How to Avoid Common Regulatory Violations
Lesley Brovner & Mark Peters
November 2, 2023
In an increasingly regulated environment, businesses and nonprofits often get inquiries — formal and informal — from government agencies at the municipal, state and federal level. To manage their risk, it is important for businesses to stay up to date with their industry’s rules and regulations. Additionally, it is incumbent upon businesses to have a robust compliance program which includes regulatory updates and training.
Understanding Regulatory Compliance
Regulatory compliance necessitates adherence to laws, regulations and guidelines established by the government.
Violations of regulatory requirements often result in legal punishment for individuals and organizations, including fines and debarment from future government programs and contracts. Therefore, it can be helpful for businesses to have regulatory attorneys who are able to handle various types of legal issues, including:
- Providing legal advice concerning how to get and keep your organization in compliance with various city, state and federal laws, rules and regulations.
- Conducting detailed internal investigations to help organizations determine whether they are following all relevant city, state and federal rules and regulations.
- Creating risk management plans to ensure that organizations get into and remain in compliance with all relevant city, state and federal rules and regulations.
The 5 Most Common Types of Compliance Risk
Compliance risk refers to the potential damage a business or nonprofit faces when they fail to comply with industry standards, laws, and regulations.
There are numerous broad categories of compliance risk, including:
- Privacy and Data Security Breaches
- One of the greatest challenges that business and nonprofits face is protecting both their employees’ and customers’ private information.
- There are several laws in place that regulate the way in which such information must be handled, including, for example, The Health Insurance Portability and Accountability Act (HIPPA).
- It is critical to have policies and procedures in place to fight against malware, fishing, and hacking and to train on those procedures.
- Corrupt and Illegal Activity
- Another area of compliance risk is Corrupt and illegal activity. This includes fraud, theft, bribery, money laundering, sexual assault and sexual harassment.
- Under certain situations, businesses can be held liable for the conduct of their employees, for example, sexual harassment in the workplace is a form of employment discrimination that violates federal, State and local law in New York. Employers are required to take steps to prevent sexual harassment and, if sexual harassment is reported, to take immediate action to address the situation.
- New York City’s laws provide even greater protection than federal law.
Both New York State and New York City Human Rights Laws explicitly prohibit sexual harassment based on, among other things, an individual’s sex, sexual orientation, and gender identity or expression. Moreover, while federal laws require that harassment be “severe or pervasive,” Both New York State and New York City have eliminated that requirement from their Human Rights Laws.
- Workplace Health and Safety
- All employers have a basic obligation to protect the health and safety of employees in the workplace.
- The rules on workplace safety are enforced by multiple agencies including the Occupational Safety and Health Administration (OSHA).
- In addition to taking steps to ensure worker safety, in some instances there are also reporting requirements when an accident does occur.
- Environmental Impact
- Environmental issues that businesses and nonprofits must contend with include preventing/protecting from mold and asbestos and managing for poor air quality/lack of ventilation.
- Environmental Compliance requires meeting multiple different legal requirements including regulations of the Environmental Protection Agency as well as various laws including the Clean Air Act, the Clean Water Act, the Resource Conservation and Recovery Act among others.
- Failure to abide by these rules can lead to fines of as much $2,500 per violation per day as well as, in extreme cases, potential prison time.
- Process Risks
- Process risk refers to the day-to-day work of your business or nonprofit, that may violate the rules and regulations of your industry. Examples of process risk include, reporting failures, accounting errors and inadequate quality assurance.
Why Compliance Risk Is a Real Threat
Compliance Failures can lead to serious problems for businesses, including legal, financial, and reputational harm. These can include legal fees & penalties, loss of investors & revenue, and a poor brand reputation. Once this damage sets in, it can be extremely difficult for businesses to recover. Therefore, it is essential to do everything possible to remain in compliance with industry laws, rules, and regulations.
How to Asses and Manage Compliance Risk
- There are a number of important steps every company and non-profit should take in assessing and managing compliance risk. These include:
- The first step is to identify the various laws, regulations and other rules that govern your company or non-profit.
- The next step is to conduct an internal review to determine if your company or nonprofit is in compliance with these various requirements. Where there are compliance weaknesses (or where your company or nonprofit is out of compliance) immediate steps should be taken to get into compliance and to address the weaknesses.
- Next, your company or nonprofit must create a robust compliance program that puts in place controls to make sure that the board members, employees and other staff are following the various regulatory requirements. This includes not only written guidance to all involved, but regular board member and employee training on the rules they need to follow.
- Finally, there should be regularly scheduled checkups in which you determine if the various laws, regulations and rules have changed and test your own compliance with the controls that have been put in place.
Staying Up To Date With Regulations
Regulatory compliance is an ongoing process. Many organizations get into trouble because they view compliance as a one-time thing — assuming that rules and regulations will not change and that compliance manuals and training, once complete, are done forever. But regulations do change, and training must be updated and repeated or else it will grow stale.
It is important to be constantly checking (or consulting with lawyers who can do this for you) the websites of the agencies that regulate your organization for changes in regulations and doing training on a routine basis to make sure it stays fresh and up to date.
Additionally, regulatory compliance audits should be a frequent occurrence (at least once a year and in some cases more often) to avoid common violations and make sure that rules are being followed.
Training and Educating Employees
Employee training must be done in a timely manner to ensure regulatory compliance. Indeed, compliance management requires that training not only be up to date, but also be repeated on a regular basis — so that it is fresh in employees’ minds.
Some agencies mandate that compliance occurs on a certain schedule, but even where they do not, repeated training is essential.
In addition to training on industry specific rules and regulations, it is important to provide training on, among other things, information and data security, workplace safety, and sexual harassment.
Creating a Culture of Compliance
A culture of compliance is a set of values, behaviors, and beliefs that guide employees and encourage them to adhere to relevant policies, procedures, and regulations. It is imperative that everyone in your organization understands the importance of the rules and regulations that govern your industry as well as internal policies and general ethical values.
Seeking Legal and Compliance Advice
The attorneys at the law offices of Peters Brovner LLP work with clients who are the subject of regulatory and compliance enforcement actions. Additionally, we help organizations with compliance management by crafting compliance policies and programs to help ensure that business get and remain in compliance with various City, State and Federal rules and regulations. If you or someone you know needs representation before a regulatory agency or would like help creating a compliance program to help with risk management, please reach out to the lawyers at Peters Brovner LLP for a free consultation and case evaluation.