Understanding Regulatory Compliance Law in New York

Lesley Brovner & Mark Peters
November 1, 2024

Regulatory compliance in New York requires dealing with multiple regulatory agencies overseeing City, State and federal rules and regulations. Ensuring regulatory compliance is an ongoing process. These rules and regulations are ever changing. Moreover, City, State and federal rules often have different requirements for the same issues and must be seen as a whole yet dealt with individually. Thus, compliance with federal regulations does not guarantee compliance with stricter City and State rules. It is therefore important to work with attorneys who understand both federal as well as state and local requirements.

What Is Regulatory Compliance Law?

Regulatory compliance involves adherence to laws, regulations, guidelines and specifications established by the government. Violations of regulatory compliance often result in legal punishment for individuals and organizations, including fines and debarment from future government programs and contracts. Regulatory matters also include holding the government accountable for remaining in compliance with their own rules, regulations and contractual obligations.

Importance of Compliance in New York

New York is a highly regulated state. Failure to get and stay in compliance with Federal, State or City Laws, rules and regulations can have dire consequences for businesses, individuals and nonprofits.

There are a number of important steps every company and non-profit should take in assessing and managing compliance risk. These include:

  • The first step is to identify the various laws, regulations and other rules that govern your company or non-profit.
  • The next step is to conduct an internal review to determine if your company or nonprofit is in compliance with these various requirements. Where there are compliance weaknesses (or where your company or nonprofit is out of compliance) immediate steps should be taken to get into compliance and to address the weaknesses.
  • Next, your company or nonprofit must create a robust compliance program that puts in place controls to make sure that the board members, employees and other staff are following the various regulatory requirements. This includes not only written guidance to all involved, but regular board member and employee training on the rules they need to follow.
  • Finally, there should be regularly scheduled checkups in which you determine if the various laws, regulations and rules have changed and test your own compliance with the controls that have been put in place.

Key Regulatory Bodies in New York

Beyond the well-known federal regulators, there are a variety of key State and City regulators as well. For nonprofits, the main regulator is the New York Attorney General, whose Charities Bureau has general jurisdiction over nonprofits and their management. In addition, multiple City and State agencies such as the Department of Health and the Department of Environmental Protection also regulate in their chosen fields.

Common Compliance Requirements

There are numerous compliance requirements that set out to protect both employees and the public and address various types of improper activity. Compliance requirements generally cover five broad issues:

  • Privacy and Data Security Breaches
    • One of the greatest challenges that business and nonprofits face is protecting both their employees’ and customers’ private information.
    • There are several laws in place that regulate the way in which such information must be handled, including, for example, The Health Insurance Portability and Accountability Act (HIPAA).
    • It is critical to have policies and procedures in place to fight against malware, phishing, and hacking and to train on those procedures.
  • Corrupt and Illegal Activity
    • Another area of compliance risk is Corrupt and illegal activity. This includes fraud, theft, bribery, money laundering, sexual assault and sexual harassment.
    • Under certain situations, businesses can be held liable for the conduct of their employees, for example, sexual harassment in the workplace is a form of employment discrimination that violates federal, State and local law in New York. Employers are required to take steps to prevent sexual harassment and, if sexual harassment is reported, to take immediate action to address the situation.
    • New York City’s laws provide even greater protection than federal law.
      Both New York State and New York City Human Rights Laws explicitly prohibit sexual harassment based on, among other things, an individual’s sex, sexual orientation, and gender identity or expression. Moreover, while federal laws require that harassment be “severe or pervasive,” Both New York State and New York City have eliminated that requirement from their Human Rights Laws.
  • Workplace Health and Safety
    • All employers have a basic obligation to protect the health and safety of employees in the workplace.
    • The rules on workplace safety are enforced by multiple agencies including the Occupational Safety and Health Administration (OSHA).
    • In addition to taking steps to ensure worker safety, in some instances there are also reporting requirements when an accident does occur.
  • Environmental Impact
    • Environmental issues that businesses and nonprofits must contend with include preventing/protecting from mold and asbestos and managing for poor air quality/lack of ventilation.
    • Environmental Compliance requires meeting multiple different legal requirements including regulations of the Environmental Protection Agency as well as various laws including the Clean Air Act, the Clean Water Act, the Resource Conservation and Recovery Act among others.
    • Failure to abide by these rules can lead to substantial fines as well as, in extreme cases, potential prison time.
  • Process Risks
    • Process risk refers to the day-to-day work of your business or nonprofit, that may violate the rules and regulations of your industry. Examples of process risk include, reporting failures, accounting errors and inadequate quality assurance.

Industry-Specific Regulations

Businesses and nonprofits need to be aware of general regulatory requirements (i.e. sexual harassment training and prevention and wage and hour laws, which every entity needs to stay in compliance with) and industry specific requirements (i.e. rules regarding construction safety). To achieve full regulatory compliance, an entity must be cognizant of and responsive to all of these requirements and the regulatory landscape overall.

Consequences of Non-Compliance

Compliance Failures can lead to serious problems for businesses, including legal, financial, and reputational harm. These can include legal fees & penalties, loss of investors & revenue, and a poor brand reputation. Once this damage sets in, it can be extremely difficult for businesses to recover. Therefore, it is essential to do everything possible to remain in compliance with all Federal, State and local laws, rules, and regulations and develop a compliance program to mitigate risk.

Developing a Compliance Program

Compliance plans are key to ensuring that organizations achieve compliance with necessary rules, regulations, policies, laws, and standards. A compliance plan should do the following:

  • Outline a set of guidelines and best practices that a company’s employees must follow that covers all relevant laws and regulations.
  • Create a training program on those guidelines.
  • Set up a system of ongoing monitoring to ensure the guidelines are followed.
  • Provide for optimal communication between employees and those who oversee the program.
  • Create a clear corrective action plan for if the compliance program is breached.

Contact Peters Brovner Today!

If you run a company or nonprofit in New York State or City and are unsure about whether you are in compliance with all of your obligations, or already know that you are out of compliance and need to remedy the situation, please contact the lawyers at Peters Brovner who have experience dealing with these issues.