Governance, Risk Management, and Compliance: It Can't Happen to Us—Avoiding Corporate Disaster While Driving Success by Richard M. Steinberg

The Back-Breaking Costs

Leaving program effectiveness for a bit later, let's look at the tremendous costs of dealing with compliance, which can be viewed similarly to those automobile motor oil ads of long ago: “You can pay me now, or pay me later”—a few dollars now, or thousands later, although here the later numbers are much larger.

Surveys of cost information vary in their estimates, but they provide at least directional insight. One survey of several years ago shows that for every $1 billion in revenue, the cost of compliance programs comes close to $6 million.² Another shows the cost of Sarbanes-Oxley compliance alone averaging $4 million for companies with $5 billion in revenue, and $10 million for companies with $10 billion and more in revenue. More telling is that for companies with more than $1 billion in revenue, compliance costs strikingly equaled the salaries of 190 full-time-equivalent employees.³

And when we consider one of the highly regulated industries—the U.S. securities industry—compliance costs for each firm averaged a whopping 13 percent of revenues.⁴ And this is before the financial system's near meltdown and the resulting Dodd-Frank Act and regulatory reaction now underway.

From a broader perspective, a 2010 report says the cost of complying with U.S. federal laws and regulations came to an estimated $1.75 trillion in 2008, totaling 14 percent of U.S. national income. The cost to business is stated to be $970 billion, with state and local governments paying ...