How to Ensure Your Company Stays in Compliance with Regulatory Policies and Procedures
Updated: Dec 30, 2020
For most businesses, the mention of compliance often conjures up thoughts about ADA, HIPAA, and other key HR regulatory compliance requirements. Financial institutions incurred $36 billion in fines for anti-money laundering (AML) and know your customer (KYC) sanctions in 2019 alone. Compliance monitoring is, therefore, very important to checkmate regulatory infractions that could result in costly fines and lawsuits.
‘Compliance’ is a broad term used to describe how well a company follows the laws and regulations guiding its business operations. These laws can vary depending on your industry, business structure, and location. While this is important, what exact steps can companies take to ensure compliance to stay out of trouble?
HR Regulatory Compliance Responsibilities
There are a variety of employment laws and workplace regulations that employers need to adhere to.
According to Seyfarth, 2019’s largest class action settlements were mostly for simple wage and hour issues such as not providing mandated meal breaks and not paying workers correctly. Profound knowledge of the applicable labor laws and proper compliance will be needed to avoid the risks of employment lawsuits and government audits.
It’s up to HR to leverage everything within its means to ensure compliance.
Some of these key HR compliance issues may include;
Fair recruitment policies.
Proper worker classification.
Meeting workplace health and safety requirements.
Addressing and preventing workplace discrimination.
Making sure employees receive their statutory and contractual entitlements, and
Staying abreast of employment laws and changes, etc.
According to Human Resource Executive, there are four main ways employers can try to maintain compliance within an organization. These include;
Developing a system that helps managers and employees stay abreast of both the current employment laws and emerging labor legislations.
Treating your HR policies like a work-in-progress that would require constant scrutiny and adjustments, over time.
Developing and implementing rigorous training for HR managers and employees to ensure an adequate understanding of the complexities of labor laws and compliance, and
Leverage HR software and tools with in-built compliance capabilities.
Ensuring ADA compliance in your workplace
ADA compliance is all about the Americans with Disabilities Act (ADA).
The ADA Act was developed in 1990 to prohibit discrimination against disabled individuals so they don’t get exempted from public life. This makes sense considering the fact that 20% of Americans live with one or more disabilities, according to the Disability Status: 2019 - Census 2019 Brief.
So, there are two main goals for businesses as far as ADA compliance is concerned. The first is to make your business (and its website) accessible for everyone, including those with disabilities. Secondly, organizations are also expected to avoid discrimination against disabled individuals for employment.
The ADA Act applies to businesses of different sizes across different industries. To ensure compliance, business organizations should;
Identify and remove architectural barriers to make accessibility much easier for people with disabilities.
Identify and change policies and procedures outside the physical realm that may present as barriers to easy accessibility.
Educate and ensure that the HR staff does not discriminate against people with disabilities during hiring and recruitment processes, in cases where a ‘reasonable accommodation’ is possible.
Keeping up with HIPAA compliance
The HIPAA Act is also known as the Health Insurance Portability and Accountability Act.
This Act sets the standard for protecting sensitive protected health information (PHI). The HIPAA Act applies to healthcare businesses, subcontractors, business associates, and virtually every organization with access to sensitive patient medical data. Such entities are therefore expected to adhere to laid down rules on;
Physical safeguards for limited physical access to PHI, irrespective of location, to guard against unauthorized access.
Technical safeguards to ensure that the technology employed in protecting PHI is as secure as possible to ensure protection against unauthorized access. The key requirement, in this case, is that electronic PHI must be encrypted to meet NIST (National Institute of Standards and Technology) standards, as soon as it’s transmitted outside the organization’s firewall servers, and
Administrative safeguards for policies and procedures that ensure maximum privacy and security of PHI.
According to HIPAA Journal, organizations that want to adhere to the HIPAA privacy rule should commit to;
Providing adequate training to employees to ensure proper understanding of the HIPAA rules as well as an understanding of what information may or may not be shared outside the organization’s security mechanism.
Taking proper steps to maintain the integrity of sensitive PHI along with personal identifiers for individual patients.
Ensuring proper written permission is obtained from individual patients before their data can be used for marketing, research, fundraising, or other purposes.
Businesses and organizations have hundreds of state and federal laws to comply with and staying on top of constant updates and changes is essential to long term success. Even as recently as this is written, on June 15, 2020, the Supreme Court adopted a broad definition of sex in a ‘historic’ Title VII Ruling prohibiting discrimination based on sexual orientation and gender identity.
Failure to comply with any of these laws could trigger lawsuits, audits, and costly fines. And because ignorance will never be accepted as a defense of violations and shortcomings, proper training of managers and employees on the applicable laws guiding your operations will be valuable. Regular compliance monitoring efforts will also go a long way to help.