No matter the size of your business, corporate compliance matters. Without it, you could be put out of business. Corporate compliance is making sure your company complies with all laws, standards, regulations and ethical practices that apply to your business. Most companies manage compliance by creating a corporate compliance program. To be more efficient, often internal policies are rolled in with compliance requirements to create one overall program. Many companies also perform audits to monitor compliance.
Where to start
The first thing you need to do is to find out what regulations apply to your business. In addition to tax laws and standard compliance requirements for incorporated companies, depending on your industry, you may also be subject to HIPAA requirements, food safety regulations, OSHA safety requirements, ADA requirements or licensing standards. Large companies employ compliance officers and others to help the company with their compliance program and ongoing audits. Small companies often do not have the resources. Small companies usually have the owners and managers establish policies.
Regardless of the size of your team, you can start with these three steps:
Discover all compliance laws that apply to your business
Start with federal employment requirements then work your way down to local (city and county) regulations. Carefully document the name of the agencies, contact people and phone numbers, and where to get updated information. Organize every requirement into a central document that is easily accessible and editable, ideally in a digital format. Sticky notes and legal pads are not the best tools for this project.
Outline your internal policies
Define what standards you and your managers require of your employees, vendors or service companies. These standards can be required procedures, behavior and ethics, hygiene requirements, and more. You should also decide on how you plan to communicate these policies. They could be documented in an Employee Handbook, taught through training programs, written into signed agreements, or illustrated in posted printouts. Likely it will be a combination of all four. Again, carefully document this in digital form.
Merge legal requirements with internal policies
For efficiency sake and to address any overlap, you should consider making one cohesive compliance program. Your internal policies should support compliance as well as your company’s culture, customer service standards, hygiene and office cleanliness standards, and so on. Consider merging requirements and internal policies into sections that make sense, such as Hygiene and Safety, Customer Service and Communications, Corporate Culture and Branding, and so on. Once your compliance program is created, have it reviewed by a human resource specialist and an employment lawyer.
How to maintain corporate compliance
Once you have your policies in place, you will need to review them periodically and change them as needed. Setting dates for scheduled compliance audits could be helpful. How often you perform audits may depend on your industry. If you need to change a policy, you’ll need to plan a way to communicate that to the rest of your company. In some cases, you may even require a signed acknowledgment from your employees. To conserve resources, some companies will manage risk by keeping tighter control of issues that pose the highest risk to the company and a casual monitoring of minor risks. Like your compliance policies, you’ll need to edit your audit procedures periodically as needed.
When creating your audit procedures, consider the following:
High-risk violations. Which violations could close my business, risk the safety of employees or customers, might lead to litigation or could violate insurance requirements?
Profit and revenue. What could cause me to lose business, lose customers or vendors? What procedures are hindering production or using too many resources? Are some low-risk compliance issues more costly to maintain than they could be?
Changing regulations. How often should you plan to update your policies or check for new regulations? Do you have an advocate or a contact person in the regulating or licensing agency? Are you on the proper email lists to receive updated industry information?
Company culture and branding. Do the current standards support how you want your customers to see your business? Do your employees fully understand what your branding is? Does everyone seem to be on the same page?
Training. Do you need to conduct training more or less often? What kind of compliance training requires ongoing training? Can your employees seek additional training if desired? Do you need to post more information? Are your vendors and service providers well informed of your expectations?
If your business is in a highly regulated industry such as healthcare, finance, education or insurance, you’ll benefit from working with a compliance professional to help you with building your compliance program and audit procedures. You may also want to employ external auditors, as well. However, most small businesses with diligence can manage their own compliance requirements.
To learn more about corporate compliance and to access related legal documents, visit our corporate compliance learning center.