Protect Your Business From Regulatory Pitfalls, With 'Practical Compliance' You can't get around dealing with regulations, but they don't have to crush your entrepreneurial spirit.

By Jeff Broudy

Opinions expressed by Entrepreneur contributors are their own.

Shutterstock

There's a disturbing pattern, especially in the United States, that all entrepreneurs face: Criminal acts drive an increase in regulation and governance, which leads to more costs of compliance, to avoid penalties and litigation. This includes payment-card industry (PCI) compliance if you accept credit cards, HIPAA compliance if you see patients, workers compensation laws, data privacy rules -- the list goes on and on.

Consider our upcoming election (don't get me started): The much-discussed email breach by Hillary Clinton, and Donald Trump's insistence that Clinton's regulatory policies will "drive business out," are prime examples of how advances in technology and criminal activities and governmental responses are affecting U.S. businesses.

Related: When Starting a Business, Beware All the Taxes and Regulations

But the burden of compliance has to be nonpartisan. After all, more than 20 percent of small business owners claim that government regulation is the single most important challenge they face. And 47 percent of organizations say they struggle to keep up with changes in regulations and adjust their policies accordingly.

So, how can entrepreneurs address the trickiest regulatory pitfalls?

The secret lies in finding the right balance between mitigating business risks and allocating resources. We call this "practical compliance."

What's your risk tolerance?

Every business is different, of course. However, too many regulatory requirements are written as one-size-fits-all solutions. A hospital is very different from a dental practice, for example, but HIPAA requirements for the two are the same. This happens despite the fact that both entities have very different risk-tolerance and resource-allocation scenarios.

Finding your level of risk tolerance as it relates to regulatory compliance, then, is key to "practical compliance."

If you don't allocate any resources to compliance, for example, your employees can spend 100 percent of their time working on the most important priorities of the business. That sounds ideal, but if you're not allocating any time and resources to understanding and implementing regulatory compliance, you're exposing yourself to unnecessary risk.

Let's say you run a dental practice. Now, consider the implications for HIPAA (the federal Health Insurance Portability and Accountability law providing data privacy and security provisions for safeguarding medical information).

At your dental practice, neglecting these HIPAA compromises, which protect health information, might expose the practice to financial and reputation risk, should a data breach, patient complaint or HIPAA audit occur.

Related: 5 Trends Reinventing Healthcare

On the other hand, if you hire a full-time compliance officer, overinsure the business and work to understand and implement every law and regulatory requirement, you may have nothing left to pay your bills or grow your business.

Striking the right balance

Dealing with regulations requires manpower, energy and money. You can't get around it, but that doesn't mean regulations are bound to crush your entrepreneurial spirit. Determine the right balance by taking these steps:

1. Designate an owner. The cost of hiring a full-time employee to focus on compliance goes far beyond his or her base salary. You'll pay 10 percent or more to cover various taxes and workers' compensation insurance, and company-paid portions of medical insurance and 401(k) contributions will further drive up the cost of hiring a full-time employee.

Most new businesses don't have the resources to cover these expenses. Instead, find the right person who you can designate to lead the charge internally. Ensure this person has the skill set to research, teach and implement a culture of compliance in your business.

He or she should have a thorough understanding of your business's inner workings, should be flexible and inquisitive and should be able to stay abreast of the always-changing regulatory environment.

By designating the right person, you'll be able to make progress more quickly and streamline decision-making and execution.

2. Determine your risk tolerance, and align your priorities. Meet with your owner to discuss your key priorities. What compliance areas are the "hot spots" in your industry? For example, in healthcare, it could be HIPAA or OSHA. What's going to keep you up at night? Focus on those areas first. You can't do it all, but focusing on the "critical few" will help you make progress and mitigate your risks along the way.

Also, there are different types of insurance policies that can quickly mitigate your risk. For example, in healthcare, we advise practices to obtain data breach coverage, which specifically focuses on costs relating to fines, penalties and notification of patients if a breach occurs.

3. Budget time and resources. Now, it's time to realistically determine what all of this will cost. Going through the budgeting process helps refine your risk tolerance, too. Perhaps something you wanted to do can wait, or maybe something is much cheaper than you originally thought.

Established companies fare better at meeting regulations without draining their resources because they have experience navigating such legal waters. Smaller businesses can face a higher cost trying to adhere to regulations. So, establishing a budget of time and money will help you meet your goals.

Every hour of an employee's time costs about $20. In-house training may cost $3,000 to $5,000 or more per year. Documenting policies and procedures may cost another $1,000 to $2,000 per year.

Your costs should correlate with your risk tolerance. What are you willing to spend to reduce the risk of penalties, data breaches, employee or customer complaints, etc.? Figure out your practical risk level; then, allocate a budget each year to mitigate them. You'll never mitigate all your risks, but by going through the budget exercise, you'll focus on the areas of greatest concern.

4. Speak with peers and trusted advisors. Even the most savvy entrepreneurs can't do everything alone, and the consequences of a misstep in compliance could be disastrous. However, there's no need to reinvent the wheel.

Speak to your peers or hire a trusted advisor to kickstart the process. Seek guidance from attorneys, accountants, compliance consultants or your IT provider. All will provide valuable experience to lessen your learning curve. Tapping into your network of various outside experts will allow you to focus on the thing you do best: growing your business.

Related: Compliance Is a Pain. How to Outsource It.

Regulations aren't going away. In fact, they will likely intensify. However, adopting a practical approach will help you not only find the right balance for your business, but also mitigate your risks by allocating the right level of resources. Don't let the requirements overwhelm you.

Focus on the critical areas, and adopt a culture of compliance from the start. You'll sleep better, and your customers and employees will benefit from your leadership.

Jeff Broudy

Founder and CEO, PCIHIPAA

Jeff Broudy, founder and CEO of PCIHIPAA, has been actively involved in building startups and leading sales and marketing teams in a variety of industries over the past 30 years. He is now pioneering a "compliance as a service" business with the release of OfficeSafe by PCIHIPAA, a technology focused on providing HIPAA compliance and data security solutions to small- and mid-sized medical and dental practices.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Making a Change

Expand Your Global Reach with Access to More Than 150 Languages for Life

Unlock global markets with this language-learning platform.

Business News

'We're Not Allowed to Own Bitcoin': Crypto Price Drops After U.S. Federal Reserve Head Makes Surprising Statement

Fed Chair Jerome Powell's comments on Bitcoin and rate cuts have rattled cryptocurrency investors.

Business News

A Government Shutdown Could Cost the U.S. Economy $6 Billion a Week, According to EY's Chief Economist

Experts from EY tell Entrepreneur that a government shutdown could leave "a visible mark" on the economy.

Leadership

The End of Bureaucracy — How Leadership Must Evolve in the Age of Artificial Intelligence

What if bureaucracy, the very system designed to maintain order, is now the greatest obstacle to progress?

Business Ideas

Is Your Business Healthy? Why Every Entrepreneur Needs To Do These 3 Checkups Every Year

You can't plan for the new year until you complete these checkups.

Franchise

KFC Is Launching a Chicken Tenders-Focused Concept Called Saucy — Here's When and Where It Opens

The chicken chain is making a strategic pivot towards the growing demand for customizable, sauce-heavy meals.