Analysis and interpretation of an Authority Document are excruciatingly time-consuming. The Unified Compliance team has analyzed over 150,000 Citations over the last 15 years. We have determined that the average time it takes to manually analyze a single citation is 20 minutes, given a two-person team checking each other’s work. Furthermore, we have found that the average number of Citations per document is 296 [1].
Applying Natural Language Processing (NLP) and Artificial Intelligence (AI) to textual analysis reduces the time to seconds per citation. Therefore, when analyzed manually (and done right), each document could take almost 100 person-hours of research, and when done using NLP/AI assistance, the time can be reduced to minutes per document.
When performed manually, aligning and harmonizing Mandates to Common Controls takes another 10 minutes per mandate (mandates are the individual tasks called for in citations, with an average of 1.6 mandates per citation). Alignment and harmonization can’t be done manually. NLP and AI must be involved to improve the accuracy of alignment and harmonization above 50%[2].
Each year the number of regulations governing business activities increases. From 2000 to 2021 the US executive branch published an average of 56 economically significant final rules every year. The high was 134 new rules in a single year in 2020. This brings the 22-year total to more than 1,200 new rules and regulations. Keep in mind this is only at the US federal level and only from the executive branch.
Now consider that any organization doing business on the Internet must also keep up with international privacy, credit card, cybersecurity, tax, intellectual property, and other laws. The proliferation of various international laws has kept pace with the expansion of US laws. The EU averaged 35 directives and 544 regulations annually in the last 31 years. This is more than 18,000 pieces of legislation. Japan listed more than 1,800 pieces of legislation as of 2008.
Trying to keep up with current topics in business laws and regulations is daunting at best. And then, as is now the case, a new focus for regulatory compliance comes into view. The newest focus on the international stage are the Environmental, Social, and Governance (ESG) regulations that require organizations to publicly disclose information about their performance in ESG topics (which vary by both industry and geography). ESG regulations are growing internationally at an increasing rate. Nearly 900 new ESG regulations were passed between 2010 and 2020. Almost a quarter of those were enacted in 2020.
Within the US there have been a few Federal and State level efforts to help businesses drowning in regulations. Even though Obama’s administration published the highest number of Final Major Rules of any administration in this time, he attempted to help in 2011 with executive order 13563. The order calls out inconsistent and redundant regulations while explicitly ordering that our regulatory system “must promote predictability and reduce uncertainty.“ Former Congressman Patrick Murphy sponsored a bi-partisan bill for regulatory reform in 2014. Sadly, this bill never received a vote. Regardless of their level of success, both actions seemed to spark others’ interest. Maryland, Kentucky, and Illinois enacted similar orders or initiatives over the following two years.
Originally the EU had a habit of sunsetting regulations, causing them to age off as needed. However, the number of regulations without expiration dates increased drastically after the mid-nineties. The annual average of non-expiring regulations between 2000 and 2014 was over 1200 per year.
It is clear that some regulators in the various governments around the world tried to help, but businesses are still inundated with regulations. There are very serious risks that need to be addressed by entrepreneurs that are trying to make sure they are compliant with regulations governing their projects. And it is the business’s responsibility to remain compliant whether they understand the laws or not. With the increasing number of regulations, it’s possible for a business to be non-compliant due to lack of understanding or even ignorance of the presence of a regulation.
Scarily, it is easy to be ignorant of these regulations.
What is exacerbating the compliance problem is the decentralization of the various laws, regulations, and standards. Unified Compliance, an organization that has tracked and cataloged more than 1,000 documents, maintains a listing of all sites where those documents are found and how many of them are referenced. To date, those 1,000+ documents are spread out in over 800 different sites, as shown in the table below. The compliance problem of each organization monitoring over 800 different sites for new or updated content is staggering.
Document Type | Site Count |
---|---|
Statutes (Bills or Acts) | 130 |
Regulations | 369 |
Regulatory Directive or Guidance | 21 |
Safe Harbor | 52 |
International or National Standard | 56 |
Self-Regulatory Body Requirement | 38 |
Audit Guideline | 22 |
Contractual Obligation | 5 |
Best Practice Guideline | 162 |
Vendor Documentation | 6 |
Organizational Governance Documents | 17 |
Plain and simple.
Manual mapping time X content change = fuggedaboudit
[1] Correspondence between the authors and the mapping team at Unified Compliance.
[2] “Unifying Compliance: Cross-Walking and Harmonization Rules Explained.”