CFO Paradigm · Example company: Cawan's Shoes
Macro, Risk & Ethics

Regulatory Compliance

What it means

Following the laws, rules, and standards for your industry & geographies (SOX, GDPR, product safety, labor).

Why it matters

Non-compliance = fines, criminal liability, and market exclusion.

How to calculate — with Cawan's Shoes

Cawan's Shoes compliance stack (audited annually by Deloitte): • SOX (public co.): 220 key controls tested quarterly, $2.1M annual cost, clean 2025 opinion. • GDPR (EU DTC, 3.1M customers): DPO on staff, 72-hour breach notification runbook, 2025 subject-access requests handled: 4,120. • CCPA/CPRA (California, 1.4M customers): opt-out mechanism live, no fines to date. • Product safety: CPSC, EU EN ISO 20345 for safety-shoe line, 42 SKUs tested per lot. • Labor: Cawan's Supplier Code of Conduct + third-party audits at 100% of Tier-1 factories (Elevate, twice/yr). • Total compliance spend: $5.8M/yr — cheap vs. GDPR maximum fine of 4% × $500M = $20M.

What's at stake if you ignore this

GDPR fines run up to 4% of global revenue.