6 months ago
29
What do the following laws have in common from a small business owner’s vantage point?
• Companies (Amendment) Act, 2023
• Copyright (Amendment) Act, 2023
• The Sexual Harassment Protection and Prevention Act
• The Consumer Protection (Validation and Indemnity of Tribunal) Act
• The Data Protection Act
• The General Consumption Tax (Amendment) Act.
They were enacted in recent years and affect the business landscape and legal environment for enterprises. They are all written in complex language, and have varying impacts on micro, small, and medium-size enterprises, or MSMEs, which make up over 97 per cent of taxpaying businesses in Jamaica.
Perhaps most importantly, none of the new laws were accompanied by a published RIA or statutory/regulatory impact analysis, which would provide valuable insights on the anticipated implications of the changes for key stakeholders. This omission is a substantial deficiency in the governance framework, and detrimental to many operators within the MSME sector.
The Ministry of Justice website has a library of laws passed in Jamaica, organised by year of enactment. According to https://laws.moj.gov.jm, 88 laws were enacted during the five-year period 2019-2023. Some directly impact small businesses. It’s therefore timely to remind readers that ignorance of the law is not a defence for non-compliance.
Notwithstanding, given the features and nature of local small businesses, employing four to 10 people, mainly unskilled, with limited access to capital, a high degree of informality, and no specialised resources dedicated to legal and regulatory compliance, how would they navigate the regulatory maze? It’s a question that policymakers and parliamentarians should reflect on.
Let us take, for example, the Data Protection Act. Passed in 2020, the law came into effect December 1, 2023, with a further six-month grace period until June 2024 for registration with the relevant regulatory authority, if there are no further extensions. What is required for business compliance, and how would this impact a small business?
A small business would first need to pay for technical support from a competent IT security provider and a legal professional, to understand the legislation and its implications and create an implementation strategy and plan.
Next, it would need to conduct a data audit, data protection impact assessment, identify, train and register a data controller, implement technical provisions required such as encryption, access controls, develop a data breach response plan, create the appropriate systems for documentation record keeping and reporting, and policies or procedures
Employees and contractors need to be trained, training manuals and resources developed, and so on. New security assets and equipment may be needed, as well as updated employment contracts that align with all responsibilities for strong data protection.
In this simplified example it would cost millions of dollars for implementation and maintenance, yet no guidance is published in a regulatory impact analysis. In many advanced countries, this would be considered unconventional or unprecedented, because major changes entail considerable risks.
Therefore, RIAs and associated implementation timelines are vital prerequisites that enhance the process for stakeholders. They help governments evaluate implementation costs and resources, benefits, feasibility, and potential unintended consequences that may affect key stakeholders. This is critical for micro and small businesses, which are fiscally and resource constrained.
According to the World Bank’s Global Indicators of Regulatory Governance, Jamaica reported conducting these assessments. However, they are not published online, or shared at public meetings or distributed through targeted outreach to stakeholders. The public therefore has no sight or benefit of these important bodies of work, if they are completed.
If lawmakers were to prioritise empowering small businesses to support their compliance and success, they would need to, at a minimum, answer the following questions:
• Are the laws and regulations written in simple language that is easy to understand?
• How much will it cost for a small business to comply with new or amended statutes and regulations on an annual basis?
• What new processes and/or systems will need to be developed by the business, and how often will they need to be updated?
• What is the recommended timeline for implementation?
• What resources, expertise and technology may be required and are they readily available?
• What are the potential risks and how can they be mitigated?
• What gaps in resources and funding exist for small businesses that may affect their ability to conform to regulatory and statutory changes?
• What compliance support will the government need to provide, and for what period, and what resources will be required?
• When and how will the government evaluate the effectiveness and assess the real impact of the changes once the new laws and regulations come into effect?
RIAs comprehensively answer these questions, driving legislators and policymakers to faithfully adhere to evidence-based decision-making. It is also a win/win for regulators and taxpayers’ funds. It reduces delays in implementation, avoids inconsistent enforcement, loopholes and non-compliance, which undermine the intended goal of the legislation or regulation. It mitigates against prolonged and costly periods of inactivity or underutilisation of resources on the part of the regulatory authority.
Finally, it safeguards against public confusion by avoiding extended phases during which businesses and individuals operate in a state of legal limbo, where laws are in effect but not enforced.
One love!
Yaneek Page is the programme lead for Market Entry USA, and a certified trainer in entrepreneurship.yaneek.page@gmail.com
English (US) ·