At some point, nearly every regulatory client has asked me, in a tone of incredulity, why “such a little thing” mattered to a regulating agency. Often the client also asks why a government regulator focuses on the “little guy” when big business appears to skate through regulatory compliance with no issues.
The second answer is far simpler but answering it first leads us to part of the answer for the first question.
Table of Contents
How Big Businesses Treat Regulatory Compliance
Big businesses appear to skate through regulatory matters without issues, in a sense, because they are big. Being big, they hire regulatory compliance experts to eliminate issues and quickly correct any problems that do come up. They have support personnel to do the actual work. The proactively address most problems before they get to the point of administrative sanctions or lawsuits.
This is not to say big businesses don’t have regulatory problems: many do. Some businesses simply don’t bother to comply and have problems as a result. But most big businesses place an emphasis on regulatory compliance. They recognize that compliance failure can be a business-ending proposition. They place a priority on regulatory compliance.
Simply making regulatory errors can put a company under heightened scrutiny, causing more frequent examinations and other disruptive and costly consequences. A series of errors, or repeated errors, may also raise questions that lead to more serious investigations or prosecutions. Each situation drags at a company’s bottom line and pulls focus from the company’s mission and vision.
As a result, most big businesses solve their regulatory issues quickly. They hire staff to address compliance. They include it in their legal budgets. They have legal budgets,
What Small Businesses Do Differently
By contrast, small businesses can be so focused on the need to deliver their product and service “right now” or on obtaining the next bit of funding, or making the next payroll that they set aside regulatory requirements to be handled in a “later” that never comes. In this environment regulatory compliance gets pushed, first to the back burner, then off the stove.
Small business owners may also be intimidated by the requirements of compliance or worried that they need legal help they can ill afford. They may never have had good counsel about what compliance in their industry requires. So these businesses go along focused on what they see as important, all the while missing deadlines, failing to fully report all reportable events, skimming over the reports they do file, not noticing errors and other “little things.” These businesses think they are doing okay, rolling with the punches, flying by the seat of their pants, and trying to meet the promises they have made.
These businesses are then stunned when a regulatory body announces an investigation, revokes their licenses or permits, red flags their project, suspends their trading, or issues fines that they have to fight.
They can be surprised by the fierceness of the fight in which they find themselves. They think that meeting the promises they have made to their customers or shareholders should make everything all right again. After all, they weren’t hurting anybody. They didn’t intend to be non-compliant. They were just out doing the work and they left the paperwork to someone else, or forgot to do it, or did it poorly. They shake their heads over why the regulatory agency is focusing on them instead of the bad guys who are out trying to hurt people. They don’t realize that they look very much like the bad guys to the regulatory agency. They may have done the same things from a regulatory perspective—even if their intent was very different.
In recent months, I have had the occasion to explain several times that, in the area of regulatory compliance meaning well doesn’t mean much. Failure to comply doesn’t need a bad motive to put a company into a downward spiral of regulatory grief. Regulators look at actions and may never look at intent. For most violations it is the act and not the reason for the act that counts.
Why Regulators Regulate
A business’s confusion and incredulity over being the target of an investigation or why the “little things” matter to regulators betrays a fundamental lack of understanding about the purpose of regulation.
Fundamentally, regulations are to protect the public by making sure that everyone is playing by the same rules.
For example, environmental regulations on marinas require them to meet standards about properly disposing of sewage, both on land and from the boats mooring at the marina. Regulators must be able to check on their compliance to protect the public from disease, nearby property owners from damage, and boat owners from both. If every marina is properly disposing of its sewage, this also protects the marinas themselves others taking unfair advantage and using it to compete unethically.
Similarly, if a business is publicly traded, it must meet the numerous and varied filing requirements of the Securities and Exchange Commission (SEC). These include the requirement to file Form 8-K anytime there is an event that is material to the company. Material events can be changes in management, obtaining new funding, lawsuits, signing a contract with a company owned by an officer, disclosing outside interests that might affect the company’s value, meeting (or failing to meet) a significant deadline, and a host of other events. Each of these events must be reported in a timely manner and the reports and accompanying documents must be accurate.
Because all publicly traded companies are required to report accurately, the market, as a whole, is safer for the investors, who can rely on the SEC filings. It is also a more level playing field for companies because no company is entitled to hide negative (or positive) information that may be material to its success and, consequently, to investor success.
How Small Businesses Can Find Themselves in the Regulator’s Spotlight
No regulatory agency has time to deeply investigate every company it regulates. Usually such agencies have routine exam cycles for most companies and spend the bulk of their resources examining companies that appear to be at high risk for non-compliance or present other risks to the public. While risk can include many things, often the companies viewed as highest risk are those in which the regulator can see a pattern of errors or otherwise sketchy compliance. The failure to comply in “the little things” can signal to regulators that a business is always playing catch-up, is overwhelmed with meeting production or delivery requirements and has dropped compliance to the lowest priority.
Securities regulators see non-compliant companies, particularly companies that fail to report, fail to disclose material matters, or make material mistakes on their 8-K filings as high risk, because the playing field is no longer level for investors. If investors cannot rely on SEC filings to be accurate and complete for all companies, the entire market is less safe. The SEC is not primarily focused on whether an individual investor loses money with a particular company. Rather, it is concerned with whether all investors can rely on reported and published information in investment decisions. If an appropriate investor has the opportunity to ask questions and the company properly reports its warts and blemishes, then when investors fail to inquire or decide to invest despite what they have learned and go on to lose money on the deal, the SEC isn’t especially concerned because the structure was there to protect them. However, the SEC is concerned that investors who want to inquire are able to obtain accurate information to help them decide whether to invest—no matter the risk level or size of the company.
The Cost of Compliance Failures
When a regulatory agency finds non-compliance, the penalties can be devastating. Although regulatory penalties are generally not supposed to be punitive, they can cause companies to fail. This is particularly true among startups that never planned for regulatory burdens and lack adequate support to meet them as well as companies where management neither understands nor values regulatory compliance.
Depending on the regulating agency, non-punitive penalties can include suspensions or revocations of licenses, fines, disgorgement of ill-gotten gains, injunctive relief that may effectively remove existing management from control—even if that management has knowledge or intellectual property that the company cannot function without, and financial penalties that cannot be paid from insurance or investor profits and may not be deducted as business expenses.
It is clear that most companies could not function if they had to stop business for 6 months or a year or lost access to the skills or intellectual property of an officer or director who had been banned from a management role. Even lesser penalties may cause upheaval within a company or cause it to lose investors or support from its shareholders. Fighting these penalties is expensive and time consuming. More importantly, it takes the company’s focus off its mission and places it on the regulatory action. In small companies this can shift the focus of the entire staff.
Consequently, small businesses must look up from the urgent business of today to address the important business of regulatory compliance. Small businesses must place an emphasis on compliance and arrange their resources to ensure that they can support the burden of compliance in their field. In many cases this requires having a frank discussion with counsel about where they stand with compliance, what is really required, and how they reach full compliance. The best time for this conversation is before there is an issue. The money spent on such a consultation or series of consultations is far outweighed by the costs of addressing even an initial investigatory round by a regulating agency.