By Rogelio Biazzi, the Coordinator of the Master in Economic Analysis and Public Administration at EAE Business School
The rules on compliance are the very pinnacle of regulation: regulations on how to comply with the regulations. Creating rules to ensure regulatory compliance is, in principle, a good idea, as they strive to guarantee legal certainty, which facilitates the proper functioning of markets and a healthy environment for economic activity. If companies’ legal departments or the legal advisors of self-employed professionals and SMEs act as guarantors of compliance with the regulations, legal certainty is enhanced. This generates greater confidence among economic agents, individuals and companies, and facilitates business.
However, there is another side to compliance that needs to be analysed: hyper-regulation, which can create barriers and increase transaction costs, which may disincentivize economic activity. Faced with profuse regulations in several fields, regulatory compliance adds costs to people trying to conduct their economic and professional activity. These costs are easier to assume for some than others. I am referring to large and medium companies with their sophisticated legal and IT departments and so on, in which the cost of ensuring compliance is relatively lower than for SMEs or the self-employed, for which the task of complying with a complex and extensive legislative maze in several areas (civil, commercial, financial, employment, etc.) involves much greater difficulty. On top of this, a significant proportion of the regulations make no difference in terms of their compliance, depending on the turnover of the company or person that has to comply with them.
We can find an example of this in the new European General Data Protection Regulation (GDPR), which will be simultaneously applicable with the national Data Protection Act and which, from 25th May onwards, all companies and individuals that conduct economic activities must be prepared to comply with. In this specific case, we are not dealing with a model based on mere compliance with legal precepts, but rather a model of ‘proactive’ responsibility in which each agent must identify the measures that they have to adopt in order to guarantee that the rights of the interested parties are protected, as well as demonstrating that they comply with the GDPR. This represents a significant challenge for any organization but is far more challenging for professionals who do not have the benefit of specialist services to deal with the issue in their organization.
It is clear that any regulation aims to reach certain objectives and beneficial results for society. However, it must be taken into account that, on occasions, a badly designed law or a laborious legislative maze can have a boomerang effect and trigger undesirable results. In other words, the procedures and regulations that are intended to improve legal certainty can end up worsening the situation and, rather than facilitating the proper functioning of the market, they can become barriers that disincentivize economic activity.