No, Really, Compliance Is Fun. And It's Good For Business.
Following the rules certainly helps your legal team sleep at night, especially in an era of big data breaches and sexual harassment scandals
December 01, 2017 at 05:33 PM
5 minute read
Compliance, training, regulatory oversight and accreditation is fun. I'm serious.
Following the rules certainly helps your legal team sleep at night, especially in an era of big data breaches and sexual harassment scandals (more on that below). But just as importantly, regulatory compliance that is embedded in your culture will support your mission to deliver value to your clients, customers and shareholders.
Where do you start? More than likely your industry has a regulatory body or two or an accreditation association with regulations, rules, standards—and free resources. Several financial service regulators offer a wealth of information, even outside the banking industry. As an example, see www.fdic.gov/regulations/resources. The Cybersecurity Resources pages and related links also have information that is helpful across industries.
The Federal Reserve has many resources, guidelines and information online at www.federalreserve.gov/publications. The manuals and other useful compliance information there are intended to provide guidance to supervisory personnel in planning and conducting inspections, but they can also give you examples of what is to be expected from those who work with federal banking laws.
In health care, regardless of your size, start with your regulatory or accreditation agencies like The Joint Commission at www.jointcommission.org. The commission standards can help document, measure, assess and improve your performance. The standards help your company make many of your own business decisions in the right way. Accreditation agencies offer guidelines for your operation, from hiring, training and leadership to patient care, safety, cleaning and food preparation. Following these guidelines, standards and related compliance regulations will drive safe, high quality care.
What is next in developing a compliance program? With tools from your industry, develop plain English policies and procedures. All companies should adopt a code of conduct that promotes prevention, detection and resolution of behavior that does not comply with applicable state and federal laws. A code or business ethics policy can also be the framework for your company culture. If you are just starting, before rolling out, have a cross-functional team (invite folks from all levels in the organization) at a breakfast or pizza party to review, read and give comments on the code of conduct. This gets buy-in and builds a team that can help you train later, and it can be fun.
Be sure to describe responsibilities and empower everyone to meet or exceed the expectations customary within your industry. Your code of conduct does not need to be exhaustive list of all policies or procedures; it can be a high level statement outlining what is meant by good compliance. To put it simply, if everyone in your company understands the obligation to abide by applicable laws, rules and regulations, the rest should fall into place.
Finally, train on new policies and make it fun and engaging. Encourage questions, ask someone to keep up with people who ask or answer questions and tell folks in advance the top five will get a prize (use company-branded giveaways or store gift cards). Or tape a $2 bill to the bottom of a few of the chairs in the front rows. During the presentation, ask people to stand and look under the chair. Making it fun is all part of good compliance training.
What are the current trends in compliance of big issues for corporations? If you read the paper or watch the news, you are struck by all the many claims of data breaches and sexual harassment.
Privacy and Data Breaches
This summer, one credit-monitoring company had a massive data breach that exposed the personal data of about 143 million Americans. If worrying about losing personal financial information was not enough, health care has also become a target for cybersecurity attacks. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a U.S. federal law that mandates standards to protect health information. HIPAA imposes certain obligations when protected health information (PHI) in that entity's possession is disclosed. The consequences of allowing others who should not have access to see health information can be tough and costly, even if this happens by accident.
On the other hand, as with all regulatory frameworks, HIPAA guidelines help prevent unauthorized use and disclosure of PHI. The key is that you must be able to recognize PHI and the ways breaches can occur. If you see something that looks like a breach or violates the Privacy Rule, the key is not to ignore it. Following good policies and procedures, you can protect your company and individuals with their health care information.
Sexual Harassment
The news of sexual harassment in the media, in Hollywood and in politics is everywhere. Everyone understands what the hashtag #metoo means. The courts have been clear in directing businesses to take proactive measures to prevent sexual harassment, but what is considered “sexual harassment,” and what you should do about it?
Sexual harassment is used to describe unwelcome sexual advances, requests for sexual favors and other verbal or physical conduct of a sexual nature when this (explicitly or implicitly) affects an individual's employment, unreasonably interferes with work performance, or creates an intimidating, hostile or offensive work environment.
Even if someone isn't trying to offend or make someone feel uncomfortable, some actions can still be sexual harassment. Often, larger businesses have prescribed procedures for handling sexual harassment complaints. If your company does not have a formal procedure, now is the time to develop one, and in the meantime document and report allegations to management or your law firm so that things can be appropriately addressed.
It does not take much for good regulatory compliance and documentation to save a company real money and drive a successful business. That's why compliance can be fun.
Betsy Edelman is general counsel and chief compliance officer at RiverMend Health LLC , Atlanta.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllGa. Appellate Judges Mull Landlord Responsibility in Premises Liability Case Involving Child Shooting
Corporate Lawyer Accused of Extortion Pushes Back Against $3.7M Judgment
6 minute readMetLife Attorney's Switch to Nelson Mullins Continues String of In-House Moves to Law Firms
3 minute readTrending Stories
- 1Call for Nominations: Elite Trial Lawyers 2025
- 2Senate Judiciary Dems Release Report on Supreme Court Ethics
- 3Senate Confirms Last 2 of Biden's California Judicial Nominees
- 4Morrison & Foerster Doles Out Year-End and Special Bonuses, Raises Base Compensation for Associates
- 5Tom Girardi to Surrender to Federal Authorities on Jan. 7
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250