower your people to go above and beyond with a flexible platform designed to match the needs of your team — and adapt as those needs change. 

The Smartsheet platform makes it easy to plan, capture, manage, and report on work from anywhere, helping your team be more effective and get more done. Report on key metrics and get real-time visibility into work as it happens with roll-up reports, dashboards, and automated workflows built to keep your team connected and informed. 

When teams have clarity into the work getting done, there’s no telling how much more they can accomplish in the same amount of time.  Try Smartsheet for free, today.

Any articles, templates, or information provided by Smartsheet on the website are for reference only. While we strive to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the website or the information, articles, templates, or related graphics contained on the website. Any reliance you place on such information is therefore strictly at your own risk. 

These templates are provided as samples only. These templates are in no way meant as legal or compliance advice. Users of these templates must determine what information is necessary and needed to accomplish their objectives.

Discover why over 90% of Fortune 100 companies trust Smartsheet to get work done.

Environmental Regulatory Compliance Business Plan: Key Strategies for Success

The importance of environmental regulatory compliance in your business plan.

As a business owner, you may have heard about the importance of environmental regulatory compliance, but have you considered incorporating it into your business plan? Environmental regulations are becoming more stringent, and failure to comply can result in hefty fines, negative public perception, and even legal action. This blog post will explore the significance of including environmental regulatory compliance in your business plan, and provide you with the tools and information you need to do so effectively.

Why Should Environmental Regulatory Compliance Be Included in Your Business Plan?

Environmental regulatory compliance is not just a legal requirement; it can also have a significant impact on your business`s success. By integrating environmental compliance into your business plan, you demonstrate your commitment to sustainability, which can attract environmentally conscious consumers and investors. Additionally, complying with environmental regulations can help you avoid costly penalties and litigation, ultimately saving your business money in the long run.

Case Study: The Benefits of Environmental Regulatory Compliance

Let`s take a look at a real-life example to illustrate the benefits of environmental regulatory compliance in a business plan. Company XYZ, a manufacturing firm, recognized the importance of environmental sustainability and made it a priority in their business plan. As a result, they invested in energy-efficient technology and implemented waste reduction initiatives to comply with environmental regulations. This not only improved their environmental footprint but also attracted environmentally conscious consumers, leading to an increase in sales and positive brand reputation.

How to Incorporate Environmental Regulatory Compliance into Your Business Plan

Now that you understand the significance of environmental regulatory compliance in your business plan, let`s explore how to effectively incorporate it. Start by conducting a thorough environmental audit to identify areas of non-compliance and opportunities for improvement. Then, develop a comprehensive strategy to address these issues, including specific goals and timelines for implementation. Finally, communicate your commitment to environmental compliance in your business plan to demonstrate accountability to stakeholders.

Environmental Regulatory Compliance Checklist

Use the following checklist to ensure that your business plan includes environmental regulatory compliance:

Integrating environmental regulatory compliance into your business plan is not only a legal requirement but also a strategic decision that can benefit your business in various ways. By demonstrating your commitment to sustainability and compliance with environmental regulations, you can attract environmentally conscious consumers and investors, avoid costly penalties, and improve your brand reputation. So, if you haven`t already, consider revising your business plan to include environmental regulatory compliance today.

Top 10 Legal Questions on Environmental Regulatory Compliance Business Plans

Environmental regulatory compliance business plan contract.

This contract (“Contract”) is entered into by and between the parties involved in the establishment and implementation of an environmental regulatory compliance business plan. The purpose of this Contract is to outline the legal obligations and responsibilities of the parties in relation to the business plan.

What Is Regulatory Environmental Compliance?

Compliance monitoring ensures companies adhere to environmental regulations that reduce businesses’ impact on the environment and preserve natural resources. Green movements have received more attention in recent years, creating more pressure on companies to address environmental concerns. However, this often comes with a price, as green measures can be expensive to implement.

No matter what field your business occupies, you need to stay abreast of environmental regulations and engage in reporting to remain in compliance. The penalties for breaching the law can be steep. Plus, many companies consider environmental regulatory compliance part of their business ethic.. Socially conscious companies appreciate the guidance of these laws.

Regulatory compliance refers to staying within the bounds of laws, guidelines and standards that govern the business operation. Environmental regulatory compliance includes guidelines related to the environment. The number and scope of environmental regulations has grown in recent years. All the rules are designed to safeguard the environment.

Companies are responsible for performing their due diligence concerning environmental policies and regulations. Because of the complexity of the regulatory atmosphere, it helps to have consultants who understand guidelines and can assist you with navigating how they affect your company to ensure you comply with all necessary regulations.

Regulation also ensures greater safety for those working within an industry. It also puts all businesses on the same page, to avoid confusion over expectations or miscommunication about standards. Regulatory compliance requirements are published publicly for reference, allowing companies to consult them as needed.

The Significance of Compliance in Development Projects

Everyone is responsible for taking care of the earth, and as a business, you have a greater responsibility than most. As you represent the interests of dozens, hundreds or even thousands of individuals, they expect you to do what’s right, and that includes following the ethics of environmental compliance. You also hold more financial power than most individuals, allowing you to contribute more to the future we hope for.

When you fail to do this, you also face more consequences than the average person. For example, from the moment you establish your company, you’re required to adhere to environmental regulatory compliance measures set forth by local and federal governing agencies. If you’re caught operating outside of those guidelines, you can face fines and other penalties. Plus, if your customers find out, you risk losing them as sources of income, as they may choose to give their business to another brand that more closely aligns with their beliefs.

What Agencies Are Responsible?

There are a few agencies involved in making sure your business is within environmental regulatory compliance. Most notably, these organizations are responsible for businesses throughout the United States:

• Environmental Protection Agency: The Environmental Protection Agency (EPA) develops environmental regulations and sets compliance monitoring and enforcement guidelines. These regulations are intended to protect human health and the environment. The EPA offers auditing and performance standards to encourage regulatory compliance and completes compliance reviews to give you site-specific recommendations.
• The Department of the Interior: Responsible for the management of land and natural resources, the U.S. Department of the Interior is devoted to making sure any natural resources are used properly and replaced where possible.

Depending on where you live, there are also likely state and local agencies with environmental compliance regulations related to your area’s particular needs and resources.

What Sectors Are Regulated?

Nearly every sector faces environmental regulatory compliance requirements. No business is exempt from these regulations, and the larger the industry, the more detailed the compliance factors. Below are just a few sectors that are regulated :

• Health care
• Manufacturing
• Public administration
• Water and sewage
• Dry cleaning
• Forestry and logging
• Educational services

Environmental Impact Assessments: Navigating the Process for Infrastructure Projects

Regardless of your industry, your impact assessment will likely involve:

• Screening: This step helps industries determine whether they need a full environmental assessment, and if they do, at what level.
• Preliminary assessment: This first assessment is shorter and more informal than the full version. It allows the assessment team to take inventory of any environmental concerns they see and determine if a full study is necessary.
• Full study: If necessary, the assessment team will complete a full study that includes a comprehensive and detailed analysis of various environmental impacts.

How Is Environmental Compliance Enforced?

The EPA provides regular monitoring of environmental compliance, which can take many forms, including:

• Performing on-site inspections and credentialing
• Monitoring off-site compliance, such as data collection and program coordination
• Monitoring on-site compliance, such as routine investigation and compliance inspections

Mitigating Risks Through Effective Environmental Compliance Auditing

Environmental compliance audits are critical in identifying and remedying non-compliance issues. To ensure they’re as effective as possible in finding and fixing these concerns, employ these strategies as you prepare for your next audit:

• Have a detailed environmental management plan: Long-term environmental compliance requires some form of management plan to stay successful. As your audit approaches, you can use this plan to update your goals and show the auditor where you excel and where they may need to pay close attention to ensure compliance.
• Keep and collect detailed action reports: Having a plan is excellent, but it doesn’t mean anything if your staff isn’t following it. By creating a reporting system that requires staff to detail compliance with your management plan, you can more closely monitor your progress and make adjustments in real time, allowing you to put your best foot forward with every audit.
• Appoint people to monitor compliance: When something is everyone’s responsibility, it’s more than likely no one’s. In general, you should have a person or team in charge of monitoring compliance and reporting issues to people who can fix them, but this role becomes especially important in the time leading up to an audit.
• Encourage reporting with rewards: In most cases, instances of noncompliance are no one’s fault. Still, they need to be reported and addressed prior to an audit to prevent delays in workflow. Many employees will avoid reporting noncompliance issues in fear of retaliation or simply because they may have to do more work if they report it, resulting in more penalties for your business down the line. You may be able to change this thought process by offering bonuses or using an anonymous reporting system to encourage staff to go one step further.

See TRC’s Regulatory Environmental Compliance Services

The best way to maintain environmental compliance is to have experts on your side. The professional team at TRC Companies has in-field experience and has assisted many businesses like yours. Contact us today to get a quote on our regulatory environmental compliance services.

Looking for effective solutions to your problems?

Turn to the experts at TRC.

News & Insights

TRC experts share their thoughts and insights on the trends and challenges impacting their markets.

Regulatory Updates

What You Need to Know About MSHA’s Proposed Rule on Crystalline Silica Dust

Regulatory Changes Will Impact Mine Operators and Better Protect Employee Health and Safety.

Changes to EPA’s Risk Management Program (RMP) Regulations Are Here

Changes to the Risk Management Program (RMP) regulations were signed into a final rule on February 27, 2024, by EPA Administrator Michael S. Regan.

NERC Proposes Clarifications to EOP Cold Weather Standards

NERC has submitted proposed revisions to the EOP-012-2 – Extreme Cold Weather Preparedness and Operations standard, for FERC approval on an expedited basis.

Risk Assessments for Your Environmental Permit

Environmental risk assessments help protect facilities, workers and the environment. Learn more about the importance of environmental risk assessments today.

By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Read our Privacy Policy .

Feel free to talk to us! Phone Number: 973-366-4660

Stay connected and get latest updates

Business Environmental Regulatory Compliance Guide

Complete guide to business environmental regulatory compliance.

Climate change is considered the biggest existential threat ever faced in human history. It affects every living person and every country. Therefore, efforts to mitigate catastrophe can’t be further delayed.

In 2019,  the Emissions Gap report found that to keep global temperatures from going up to more than 1.5 degrees Celsius; we need to reduce total emissions by 7.6% every year until the year 2030. It becomes the responsibility of all organizations within goods-producing industries to work towards reducing their environmental impact and protecting the resources we still have.

What is environmental and regulatory compliance? They refer to the laws, standards, and guidelines used to regulate businesses’ operations. The last few years have seen an increased passing of federally mandated regulations related to the environment.

Read on to discover how to prepare your business to maintain regulatory compliance in efforts to make industries greener.

Why We Need Business Environmental Regulatory Compliance

The production of goods has a major impact on the environment. It takes a lot of natural resources to make products and synthetic materials and the machines that produce them. The Industrial Revolution birthed mass production, which accelerated scientific and social advancements.

Because of this, for the last 250 years or so, rates of industrial output have skyrocketed. People consumed more, which led to businesses using more resources to meet rising demands and make a profit. Large corporations were doing this unchecked for decades which caused the climate change crisis we face today.

Concerns about how human industry would harm the planet started as early as 1962 when scientist Rachel Carson published “Silent Spring.” She showed some of the earliest documented evidence of pollution harming water systems and animal populations because of the agriculture industry’s excessive use of pesticides.

She called attention to how technology was disrupting ecosystems and would eventually cause permanent damage.

Global Commitments to Reduce Emissions

By 1988, climate change became a center-stage political issue because of the gradual rise in global temperatures. This came about as a consequence of the weakening of the Earth’s ozone layer. The sense of urgency about the potential of climate disasters found its way into public awareness.

Governments started to discuss how to regulate industries to make them more sustainable.

The first agreement to reduce emissions through regulatory compliance came about in 1997 with the Kyoto Protocol. Even though President Bill Clinton signed this agreement, which was a commitment to lower greenhouse gas levels by 2012, President George W. Bush pulled the US out of the agreement due to concerns over the economy.

This would happen again with the 2015 Paris Agreement. President Barack Obama, along with 197 other countries, committed to implementing their own regulations to reduce emissions. The goal was to make sure global temperatures would not rise more than 2 degrees Celsius.

President Donald Trump immediately pulled the US out of this agreement after his election in 2016.

Understanding Environmental and Regulatory Compliance

To commit to reducing emissions and preserving natural resources, the federal government has passed different laws and regulations. Federal laws set standards that companies must follow in their business practices. It refers to a legal requirement to go green.

Some of the laws that have been passed over the years in the US include the following:

• Toxic Substances Control Act (TSCA)
• Clean Water Act (CWA)
• Clean Air Act (CAA)
• Resource Conservation and Recovery Act (RCRA)

These laws put the responsibility on companies to make sure they follow these regulations so that they have  a reduced impact on the environment , make better use of resources, and mitigate the harm caused by hazardous materials. Laws exist to regulate processes like how those hazardous materials are disposed of and handled.

Most corporations see these federal mandates as a burden. However, non-compliance carries serious consequences. For instance, companies that fail to meet certain regulatory standards have to undergo investigations and potentially pay hefty fines.

Failure to follow regulatory compliance practices due to neglect and cutting corners also makes companies look very bad in the public eye.

How to Create an Environmental and Regulatory Policy Business Plan

It takes a lot of work for businesses to set up practices to reduce their impact on air emissions and water contamination. Fundamentally changing processes at every level of production also involves setting up protocols to ensure business practices stay compliant.

Keeping track of your company’s regulatory processes might involve assistance from  third-party organizations . These agents perform some of the following tasks, including:

• On-site inspections
• Evaluations
• Data collection

Sometimes companies can work with inspectors off-site with the following processes:

• Reporting audits
• Public records review
• Special programs

Your business also can put systems in place that ensure you have the most up-to-date information and that your staff remains fully educated about compliance regulations, as well as methods for keeping track of compliance. Understanding the environmental regulation policy serves as the most critical undertaking.

There are several ways your business can be informed about policies as well as policy updates:

• Employee and manager training about environmental policies
• Getting staff members the credentials to perform audits
• Keep information posted on-site in work areas as reminders
• Assigning managers to do oversight

One main way to keep staff informed includes making public information available in these ways:

• Brochures, flyers, and pamphlets
• Posters and infographics
• Online content like blog posts and email newsletters

Different Ways that Businesses Can Stay Compliant

Compliance is just a part of doing business. Whether business owners do it begrudgingly or not, multiple compliance systems operate to keep businesses up to code. Different types of compliance include the following:

• Regulatory compliance
• Data Compliance
• Health and safety compliance

Following environmental policies requires the above forms of compliance practices in some form or another.

Regulatory compliance refers to the laws and regulations for how businesses perform operations. To protect the environment, companies must constantly keep their production and use of resources in check and follow laws that have been put in place to prevent further environmental damage.

Data compliance controls laws centering on how businesses collect data and store and maintain database records. This is for tracking operations to make sure they are environmentally friendly. Data gives references for audits and thorough oversight.

Finally, health and safety compliance measures put protocols in place to protect employees from harm. They also keep the surrounding communities protected. For environmental regulations, this means safety protocols surrounding pollution prevention and handling hazardous materials. The main goal is to reduce harm and environmental impact.

Take Steps to Help the Environment

Business environmental regulatory compliance is one of the most critical steps businesses in the goods industries can take. It’s not just about avoiding trouble and staying in business; it’s about protecting future generations and the one planet we call home.

Contact Atlantic Environmental t o learn how we help companies follow environmental policies.

You are using an old version of IE. To fully enjoy the site, download the latest version of Internet Explorer.

As of June 2021, PHASE Associates, a leading provider of Environmental Health and Safety (EHS) consulting training and professional outsourcing services, has acquired assets of Atlantic Environmental, Incorporated (Atlantic Environmental).

PHASE Associates will continue to offer the same quality services for indoor air quality, industrial hygiene, ventilation, safety consulting & training services. We will continue to serve New Jersey, New York, Pennsylvania, Delaware, Connecticut, Massachusetts, Maryland, Virginia and DC, as well as across the United States.

Never see this message again

Environmental compliance audits: Five tips to protect your company

With growing attention on Environmental, Social and Governance initiatives and escalating penalties for non-compliance with environmental laws, [1] it is all the more important for companies to ensure compliance with environmental regulatory requirements. One way your company can satisfy stakeholders while appropriately managing risks of potential enforcement is to conduct a regular Environmental Compliance Audit (" ECA ".) In this article we discuss the key features of ECAs and their rising importance in managing your company's environmental compliance and risk.

1. What are ECAs and why are they important?

ECA s assess compliance with environmental legal requirements. [2] This differs from other environmental assessments such as Phase I and Phase II studies, which are generally more focused on evaluating the presence of contamination above regulatory standards (and which are typically conducted for pre-purchase due diligence or for the purposes of applying for regulatory instruments). ECAs can also include occupational health and safety (" OHS ") aspects as well. OHS audits focus on assessing compliance with applicable health and safety legislation and identifying risks to health and safety inside the workplace.

ECA s are internal evaluations carried out by qualified employees or third party consultants, with the goal of identifying compliance gaps, weaknesses in management systems and liability risk exposure. [3] The findings and recommendations from ECAs are documented in an internal written report (the " ECA Report ".)

The importance of ECA s is quite simple: it is far more advantageous for companies to identify and remedy compliance gaps themselves than it is for such gaps to first be identified as a consequence of an incident, or by regulators, which can lead to penalties and other enforcement measures. Moreover, in the event of a prosecution or other enforcement action, an ECA Report can be used to support a due diligence defence, or during sentencing to demonstrate the company's attention to environmental risks and good faith efforts to ensure environmental compliance.

2. Are ECAs obligatory or voluntary?

Generally speaking, ECA s are not required by law. That is, there is currently no law in Canada that requires companies to conduct ECAs against all applicable environmental laws. However, there are a number of regulations that require audits to be conducted on certain aspects of specific industrial activities. [4]

ECA s may also be a requirement of a company's environmental management system. Where this is the case, they are often scheduled every few years so that management and shareholders have an understanding of regulatory compliance risks, and to provide an opportunity for the company to remedy any compliance gaps.

3. What standards should be used in an ECA?

Companies can choose between a range of standards to assess the results of their ECA s, and to guide the implementation of recommendations. Adhering to a particular set of standards can assist companies with measuring their level of compliance and the rate at which they are addressing compliance gaps, year over year. Standards can also help in determining how to prioritize the order in which any compliance gaps (and associated risks) identified in the ECA Report should be remedied.

The most commonly used standards in Canada are CSA Z773-17 and ISO 14001 (the latter of which is an international standard that sets out requirements for environmental management systems). Companies can also develop their own internal standards depending on their capacity and the purposes of their ECA.

4. What should you do with the ECA findings?

As discussed above, the results of an ECA will be contained in an ECA Report, which will include the auditor's findings and recommendations. Once a company receives an ECA Report, it should decide how to remedy any compliance gaps and action any recommendations, and the order in which this will be done.

ECA Reports will often differentiate between instances of non-compliance with strict regulatory requirements (which may attract enforcement actions by regulators) and non-compliance with best practices (which may not attract enforcement actions). ECA Reports may also differentiate between instances of clear non-compliance, and instances of potential non-compliance which require further assessment and/or monitoring. Ultimately, companies will want to prioritize all findings and recommendations in the ECA Report in order to determine which items will be actioned, how they will be actioned, and when.

5. How do lawyers assist with ECAs?

As a general rule, it is prudent to have an environmental lawyer oversee an ECA at all stages: from planning and scoping, to conducting the ECA and producing the draft ECA Report, to following up on the results of the ECA and determining action items and priorities. Involving a lawyer from the outset of the ECA process will help your company scope the ECA to ensure compliance with up-to-date laws, but also to ensure that the ECA is cost effective by only covering those regulatory requirements applicable in the circumstances.

Regardless of whether the ECA Report is for internal or external purposes, having a lawyer oversee the ECA also allows your company to benefit from legal privilege. For example, the legal advice received in respect of the findings of the ECA would not have to be disclosed in the future, as long as such privilege is properly protected.

In today's market, companies with industrial facilities are expected to be conducting ECA s. Companies that do not regularly conduct ECAs have fewer opportunities to catch instances of non-compliance and are therefore far more exposed to the risk of stakeholder scrutiny and regulatory enforcement than companies who conduct ECAs regularly.

Our Environmental Law Practice Group has extensive experience with all stages of the ECA process, from scoping the ECA to prioritizing and assisting with the measures necessary to address the findings set out in the ECA Report. If you have any questions or need advice regarding your ECA, feel free to contact any member of our Environmental Litigation Group for assistance.

[1] See, for example, the following notable fines issued for environmental offences within the last five years: $3.5 million issued to Prairie Mines & Royalty ULC in 2017, $3.5 million issued to Irving Pulp & Paper Limited in 2018, $2.7 million issued to Husky Oil Operations Limited in 2019, $196.5 million issued to Volkswagen Aktiengesellschaft in 2020, and $60 million issued to Teck Coal limited in 2021.

[2] The scope of ECAs can be broad enough to include all environmental legal requirements applicable to a company or facility.

[3] In certain circumstances, ECAs can be ordered by and/or carried out by government agencies. However, the focus of this article is on ECAs that are undertaken voluntarily.

[4] See, for example, the Reduction in the Release of Volatile Organic Compounds Regulations (Petroleum Sector) (SOR/2020-231), s. 42-44; the Benzene in Gasoline Regulations (SOR/97-493), s. 22; the Benzene in Gasoline Regulations (SOR/97-493), s. 26; and the Renewable Fuels Regulations (SOR/2010-189), s. 28.

• [email protected]
• T:  +1 604-891-2793
• Download vCard for  Mark Youden

• [email protected]
• T:  +1 604-891-2730
• Download vCard for  Maya Stano

• [email protected]
• T:  +1 604-891-2794
• Download vCard for  Quinn Rochon

Related Insights & Resources

Environmental and regulatory compliance

Supporting safe and legal products through the complex technical and safety-related legislation and environmental legislation around the world.

Ensuring that your products meet all applicable regulatory and commercial requirements is an increasingly complex and critical task. Our Clients are required to demonstrate that their products are safe, reliable and will meet legal requirements – both environmental and technical.

Service details

We have extensive knowledge of global compliance requirements and constantly track and monitor these multiple, changing obligations. We can help you navigate regulatory and safety approvals and explain exactly how they affect your business. We also publish a regular newsletter, Re4view, which delivers coverage and expert analysis of environmental regulatory matters relevant to products and components.

Deliverables

Our experts assist industry and authorities (including UK government and the European Commission) on environmental compliance issues such as: 

• obsolescence and reliability (e.g. RoHS, REACH, SVHC)
• eco-design and sustainability
• responsible sourcing (conflict minerals and modern slavery)
• chemical or technical analysis
• end-of-life (e.g. WEEE, batteries)
• conformity and safety.

UK regulatory focus

The UK’s departure from the EU on the 31st December 2020 has clearly had major implications for the UK’s relations with the EU and with the rest of the world. Although initially the technical requirements relating to product safety and environmental legislation largely remain unchanged, there are implications on the procedural requirements in terms or reporting, changes to authorised bodies and product marking. RINA can support you in adapting to these changes and will be monitoring closely any future developments that might present a divergence in the technical requirements.

Regulatory Compliance Services

Failure investigation

Technical training, cable consultancy testing.

Making excellence a habit

• Verify a certificate

Buy standards

Popular searches

• ISO 13485 Quality Management for Medical Devices
• ISO 14971 Risk Management for Medical Devices
• ISO 27001 Information Security
• ISO 45001 Occupational Health and Safety Management
• Training courses

Suggestions

Consulting practice

Environmental

Improving business resiliency by innovating environmental programs and delivering environmental performance aligned with business needs.

Improving business resiliency by innovating environmental programs and training, reducing risks and costs of compliance, and delivering environmental performance aligned with business needs.

EPA approves new ASTM E1527-21 standard

Environmental Awareness Bootcamp

BSI Consulting Services for Environmental

Environmental reporting federal deadlines

March 1 st  – EPCRA SARA Tier II (311 and 312)

March 31 st  – Greenhouse Gas Emissions Report

April 1 st  – Air Emissions Inventory – Class I, II

July 1 st  – EPCRA Form R (TRI Report)

September 1st  – Small Quantity Generators (SQGs) of hazardous waste are being asked to submit a re-notification of their generator status

Legal Registers

Confidence in your compliance.

Utilizing BSI’s customized legal registers and compliance calendars will help you to manage your legal obligations, save time, and improve operational compliance.

BSI Consulting

Get started today >

Remediation Program Management

Working as an extension of staff, we provide specialized remediation program management expertise while focusing on the strategic objectives and values of our clients, enabling our clients to focus on their core business.

Enhanced Due Diligence

A new practice that takes a comprehensive look at actual or potential risks related to business transactions and environmental reserves.

Compliance services

Permitting, Planning, and Reporting

Tier I, II, TRI and Hazardous Materials Business Plan Threshold Determinations, Management and Reporting

Risk Management

Risk Management Plan (RMP) development, modifications, mapping, and gap assessments.

Hazardous waste

Registrations, Determinations, Planning and Reporting

Due Diligence

Phase I/II ESA and Transaction Screens, NEPA and Site Selection Support

Compliance Auditing and Risk Assessments

Our prioritization of issues site audit will identify vulnerabilities and opportunities within your EHS program.

June Bugs Labs

Interactive Asset Management System to reduce administrative hurdles of managing EHS compliance plans

Water management

Stormwater and Wastewater Permitting, Planning, Reporting and Design

Specialty services

• Air Quality Permitting and Regulatory Assistance Regulatory Applicability Analysis, Compliance Auditing, CAA Section 112r Risk Management Program (RMP) Compliance Support, EPCRA, Section 313 TRI Form R
• Facility Siting Utilizing Environmental Factors Evaluation and Ranking of Locations based on Potential Local, State and Federal Regulatory Permit Requirements
• Site Support Local, Regional and Corporate Environmental Staffing
• EPCRA Compliance EPCRA Compliance Tool
• Facility Closure and Decommission Environmental Stabilization, Permit and Project Management
• Immersive Reality Consulting Remote Subject Matter Expert Support, Training and Assessments
• Prioritization of Issues Permit Applicability Determinations, Compliance and Gap Assessments and Program Development
• Digital Transformation Data Collection, Digital Reporting and Utilization of Systems
• Risk Management Planning (RMP) Plan Development, Modification and Maintenance
• Tank Testing Operational and Mechanical Integrity Testing of Oil and Hazardous Material Tanks

To help prepare environmental reporting, manage complex permitting processes, or provide extra support for any environmental project, our consultants and technicians are also available on an outsourced basis, on-site, full or part time, to supplement your existing staff.

Environmental Compliance Resources

Managing EPCRA compliance: We partnered to identify compliance gaps by comparing collected data to current regulations and standards.

Whitepaper: Best in class Environmental Compliance Program

On-demand: Access our computer-based training courses at anytime.

Our training specialists create engaging computer-based training courses.

Daniel J. Smith

Sustainable compliance: Seven steps toward effectiveness and efficiency

The cost of regulatory compliance in banking rose dramatically in the years after the financial crisis. Some of the increase came from investment in technology, but most of it was—and remains—driven by additional staff. The crisis triggered numerous critical control failures that required immediate remedy. Institutions responded, appropriately enough given the urgency, by adding layers of control. An idea of what resulted can be seen in a typical example. At a large universal bank, a quarter of one business unit’s resources is now dedicated to control, significantly reducing the share focused on the business (Exhibit 1). While the exact numbers will vary by institution and business unit, what’s certain is that more resources than ever before are being dedicated to testing, monitoring, and other oversight responsibilities—at the expense, given budget limits, of production resources.

The investments have magnified industry resilience and improved the quality of risk management. The high cost, however, is now coming into focus. At many financial institutions, business, compliance, and risk practitioners are beginning to question the sustainability of the resource-intensive approach to managing compliance risks . We believe they are asking the right question. Banks are still adding layers of control as the remedy of choice for compliance issues. The result is an unwieldy “system” of overlapping controls that is difficult to automate and does not address the true root causes of risk. Arising issues are approached one at a time and in isolation; remediation efforts are inadequately measured and tracked.

Fragmented efforts, manual processes, mountains of data

We analyzed the time spent on remediation at one global financial institution according to the importance (materiality) of the issue. We found that first- and second-line compliance staff were spending 80 percent of this time on issues of low or moderate materiality, and only 20 percent on critical high-risk issues. The issues were approached individually, according to an “issue log” with thousands of entries. Unsurprisingly, separate remediation initiatives and audit reports were often directed at the same processes and had the same underlying causes. These could have been addressed systematically, but individual projects did not have the budget to take that on. Only when the institution took an enterprise-wide view did the case for IT investment become clear.

Stay current on your favorite topics

The status quo approach to compliance does not allow for an integrated view across the enterprise. The approach to risk assessment is fragmented: some risks are covered by multiple assessments and others not at all. Nor does a consistent understanding of the material risks emerge, as the varying standards of materiality and testing produce conflicting results across the organization. Compliance, activities relating to banking secrecy and anti-money laundering (BSA/AML), operational risk, third-party risk, and other assessments are performed frequently by separate teams applying different approaches, and much effort is expended in reconciling the outputs. At one large financial institution, we found that business leadership teams are required to participate in 20 or more risk-assessment activities annually, led by the various control functions. Yet despite all this labor, top management still cannot obtain a reliable view of the institution’s biggest compliance exposures nor on the state of controls governing them.

Many leading institutions have tried to shift compliance frameworks toward a more risk-based approach. They have struggled to escape an orientation to procedural adherence and refocus on residual risk (outcomes). Metrics present another challenge. Rather than forward-looking measures of risk, many are ill defined and generate data with unclear implications. As mountains of details pile up, critical exposures can get lost easily. Legacy controls remain in use as new metrics are added. Many intermediate controls and testing can be removed, however, as a recent efficiency effort at a bank’s consumer business demonstrated. The needed solution (expanded sample-based quality-assurance testing on executed affidavits) was simpler, less time consuming, and more effective in disclosing material exposures. And it was less costly than the existing haphazard system.

The value in sustainable compliance

The aim of a sustainable compliance program is to improve the bank’s risk profile through a more effective and efficient compliance function focused on the most important risks. The approach both centers on material risk and eliminates inefficient activities. In our experience, it can free up to 30 percent of the compliance function’s capacity (Exhibit 2). The size of the opportunity depends on the starting point of the bank: leaner institutions will benefit from effectiveness improvements, while institutions with heavier quality-assurance, control, and audit structures will additionally benefit from meaningful efficiency savings.

One global financial institution recently developed a set of initiatives to free up 20 percent of capacity in its risk and compliance functions. The starting point was organizationally heavy: the two second-line functions accounted for one-third of corporate function expenses. The resource footprint was 95 percent concentrated in high-cost metropolitan areas with very competitive talent markets. At the same time, effectiveness was inadequate, as evidenced by a growing backlog of regulatory issues and audit findings. Risk-management standards, including taxonomies and tolerances, varied across and within lines of defense; “shadow” testing and monitoring activities were being performed by business lines (the so-called one-and-a-half line of defense); and modeling, analytics, and reporting activities were fragmented across the first and second lines.

Would you like to learn more about our Risk Practice ?

The improvement program prioritized initiatives that enhanced the effectiveness of compliance and risk-management activities and their efficiency, to achieve a sustainable operating model to support future growth. Better effectiveness was sought by taking a proactive approach to help the business manage material risks. Rather than reacting to issues, the bank would diagnose root causes and translate regulations into operational requirements. Effectiveness was further fostered through timely and adequate transparency into the state of risks and controls, and increased confidence that no material risk would be left unattended. The functions became more efficient through the automation of tasks and controls and easier access to qualified talent. The resource footprint was optimized, aligning it with business and strategic needs. Resource allocation could then focus on material risks, boosting staff productivity. Nonessential work was minimized, including the remediation of low-materiality risks. Testing, reporting, and other activities were rationalized across the three lines of defense; duplication, especially in the control functions (such as remediation tracking and risk identification and assessment), was largely eliminated.

Building it: Seven steps to sustainable compliance

Compliance practitioners point out that compliance activities are triggered by regulatory requirements and by how well businesses manage regulatory risks. Regulatory demands, they argue, are outside the control of the compliance function, while the adroit management of regulatory risks takes time to mature. In our view, the key to sustainable compliance is how well the compliance function responds to these demands. Below we lay out seven practical steps that institutions can take to move closer to sustainable compliance.

1. Transform frontline units into a true first line of defense.

At many institutions, frontline units have “outsourced” a significant portion of their compliance responsibilities to the second line of defense, relying on the compliance function for everyday compliance-related business and control decisions. At other institutions, both lines of defense are involved in similar activities, leading to duplication and fragmentation of effort. These two faulty approaches are avoided when roles and responsibilities are appropriately defined. There is real value in having a strong first line of defense handling everyday business and in-line control activities. The role of the second line varies based on the type of compliance requirements. Some regulations can be translated into a set of clear operational requirements—this is called “rules-based compliance.” Other regulations, such as consumer protections, reflect regulatory intent for a desired outcome. This is called “principles-based compliance,” which does not easily convert into specific operational and control requirements.

For rules-based compliance, the second line needs to define clear standards and shift in-line execution and approval (such as consumer disclosures) to the first line of defense. For principles-based compliance, some decisions (such as the suitability of marketing materials) need to be embedded in the first line with adequate training, certification, and monitoring. Conduct risk in retail banking, for example, will present challenges in defining first- and second-line roles and testing and monitoring responsibilities. The compliance function will need to clearly articulate regulatory requirements for disclosures, adverse action, advertising, and privacy—and then provide technical expertise as business lines translate those requirements into operational procedures, practices, and controls. Compliance also needs to define requirements for training and certification (including in general areas such as product design and usage and fair and nondiscriminatory treatment), and ensure that they are met by all relevant stakeholders. The execution of control, such as authorizing accounts or approving new products, should, however, be embedded in the first-line processes. The second line will focus on independent approval and risk-based testing to ensure that controls do indeed work as intended.

As the second line, the compliance function defines and monitors control standards; the complementary role for the first line is to manage those controls more strategically. Accordingly, the control office in each business unit organizes how the front line manages its control environment—the front line reviews the business setup against the controls in the context of the inherent risk profile and business complexity. When global banks streamline their business footprint (for example, by offering products across markets or the customer portfolio), the related business processes and systems become essential in managing the inherent risk profile.

2. De-risk and reengineer business and compliance processes.

The demand for compliance resources can be significantly reduced by reengineering labor-intensive activities for core compliance processes, such as onboarding or transaction approvals. For control breaches, root-cause analysis is critically important. This will ensure that the true underlying drivers will be revealed for effective, lasting remediation. Further similar breaches—and the consumption of further resources, such as the addition of more checkers—are eliminated by the automation and redesign of the exposure areas. An additional important measure is the development of consolidated risk-assessment requirements across control functions for key business decisions. This way, duplicate functional controls—such as legal, BSA/AML, information security, and compliance requirements for new clients—can be eliminated and businesses freed from repetitive requests.

For one wealth-management company, automation of know-your-customer (KYC) controls reduced the turnaround time for the new-customer-onboarding process from five or six days for the most complex institutional accounts to 24 hours. The cost of KYC was reduced by more than 70 percent and the customer experience dramatically enhanced. These savings of time and money were possible because the institution tackled KYC requirements, along with credit-process digitization , as an integrated reengineering and automation program. The initiative was built on the understanding that the end-to-end process is no faster than its weakest link—which is often the compliance requirements.

3. Optimize the compliance operating model.

The compliance resources needed to support the business units can be configured most effectively and efficiently by consolidating subject-matter expertise and core activities in centers of excellence and utilities. This will help ensure that the best expertise is applied across channels in business-unit-facing compliance teams. Additionally, the opportunity in optimizing the location strategy for compliance is often sizable. A new look at location could lead to lower structural costs for compliance and offer access to global talent markets to tackle the challenges posed by talent scarcity in traditional locations. A diversified geographic footprint also ensures greater resilience in the face of adverse business or market events.

4. Focus on what matters.

Compliance with laws, rules, and regulations is viewed by banks as a zero-tolerance activity. Nevertheless, the time spent on each compliance demand must be differentiated according to the bank’s highest sensitivities and biggest risks in noncompliance. Time and resources, that is, should be allocated to the risks that matter most. Usually at the top of the list are finance laws and customer and market conduct.

Detailed adjustments can be made in the frequency of testing and sample sizes, depending on the level of inherent exposure in a given operational area. Moreover, testing and remediation activities can be risk-ranked and embedded in resource- and investment-allocation processes. Compliance priorities can then be regularly reassessed to account for new risks, defective controls, and business or regulatory changes.

Ongoing prioritization based on risk requires that organizations objectively measure residual risk exposures and know where in the business process controls can potentially fail. Understanding where the critical breakpoints occur in business processes and having a manageable set of quantitative, forward-looking metrics for each process breakpoint are critical capabilities. For risks that are difficult to quantify (such as internal conduct or fair and responsible banking), banks can develop qualitative risk markers. Trends in staffing levels or changes in business processes and technology often correlate with increased risk. Even if quantitative metrics that directly measure residual risk cannot be defined, qualitative tracking of these trends can alert the institution about potentially increased exposure. With AML compliance, for example, some exposures can be measured through quantitative key risk indicators, while others will require qualitative risk markers (Exhibit 3).

5. Actively manage controls and management-information systems.

The portfolio of controls needs to be actively managed over the life cycle of each control. Old controls, testing strategies, and management-information systems (MIS) should be discontinued quickly when no longer needed or when deemed ineffective. Clearing away unneeded controls saves compliance and business resources and helps ensure that material risks are not missed. Many controls are redundant or obsolete—such as reports for a particular issue that no longer exists. Others have been added to old processes where underlying problems have not been remediated. The result is layers of detective controls but few preventative controls. For many activities, controls are overabundant and it is unclear which are the key controls that truly make a difference. A bank can have hundreds of mostly weak controls in its trading chains without understanding that 20 are the most important (and should be perfected and tightly monitored to mitigate risk). Finally, controls are often ineffective because they are insufficiently understood and consequently undermanaged (for example, supervisors may not understand their roles and control responsibilities).

Markets businesses are a particularly challenging area for managing controls. These involve many frontline and middle- and back-office units, as well as risk and finance. We have encountered situations where more than 500 controls are in place, from supervisory controls in the front office to extensive reconciliation and reporting controls. A source of the challenge is the separation between units where risks emerge and those in charge of the controls. For example, frontline conduct risk may arise from ill-defined trader mandates or trade and booking data structures, while control responsibility rests with middle- and back-office units. These units, like compliance or control and settlement, might react by adding layers of control without identifying and addressing root causes upstream.

McKinsey on Risk, Volume 2

By rationalizing the control portfolio, most banks will be able to reduce monitoring and testing activities significantly. The remaining controls should then be automated , where this is possible (such as system checks or work flow). In-line quality controls, such as document-quality tollgates, can replace manual checkers for controls that cannot be fully automated.

For example, according to a legacy requirement of a consumer business unit at one bank, post-underwriting quality control of all new loan applications was performed by both an internal quality-control team and external attorneys. This triple-checking was replaced by quality tollgates much earlier in the process and automated data pulls that prevented errors. That eliminated most of the rework and expensive back-and-forth communications by attorneys, production, and the quality-control team.

6. Optimize testing and monitoring activities.

Duplication and overlap should also be eliminated from testing and risk-assessment programs, including BSA/AML, operational risk, IT risk, and first-line-of-defense activities. Furthermore, monitoring and testing standards need to be aligned with compliance standards in the first line of defense. These should be clearly tied to the inventory of material risks, associated key risk indicators, risk markers, and MIS. These measures will provide a clear line of sight to the risks the organization should focus on, what is being measured, and how the information will be used to make management decisions and prioritize resources.

Having eliminated overlap, banks can streamline the remaining testing and monitoring activities. For rules-based compliance, subjective assessments can be replaced with objective measures of residual risk—actual defect rates for critical regulations. Meanwhile, manual testing methods should, where possible, be replaced with system-driven exception reporting, such as timeliness and accuracy of customer disclosures based on time stamps and figures in the system of record. Advanced analytics can be deployed to analyze financial, operational, and control performance and identify patterns and hot spots. This level of automation of manual tasks can provide an early warning of failing controls, obviating headaches down the road. For monitoring and testing activities requiring manual intervention, a testing utility can be created to standardize tests and improve load balancing. This will help ensure that capacity is utilized efficiently and according to target quality standards.

7. Effectively manage supervisory and audit issues.

At many banks, remediation of supervisory and audit issues accounts for a large part of the compliance budget and the related change-the-bank budget. In most cases, banks handle supervisory and audit issues individually. Each major finding results in a separate project, and little thought is given to related control issues and root causes. In our experience, the attendant costs of this approach can be significantly reduced by moving to a more integrated portfolio-management approach.

Projects need to be managed on two dimensions: the underlying issues and the affected business areas. Supervisory issues related to client onboarding in the commercial-banking business unit, for example, need to be consolidated to avoid duplicating enhancements of core business processes. Effective KYC management for global banks in fact requires a centralized, cross-division view of customers and their business activities. Without this view, suspect activities could escape detection, or inconsistent client onboarding approaches and decisions may result. To address related BSA/AML issues, furthermore, banks will likely require a comprehensive and integrated approach to control design, to avoid uncoordinated technology efforts.

Supervisors rightly value an adequate focus on the root causes of issues. Banks that have this focus are able to design changes to core business processes that stop issues from arising in the first place. When issues are addressed individually, the solution is often to put in place additional layers of manual controls. Root-cause analysis helps an institution become more resilient in its business environment while reducing reliance on costly manual controls.

Where manual controls are still required to plug an existing gap, banks need to develop plans to automate them and/or redesign the underlying business process. Appropriate cost-benefit analysis should accompany such plans and help prioritize automation projects across the portfolio of remediation activities. Many banks would also benefit from comprehensive management reporting to measure the cost and effectiveness of remediation activities and make the best possible use of subject-matter experts and technology budgets to “buy down” the risks.

Effective remediation governance—with clear responsibilities and effective implementation monitoring—can also reduce complexity and lower costs. This means clearly delineating responsibilities for all remediation activities among the compliance function, business lines, and other control functions.

The cost of regulatory compliance in financial services has spiked over the past decade. In particular, resources in the first and second lines of defense have expanded dramatically. As a result, the industry has become more resilient and the quality of risk management has improved. The current resource-intensive approach to managing compliance is not, however, sustainable in the long run. While the demand for compliance activities is largely out of banks’ control, these seven practical steps can optimize how banks respond to that demand and allow meaningful progress toward a sustainable compliance function over time.

Piotr Kaminski  is a senior partner in McKinsey’s New York office , Daniel Mikkelsen  is a senior partner in the London office, Thomas Poppensieker  is a senior partner in the Munich office, and Kate Robu is a partner in the Chicago office .

Explore a career with us

Related articles.

The silver lining: Converting stress-test tools to strategic assets

Compliance in 2016: More than just following rules

The future of bank risk management

• Contact Us +63 (02) 8540-9623
• Email [email protected]

Environmental Blog The Importance of Environmental Compliance in a Business

It’s no longer a surprise when companies conduct their business in other parts of the world other than their own homeland. Often, it’s the smarter choice, especially when it’s in a country rich in either skilled manpower or specialized resources, or both.

In recent years, the environment has played a bigger and more important role in our daily lives, including how we conduct business. Negative impact to the planet, such as climate change and severe pollution, has pushed governments like that of the Philippines to create guidelines on all activities that may affect the country’s ecosystem. This isn’t limited to local businesses, as foreign ones also have to comply with environmental standards .

It’s Not Just About Following Rules

Because of the increased focus on global environmental concerns, any project has to follow a set of rules before the government of its country allows it to start or operate legally. This is especially true for those whose business poses potential risks to the environment, such as agriculture, mining, and construction.

In the Philippines, companies need to get an approved Environmental Compliance Certificate (ECC) from the Department of Environment and Natural Resources (DENR). This certificate ensures that a company complies with all requirements within the Environmental Impact Statement (EIS), and that they commit to their approved environmental management plan.

It’s More Than Just Helping Mother Nature

Mother Nature may be the obvious winner in the situation, but everybody benefits from getting assessed for environmental impact. Seeking the help of an environmental consultant allows an organization to maximize energy and profit while complying with related laws and contracts.

There are many ways an environmental consultant can help a business reduce its carbon footprint. With careful analysis, even the simplest tasks have good results in the “green” aspect of a business. Integrating such considerations reduces a business’s energy waste in buildings and vehicles, cutting costs along the way.

Friendly competition among employees or consumers also helps, such as a contest on who can save the most water or who can recycle plastic bottles in the most creative way. This can help promote the company as eco-friendly and efficient, potentially attracting more consumers who are sensitive in considering environmental issues before patronizing any company.

Contact Triple i Consulting to understand how we can help your business in the Philippines, including addressing its impact to the local environment.

• Environment Management
• environmental compliance

You can submit to the contact form above or just drop us a message using the email below [email protected]

First Name (required)

Last Name (required)

Your Email (required)

Phone (Enter Your Phone Number if You'd Like Us to Call You)

Your Message

12F Sagittarius Building, 111, H.V. Dela Costa Street Salcedo Village, Makati City 1227 Contact Us : +63 (02) 8540-9623

Privacy Policy

Main Services

• Philippines Business Registration
• Pre-Approved Visa Processing
• Branch Office Registration
• Representative Office Registration
• SEC Corporation Registration
• Regional Headquarters Registration
• Visas and Immigration Services
• Corporate Auditing Services
• Corporate Tax Consulting Services
• Environmental Compliance Certificate

Other Services

• 9g Working Visa
• AEP – Alien Employment Permit
• FDA License to Operate
• FDA Certificate of Product Registration
• Accounting Outsourcing Services
• Payroll Outsourcing Services
• Bookkeeping Outsourcing Services
• FDA Consulting
• Environmental Consulting Services

Subscribe to our Newsletter

BBJ Group around the world

We are locally dedicated with international scale.

• South Africa
• South Korea
• Puerto Rico
• United States of America
• Czech Republic
• Dominican Republic
• Netherlands
• Switzerland
• United Kingdom

Get the latest posts in your inbox!

By BBJ Group July 19, 2017

4 KEY BUSINESS CASES FOR ENVIRONMENTAL COMPLIANCE

Written by   Amber Cicotte, CHMM , Senior Scientist, who leads the EHS Compliance Practice for BBJ Group in our Chicago, IL office.

Frequently, plant managers or facility op erations supervisors must justify expenses for environmental compliance programs and struggle to come up with a convincing cost-benefit analysis. A spreadsheet does not give the proper context for environmental compliance expenses, however, there are strong business justifications that do impact a company’s bottom line.

Environmental Compliance & The Balance Sheet

Paying Violations has No Business Value: With every state and Federal government agency facing continual cut-backs, enforcement penalties are increasing as a way to generate funds for the regulatory body.  Agency personnel previously focused on other responsibilities like outreach and education are being moved to an enforcement capacity.  Where inspectors may have been lenient in the past, giving a grace period to correct the non-conformance, violations are being issued without opportunity for comment.

With the potential for fines to accumulate in the thousands of dollars for violations compounding on a daily or per-occurrence basis, money is best spent enforcing the environmental program internally rather than waiting for the outside motivator of regulatory fines.  Racking up too many individual violations and excessive fines can actually force your operation to shut down.

Prevention Costs Less than Cure: Environmental regulations for manufacturing operations are focused on understanding a facility’s potential to release pollutants to the environment and cause harm to citizens, both as a single entity and as part of a regional context, and then regulating (i.e., permitting) operations to prevent such events from occurring.  Crafting and implementing a comprehensive environmental program appropriate for your operation, with your necessary permits as the focus, will ensure your facility will never be responsible for an uncontrolled release to the environment.

Uncontrolled releases, either a single large event or smaller events over time, will result in an obligation to remediate, frequently under the oversight of a regulatory agency. Regulatory agencies are not known for their commitment to cost control and most organizations have not set aside adequate funds for remediation of such liabilities making the even a potential disastrous one for a company. Creating a program now that’s tailored to your facility and easy to follow is a fraction of the cost of even a small remediation event.

Regulatory Change is Now: Regulations change incrementally, even if they are changing constantly. If you are already having difficulty complying, any regulatory changes will be difficult to address, and possibly impossible to comply with.  

Small changes made to existing programs are easier and less costly to implement than creating a new program from scratch once regulations become too difficult or costly to ignore.  Companies that adhere to consistent and comprehensive compliance processes are better positioned for future changes. Companies that keep abreast of the latest changes and take small preventive compliance steps will ensure they’re prepared to deftly and inexpensively adapt to new regulations.

Put a Price Tag on Your Reputation : Setting aside the cost of violations and remediation to your balance sheet for a moment, there is a potentially greater cost to be considered – your company’s reputation. Online databases available to the public and a growing environmental justice movement means that almost anyone has access to records on small permit violations to major releases.

Citizen scientists eager to understand the industrial environment in which they work and live can take even small violations or enforcement findings and make them a community or national issue.

These are high-level rationales that apply to any organization. Depending on the industry, type of business, and unique makeup of your enterprise, there are almost always additional, stronger, firm-specific justification around compliance. 

A good place to start is a compliance audit. Compliance audits can help companies regroup and figure out where they stand in terms of environmental regulations. Once that is understood, a solid compliance plan can be put together to move forward, prioritizing those efforts that will result in the greatest return on investment.  

The Value of an Effective Environmental Compliance Audit

An environmental compliance audit results in a detailed account of potential non-compliance issues associated with applicable air, water, and waste regulations.

An effective EHS compliance assessment is performed by an environmental compliance specialist and includes:

• On-site inspection of a facility’s policies, practices, and operations;
• Review of pertinent internal guidance and records such as available environmental permits, reports, and operational data such as waste   manifests and maintenance records.

With this detailed information in hand, the facility’s regulatory compliance status and recommended actions are better understood. Most importantly, an effective compliance audit leads to a compliance plan that will meet regulatory obligations and provides for specific operational expenses required to avoid the pitfalls that so often result in runaway expenses, violations, and loss of a positive corporate reputation.

Recent Articles

By BBJ Group February 14, 2024

Unveiling The ESG Acronym, Part...

Our previous blog post explored the "E" in ESG,. . .

By BBJ Group August 29, 2023

From the Legacy of the Manhattan...

I recently saw the blockbuster movie Oppenheimer,. . .

By BBJ Group August 16, 2023

Unraveling the Intricate...

Mitigating Risk Through Conceptual Site Model. . .

By BBJ Group August 08, 2023

PROPERTY CONDITION ASSESSMENTS...

Property Condition Assessments (PCAs) or Property. . .

Corporate Headquarters

500 NORTH DEARBORN STREET, SUITE 712, CHICAGO, IL 60654

140 South Dearborn Street, Suite 1520, Chicago, IL 60603

800-875-1756

Subscribe to Email Updates

• SUGGESTED TOPICS
• The Magazine
• Newsletters
• Managing Yourself
• Managing Teams
• Work-life Balance
• The Big Idea
• Data & Visuals
• Reading Lists
• Case Selections
• HBR Learning
• Topic Feeds
• Account Settings
• Email Preferences

Keeping Your Business Safe in an Increasingly Fluid Regulatory Environment

Sponsor content from UL.

By Christian Salvans

In an era of unprecedented disruption, some changes are obvious, such as new technologies; new environmental, social, and corporate governance (ESG) reporting requirements; and a new world of hybrid work.

In manufacturing, another factor represents significant additional disruption: the rapidly changing regulatory landscape. In 2021, an average of 2.4 regulatory changes took effect every day worldwide, research conducted by UL found. In 2022, that average is five per day and rising. For global organizations, this pace of change can derail strategic planning, break supply chains, exacerbate distribution challenges, create legal hazards, and threaten reputation and revenue.

Manufacturers must keep pace with regulatory changes to satisfy customer commitments. Continuous compliance management helps ensure the timely release and sale of products, without penalty or interruption. The most effective compliance management features real-time intelligence on rules combined with flexible strategies to address numerous laws in multiple markets.

Compliance may seem like a moving target. Even an organization’s full intent to follow laws may come up against regulatory authorities communicating changes inconsistently. That makes it critical for organizations to partner with regulatory experts who can build relationships with the relevant authorities and offer technology that gives a real-time understanding of how regulatory changes affect their business—and when and how to take action.

Technology and Sustainability

In a regulatory world constantly adapting to market needs, two facets of manufacturing drive regulatory change above all others: technology and sustainability.

A product such as a TV was built 25 years ago using very different hardware and software than what is used in one that is built today. Emerging technology means emerging manufacturer regulations intended to ensure capabilities, materials, and production processes are safe and sustainable for employees, partners, and end users.

These revolutionary advances mean increasingly sophisticated artificial intelligence (AI) can allow a product to make critical decisions that could inadvertently compromise user security. As the Internet of Things (IoT) enables remote management of connected devices, that convenience increases the risk to customers’ data privacy and the threat of cyber attacks. With advances in wireless and cellular technology rolling out at different rates in different markets and mobile data usage growing exponentially, a global patchwork of new laws is continually unfolding, affecting research and development (R&D).

At the same time, the increasing demand for sustainable products and processes is driving a regulatory boom.

Manufacturers may have once seen sustainability as a point of pride; today, sustainability is both a market preference and a matter of law. The European Union (EU) adapts environmental laws to reduce carbon emissions and enforce compliant processes. With policies such as the European Green Deal and the EU Circular Economy Action Plan 2020, the region continues to enhance regulations on matters including right to repair, batteries, vehicles, and construction.

Beyond climate change, sustainability is also emerging as a human-rights issue. The recent German Supply Chain Due Diligence Act (GSCA) requires organizations to establish risk management systems by assessing any human rights risks in their supply chains.

Monitoring and Maintaining

Manufacturers’ two biggest challenges with regulatory change are: monitoring regulations and maintaining compliance across their product portfolio.

As new agreements and logistics technology increasingly facilitate global trade, manufacturers must monitor hundreds of regulations and requirements that evolve faster than ever. Four regulatory changes per day affect the electronics sector alone.

Each addition or change requires time-consuming, labor-intensive adaptations on product development and compliance revalidation that can delay time to market and hurt profits. Each change can potentially expose organizations, their partners, and their customers to vulnerabilities in cybersecurity, data privacy, safety, wireless, and interoperability.

Maintaining compliance for existing certified products requires continual assessment to  gauge how regulatory changes affect products. That means retesting, reinspecting, resubmitting products for regulatory certification, and deciding whether and how to update these products’ components or production processes.

Taking Action on Compliance

Manufacturers need a strong foundation in knowledge and impact assessment as the companies work within the continually evolving and expanding regulatory and product compliance environment.

An organization trying to monitor and respond to hundreds of rules on environmental safety, electromagnetic compatibility, wireless and telecommunications, cybersecurity, fire, and chemicals—each in varying markets, formats, and languages—needs vast in-house resources to keep up on its own. Further, assessing and communicating what these changes mean for their current and future products’ certification, development, and distribution can be daunting. Documentation, audits, surveillance visits, supply-chain certifications, and technical requirements are considerations far beyond the capabilities of spreadsheets.

Partnering with regulatory experts using specialized technology can help manufacturers focus on the big picture of business strategy that drives customer satisfaction, sector leadership, and revenue growth.

To stay ahead of regulatory disruption, manufacturers should work with global experts to support their global compliance management requirements. A partner such as UL can offer a fully integrated platform for managing end-to-end compliance needs that can help businesses focus on strategy and growth. The benefits of this relationship include:

• Monitoring and alerting manufacturers to regulatory changes and certification expirations
• Connecting manufacturers’ certifications with a network of global experts
• Assistance with gap and impact assessments on the products
• Development of a tactical plan to keep products in compliance and help introduce existing/new products into new markets
• Lowering manufacturers’ operating costs and noncompliance risks

The right expert can help facilitate manufacturers’ resource planning, product introduction and maintenance, and certification and surveillance testing—streamlining all regulatory requirements in an end-to-end service.

Just as technology and sustainability aren’t slowing down, neither is regulatory change. But partnering with an expert that brings specialized technology is critical for manufacturers to stay ahead of compliance issues, grow, and lead.

Learn more how UL can help your organization stay ahead of global regulations, improve speed to market, and better manage compliance across your portfolio.  

Christian Salvans is a senior director of global market access at UL.

Register for our new webinar: The role of EHS and sustainability compliance in GRC

Mitigate risk for growing global issues

• Air emissions
• Chemical management
• Emergency preparedness
• ESG Global Guidance
• General Environment
• Hazardous materials
• Occupational health
• Safety management
• Technical safety
• Waste management
• Water management

Easily manage compliance & sustainability at every level

• Regulatory Guides
• Regulatory Baseline
• Compliance Intelligence
• Regulatory Forecaster
• Chemical Watch

Reach goals worldwide and within each site

Dive deeper into ehs news and numbers, how regulatory compliance enables business growth.

The strategic benefits of regulatory compliance are often overlooked, but they are essential for business growth. Enhesa Product Intelligence Chief Analyst Nhat Nguyen explains more.

by Nhat Nguyen

29 February 2024

Product owners and business leaders often see regulatory compliance regarding product safety as a cost or an inconvenient burden—or worse, a tick-box exercise. To some degree their viewpoint is understandable given that compliance is mandatory, and requirements can sometimes feel cumbersome.   

Yet when managed strategically, regulatory compliance can be a genuine business growth enabler. Here is why it’s essential for businesses to recognize that.

Why compliance?

Regulatory compliance is, of course, not just a ‘nice to have’. In general, regulations are in place, and companies are required to meet certain standards, for a reason. This may be to ensure employee safety, or to reduce the environmental consequences of the company’s operations.   

Failure to comply may be catastrophic. Consider the aftermath of the chemical leak at Union Carbide’s Bhopal plant back in the 1980s, or more recently, the Deepwater Horizon oil spill in 2010.  

Both events resulted in deaths. Both companies had to pay substantial damages with BP’s costs estimated at billions of dollars by the time remediation was taken into account.  

Non-compliance is therefore a very costly choice, but there are also many reasons why businesses might make a strategic decision to treat regulatory compliance as an active bringer of benefits.  

Operational benefits

In the first place, compliance with health and safety regulations helps to mitigate operational risks. This reduces the likelihood of workplace accidents, and therefore any associated legal or financial consequences. Regulatory compliance also minimizes the chances of workplace or operational disruption, and therefore the opportunity costs of being unable to operate.  

There are clear advantages of having a workforce that feels—and is—safe.   

A healthy and safe work environment can increase employee satisfaction and productivity. When people feel unsafe at work or are concerned their employer is taking shortcuts, they are less likely to be engaged at work. Conversely, when employees feel secure and valued, they are more likely to be engaged, motivated, and focused on their work.  

Operationally, initial investments in health and safety compliance measures may seem high. However, they often result in long-term cost savings. An upfront investment in safety can prevent accidents and occupational illnesses further down the line. And this in turn can reduce the expenses associated with medical care, legal fees, and compensation claims arising from accidents and problems. Lower employee turnover rates and therefore recruitment costs are a further advantage.  

So, too, are the benefits of compliance in terms of operational efficiency and innovation. The process of ensuring compliance often involves adopting new technologies and best practices, leading to increased efficiency. Engaged and motivated employees are also more likely to produce innovations.  

Ultimately, a proactive approach to regulatory compliance will contribute to better products and business growth, and businesses may well find themselves in a stronger position to adapt to industry changes and technological advancements.  

Regulatory compliance within a market situation

Beyond operational benefits, regulatory compliance can drive advantages within the market by increasing brand reputation.   

First, demonstrating a clear commitment to employee safety is a reputation-enhancer for businesses. Few customers, clients or potential partners want to engage with a business that is careless about its employees’ well-being. It follows that being able to demonstrate active compliance can help improve reputation. This, in turn, can drive improved customer trust and loyalty, and also make it easier to attract partners with a similar approach to compliance.   

Secondly, regulatory compliance can give businesses a competitive advantage. In some markets, and in some highly regulated industries, specific health and safety standards are the starting point for access. For customer facing brands or companies who distribute those brands, brand reputation regarding environmental safety and human health is paramount.  

In today’s information space, brand reputation expands beyond the jurisdictional operation of the regulation. Traditional news outlets, social media, and video services have closed the information gaps for consumers, but also have the power to amplify safety issues relating to human health and the environment across the globe. As such, non-compliance issues – whether inadvertently or intentionally – in one country could trigger safety concerns and/or lower the company or brand reputation in the US, the EU or elsewhere.  

Conversely, examples of initiatives to improve or alleviate human health and environmental issues could enhance branding reputations among consumers, and supply chains.    

By strategically positioning its compliance functions and activities, a business could enable growth in several ways: by strengthening its existing markets; creating new market opportunities; and/or lessening the burden for new market entrance.      

Recognizing regulatory compliance as a strategic choice

Companies who pivot their regulatory compliance from a cost center and an after thought to one that is closely aligned with a business have consistently shown that such a strategy could lead to more innovation, strategic growth and reducing long term liability for the companies.  Whereas traditional compliance is about completing check lists or ensuring that regulatory requirements are met – to satisfy regulators and ensure baselines are met – strategic compliance requires closely monitoring and analyzing trends and shifts in the regulatory landscape to strategically prepare the business for such changes.  These actions could cut down compliance costs, ensure continuing market access and  market leadership and, in some cases, may lead the business in re-positioning or developing new business strategies.  

Strategic compliance benefits the entire organization’s stakeholders, including board members, business units, operational leaders, customers, consumers and supply chain.    

Regulatory compliance is a way to enhance overall business performance. It fosters a positive company culture, driving better employee engagement and innovation. It also creates opportunities for growth in the long term through innovation and partnerships. By working with compliance colleagues, and taking the ‘long view’ on compliance, business unit owners and product managers can drive long-term business growth.  

Meet your strategic compliance goals with Enhesa Product Intelligence

Enhesa Product Intelligence helps businesses across the world make safer, more compliant products with intelligence that helps them meet the challenges of the increasingly complex global landscape.

An official website of the United States government

Here’s how you know

Official websites use .gov A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

JavaScript appears to be disabled on this computer. Please click here to see any active alerts .

Regulatory Information By Business Sector

Regulatory information by sector.

Additional regulations not listed on these pages may apply. Other sector-based resources are available through EPA's many voluntary and partnership programs, including  Compliance Assistance Centers , which can also direct businesses to state-specific compliance information.

Agriculture

Growing crops, raising animals, and harvesting fish and other animals from a farm, ranch, or their natural habitats.

Automotive Sectors

Motor vehicle manufacturing, sales and salvage, and repair and maintenance services, for cars, trucks, trailers, and other motor vehicles.

Construction

Establishments primarily engaged in the construction of buildings or engineering projects (e.g., highways and utility systems).

Electric Utilities

All electric generating facilities powered by fossil fuels, including coal, petroleum, or gas as the power source.

Oil and Gas

Establishments that extract naturally occurring mineral solids, liquid minerals and gases.

Transportation

Industries providing transportation of passengers and cargo, warehousing and storage for goods, scenic and sightseeing transportation, and support activities.

Related Information

• EPA Certifications (608, 609, Lead, etc.)
• Find regulatory information by topic 
• Learn about major environmental laws
• Comment on proposed regulations

Discover Other Sectors

• Dry Cleaning (NAICS 8123)
• Educational Services (NAICS 61)
• Forestry & Logging (NAICS 113)
• Healthcare & Social Assistance (NAICS 62)
• Manufacturing (NAICS Sectors 31-33)
• Mining (NAICS 212)
• Public Administration & Government (NAICS Sector 92)

Water and Sewage Utilities Sector (NAICS 2213)

Frequent Questions

• How do I get an EPA ID number?
• How do I get certified?
• How can a small business owner get help?

Ask a Question