In addition to the day-to-day obligations that are paramount to running a business, employers must comply with regulatory requirements addressing such issues as anti-corruption, antitrust, data privacy, cybersecurity, ethics, and financial crimes. Keeping abreast of new laws and the constantly evolving regulatory environment can be overwhelming to even the most seasoned corporate compliance professional. However, being caught in violation of any regulatory obligations can lead to costly fines and lawsuits for businesses.
Ethics and compliance programs within an organization provide clear guidelines to employees and protect the business from devastating consequences. For example, Marriott recently reported costs of a data security breach at about $72 million and they still face a massive General Data Protection Regulation (GDPR) fine of over $123 million. Likewise, the Equal Employment Opportunity Commission (EEOC) which regulates discrimination and harassment in the workplace, collected $353.9 million for wronged employees.
Areas of Compliance
The vast number of agencies that promulgate new rules or expected practices and provide guidance interpreting regulations is the reason that keeping up to date with regulatory developments is so difficult. A business must understand and enforce practices under each of the following:
Federal Laws and Regulations – Various agencies oversee and provide guidance for federal laws and regulations including but not limited to: the Department of Justice (DOJ), the Securities and Exchange Commission (SEC), the Equal Employment Opportunity Commission (EEOC), the Federal Trade Commission (FTC), and the Department of Labor (DOL).
State Agencies – Each state enacts and enforces laws and regulations that may impose stricter guidelines or requirements than its federal counterparts.
Municipal Laws – Some cities and counties enact regulations that must be adhered to by businesses within their boundaries.
Industry-Specific Agencies – Businesses in certain industries may have to comply with additional regulations enforced by organizations such as the Federal Energy Regulation Commission (FERC) that ensures reliable, efficient and sustainable energy, the U.S. Department of Health and Human Services (HHS) that provides for effective health and human services, and the Financial Industry Regulatory Authority, Inc. (FINRA) that ensures fair financial markets.
Recent Cases and Precedent-Setting Opinions – Every day, new cases are decided or opinion letters published that can set a precedent for employer obligations. Often, legislation is passed based on recent court decisions, so knowing the judicial environment is key to preparing for upcoming regulations.
Tracking Regulatory Requirements
Staying current with regulatory developments can be a full-time job. Whereas some larger companies may have a corporate compliance specialist dedicated to this task, smaller businesses may need to use multiple tools to keep up to date. The following are some of the ways that a business can track regulatory activity:
- Become familiar with and regularly check the websites of the governing agencies in the federal sector, state in which the business resides, and local jurisdictions, as well as industry-specific agencies. Most of these sites offer alert services that will send an email when changes are announced.
- Attend conferences, seminars, and trainings (in-person and web-based). There are several organizations that offer annual seminars that give an overview of new laws and compliance requirements as it applies to the workplace.
- Join industry associations that keep members abreast of regulatory updates that are specific to the trade.
- Partner with a third-party company, such as True Office Learning, that tracks compliance requirements.
- Subscribe to newsletters, mailing lists, and blogs that address compliance-related and pending legislation news. Most law firms that practice workplace responsibilities law offer these communication tools and are a great source of information. Remember to watch pending legislation from these sources as well.
Taking Steps to Comply
Once a business implements a system of tracking regulatory updates, they then have to have procedures in place to analyze the applicability of regulatory changes, the impact on the organization, and what needs to be done to comply. In its guidance entitled Evaluation of Corporate Compliance Programs, the Department of Justice states, "One hallmark of an effective compliance program is its capacity to improve and evolve." This is most evident in incorporating the necessary changes emanating from regulatory updates.
Reviewing the following areas of the business in response to new requirements is a good starting point for examining whether changes need to be made to operational procedures:
- Policies and Procedures – Every business needs to have policies and procedures in place that provide guidance to employees of what is expected of them and consequences for not following those rules. Such policies and procedures need to be conveyed to employees through a company handbook, training, or notification system (such as a company intranet).
The policies and procedures of the business should be created to comply with federal, state, and municipal requirements. Therefore, when a regulatory guideline has changed, a company must amend its policies and procedures to reflect that update.
- Training – Training is an essential element of corporate compliance. Many laws and regulations impose mandatory training requirements. In some cases, training is not strictly mandated by law or regulations. Rather, regulators expect companies to do training as part of their compliance program. Additionally, training is a key component of mitigating risk to the business. Any new laws or guidelines need to be incorporated into the existing training program and additional or refresher training may be needed.
- Record-keeping – Record-keeping, a critical component of compliance programs, is necessary to demonstrate that regulatory obligations are being fulfilled. Some laws include very specific requirements regarding the types of records that must be created and maintained. New guidelines or laws may necessitate a business to update its record-keeping procedures.
Keeping up with regulatory changes doesn’t have to be intimidating if a business has the right tools and resources. Partnering with a reliable third-party vendor can go a long way in meeting corporate compliance requirements and keeping policies, training, and record-keeping current. Failing to comply with regulatory requirements can have costly and devastating consequences.