The Cost of a BAC Is Not the Cost of Compliance - Why building safety is now a permanent operating expense — and why most portfolios are underestimating it

For many owners and investors, the Building Assessment Certificate (BAC) has become the headline number in building safety budgeting. Fees are scoped, consultants are appointed, submissions are made, and the cost is logged.

But here’s the uncomfortable truth: the cost of a BAC is not the true cost of compliance.

In fact, focusing on the BAC alone is one of the fastest ways to underestimate exposure under the Building Safety Act and its secondary legislation.

Building safety is no longer episodic — it’s operational

Historically, compliance costs were treated as project-based events: a survey here, a remediation programme there, a certification exercise at key milestones. 

That world has gone.

Building safety is now:

• A recurring operating cost

• A continuous regulatory exposure

• A constraint on transactions, refinancing, and valuations

•  

The BAC doesn’t create this cost, it exposes it. It formalises what regulators now expect to already exist: a maintained, auditable safety position that can withstand challenge at any point in time.

If your operating model can’t support that continuously, the spend doesn’t disappear after submission, it compounds.

The real cost sits behind the certificate

A BAC is not a one-off submission. It is the visible tip of a much larger compliance stack that includes:

• Maintained safety cases

• Live, validated data

• Controlled evidence management

• Ongoing internal coordination

• Continuous regulator readiness

The cost pressure does not come from “doing compliance once”.  It comes from maintaining compliance posture indefinitely.

Most portfolios materially underestimate the run-rate cost of staying compliant because much of the spend is hidden across:

• Repeat inspections and assessments

• Data production and re-validation

• Evidence version control

• Consultant interpretation cycles

• Regulator queries and response churn

Individually, these costs feel manageable. Collectively, they become structural leakage.

Where compliance spend leaks value

The biggest driver of inflated safety spend is not regulation, it’s fragmentation.

Typical operating reality looks like this:

• Multiple systems across managing agents, consultants and contractors

• Disconnected datasets with no clear ownership

• Manual reconciliation and email-based evidence trails

• No single source of truth for building safety data

The result?

• Duplication of surveys and assessments

• Conflicting data driving conservative assumptions

• Rework every time a regulator, lender or buyer asks a question

• Escalating professional fees simply to defend a position

This inefficiency doesn’t just inflate OPEX, it feeds directly into risk pricing.

Lenders, valuers and investors default to caution when evidence is slow, inconsistent or hard to verify.

Compliance is not the same as safety management

One of the most common, and costly, misconceptions is treating compliance activity as equivalent to safety management.  A compliance-led model is typically:

• Event-driven

• Consultant-heavy

• Evidence assembled late

• Reactive to deadlines

A Safety Management System (SMS) is:

• Continuous

• Owner-controlled

• Audit-ready by default

• Embedded into day-to-day operations

Regulators may not always say it explicitly, but their direction of travel is clear: owners are expected to operate systems, not just submit documents.

The more your portfolio relies on reactive compliance events, the higher and less predictable your costs will be.

Interoperability: the most overlooked cost-control lever

Many owners assume rising compliance costs mean they need more tools. In reality, most portfolios don’t have a tooling problem, they have an integration problem.

True cost control comes from interoperability:

• One authoritative dataset per building

• Clear data ownership and accountability

• Controlled interfaces between agents, consultants and contractors

• Evidence generated once and reused many times

When data flows cleanly across the ecosystem, duplication collapses, assurance becomes routine, and regulator interaction shortens dramatically.

This is how compliance shifts from a volatile expense to a predictable operating cost.

The owner’s shift: from outsourced compliance to controlled systems

The portfolios managing cost most effectively are making a clear transition:

From:

• Outsourced compliance narratives

• Consultant-defined standards

• Unpredictable spend

To:

• Owner-defined data and assurance standards

• Integrated safety management

• Portfolio-level oversight

• Stable, forecastable compliance OPEX

•  

This is not about doing less, it’s about doing it once, properly, and in a way that scales.

The real question owners should be asking

The critical question is no longer “How much does a BAC cost?”

It is: “What operating model do we need so that a BAC is simply a by-product of how we already manage safety?”

Because when building safety is treated as a managed system, not a series of regulatory events, costs fall, risk reduces, and control returns to the owner.

And that is where compliance stops being a drag on value and starts protecting it.

Author David Hills