Multinationals can spend up to $22 million each year ensuring they are they fully compliant. This can include everything from drafting and implementing internal policies that identify data security, hiring, training, certifying procedures to making sure all appropriate financial disclosures are shared with shareholders. Compliance can also include a delineated list of audits, assessments, file transfer guidelines, risk management policies, tech upgrades, recompense and more.
It’s a heavy inventory, but the average C-level executive chalks it all up to the cost of doing business.
However, it’s a little different farther downstream for many smaller vendors that partner with corporations. They are expected to be equally compliant and keeping up with these requirements can be a nightmare.
Most contractors, vendors and service providers are forced to add specialized staff, or hire pricey consultants to ensure they are compliant. However, it’s not uncommon for many perfectly qualified vendors to simply throw in the towel and walk away from lucrative contracts rather than invest the time and money needed to remain “compliant.”
That’s the bad news. The good news is blockchain – the technology now being touted as a solution to nearly everything – can actually be deployed to help small vendors keep up with the requirements of their enterprise clients.
Today’s Regulatory Landscape
Before I explain how blockchain technology can remedy the many compliance headaches small vendors face, it’s important to understand the challenges large enterprises face as they negotiate today’s highly-regulated landscape.
Because of their size, scope and potential liability, enterprises operate in lockstep with the many regulatory and societal expectations that shape compliance. The list of those expectations get more complex every year. Want proof? Take a look at U.S. Code of Federal Regulations, a detailed roster of “regulations with which American businesses, workers, consumers, and other regulated entities must comply”. In 1950, the list filled 10 pages; last year it ran more than 180 pages.
Little wonder that – in its 2017 survey of corporate compliance costs – GlobalScape found, on average, multinationals spent about $5.5 million annually remaining compliant – a 42 percent surge over what they spent in 2011. (Failure to comply is not an option. GlobalScape found laggard organizations spent nearly $15 million for failing to comply – a 45 percent price bump since 2011.)
As pricey as that sounds, the financial burden is even more intense for smaller organizations.
“When adjusted by headcount … compliance costs are highest for organizations with fewer than 1,000 employees,” wrote the study’s authors. “[L]arger companies,” they explained, “have access to leading data protection technologies and highly-skilled personnel who have expertise in data protection laws and regulations.Organizations with fewer than 5,000 employees have to rely on expensive external resources such as consultants and lawyers to meet compliance requirements on a global scale.”
But, despite this disparity, it is common practice for big corporations to push the same compliance requirements they shoulder downstream to the smaller vendors that serve them.
Why? Because they cannot afford not to. In today’s regulatory landscape, corporations are responsible for the actions of the vendors they hire. As Drew Hendricks wrote in Inc., “While … vendors may be entirely separate from the organization, if they commit violations on behalf of the company in question that company can also become liable.”
So, even though smaller, third-party vendors operate on a budget that may be miniscule when compared to the enterprises they serve, they are expected to keep pace and hit the same compliance benchmarks as the larger entities.
How Blockchain Can Help Vendors
Third-party vendors seeking to win – and keep – enterprise clients quickly discover its a Herculean undertaking. This awakening usually comes when the larger organization sends over a 200+ page questionnaire for the prospective vendor to complete. These massive, time-sensitive documents usually require input from managers from across the company. They must drop everything and provide documentation and details covering everything for SOC 1 & 2 due-diligence to information security certifications to hiring practices to workplace safety and beyond.
It’s a resource-intensive, time-consuming, expensive task. Whether completing the task in-house or using consultants, vendors can spend upwards of $100K compiling the needed paper trail. And it’s an exercise vendors must complete every year – for each enterprise they serve.
This is where blockchain comes in. Blockchain technology can rewrite this playbook.
Instead of reacting to one-off enterprise requests, imagine instead a vendor building a decentralized ledger accessible by stakeholders from across the organization. Each time an audit is completed, a security feature upgraded, a certification earned, or a new HR policy introduced, the appropriate stakeholder simply updates the digital ledger in real time for all to see.
All activity is recorded on a secure, auditable and affordable blockchain, which can be easily accessed and tracked. After-the-fact data chasing data or hiring expensive consultants can become things of the past. Instead, a robust ledger can be consulted and shared anytime an auditor or corporate fact-checker needs confirm a vendor’s compliance standing.
Blockchain technology has arrived. Global investments in decentralized technology are expected to exceed $60 billion over the next five years. When people ask me “when will I see the blockchain revolution”, my standard reply is “you already are. You just don’t know it.”
Sometimes change is subtle. When vendors with less than 1,000 employees are empowered to expand their business by building an in-house, affordable, transparent and highly-efficient ledger that replaces cumbersome, outmoded and expensive processes of the past, that’s revolutionary.